Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: deploy atlantis in k8s #173

Merged
merged 2 commits into from
Feb 18, 2025
Merged

feat: deploy atlantis in k8s #173

merged 2 commits into from
Feb 18, 2025

Conversation

mulmuri
Copy link
Member

@mulmuri mulmuri commented Feb 18, 2025

No description provided.

@mulmuri mulmuri requested a review from ikjeong as a code owner February 18, 2025 12:45
@goboolean-io
Copy link
Contributor 

Error: This repo is not allowlisted for Atlantis.

@mulmuri
Copy link
Member Author

mulmuri commented Feb 18, 2025

atlantis apply

@goboolean-io
Copy link
Contributor 

Error: This repo is not allowlisted for Atlantis.

@mulmuri
Copy link
Member Author

mulmuri commented Feb 18, 2025

atlantis plan

@goboolean-io
Copy link
Contributor 

Error: This repo is not allowlisted for Atlantis.

@mulmuri
Copy link
Member Author

mulmuri commented Feb 18, 2025

atlantis plan

@goboolean-io
Copy link
Contributor

Plan Error

parsing atlantis.yaml: repo config not allowed to set 'workflow' key: server-side config needs 'allowed_overrides: [workflow]'

@mulmuri
Copy link
Member Author

mulmuri commented Feb 18, 2025

atlantis plan

@goboolean-io
Copy link
Contributor

Plan Error

parsing atlantis.yaml: repo config not allowed to set 'workflow' key: server-side config needs 'allowed_overrides: [workflow]'

@mulmuri
Copy link
Member Author

mulmuri commented Feb 18, 2025

atlantis plan

1 similar comment
@mulmuri
Copy link
Member Author

mulmuri commented Feb 18, 2025

atlantis plan

@goboolean-io
Copy link
Contributor

Ran Plan for 4 projects:

  1. dir: projects/gcp workspace: default
  2. dir: projects/core workspace: default
  3. dir: projects/core/config workspace: default
  4. dir: projects/infra workspace: default

1. dir: projects/gcp workspace: default

Show Output 
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
- destroy

Terraform will perform the following actions:

  # module.namespace.kubernetes_namespace.atlantis will be destroyed
  # (because kubernetes_namespace.atlantis is not in configuration)
- resource "kubernetes_namespace" "atlantis" {
      - id                               = "atlantis" -> null
      - wait_for_default_service_account = false -> null

      - metadata {
          - annotations      = {} -> null
          - generation       = 0 -> null
          - labels           = {} -> null
          - name             = "atlantis" -> null
          - resource_version = "3848312" -> null
          - uid              = "3e65a05f-6a56-4485-b05e-32d7d536e15a" -> null
            # (1 unchanged attribute hidden)
        }
    }

  # module.namespace.kubernetes_namespace.kiali will be destroyed
  # (because kubernetes_namespace.kiali is not in configuration)
- resource "kubernetes_namespace" "kiali" {
      - id                               = "kiali" -> null
      - wait_for_default_service_account = false -> null

      - metadata {
          - annotations      = {} -> null
          - generation       = 0 -> null
          - labels           = {} -> null
          - name             = "kiali" -> null
          - resource_version = "3848313" -> null
          - uid              = "75a409f2-4dfd-4c21-85c4-e64dc2c62120" -> null
            # (1 unchanged attribute hidden)
        }
    }

  # module.namespace.kubernetes_namespace.open-webui will be destroyed
  # (because kubernetes_namespace.open-webui is not in configuration)
- resource "kubernetes_namespace" "open-webui" {
      - id                               = "open-webui" -> null
      - wait_for_default_service_account = false -> null

      - metadata {
          - annotations      = {} -> null
          - generation       = 0 -> null
          - labels           = {} -> null
          - name             = "open-webui" -> null
          - resource_version = "3849102" -> null
          - uid              = "43f6ac44-8e98-4dac-93d5-948753360391" -> null
            # (1 unchanged attribute hidden)
        }
    }

  # module.namespace.kubernetes_namespace.redis will be destroyed
  # (because kubernetes_namespace.redis is not in configuration)
- resource "kubernetes_namespace" "redis" {
      - id                               = "redis" -> null
      - wait_for_default_service_account = false -> null

      - metadata {
          - generation       = 0 -> null
          - name             = "redis" -> null
          - resource_version = "3849101" -> null
          - uid              = "1958d2b6-58c5-4bca-b215-f46aa0408c95" -> null
            # (1 unchanged attribute hidden)
        }
    }

Plan: 0 to add, 0 to change, 4 to destroy.

