#atlantis (2018-12)
Discuss the Atlantis (<http://runatlantis.io | runatlantis.io>) |
**Archive: ** https://archive.sweetops.com/atlantis/
2018-12-01
![rohit avatar](https://secure.gravatar.com/avatar/96545ffc5c19a46414f41c76b28d2944.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
Hello. So i am thinking about using Atlantis and was wondering how to set it up
![rohit avatar](https://secure.gravatar.com/avatar/96545ffc5c19a46414f41c76b28d2944.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
Also, is it possible to run terraform commands when we use atlantis ?
![rohit avatar](https://secure.gravatar.com/avatar/96545ffc5c19a46414f41c76b28d2944.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
like for example, terraform workspace
command
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Yes, you can run any arbitrary commands
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Atlantis understands workspaces too
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@antonbabenko has module for it
![antonbabenko avatar](https://secure.gravatar.com/avatar/fc9fce3c16a287d672ec5433430f11ca.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0011-72.png)
https://github.com/terraform-aws-modules/terraform-aws-atlantis - I have not used it much since the release, so it may require some polishing.
Terraform configurations for running Atlantis on AWS Fargate - terraform-aws-modules/terraform-aws-atlantis
![rohit avatar](https://secure.gravatar.com/avatar/96545ffc5c19a46414f41c76b28d2944.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
awesome
![rohit avatar](https://secure.gravatar.com/avatar/96545ffc5c19a46414f41c76b28d2944.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
so once atlantis is setup, do we run arbitrary commands in github ?
![antonbabenko avatar](https://secure.gravatar.com/avatar/fc9fce3c16a287d672ec5433430f11ca.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0011-72.png)
yes, in github PR comment users should be able to write everything atlantis can recognize - atlantis plan
![rohit avatar](https://secure.gravatar.com/avatar/96545ffc5c19a46414f41c76b28d2944.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
nice
2018-12-02
![arwin.tugade avatar](https://secure.gravatar.com/avatar/480624f30d00c0d1531679e73d32c415.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
Hey all, I’ve been playing around with Atlantis and I’m at a point where I want proof of concept this in an actual workflow. My setup for AWS accounts one per environment (dev, stg, prd) with an instance of Atlantis in each account/environment. Dev teams will hook into Atlantis via an atlantis.yml and webhook. This is what my question revolves around, in this sort of setup, what does the webhook setup for a repository look like if you have 3 separate Atlantis instances?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
So, it basically comes down to how you organize your infra. In our case, we have 1 repo per AWS account.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
and then a terraform-root-modules
that acts like a library we can pull from
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
so then in each of our account repos, we pull in the terraform root modules that we want to use
![arwin.tugade avatar](https://secure.gravatar.com/avatar/480624f30d00c0d1531679e73d32c415.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
Do you treat application repos the same way? And how do you promote changes from one env to the other? For instance, in the case you’re talking about, say i’ve made some changes to the vpc in the dev repo that needs to be reflected in stg and prd.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
so all changes are made to terraform-root-modules
and tagged
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
then you update the tag in the corresponding environment with a PR <– which you can use atlantis to execute
2018-12-03
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
@arwin.tugade for my setup we have all of our terraform in a single repo with 3 folders, dev, prod, stg and a single atlantis that applies them all.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
yea, I think that’s the most common approach and the use-case I think atlantis was originally built for
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
the part about that I struggle with is controlling access and reducing blast radius
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
this is why we forked atlantis to implement the basic ACLs
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
those ACLs are scoped to a particular instance of atlantis
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
then we can deploy atlantis into different AWS accounts and control who can do what based on GitHub team membership
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
we do that by using CODEOWNERS and requiring approval before an apply
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
what Allow operator to define a list of permitted users who can trigger atlantis commands why Currently, the only way to restrict access is by adding/revoking users from a repository altogether. We…
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
has something changed?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Last I was aware, CODEOWNERS
prevents merging, but mergability is not yet used to determine who can plan or apply
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
My understanding was that it linked into the approval process. I’ll verify that requirement.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
it does, but it only requires that one of the CODEOWNERS
approves
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
but it doesn’t prevent anyone else from also approving
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
and atlantis only checks if it has been approved
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
but not if it can be merged
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Via @psalaberria002, would like to be able to only allow certain people to run apply.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Issue by @lkysow Thursday Nov 30, 2017 at 06:54 GMT Migrated from hootsuite/atlantis#210 Why was it migrated? GitHub has lots of branch protections that we could support in Atlantis by requiring th…
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
@Erik Osterman (Cloud Posse) ahh good catch
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
I guess I should put in some PRs
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
2018-12-04
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
Anyone want to have a conversation around - https://github.com/runatlantis/atlantis/issues/43
Issue by @lkysow Thursday Nov 30, 2017 at 06:54 GMT Migrated from hootsuite/atlantis#210 Why was it migrated? GitHub has lots of branch protections that we could support in Atlantis by requiring th…
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
I would like to implement it, but I want to get some opinions
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
@Shane let’s discuss that
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
we already added some security to our atlantis fork https://github.com/cloudposse/atlantis/releases/tag/0.1.0
GitOps for Teams (experimental hard fork of atlantis) - cloudposse/atlantis
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
and some other features https://github.com/cloudposse/atlantis/releases
GitOps for Teams (experimental hard fork of atlantis) - cloudposse/atlantis
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@mumoshu would maybe also be interested in that flag
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
He got busy with Reinvent so couldn’t get back to his PR for custom stages
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
My prime interest is in using the merge able state and allowing github to do the logic on if it’s safe to apply.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I think the interface laid out by Luke looks good by adding a parameter like the require-approval
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Add require-mergability
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I think it should be also available to “plan”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
A user can execute any command as part of plan
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
In that case would it be better to create 2 separate flags or a flag that has a value and requires mergability for all steps below it in the chain
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
would we want to do plan
even if the PR could not be merged for any reason?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
So right now there are “apply_requirements”, then maybe “plan_requirements” for consistency
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
So if that’s how that was designed how would you layout the flags
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
Would you do a flag per state?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Yep, I think that’s how it would work
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
“State” in this case refers to…?
