Making Atlantis multitenant

I love Infrastructure as Code. I popularized it in the company that I work for - all of our projects now start with the infrastructure codified. I’m also trying to move all of the company’s shared (e.g. self-hosted CI tools) infrastructure definitions to code. I’ve had my share of clicking on the web panels and writing CLI scripts to manage the cloud. I still think doing this manually is much faster for quick fixes or some temporary changes but to make it sustainable, maintainable and discoverable you have to make it declarative - so codify it, as everything else!

My tool of choice for IaC is Terraform. There are other solutions available on the market (ARM, CloudFormation, Pulumi, …) but that doesn’t really matter here now. The point is - as with everything - IaC is better when applied automatically. 🙂 And here comes Terraform Atlantis, a “pull request automation” (basically CI/CD 😉 ) for Terraform.

Atlantis is a great tool, really, but it is quite simple. It does one thing and does it well but it lacks “corporatey” things that I, unfortunately, need - multitenancy. But fear not! Atlantis can be scripted so we can easily add that ourselves on top of it. So welcome kvenv, a simple tool that allows you to juggle credentials in order to shield yourself from others (and probably yourself too 🙂).

Reverse-proxy yourself to the host

This is a follow-up post to the one I’ve written last week. I’ve showed there how to leverage Docker and Let’s Encrypt for easier HTTPS on localhost but that solution required developing your app inside a container. I personally prefer that option but sometimes the tooling is not so well suited for work inside container (e.g. webpack + Docker for Windows). For that we need to take a little different route.

Reverse-proxy yourself to localhost with SSL/TLS

Some time ago Scott Hanselman described how to setup self-signed certificates for localhost using dotnet dev-certs. Having SSL on localhost is, for me, a must-have since we all want to have our dev env resemble production as much as possible. The approach Scott showed is great but it might be a little bit hard to use on Linux. On Linux-based systems there are multiple libraries, multiple (probably embedded) stores and hundreds of options to configure all of this. I’ll show you an another approach that will allow to develop apps locally with full SSL/TLS and nice addresses.