From 714861165b34221c5bc81e33ed71d8f72df90b49 Mon Sep 17 00:00:00 2001 From: Nicki Washington Date: Sat, 16 Mar 2019 21:29:51 -0400 Subject: [PATCH] add risks to atlantis deployment --- content/faq/risks-to-atlantis-deployment.md | 23 +++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 content/faq/risks-to-atlantis-deployment.md diff --git a/content/faq/risks-to-atlantis-deployment.md b/content/faq/risks-to-atlantis-deployment.md new file mode 100644 index 000000000..a68936761 --- /dev/null +++ b/content/faq/risks-to-atlantis-deployment.md @@ -0,0 +1,23 @@ +--- +title: "Are there any risks/downsides to deploying Atlantis?" +description: "All things being equal, we strongly bias towards it to get the human operator out of the TF deploys equation." +tags: +- Atlantis +- cluster +- Helm chart +- Kubernetes +- AWS +--- + +## Question + +Are there any risks/downsides to deploying Atlantis? Which cluster would it be deployed to? + + +## Answer + +It can be deployed as a Helm Chart under Kubernetes with Kiam to give it AWS administrator privileges. We’ve deployed it with ECS fargate, so it's "out of phase" with the `kops` Kubernetes cluster. Our reasoning for this is that it enables us to use Atlantis to apply changes to Kubernetes with the `kops` command without destabilizing the Atlantis server in the process. + +We prefer to deploy Atlantis once per AWS account to "share nothing." We note that this is strictly unnecessary, because it's possible to deploy Atlantis in fewer accounts and instead `assume-role` into the other accounts. We haven’t deployed it that way, and it might take some tinkering to get everything to work. We also don’t like this because it considerably extends the blast radius . + +All things being equal, we strongly bias towards it to get the human operator out of the TF deploys equation.