https://infracost.io logo
Join Slack
Powered by
hi all, we currently use atlantis with out terragr...
# general
w
hi all, we currently use atlantis with out terragrunt repo. will this work with terragrunt? https://github.com/infracost/infracost-atlantis/
c
Hi, yes integration should work. Please note the terragrunt specific section: https://github.com/infracost/infracost-atlantis/#terragrunt Let me know if that doesn’t work or if you run into any issues
w
@crooked-daybreak-55253 hi tim this is my existing repos.yaml
Copy code
repos:
  - id: "/.*/"
    apply_requirements: [approved, mergeable]
    pre_workflow_hooks:
      - run: terragrunt-atlantis-config generate --automerge --ignore-dependency-blocks --ignore-parent-terragrunt true --filter aws/accounts/ --autoplan --output atlantis.yaml
      - run: yq e -i '.projects[].autoplan.when_modified += "files"' atlantis.yaml
    workflow: terragrunt
workflows:
  terragrunt:
    plan:
      steps:
        - env:
            name: TERRAGRUNT_TFPATH
            command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
        - run: direnv-allow-all
        - run: direnv exec . terragrunt plan -input=false -out=$PLANFILE
        - run: direnv exec . terragrunt show -json $PLANFILE > $SHOWFILE
    apply:
      steps:
        - env:
            name: TERRAGRUNT_TFPATH
            command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
        - run: direnv-allow-all
        - run: direnv exec . terragrunt apply -input=false $PLANFILE
this is what it looks like after following the 
README
Copy code
repos:
  - id: "/.*/"
    apply_requirements: [approved, mergeable]
    pre_workflow_hooks:
      - run: |
        /tmp/infracost --version && [ $(/tmp/infracost --version 2>&1 | grep -c "A new version of Infracost is available") = 0 ] || \
          curl -L <https://infracost.io/downloads/v0.10/infracost-linux-amd64.tar.gz> --output infracost.tar.gz && \
          tar -xvf infracost.tar.gz && \
          mv infracost-linux-amd64 /tmp/infracost
      - run: terragrunt-atlantis-config generate --automerge --ignore-dependency-blocks --ignore-parent-terragrunt true --filter aws/accounts/ --autoplan --output atlantis.yaml
      - run: yq e -i '.projects[].autoplan.when_modified += "files"' atlantis.yaml
    workflow: terragrunt
workflows:
  terragrunt:
    plan:
      steps:
        - env:
            name: INFRACOST_OUTPUT
            command: 'echo "/tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM-$WORKSPACE-${REPO_REL_DIR//\//-}-infracost.json"'
        - env:
            name: TERRAGRUNT_TFPATH
            command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
        - run: direnv-allow-all
        - run: direnv exec . terragrunt plan -input=false -out=$PLANFILE
        - run: direnv exec . terragrunt show -json $PLANFILE > $SHOWFILE
    apply:
      steps:
        - env:
            name: TERRAGRUNT_TFPATH
            command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
        - run: direnv-allow-all
        - run: direnv exec . terragrunt apply -input=false $PLANFILE
is that all i need to do ? 🤯
i don't understand the below section of the README
Copy code
Also change references to the Infracost CLI invocation to /tmp/infracost
c
Not quite, so it looks like you’re using your own atlantis image with the “Install in pre-workflow” method. So what you’ve done so far is install the infracost cli at /tmp/infracost and done the special terragrunt step. Now you need to add steps to process the $$SHOWFILE (that’s what 
# Add custom steps here from the examples mentioned elsewhere in this readme
is trying to say). So if you need to pick how you want comments the comments to be handle (so an option from this table which points you to something in the examples dir). Assuming you have atlantis > 0.18.2 and you want to use the recommended option, you would go here to see how you would further modify your repos.yaml to run the infracost CLI to generate estimates and push them up to the comment.
i don’t understand the below section of the README
Copy code
Also change references to the Infracost CLI invocation to /tmp/infracost
When you’re copy the steps from the example you need to use 
/tmp/infracost
to invoke the CLI wherever the example calls 
infracost
. So instead of 
infracost comment github …
you would write 
/tmp/infracost comment github …
w
yes i'm running 0.19. will look at the recommended options instructions now
@crooked-daybreak-55253 if i self host, how do i pass the self hosted services url to infracost?
i can't seen an ENV VAR for that
c
you’re self hosting atlantis or infracost or something else?
w
i meant infracost.
