tag-app-delivery
tag-app-delivery copied to clipboard
cncf
Atlantis sandbox submission review
Atlantis is a tool for automating Terraform workflows proposed to CNCF sandbox in https://github.com/cncf/sandbox/issues/60. This issue tracks discussions and reviews of Atlantis to help with accepting it in CNCF sandbox.
We've asked @jamengual and team to join an upcoming TAG meeting to discuss the following about the project.
Please plan to present for about 20 minutes, followed by 5-10 minutes of questions and answers from TAG members.
- the values this project proposes to end users
- the project's high-level technical architecture
- a brief demo of experiences and UIs
- the project's near-term roadmap
- state of the project's community and governance
- comparison with existing projects
Hi Josh can you confirm is should prepare for 11/11 or later TAG meeting?
Hi @jamengual could you present at the 12/6 meeting of the TAG? We have another project presenting on 11/15 now, and folks will want to review Kubecon in that 11/15 meeting too. To give you the most time and flexibility 12/6 would be best.
Thanks and looking forward!
Hi @joshgav, what are the details of the meeting on Wednesday? Where and how do we present?
Thanks.
Hi @jamengual - info is in our agenda/notes doc here: https://docs.google.com/document/d/1OykvqvhSG4AxEdmDMXilrupsX2n1qCSJUWwTc3I7AOs/
Please join the Zoom call there at 11am US Eastern time on Wednesday - here's a conversion tool set to that time: https://www.timeanddate.com/worldclock/converter.html?iso=20231206T160000&p1=64&p2=tz_gmt&p3=tz_cet
Thanks and see you then!
@joshgav here are the issue link I referred on the presentation.
https://github.com/runatlantis/atlantis/issues/3686#issuecomment-1699343470
https://github.com/runatlantis/atlantis/issues/3663#issuecomment-1674038026
Thank you @jamengual for presenting, here's the info shared:
- Recording: https://youtu.be/5Pl5wWL103M?t=553
- Notes: https://docs.google.com/document/d/1OykvqvhSG4AxEdmDMXilrupsX2n1qCSJUWwTc3I7AOs/edit#heading=h.uwtaxxogqm9v
Values
- Atlantis is a GitOps controller for Terraform
- Atlantis applies Terraform plans in reaction to comments in PRs that include Terraform files
History
- existed since 2018 and earlier
- has not reached 1.0 but lots of people use it in production
- Slack group with strong community
- originally the project was under Hashicorp's management but Hashicorp has left it to the community now
- Hashicorp is supportive of CNCF taking over this project, see https://github.com/runatlantis/atlantis/issues/3686#issuecomment-1699343470
- 90% of features proposed and added by community
- original maintainers have left project
Architecture
- installation
- it's a Go binary that can be run anywhere
- can be hosted in K8s using Helm charts, there's a Docker image, some folks run it in VMs or EC2
- user configures a webhook subscription in their git provider to send messages to Atlantis service
- current design is to use git providers' existing collaboration interfaces, like discussions in GitHub issues
- desire to include an API-driven mechanism too rather than only reacting to VCS interfaces
- ultimately runs Terraform commands in the server and writes status back to PR
- currently some statefulness to track and lock activities associated with specific work items; desire to make stateless to be more scaleable
Goals, roadmap
- integrate with other services like Argo, CI/CD pipelines
- establish a standard release process using post-merge hooks
- don't only depend on VCS (GitHub) interface
- all hard-coded for Terraform, adjust for OpenTofu
- policy checking also hardcoded to use conftest, adjust to support multiple policy providers
Challenges
- lack of long-term maintainers
- need better regression tests for new features - to better support one-off contributions without breaking other features
- "patch"-level fixes were unexpectedly breaking users - so just added a process to cut "minor" releases too
- difficult to integrate and test different VCS providers - don't always have access to VCS systems - GitHub heavily favored
- project was previously controlled by Hashicorp
Similar
- Scalar, Env0, TFC, Spacelift
- others don't use VCS interface
- there is more than Terraform in the workflow - can apply policies like checking costs with InfraCost
- can run post-merge actions once PR is merged
Questions
- Why apply for Sandbox if you have such wide adoption? Perhaps apply for Incubation instead?
- want to focus on building contributor base and wait on due diligence so sandbox is a good fit
- incubation requires more work than sandbox which may not be needed
- How many contributors outside the core maintainers?
- 3 core maintainers, 3 regular contributors
- What is the risk of you or Pepe leaving the project or spinning off onto a new project and not having time to contribute anymore?
- They are committed, but it's a concern...
- This is one of the reasons to join CNCF - attract more contributors
- Do you expect previous maintainers to return due to these changes or do you consider it unlikely?
- Maybe but haven't contacted them
- What support do you expect from joining CNCF? How can the TAG help you?
- To increase number of long-term maintainers
- To improve governance
- To bring assurances to users
- Does this support OpenTofu too? Should this be in the OpenTofu organization?
- want to be neutral to TF and OpenTofu
- Will there be licensing problems with Terraform?
- Hashicorp agreed to donate the project to the CNCF if it gets accepted and believes it isn't effected by license changes, see https://github.com/runatlantis/atlantis/issues/3663#issuecomment-1674038026
- Project created by one of their employees so best to get their agreement
- All is Apache2, all domains and names are in control of current maintainers
- Is it okay that you ship the Terraform binary in the Docker image? Yes, as long as it's not resold commercially - that needs Hashicorp's agreement. But it would not be possible for others to commercialize the project.
~👋 Hi folks, Atlantis maintainer here, just want to checkin where we are with this thread. Thanks!~
just saw the TOC vote in the toc repo, I think I am all good. Thanks!
The presentation is done, and currently, there are no open action items. Therefore, closing this ticket.
Please feel free to contact us if you need our support!