Changes to Outputs:
~ kubernetes_provider_config = (sensitive value)
  • ▶️ To apply this plan, comment: 
    atlantis apply -d projects/gcp
  • 🚮 To delete this plan and lock, click here
  • 🔁 To plan this project again, comment: 
    atlantis plan -d projects/gcp

Plan: 0 to add, 0 to change, 4 to destroy.

2. dir: projects/core workspace: default

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.
  • ▶️ To apply this plan, comment: 
    atlantis apply -d projects/core
  • 🚮 To delete this plan and lock, click here
  • 🔁 To plan this project again, comment: 
    atlantis plan -d projects/core

3. dir: projects/core/config workspace: default

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.
  • ▶️ To apply this plan, comment: 
    atlantis apply -d projects/core/config
  • 🚮 To delete this plan and lock, click here
  • 🔁 To plan this project again, comment: 
    atlantis plan -d projects/core/config

4. dir: projects/infra workspace: default

Show Output 
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place

Terraform will perform the following actions:

  # module.atlantis.helm_release.atlantis will be updated in-place
~ resource "helm_release" "atlantis" {
        id                         = "atlantis"
      ~ metadata                   = [
          - {
              - app_version    = "v0.20.1"
              - chart          = "atlantis"
              - first_deployed = 1739882299
              - last_deployed  = 1739885762
              - name           = "atlantis"
              - namespace      = "atlantis"
              - notes          = <<-EOT
                    1. Get the application URL by running these commands:
                    2. Atlantis will not start successfully unless at least one of the following sets of credentials are specified (see values.yaml for detailed usage):
                      - github
                      - githubApp
                      - gitlab
                      - bitbucket
                EOT
              - revision       = 6
              - values         = jsonencode(
                    {
                      - affinity                      = {}
                      - allowDraftPRs                 = false
                      - allowForkPRs                  = false
                      - api                           = {}
                      - apiSecretName                 = ""
                      - atlantisDataDirectory         = "/atlantis-data"
                      - atlantisUrl                   = "https://atlantis.goboolean.io"
                      - aws                           = {}
                      - awsSecretName                 = ""
                      - azuredevops                   = {}
                      - basicAuth                     = {
                          - password = "password"
                          - username = "username"
                        }
                      - basicAuthSecretName           = ""
                      - bitbucket                     = {}
                      - command                       = []
                      - commonLabels                  = {}
                      - config                        = ""
                      - containerPort                 = 0
                      - containerSecurityContext      = {}
                      - customPem                     = ""
                      - dataStorage                   = ""
                      - defaultTFDistribution         = "terraform"
                      - defaultTFVersion              = "1.10.5"
                      - disableApply                  = false
                      - disableApplyAll               = false
                      - disableRepoLocking            = false
                      - dnsConfig                     = {}
                      - dnsPolicy                     = "ClusterFirst"
                      - enableDiffMarkdownFormat      = false
                      - enableKubernetesBackend       = false
                      - environment                   = {}
                      - environmentRaw                = []
                      - environmentSecrets            = []
                      - extraAnnotations              = {}
                      - extraArgs                     = []
                      - extraContainers               = []
                      - extraManifests                = []
                      - extraPath                     = ""
                      - extraVolumeMounts             = []
                      - extraVolumes                  = []
                      - fullnameOverride              = ""
                      - gitconfig                     = ""
                      - gitconfigReadOnly             = true
                      - gitconfigSecretName           = ""
                      - gitea                         = {}
                      - github                        = {
                          - secret = "atlantis_webhook_secret"
                          - token  = "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"
                          - user   = "goboolean-io"
                        }
                      - githubApp                     = {}
                      - gitlab                        = {}
                      - googleServiceAccountSecrets   = []
                      - hidePrevPlanComments          = false
                      - hideUnchangedPlanComments     = false
                      - hostAliases                   = []
                      - hostNetwork                   = false
                      - image                         = {
                          - pullPolicy = "Always"
                          - repository = "ghcr.io/runatlantis/atlantis"
                          - tag        = "latest"
                        }
                      - imagePullSecrets              = []
                      - ingress                       = {
                          - annotations      = {}
                          - apiVersion       = ""
                          - enabled          = true
                          - host             = ""
                          - hosts            = []
                          - ingressClassName = null
                          - labels           = {}
                          - path             = "/*"
                          - pathType         = "ImplementationSpecific"
                          - paths            = []
                          - tls              = []
                        }
                      - initConfig                    = {
                          - containerSecurityContext = {}
                          - enabled                  = false
                          - image                    = "google/cloud-sdk:alpine"
                          - imagePullPolicy          = "IfNotPresent"
                          - script                   = <<-EOT
                                #!/bin/sh
                                set -eoux pipefail
                                
