Introduction
Infrastructure as Code (IaC) has revolutionized how we manage cloud infrastructure. Terraform, being one of the most popular IaC tools, allows declarative, repeatable, and version-controlled infrastructure provisioning. However, as teams grow, managing Terraform execution securely and collaboratively becomes challenging.
Atlantis solves this by bringing Terraform into your GitOps workflow. In this post, we’ll explore what Atlantis is, how it works, why it’s useful, and how to set it up.
What is Atlantis?
Atlantis is an open-source tool that automates Terraform workflows via pull requests. It listens to Git events (PRs, pushes, etc.) and triggers Terraform commands such as plan and apply automatically in response to PR comments.
Core Features:
- Git-based Terraform automation
- PR-based infrastructure change visibility
- Secure plan and apply in CI/CD pipelines
- Team collaboration with role-based approvals_
How Atlantis Works
PR Creation: A developer creates a pull request with Terraform changes.
Atlantis Webhook Triggered: Atlantis detects the PR via a Git webhook.
Terraform Plan: Atlantis runs terraform plan and comments the output on the PR.
Approval: A reviewer comments atlantis apply once satisfied with the plan.
Terraform Apply: Atlantis applies the changes using terraform apply.
Prerequisite
- Storage (I am Using Longhorn)
- MINIO (Object Storage)
- Kubernetes
- Atlantis (Open-source tool used to automate Terraform workflows)
- Istio/Ingress (For Exposing Atlantis)
- Gitlab
- AWS Free Tier
** Generate Random Token**
head -c 32 /dev/urandom | base64
Create Secret for Minio
apiVersion: v1
kind: Secret
metadata:
name: minio-credentials
type: Opaque
stringData:
access_key: <access_key>
secret_key: <access_secret>
# kubectl apply -f minio.yml
Create values.yml
environmentSecrets:
# MinIO Credentials for remote backend
- name: MINIO_ACCESS_KEY_ID
secretKeyRef:
name: minio-credentials
key: access_key
- name: MINIO_SECRET_ACCESS_KEY
secretKeyRef:
name: minio-credentials
key: secret_key
gitlab:
user: "champ25"
token: "<gitlab-token>"
secret: "<random-secret>"
hostname: "gitlab.com"
aws:
credentials: |
[default]
aws_access_key_id=<AWS ACCESS KEY>
aws_secret_access_key=<AWS SECRET KEY>
directory: "/home/atlantis/.aws"
repoConfig: |-
- id: gitlab.com/infrastructure149/*
apply_requirements: [approved, mergeable]
import_requirements: [approved, mergeable]
workflow: default
allowed_overrides: [workflow, apply_requirements]
allow_custom_workflows: true
workflows:
default:
plan:
steps:
- run: |
terraform init -reconfigure\
-input=false \
-backend-config="bucket=terraform-statefile" \
-backend-config="key=envs/dev/terraform.tfstate" \
-backend-config="region=us-east-1" \
-backend-config="access_key=${MINIO_ACCESS_KEY_ID}" \
-backend-config="secret_key=${MINIO_SECRET_ACCESS_KEY}" \
-backend-config="skip_credentials_validation=true" \
-backend-config="skip_metadata_api_check=true" \
-backend-config="force_path_style=true" \
-backend-config="skip_requesting_account_id=true" \
-backend-config="force_path_style=true" \
-backend-config="endpoint=https://minioapi.kubeopscloud.uk"
terraform plan -input=false
apply:
steps:
- run: |
terraform apply -input=false --auto-approve
Install Atlantis
helm repo add runatlantis https://runatlantis.github.io/helm-charts
helm install atlantis runatlantis/atlantis \
--namespace atlantis -f values.yaml \
--create-namespace
Expose via Istio to access from Gitlab
root@master:~# kubectl exec -ti atlantis-0 -n atlantis -- printenv | grep -i webhook
ATLANTIS_GITLAB_WEBHOOK_SECRET=0adfa526cfdgdgsgsdhsdgtewsgsfgsdhshgsgsd
Copy the Webhook Secret to Use in Gitlab
Login To Gitlab
Create A Project : VPC Creation
Copy The Terraform Code to VPC Creation Project
Click On Setting --> Click Webhook
Note : Copy the Webhook Token
Create A Branch and Create MR
_As soon as we create ME, Atlatis Webhook will get triggered
_
Click On Show Output and we will see the plan
If Plan Looks Good, type atlantis apply -d . in commit message
Wait For Some Time and you Will See Output
Click On Show Output
We have Sucessfully Integrated Atlantis to create workflow with Terraform using Gitlab
Verify state file in Minio
Successfully state file updated in Minio Storage
Conclusion
Atlantis brings safety, visibility, and collaboration to Terraform workflows by integrating with Git. With pull request automation, it enables true GitOps-style infrastructure management — ensuring all changes are reviewed, tracked, and auditable.
Top comments (0)