Stop Squinting at IaC Templates: Preview Diffs for Argo CD, Terraform, and more!

Cole Thienes — Sat, 23 Mar 2024 13:32:55 +0000

See the GitHub project here: https://github.com/infro-io/infro-core

IaC Templates are everywhere

In the modern software development landscape, Infrastructure as Code (IaC) templates have become a staple. Many companies use them to manage the complexity of setting up the same infrastructure over and over, and to provide vetted, “paved-path” infrastructure setups. However, this often leads to developers not completely understanding what they’re setting up, as the details are hidden from them with layers of abstraction. Take this change for example:

From: https://codefresh.io/blog/argo-cd-preview-diff/#attachment_24546

It’s not immediately apparent how this helm template will actually change the underlying Kubernetes infrastructure. Tools like like helm diff, terraform plan, or aws cdk diff are great for understanding exactly what will be rendered, it’s they’re manual to run and not always enforced by reviewers. This is where the need for automation comes in.

Searching for a solution

Many solutions in the wild will interact with the IaC provider to publish the rendered diffs to pull requests, so reviewers can see them before approving a code change:

For example, Atlantisgo for Terraform, Zapier’s Kubechecks for Argo CD, Quizlet’s GitHub action all do something similar to this. But a generic, extensible tool for IaC providers doesn’t seem to exist. Additionally, many of them require exposing your Kubernetes cluster or other infrastructure to third-party access, webhooks, etc.

Enter Infro

Infro is a generic solution that integrates with different IaC providers to provide a clear, holistic view of your changes on pull requests. For example, if you deploy both Argo CD and Terraform infrastructure in your repository, your diff make look like this:

This example shows the output of the Infro GitHub Action (see setup instructions here), and requires access to the Kubernetes cluster in order to interact with the Argo CD API to generate diffs. However, the self-hosted option does not have this requirement (see setup instructions here). Deployed into your cluster, Infro will instead poll the GitHub API for updated pull requests in your organization or user account, and interact with the in-cluster Argo CD to publish diffs to those pull requests.

Finally, there is also a cloud option which allows you to install a GitHub App on your organization or user account, add your IaC configurations, and receive PR diff comments, all without a line of code (see article here).

Configuration

Wherever it’s deployed, the Infro configuration is very extensible, allowing Infro to run diffs against multiple IaC providers and publish comments to multiple types of version control systems:

deployers:
  - type: argocd
    name: <ARBITRARY_NAME>
    authtoken: <ARGOCD_TOKEN>
    endpoint: <ARGOCD_ENDPOINT>
  - type: terraform
    workdir: <TERRAFORM_WORKDIR>
vcs:
  type: github
  authtoken: <GITHUB_TOKEN>

The configuration has a set of deployers which currently includes Argo CD and Terraform, but could contain other providers like AWS CDK. You configure the vcs, to enable Infro to publish diffs to your version control system. Only GitHub is supported today, but this could also be GitLab, BitBucket, etc.

Conclusion