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
stage as in plan, apply
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
we played a bit with the GitHub branch protection API in Go, something for reference https://github.com/cloudposse/github-status-updater/blob/master/main.go#L145
Command line utility for updating GitHub commit statuses and enabling required status checks for pull requests - cloudposse/github-status-updater
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
@Andriy Knysh (Cloud Posse) thanks I’ll take a look
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
Stab at adding support for rebasing onto master - https://github.com/runatlantis/atlantis/pull/374
This adds a flag to the CLI to have the PR rebased onto the master branch when the flag –rebase-repo is set. I did not implement the configuration for the atlantis.yml as I was not sure if we woul…
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
that’s cool!
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
I implemented it in the simplest way as possible that fits my use-case please let me know if you would like to see any tweaks.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
makes sense - i hadn’t considered the fact we should be rebasing before running plan/apply, but agree since we always do that before merging.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
dependabot
does that - which is nice
2018-12-05
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
anyone else see an issue with atlantis with multiple github hooks being processed
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
…. apparently the tool I’m using to display logs is the culprit…
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
with a stateful set whenever you have a new container it tails that container, but since it’s the same name it tails it X amount of times where X is the amount of new containers that have started since you started the tail….
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
which tool are you using?
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
ktail is a tool to easily tail Kubernetes logs. Contribute to atombender/ktail development by creating an account on GitHub.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
btw, if you’re not able to get your PR merged upstream in atlantis, we’ll accept it in cloudposse/atlantis
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
This adds a flag to the CLI to have the PR rebased onto the master branch when the flag –rebase-repo is set. I did not implement the configuration for the atlantis.yml as I was not sure if we woul…
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
Good to know thanks
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@Shane
2018-12-12
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Introduce new mergeable requirement, in similar vein to the approved requirement. Addresses #43.
![davidvasandani avatar](https://avatars.slack-edge.com/2019-10-02/784259469622_7d9e31719822afd94ef8_72.jpg)
@Erik Osterman (Cloud Posse) this was closed not merged. They preferred it was just done via custom commands.
Introduce new mergeable requirement, in similar vein to the approved requirement. Addresses #43.
![davidvasandani avatar](https://avatars.slack-edge.com/2019-10-02/784259469622_7d9e31719822afd94ef8_72.jpg)
Do you have a successful workflow that implements the rebase using custom commands? It seems everyone in the GitHub comments is still working on it.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@davidvasandani it’s not closed, but looks like it will get merged any day now. Lot’s of interest from Luke on it.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
This is not the rebase PR
![davidvasandani avatar](https://avatars.slack-edge.com/2019-10-02/784259469622_7d9e31719822afd94ef8_72.jpg)
Thanks! This looks awesome.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I add a comment here that repos should have commands
that can be run
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
woohoo!
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@Andriy Knysh (Cloud Posse)
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
Looks like it just got merged
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
That’s a nice addition
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![antonbabenko avatar](https://secure.gravatar.com/avatar/fc9fce3c16a287d672ec5433430f11ca.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0011-72.png)
The screenshot where Erik is talking to Erik inspired me to click the link Massive document you guys are composing! Bookmarked to read next week!
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@Shane what do you think about this?
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
so that would be a global setting for any terraform in that repo to allow for executing something prior aka in your example rebase?
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
That’s likely helpful as you want to do it before plan and before apply so you would not want it to be part of the apply/plan chain
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
My understanding is that it’s generalized settings for a particular repo
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
so in your case, it’s that you want to rebase after checking out
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
in our case, we wanted to update submodules
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
i am thinking this could maybe be solved in the generalized way of adding commands
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
ya, that sounds reasonable
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
(not sure if there are global settings - which would also be nice)
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
basically any action that you wanted to fire off, before a command.
