Introducing Skynet: Infrastructure as Code for Gojek
Article Summary
Gojek runs 15,000+ VMs across 250+ GCP projects serving millions of customers. How do they manage infrastructure at this scale without chaos?
Gojek's infrastructure team built Skynet, an opinionated Infrastructure as Code platform that lets product teams self-service their cloud resources while maintaining standards. This article walks through their architecture using Terraform, Terragrunt, and Atlantis.
Key Takeaways
- Monorepo structure splits maintainer-managed common infrastructure from team-owned services
- Service account impersonation replaces direct console access for all operations
- Atlantis CI enables change-specific plans and applies directly on merge requests
- 40+ reusable Terraform modules enforce naming conventions while allowing flexibility
- GitLab Code Owners isolate product teams while maintaining central standards
Skynet gives product teams infrastructure ownership and deployment speed while enforcing security through impersonation-first workflows and strict organization policies.
About This Article
Gojek's previous IaC tool Olympus created friction between giving teams freedom and maintaining code standards. Product teams had to wait for multiple unrelated pipelines before they could apply any infrastructure changes.
Skynet combines Terragrunt to reduce code duplication, Atlantis CI to handle plan and apply operations directly on merge requests, and CFT-based modules that work with internal tools like Fortknox and Cerebro. This gives teams seamless secret and IP management without extra steps.
Product teams now own their infrastructure and control deployments through GitLab Code Owners and service account impersonation. Manual pipeline bottlenecks are gone, and organizational policies are enforced consistently across 40+ reusable Terraform modules.