From bb7a04acef9bf6fdb40d73c908fda049027139e5 Mon Sep 17 00:00:00 2001
From: Teko012 <112829523+Teko012@users.noreply.github.com>
Date: Thu, 29 Dec 2022 13:50:24 +0100
Subject: [PATCH 01/10] Fix README.md formatting
---
README.md | 222 +++++++++++++++++++++++++++---------------------------
1 file changed, 111 insertions(+), 111 deletions(-)
diff --git a/README.md b/README.md
index 16783a33..a57f3f64 100644
--- a/README.md
+++ b/README.md
@@ -55,117 +55,117 @@ extraManifests:
## Customization
The following options are supported. See [values.yaml](/charts/atlantis/values.yaml) for more detailed documentation and examples:
-| Parameter | Description | Default |
-|---------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|
-| `dataStorage` | DEPRECATED - Amount of storage available for Atlantis' data directory (mostly used to check out git repositories). | `5Gi` |
-| `volumeClaim.enabled` | Activate embedded volume claim for Atlantis' data directory (mostly used to check out git repositories). | `true` |
-| `volumeClaim.dataStorage` | Amount of storage available for embedded Atlantis' data directory | `5Gi` |
-| `volumeClaim.storageClassName` | Storage class of the embedded volume mounted for the Atlantis data directory. | n/a |
-| `atlantisUrl` | Base URL of atlantis server. This URL also reflects in pull-requests CI hooks where terraform changes are displayed. | n/a |
-| `netrc` | Contents of a file to be mounted to `~/.netrc`. Use to authenticate with private registries hosting terraform modules. | n/a |
-| `netrcSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `netrc` key. Use this instead of `netrc` (optional) | n/a |
-| `aws.config` | Contents of a file to be mounted to `~/.aws/config`. | n/a |
-| `aws.credentials` | Contents of a file to be mounted to `~/.aws/credentials`. | n/a |
-| `awsSecretName` | Secret name containing AWS credentials - will override aws.credentials and aws.config. Will be used a volume mount on `$HOME/.aws`, so it needs a `credentials` key. The key `config` is optional. See the file `templates/secret-aws.yml` for more info on the Secret contents. | n/a |
-| `bitbucket.user` | Name of the Atlantis Bitbucket user. | n/a |
-| `bitbucket.token` | Personal access token for the Atlantis Bitbucket user. | n/a |
-| `bitbucket.secret` | Webhook secret for Bitbucket repositories (Bitbucket Server only). | n/a |
-| `bitbucket.baseURL` | Base URL of Bitbucket Server installation. | n/a |
-| `environment` | Map of environment variables for the container. | `{}` |
-| `environmentSecrets` | Array of Kubernetes secrets that can be used to set environment variables. See `values.yaml` for example. | `{}` |
-| `environmentRaw` | Array environment variables in plain Kubernetes yaml format. See `values.yaml` for example. | `[]` |
-| `loadEnvFromSecrets` | Array of Kubernetes secrets to set all key-value pairs as environment variables. See `values.yaml` for example. | `[]` |
-| `loadEnvFromConfigMaps` | Array of Kubernetes `ConfigMap`s to set all key-value pairs as environment variables. See `values.yaml` for example. | `[]` |
-| `extraVolumes` | List of additional volumes available to the pod. | `[]` |
-| `extraVolumeMounts` | List of additional volumes mounted to the container. | `[]` |
-| `imagePullSecrets` | List of secrets for pulling images from private registries. | `[]` |
-| `gitconfig` | Contents of a file to be mounted to `~/.gitconfig`. Use to allow redirection for Terraform modules in private git repositories. | n/a |
-| `gitconfigSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `gitconfig` key. Use this instead of `gitconfig` (optional) | n/a |
-| `command` | Optionally override the [`command` field](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.14/#container-v1-core) of the Atlantis Docker container. If not set, the default Atlantis `ENTRYPOINT` is used. Must be an array. | n/a |
-| `github.user` | Name of the Atlantis GitHub user. | n/a |
-| `github.token` | Personal access token for the Atlantis GitHub user. | n/a |
-| `github.secret` | Repository or organization-wide webhook secret for the Atlantis GitHub integration. All repositories in GitHub that are to be integrated with Atlantis must share the same value. | n/a |
-| `github.hostname` | Hostname of your GitHub Enterprise installation. | n/a |
-| `githubApp.id` | GitHub app ID. If set, GitHub authentication will be performed as an [installation](https://developer.github.com/v3/apps/installations/). | n/a |
-| `githubApp.key` | A GitHub App PEM encoded private key file. If set, GitHub authentication will be performed as an [installation]((https://developer.github.com/v3/apps/installations/)). | n/a |
