Scribd
Upload
4 views

Gitops

The document introduces GitOps, a methodology that utilizes Git as a system of record for infrastructure management, enabling operations through pull requests. It highlights the benefits of using tools like Atlantis for managing Terraform modules and emphasizes the importance of repeatability, predictability, and auditability in deployments. The document provides a step-by-step guide on getting started with GitOps and deploying Atlantis, along with best practices and community resources.

Uploaded by

qavasutesting
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
4 views

Gitops

The document introduces GitOps, a methodology that utilizes Git as a system of record for infrastructure management, enabling operations through pull requests. It highlights the benefits of using tools like Atlantis for managing Terraform modules and emphasizes the importance of repeatability, predictability, and auditability in deployments. The document provides a step-by-step guide on getting started with GitOps and deploying Atlantis, along with best practices and community resources.

Uploaded by

qavasutesting
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 43

Get Started with GitOps

Operations by Pull Request enable Terraform for Teams

<[email protected]>
https://cloudposse.com/
@cloudposse
What to Expect
What is GitOps? (not rocket science)
Feelings of Euphoria

Aha! Moments
And... Why it’s awesome (and you’ll agree)

Reduced Anxiety How to get started… (our way)

+ HashiConf
Live demo. . .
News!
Q&A . . .
Who is this dude?

Founder of a DevOps Professional Services Company

n)
e ma
We’ve pioneered
SweetOps (E
rik
M er
Os
t

Collaborative DevOps for Companies


( 100% Open Source )
(cloudposse.com)
We got problems.

We Maintain 100+ Terraform Modules (the largest!)

Dozens of Helm Charts

Pain in the *ss to test everything

Multi-stage rollouts get complicated

Lots of tools like Helm, Kops, Terraform and Cloud Formation

Thousands of users (hey, some problems are good to have!)


Goal:
Effortlessly Deploy Infrastructure.
(e.g. spin up RDS Database with Terraform, or deploy Helm Chart)
Make changes in the
privacy of your personal laptop.
One Approach... (sometimes after a few beers)
SWEAR .
“I ^ it worked on my
machine.”
Then comes… Launch Day

Production
Other Problems...

No Audit Trails (huge risk)

Complicated Manual Rollouts

Not clear what’s been deployed (configuration drift)

Failed Deployments on Merge (now what?!)

Insufficient Code Reviews

No one knows how to make changes


So….
Let’s fix
this.
Let’s Practice GitOps.
Use Git as a System of Record for the desired state of configuration

Do Operations by Pull Request for Infrastructure as Code

Then use Continuous Delivery to apply changes to infrastructure


(basically it’s a CI/CD for DevOps)
Issue commands using comments to trigger actions (a.k.a “ChatOps”)
(E.g. “@bot give me a plan”, “@bot deploy these changes”)

Run PLAN Run APPLY


See what should change See what actually happened
The “Git Workflow”
Why do you care?
Teamwork.
GitOps Objectives

Repeatable - Apply changes the same way every time


(even your entire stack all at once!)

Predictable - Know what’s going to happen


(e.g. before you merge)

Auditable - See what was done


(e.g. when things were applied. see if there were errors)

Accessible - Anyone who can open a PR can contribute


The Solution Tool of...

https://runatlantis.io

Now an official HashiCorp sponsored project


Built for
(but will run anything)
About Atlantis

Purpose-built for Terraform (understands init, plan, apply)

Project started at Current Maintainer is


Luke Kysow
Officially forked into
https://github.com/runatlantis/atlantis

Open Source APACHE2

100% Golang with good test coverage


Basic Flow Diagram
How We Use Atlantis

Terraform
Cloud Formation
Helm
Because we can
run any command

Helmfile
But will it work with...

Terragrunt? YES
GITLAB? YES
BITBUCKET? YES
Docker? YES
“Interactive”
Pull Requests
Step One: Open Pull Request
Step Two: Review “Auto Plan”
Step Three: Seek Approval

Code Review
Step Four: Deploy Changes
Step Five: Merge Pull Request
That was
easy.
Atlantis Users?

