#townhall (2018-10)
Town Hall Discussions
Archive: https://archive.sweetops.com/townhall/
2018-10-02
@mallen has joined the channel
2018-10-03
@Steven has joined the channel
wanted to ask about how things were going with CP and Atlantis
There are two hard blockers for using it:
1) https://github.com/runatlantis/atlantis/issues/249 (no response) - to support multiple instances of atlantis in diffferent accounts
@Gabe - this one
And this one!!! https://github.com/runatlantis/atlantis/pull/310
one left, and it’s ready for prime time: https://github.com/runatlantis/atlantis/issues/308
2) no way to scope who can run plan or apply other than revoking access to repo
awesome name @tamsky
for 2) you’d like to see github groups perform RBAC ?
i would be satisfied with a hardcoded list of usernames in the server
groups would be icing
I’m really enjoying https://github.com/kislyuk/keymaker - and IAM groups <> UNIX groups
both of those blockers read to me as accurate and missing requirements. I could imagine bypassing 2) by having two Atlantis’s per stage, one RO other R+W.
Perhaps, but how would you scope the access to the r/w and r/o pipelines?
at the oauth proxy?
oh, but all the interaction is via git comments
so what we really need is the google/kubernetes repo bot commands like
ok to test
then I deserve a “whoops”
so i think technically, not too hard to extend
otherwise comment back and say not authorized
i’ve debated if we want to commit the resources to fix 1 & 2
we may just end up using codefresh for v1
prove the concept out
for example, with Zapier, i can act on a comment and trigger a pipeline via webhook
i go back and forth with atlantis b/c we still need to solve the same problem with kops and helm (not just terraform)
@tamsky this was opened/closed today https://github.com/runatlantis/atlantis/pull/306/files
Addresses (1)
@ankur has joined the channel
2018-10-05
@Gabe has joined the channel
2018-10-10
@Raghu has joined the channel
2018-10-13
@Gaurav has joined the channel