                                # example for terragrunt
                                TG_VERSION="v0.67.5"
                                TG_SHA256_SUM="4e5ae67854a774be6419f7215733990b481662375dc0bd5f2eda05211a692cf0"
                                TG_FILE="${INIT_SHARED_DIR}/terragrunt"
                                wget https://github.com/gruntwork-io/terragrunt/releases/download/${TG_VERSION}/terragrunt_linux_amd64 -O "${TG_FILE}"
                                echo "${TG_SHA256_SUM}  ${TG_FILE}" | sha256sum -c
                                chmod 755 "${TG_FILE}"
                                terragrunt -v
                                
                                # example for terragrunt-atlantis-config
                                TAC_VERSION="1.18.0" # without v
                                TAC_SHA256_SUM="59178dcd3e426abf4b5d8fcb1ac8dbdea548a04aa64eaf39be200484a5e6f2ca"
                                TAC_FILE="${INIT_SHARED_DIR}/terragrunt-atlantis-config"
                                wget "https://github.com/transcend-io/terragrunt-atlantis-config/releases/download/v${TAC_VERSION}/terragrunt-atlantis-config_${TAC_VERSION}_linux_amd64"
                                echo "${TAC_SHA256_SUM}  terragrunt-atlantis-config_${TAC_VERSION}_linux_amd64" | sha256sum -c
                                cp -fv "terragrunt-atlantis-config_${TAC_VERSION}_linux_amd64" "${TAC_FILE}"
                                chmod 755 "${TAC_FILE}"
                                terragrunt-atlantis-config version
                            EOT
                          - sharedDir                = "/plugins"
                          - sharedDirReadOnly        = true
                          - sizeLimit                = "300Mi"
                          - workDir                  = "/tmp"
                        }
                      - initContainers                = []
                      - lifecycle                     = {}
                      - livenessProbe                 = {
                          - enabled             = true
                          - failureThreshold    = 5
                          - initialDelaySeconds = 5
                          - periodSeconds       = 60
                          - scheme              = "HTTP"
                          - successThreshold    = 1
                          - timeoutSeconds      = 5
                        }
                      - loadEnvFromConfigMaps         = []
                      - loadEnvFromSecrets            = []
                      - lockingDbType                 = ""
                      - logLevel                      = ""
                      - nameOverride                  = ""
                      - netrc                         = ""
                      - netrcSecretName               = ""
                      - nodeSelector                  = {}
                      - orgAllowlist                  = "github.com/goboolean/infrastructure"
                      - orgWhitelist                  = "github.com/goboolean/infrastructure"
                      - podMonitor                    = {
                          - enabled  = false
                          - interval = "30s"
                        }
                      - podTemplate                   = {
                          - annotations = {}
                          - labels      = {}
                        }
                      - readinessProbe                = {
                          - enabled             = true
                          - failureThreshold    = 5
                          - initialDelaySeconds = 5
                          - periodSeconds       = 60
                          - scheme              = "HTTP"
                          - successThreshold    = 1
                          - timeoutSeconds      = 5
                        }
                      - redis                         = {}
                      - redisSecretName               = ""
                      - redisSecretPasswordKey        = "password"
                      - replicaCount                  = 1
                      - repoConfig                    = <<-EOT
                            repos:
                              - id: "github.com/goboolean/infrastructure"
                                apply_requirements: []
                                workflow: default
                                allowed_overrides: [workflow]
                                allow_custom_workflows: true
                        EOT
                      - resources                     = {
                          - limits = {
                              - cpu    = "1Gi"
                              - memory = "1500Mi"
                            }
                        }
                      - service                       = {
                          - annotations              = {}
                          - externalTrafficPolicy    = null
                          - loadBalancerIP           = null