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
kind of a pre-hook for any action
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
yea, almost like a pre-hook indeed
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
maybe changing the name to something like pre-command
would make more sense
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
or pre-actions
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
oh, so id
is a regex, so it’s possible to set globals
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
2018-12-14
![i5okie avatar](https://secure.gravatar.com/avatar/a5a5e4b62699a4adf3c150d0ffcb3b4c.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
hi
![i5okie avatar](https://secure.gravatar.com/avatar/a5a5e4b62699a4adf3c150d0ffcb3b4c.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Yea, atlantis is very sweeet!
![antonbabenko avatar](https://secure.gravatar.com/avatar/fc9fce3c16a287d672ec5433430f11ca.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0011-72.png)
@i5okie and others, I have just added Gitlab and SSM support into Atlantis AWS Fargate module - https://github.com/terraform-aws-modules/terraform-aws-atlantis/
Terraform configurations for running Atlantis on AWS Fargate. Github and Gitlab supported. - terraform-aws-modules/terraform-aws-atlantis
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Had some time to get back to coding?
![antonbabenko avatar](https://secure.gravatar.com/avatar/fc9fce3c16a287d672ec5433430f11ca.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0011-72.png)
Well, kind of. At the same time I need to do work for customers implementing Terraform while there are no conferences. My next travel will be in 39 days.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
That’s almost like a vacation for you
2018-12-15
![antonbabenko avatar](https://secure.gravatar.com/avatar/fc9fce3c16a287d672ec5433430f11ca.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0011-72.png)
ohh, yes, though I try to not mix work and vacation. Looking forward to my month off in July already
2018-12-17
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
nice the atlantis chart was merged in - https://github.com/helm/charts/pull/8177#discussion_r241457448
https://runatlantis.io Signed-off-by: Josh Kodroff [email protected] What this PR does / why we need it: There's no Helm chart for Atlantis, and it's a useful tool. Checklist [Place an …
2018-12-18
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@Shane just merged our helmfile for atlantis: https://github.com/cloudposse/helmfiles/blob/master/helmfile.d/0700.atlantis.yaml
Comprehensive Distribution of Helmfiles. Works with helmfile.d
- cloudposse/helmfiles
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
we’re using our monochart
though
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
also, only tested it against our flavor of cloudposse/atlantis
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
after using monochart
i get frustrated using any other charts because it’s so standardized
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
what’s cool, is we package this helmfile with the container, so it works like a heroku Procfile
2018-12-19
![mumoshu avatar](https://secure.gravatar.com/avatar/8e045bf747ca7a90b1d955dc30217271.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0015-72.png)
im rethinking my pr to add custom stages to atlantis https://github.com/cloudposse/atlantis/pull/20
can’t we just a write a webhook proxy server that sits in front of atlantis instead?
it should either (1) forward the webhook payload as-is to atlantis if it is atlantis plan blah
or atlantis apply
or (2) run preconfigured shell commands matching the pull request comment body.
this way, we have no need to scope-creep atlantis.
in theory, it will also allow extending atlantis without modifying it in some cases, like running multiple atlantis instances each for different branch.
also, you can add a mono-image containing both atlantis and the proxy then collocate it in the same fargate svc for easy integration/hosting.
maybe im getting crazy but wanted some feedback!
This is currently an alpha-level work of what the subject states. I have not tried to think throughout all the edge-cases, but it should work in normal cases. I want to run arbitrary helmfile comma…
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
webhook proxy server that sits in front of atlantis instead
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
i mean, at this point is atlantis
even in the picture?
![mumoshu avatar](https://secure.gravatar.com/avatar/8e045bf747ca7a90b1d955dc30217271.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0015-72.png)
i suppose you can choose
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
yea, like if we ultrageneralize this
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
webhook proxy that runs a command
![mumoshu avatar](https://secure.gravatar.com/avatar/8e045bf747ca7a90b1d955dc30217271.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0015-72.png)
if you bring atlantis in to the picture, you don’t need to reimplement tf-project locking and plan/apply functionalities
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
that command could be a taskrunner
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
it could be make
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
aha, i see
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@Shane how are your atlantis adventures going?
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
I have not touched Atlantis in at least a week. Playing with prometheus operator atm.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@mumoshu aha! I see what you’re staying now
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
basically, the proxy would look at the request and decide how to route it
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
and alternatively, be able to call out to some thing else
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
it’s like a github webhook router
![mumoshu avatar](https://secure.gravatar.com/avatar/8e045bf747ca7a90b1d955dc30217271.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0015-72.png)
2018-12-27
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
Don’t know if anyone has sway in helm/charts
repo - https://github.com/helm/charts/pull/10256
What this PR does / why we need it: Atlantis support for TLS, annotations, extra environment variables, log level, load balancer port restrictions @jkodroff
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Have you signed up for their slack? https://thawing-headland-22460.herokuapp.com/
What this PR does / why we need it: Atlantis support for TLS, annotations, extra environment variables, log level, load balancer port restrictions @jkodroff
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
nope did not know it existed.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
it’s smallish, but you’ll get direct access to Luke who is the maintainer
![Shane avatar](https://avatars.slack-edge.com/2018-11-16/481069875217_6fbbee537c0736f89e7f_72.png)
thanks