#atlantis (2021-08)
| Discuss the Atlantis (<http://runatlantis.io | runatlantis.io>) |
**Archive: ** https://archive.sweetops.com/atlantis/
2021-08-01
Anyone having issues trying to run Atlantis github app with GitHub Enterprise 3.0.3? Having issues when Atlantis tries to write in the PR, GH is returning 401
Looks like you’re missing some perms for Atlantis user.
Or haven’t provided correct GH auth info to Atlantis.
This could lead you to some idea what could be done: https://github.com/github/hub/issues/1067
Finally figured it out, I forgot to remove the fake user configuration for the github app installation.
2021-08-02
2021-08-05
Sorry for the crosspost! https://sweetops.slack.com/archives/CDYGZCLDQ/p1628180678007200
Atlantis runs terraform
if you can do it with terraform then you can do it with atlantis
you can run a custom command that calls a script
yep, atlantis runs terraform, but what we want is a nice way to pull down infrastructure that atlantis created, through gitops ? thanks!
again, Atlantis did not created it, terraform did so if you need to destroy for example you could have something like count = var.enabled == true ? 1 : 0 in all your resources and then you can set that variable to false and run apply and it will delete the resources
instead of running destroy
yeah, think i’ll need to add enabled to our component
i’ve had to destroy it from terraform personally rather than use atlantis
but would prefer if there was an easier way, thanks!
you can run destroy in atlantis
but you need a custom command
atlantis plan -- -destroy seems to be getting parsed out by direnv or something
but that’s our problem i think
but the “safest” ( and more cloudposse) way will be to use count
BUT when you do that then you need to add an index to all resource references
plus it’s a bit of a weird way to run it, as you have to raise a PR in a strange way to get it
yeah i’m going to just refactor the enabled bits into my component
module.forwarder_rds_label[0].id for example
2021-08-06
2021-08-07
any one faced this issue: https://github.com/runatlantis/atlantis/issues/1743
that is an invalid regex format
- id: [github.com/sohel2020/*](http://github.com/sohel2020/*) that is not valid
- id: /github.com\/sohel2020\/.*/ maybe is what you want
look at the issue comments
2021-08-09
2021-08-12
Imagine you need to use a specific Python package as a run step in the custom workflow in Atlantis, and that package needs to be installed in advance.
Where do you install that package?
• As a set of run in the init phase
• As part of your dockerfile or environment where you run Atlantis
• Pre-workflow hook (https://www.runatlantis.io/docs/pre-workflow-hooks.html#usage) Something else?
I think the dockerfile is the cleanest, as it can be installed system wide. There may be many run steps that run or pre-workflow hooks, and some of those may be done in parallel, which can get messy with certain package managers.
you build your own image
you could add a lot of stuff as run commands but it gets messy pretty quickly as @David said
Great thanks!
Another question - if you need Atlantis to have secrets (like an API key to another service), where are you storing them?
Parameter Store or Secret Manager
expose as secrets in the Task Def/Container/Pod
external secrets provider etc
some they get created in TF ( which will be stored in the state)
some will be created with clickops and read from
( master secrets that need to be created by hand before any gitops can happen and might be stored in a password manager like lastpass or 1password)
OK so Atlantis runs within some context that gives it access to secrets (For example, under a role in AWS that has access to the secrets). Then, you pull those secrets into env variables (using env with a command), and you use the env variables?
yes
in the case of ECS in AWS for example, you can expose a secret as a ENV variable to the container OR terraform will read something like this :
resource "aws_ssm_parameter" "datadog_key" {
name = "/datadog/api-key"
description = "Test Datadog key"
type = "SecureString"
value = "testkey"
}
with the data resource