                          - loadBalancerSourceRanges = []
                          - nodePort                 = null
                          - port                     = 80
                          - portName                 = "atlantis"
                          - targetPort               = 4141
                          - type                     = "ClusterIP"
                        }
                      - serviceAccount                = {
                          - annotations = {
                              - "iam.gke.io/gcp-service-account" = "[email protected]"
                            }
                          - create      = true
                          - mount       = true
                          - name        = "atlantis"
                        }
                      - serviceAccountSecrets         = {}
                      - servicemonitor                = {
                          - additionalLabels  = {}
                          - auth              = {
                              - basicAuth      = {
                                  - enabled = false
                                }
                              - externalSecret = {
                                  - enabled = false
                                  - keys    = {}
                                  - name    = ""
                                }
                            }
                          - enabled           = false
                          - interval          = "30s"
                          - metricRelabelings = []
                          - path              = "/metrics"
                        }
                      - statefulSet                   = {
                          - annotations           = {}
                          - labels                = {}
                          - priorityClassName     = ""
                          - securityContext       = {
                              - fsGroup             = 1000
                              - fsGroupChangePolicy = "OnRootMismatch"
                              - runAsUser           = 100
                            }
                          - shareProcessNamespace = false
                          - updateStrategy        = {}
                        }
                      - storageClassName              = ""
                      - terminationGracePeriodSeconds = null
                      - test                          = {
                          - annotations = {}
                          - enabled     = true
                          - image       = "bats/bats"
                          - imageTag    = "1.9.0"
                        }
                      - tlsSecretName                 = ""
                      - tolerations                   = []
                      - topologySpreadConstraints     = []
                      - vcsSecretName                 = ""
                      - volumeClaim                   = {
                          - accessModes      = [
                              - "ReadWriteOnce",
                            ]
                          - dataStorage      = "5Gi"
                          - enabled          = true
                          - storageClassName = ""
                        }
                      - webhook_ingress               = {
                          - annotations      = {}
                          - apiVersion       = ""
                          - enabled          = false
                          - host             = ""
                          - hosts            = []
                          - ingressClassName = null
                          - labels           = {}
                          - path             = "/*"
                          - pathType         = "ImplementationSpecific"
                          - paths            = []
                          - tls              = []
                        }
                    }
                )
              - version        = "4.4.0"
            },
        ] -> (known after apply)
        name                       = "atlantis"
      ~ values                     = [
          ~ (sensitive value),
        ]
        # (26 unchanged attributes hidden)
    }

  # module.telegraf.helm_release.telegraf will be updated in-place
~ resource "helm_release" "telegraf" {
        id                         = "telegraf"
      ~ metadata                   = [
          - {
              - app_version    = "1.32.1"
              - chart          = "telegraf"
              - first_deployed = 1739873916
              - last_deployed  = 1739873916
              - name           = "telegraf"
              - namespace      = "fetch-system"
              - notes          = <<-EOT
                    To open a shell session in the container running Telegraf run the following:
                    
                      kubectl exec -i -t --namespace fetch-system $(kubectl get pods --namespace fetch-system -l app.kubernetes.io/name=telegraf -o jsonpath='{.items[0].metadata.name}') /bin/sh
                    