(...and soon most of our customers)


What others are saying...
Kelsey Hightower says... Extra Dope

https://runatlantis.io
How to get started

1. Deploy Atlantis (e.g. ECS, Kubernetes+Helm)


2. Add atlantis.yaml to each repo
3. Get back to work (sorry).

Or just ask us for help =)


Deploy Atlantis on ECS Fargate

fargate certificate create 1. Create TLS Certificate


fargate certificate validate
2. Activate it
fargate lb create
fargate lb alias 3. Create Load Balancer

fargate service create 4. Assign DNS

5. Deploy Container

https://github.com/cloudposse/geodesic-aws-atlantis
Example atlantis.yaml.

version: 2 # define list of chart repositories


projects: # list of projects in this repo
- name: "alpinist" # friendly name for this project
dir: "terraform" # directory with the tf code
workspace: "default" # workspace to use with this project
terraform_version: "v0.11.7" # terraform version to use
autoplan: # automatically run terraform plan
when_modified: # when…
- "*.tf" # any .tf file changes
enabled: true # and enabled
# then run terraform apply
apply_requirements:
# only when approved
- "approved"
# run this workflow
workflow: "default"
Steps can be Entirely Customized.
Example atlantis.yaml. (Continued)

workflows: # define list of workflows


default: # friendly name for this workflow
plan: # to do a plan
steps: # perform some steps
- run: "init-terraform" # run a command to initialize tf state
- run: |- # use fancy YAML conventions
terraform plan -no-color \ # run a terraform plan use with -var-file
-var-file atlantis.tfvars -out $PLANFILE # save the plan to a file for later
apply: # to do a plan...
steps: # run these steps..
# with some fancy YAML
- run: |-
# run apply using previous plan
terraform apply -no-color \
# $PLANFILE ensures WYSIWYG
-var-file atlantis.tfvars $PLANFILE
Steps can be Entirely Customized.
Live Demo

1. Add User
2. Open PR
3. Run Plan
4. Seek Approval (or not)
5. Apply
6. Merge
Demo Time!
Our Best Practices

Use one Atlantis Server per account (prod, dev, staging, identity, security, etc)

Use IAM Service Account for credentials (not hardcoded credentials)

Use GitHub CODEOWNERS

Use -var-files for non-secrets


Atlantis
Use chamber by segmentio for secrets (SSM+KMS) “Best Practices”

Disable for forks


Gotchas

Atlantis is under active development

We’ve forked it to support what we needed


https://github.com/cloudposse/atlantis
1. Restricted Users
2. Git Submodules
3. Multiple Pipelines (e.g. atlantis/prod.yaml, atlantis/staging.yaml)
4. Destroy action
5. Custom wake words (e.g. “echo, shut up”)
GitOps

Stop living dangerously.


Start using GitOps.
● Practice total transparency in operations
● Increase Productivity, Simplify Maintenance, Ensure Repeatability
● Reduce the barrier to entry
● Scalable strategy to manage lots of infrastructure

https://github.com/runatlantis/atlantis
HashiConf 2018 Announcements

0.12 (al 1) re ed
+ “Ter r S at a S v e”
Aut ic U li -> Ope S ce
New v e ! Man ha s h ra m
Links

Our Fork

https://github.com/cloudposse/atlantis

Our Slack Community


Join our community!
https://slack.cloudposse.com/

Our Demo

https://github.com/cloudposse/root.cloudposse.co
Totally Bodacious

Geodesic (container+env pattern for Infrastructure as Code)


github.com/cloudposse/geodesic
Packages (our complete toolchain + alpine packages)
github.com/cloudposse/packages
Build Harness (Makefiles on Steroids; build anything)
github.com/cloudposse/build-harness
Reference Architectures
github.com/cloudposse?q=cloudposse.co
Documentation
docs.cloudposse.com
om
15 .c
se
86 s
5 po
5
3
o ud
A Totally Sweet DevOps Professional Services Company
1 5 cl
4
o@
ll
Hire us. =) h e

100+ Free Terraform Modules github.com/cloudposse/

Active Community slack.cloudposse.com

Awesome Documentation docs.cloudposse.com

(free consultation)

You might also like