c
Yup, so if you look in those docs you’ll see the 
INFRACOST_PRICING_API_ENDPOINT
env which tells the CLI to talk to your self hosted pricing api
w
Copy code
INFRACOST_PRICING_API_ENDPOINT
cool
snap
thanks
so insetad of
Copy code
- env:
          name: INFRACOST_ENABLE_CLOUD
          value: true
i can have
Copy code
- env:
          name: INFRACOST_PRICING_API_ENDPOINT
          value: <http://mycustomendpoint.net>
c
Those are actually independent, INFRACOST_ENABLE_CLOUD sends estimates up to our SaaS product so they appear in the dashboard (for managers or whoever). The INFRACOST_PRICING_API_ENDPOINT tells the CLI where to look up prices when building the estimates.
w
so to clarify, i need both?
c
You need a pricing service (either ours or your self hosted one). You don’t need the cloud dashboard, you’ll still be able to push the estimates to PR comments with it disabled.
w
ahhhh!!!
i see!
got ya
@crooked-daybreak-55253 i'm getting a bit confused with the keys and the secrets. i ran 
infracost configure get api_key
to get an api_key which my self hosted install needs to download the pricing data from the api. however, i don't know how i should pass this to the self hosted install that i'm deploying via the chart. i can see there is a value for 
infracostAPIKey
but it's a string value and i don't really want it in plaintext on github. i can see this value 
api.existingSecretSelfHostedAPIKey
but i'm not sure if that's something else?
as well as the above questions, i have another: i have created a secret with my desired postgresql password. does the key of that password value in the secret need to be set to something specific?
unless i'm being really stupid it seems like the naming of the secrets is very confusing. there doesn't seem to be clear differentations between the cloudpricing api key and the infracosts api key
for example, shouldn't this value: 
api.selfHostedInfracostAPIKey
be called 
api.selfHostedCloudPricingAPIKey
according to the docs here: https://www.infracost.io/docs/cloud_pricing_api/self_hosted/ the cloud pricing API is the bit that can be self hosted. not the infracosts api.
c
hey let me see if I can explain. When you’re not self hosting, you need to give the infracost cli an API key that it passes to the (non-selfhosted) cloud pricing api. That’s the key you get when you run 
infracost auth login
.
When you run a self hosted cloud pricing api, the infracost CLIs need to pass an API key to your self hosted cloud pricing API. For simplicity you define the key for your clients to use in the config, then give it to whoever is running the infracost CLI. It’s really just a basic thing to prevent random people from querying your self hosted cloud pricing API.
So that is one you just make up yourself and treat it like a shared secret between self hosted api and your CLIs.
The self hosted API also needs to download bulk pricing data from the infracost hosted cloud pricing api, and to do that you need an infracost issued (via 
infracost auth login
) API key.
That API key is used to download an initial db dump of all the prices, and I think the docs recommend setting up a weekly job to keep up with any price changes.
w
yeah thanks for the explanation. do you have any idea on my questions around the chart values? i.e which value should I be using if I want to provide the infracost issued API key (
infracost auth login
)to the self hosted API, via a k8s secret and not a string?
does the chart automatically create and manage the key for the cli? which I then need to pass to the Atlantis container?
plus the other question about the postgres password
many thanks for your help so far
c
So 
SELF_HOSTED_INFRACOST_API_KEY
is the api key that CLIs should be using to connect. That can be set by either 
selfHostedInfracostAPIKey
as a string, or if you want to use a secret with 
existingSecretSelfHostedAPIKey
or, per the readme, “If left empty, the helm chat will generate one for you.“. 
infracostAPIKey
is used to download the pricing data, it don’t see a way to provide that as a secret. I’m not 100% certain on the postgres password, @little-author-61621 may have an idea.
l
i have created a secret with my desired postgresql password.
does the key of that password value in the secret need to be set to something specific?
It should be 
postgresql-password
(link to helm chart section)
w
@little-author-61621 @crooked-daybreak-55253 cheers. can you confirm you there is no way for me to provide the 
infracostAPIKey
as a k8s secret?
if not, what perms does that key have, other than being able to download pricing data? i'd rather not have it in plaintext in our github repo.
what about 
existingSecretAPIKey
?
l
you can set the 
existingSecretAPIKey
value
Yeah, if it has a key with 
infracost-api-key
in it, it should work
w
awesome!
3 Views
Open in Slack
PreviousNext
Powered by