                    To view the logs for a Telegraf pod, run the following:
                    
                      kubectl logs -f --namespace fetch-system $(kubectl get pods --namespace fetch-system -l app.kubernetes.io/name=telegraf -o jsonpath='{ .items[0].metadata.name }')
                EOT
              - revision       = 1
              - values         = jsonencode(
                    {
                      - affinity         = {}
                      - args             = []
                      - config           = {
                          - agent      = {
                              - collection_jitter   = "0s"
                              - debug               = false
                              - flush_interval      = "10s"
                              - flush_jitter        = "0s"
                              - hostname            = "$HOSTNAME"
                              - interval            = "10s"
                              - logfile             = ""
                              - metric_batch_size   = 1000
                              - metric_buffer_limit = 10000
                              - omit_hostname       = false
                              - precision           = ""
                              - quiet               = false
                              - round_interval      = true
                            }
                          - inputs     = [
                              - {
                                  - kafka_consumer = {
                                      - brokers        = [
                                          - "kafka.kafka.svc.cluster.local:9092",
                                        ]
                                      - consumer_group = "fetch-system-telegraf"
                                      - data_format    = "json"
                                      - topic_regexps  = [
                                          - ".*\\.(1s|5s|1m|5m)$",
                                        ]
                                      - topic_tag      = "topic"
                                    }
                                },
                            ]
                          - outputs    = [
                              - {
                                  - influxdb_v2 = {
                                      - bucket             = "default"
                                      - bucket_tag         = "topic"
                                      - exclude_bucket_tag = true
                                      - organization       = "goboolean"
                                      - token              = "1234wer23634-r231ewq"
                                      - urls               = [
                                          - "http://influxdb2.influxdata.svc.cluster.local:80",
                                        ]
                                    }
                                },
                            ]
                          - processors = [
                              - {
                                  - enum = {
                                      - mapping = {
                                          - dest           = "status_code"
                                          - field          = "status"
                                          - value_mappings = {
                                              - critical = 3
                                              - healthy  = 1
                                              - problem  = 2
                                            }
                                        }
                                    }
                                },
                            ]
                        }
                      - env              = [
                          - {
                              - name  = "HOSTNAME"
                              - value = "telegraf-polling-service"
                            },
                        ]
                      - image            = {
                          - pullPolicy = "IfNotPresent"
                          - repo       = "docker.io/library/telegraf"
                          - tag        = "1.32-alpine"
                        }
                      - imagePullSecrets = []
                      - metrics          = {
                          - health   = {
                              - enabled         = true
                              - service_address = "http://:8888"
                              - threshold       = 5000
                            }
                          - internal = {
                              - collect_memstats = false
                              - enabled          = true
                            }
                        }
                      - nodeSelector     = {}
                      - pdb              = {
                          - create       = true
                          - minAvailable = 1
                        }
                      - podAnnotations   = {
                          - "sidecar.istio.io/inject" = "true"
                        }
                      - podLabels        = {}
                      - rbac             = {
                          - clusterWide = false
                          - create      = true
                          - rules       = []
                        }
                      - replicaCount     = 1
                      - resources        = {}
                      - service          = {
                          - annotations = {}
                          - enabled     = true
                          - type        = "ClusterIP"
                        }
                      - serviceAccount   = {
                          - annotations = {}
                          - create      = true
                          - name        = null
                        }
                      - tolerations      = []
                      - updateStrategy   = {}
                    }
                )
              - version        = "1.8.55"
            },
        ] -> (known after apply)
        name                       = "telegraf"
      ~ values                     = [
          ~ (sensitive value),
        ]
        # (26 unchanged attributes hidden)
    }

Plan: 0 to add, 2 to change, 0 to destroy.
  • ▶️ To apply this plan, comment: 
    atlantis apply -d projects/infra
  • 🚮 To delete this plan and lock, click here
  • 🔁 To plan this project again, comment: 
    atlantis plan -d projects/infra

Plan: 0 to add, 2 to change, 0 to destroy.

Plan Summary

4 projects, 2 with changes, 2 with no changes, 0 failed

  • ⏩ To apply all unapplied plans from this Pull Request, comment: 
    atlantis apply
  • 🚮 To delete all plans and locks from this Pull Request, comment: 
    atlantis unlock

@mulmuri
Copy link
Member Author

mulmuri commented Feb 18, 2025

atlantis unlock

@mulmuri mulmuri merged commit 756074f into main Feb 18, 2025
@mulmuri mulmuri deleted the feat/atlantis-in-k8s branch February 18, 2025 13:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ikjeong ikjeong ikjeong approved these changes

Assignees

@mulmuri mulmuri

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mulmuri @goboolean-io @ikjeong