-| `githubApp.secret` | Secret used to validate GitHub webhooks (see [Securing your webhooks](https://developer.github.com/webhooks/securing/)). | n/a |
-| `gitlab.user` | Repository or organization-wide secret for the Atlantis GitLab,integration. All repositories in GitLab that are to be integrated with Atlantis must share the same value. | n/a |
-| `gitlab.token` | Personal access token for the Atlantis GitLab user. | n/a |
-| `gitlab.secret` | Webhook secret for the Atlantis GitLab integration. All repositories in GitLab that are to be integrated with Atlantis must share the same value. | n/a |
-| `gitlab.hostname` | Hostname of your GitLab Enterprise installation. | n/a |
-| `azuredevops.user` | Repository or organization-wide secret for the Atlantis Azure DevOps,integration. All repositories in Azure DevOps that are to be integrated with Atlantis must share the same value. | n/a |
-| `azuredevops.token` | Personal access token for the Atlantis Azure DevOps user. | n/a |
-| `azuredevops.webhookUser` | Webhook user for the Atlantis Azure DevOps integration. | n/a |
-| `azuredevops.webhookPassword` | Webhook password for the Atlantis Azure DevOps integration. All repositories in Azure DevOps that are to be integrated with Atlantis must share the same value. | n/a |
-| `vcsSecretName` | Name of a pre-existing Kubernetes `Secret` containing `token` and `secret` keys set to your VCS provider's API token and webhook secret, respectively. Use this instead of `github.token`/`github.secret`, etc. (optional) | n/a |
-| `podTemplate.annotations` | Additional annotations to use for the StatefulSet. | n/a |
-| `podTemplate.annotations` | Additional annotations to use for pods. | `{}` |
-| `podTemplate.labels` | Additional labels to use for pods. | `{}` |
-| `statefulSet.annotations` | Additional annotations to use for StatefulSet. | `{}` |
-| `statefulSet.shareProcessNamespace` | Share the process namespace between all containers in a pod. | `false` |
-| `statefulSet.labels` | Additional labels to use for StatefulSet. | `{}` |
-| `terminationGracePeriodSeconds` | Set terminationGracePeriodSeconds for the StatefulSet. | `{}` |
-| `statefulSet.securityContext` | Allow customizing fsGroup/runAsUser. | `{}` |
-| `statefulSet.priorityClassName` | Leverage a PriorityClass to ensure your pods survive resource shortages. | `{}` |
-| `statefulSet.updateStrategy` | Configure [updateStrategy](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies) of the StatefulSet. | `{}` |
-| `logLevel` | Level to use for logging. Either debug, info, warn, or error. | n/a |
-| `orgAllowlist` | Allowlist of repositories from which Atlantis will accept webhooks. **This value must be set for Atlantis to function correctly.** Accepts wildcard characters (`*`). Multiple values may be comma-separated. | none |
-| `orgWhitelist` | Deprecated (see orgAllowlist) List of repositories from which Atlantis will accept webhooks. Accepts wildcard characters (`*`). Multiple values may be comma-separated. | none |
-| `config` | Override atlantis main configuration by config map. It's allow some additional functionality like slack notifications. | n/a |
-| `repoConfig` | [Server-side Repository Configuration](https://www.runatlantis.io/docs/server-side-repo-config.html) as a raw YAML string. Configuration is stored in ConfigMap. | n/a |
-| `defaultTFVersion` | Default Terraform version to be used by atlantis server | n/a |
-| `allowForkPRs` | Allow atlantis to run on fork Pull Requests | `false` |
-| `allowDraftPRs` | Allow atlantis to run on draft Pull Requests | `false` |
-| `hidePrevPlanComments` | Allow atlantis to hide previous plan comments | `false` |
-| `disableApply` | Disables running `atlantis apply` regardless of what options are specified | `false` |
-| `disableApplyAll` | Disables running `atlantis apply` without any flags | `false` |
-| `disableRepoLocking` | Stops atlantis locking projects and or workspaces when running terraform | `false` |
-| `serviceAccount.create` | Whether to create a Kubernetes ServiceAccount if no account matching `serviceAccount.name` exists. | `true` |
-| `serviceAccount.mount` | Whether to mount the Kubernetes ServiceAccount into the pod | `true` |
-| `serviceAccount.name` | Name of the Kubernetes ServiceAccount under which Atlantis should run. If no value is specified and `serviceAccount.create` is `true`, Atlantis will be run under a ServiceAccount whose name is the FullName of the Helm chart's instance, else Atlantis will be run under the `default` ServiceAccount. | n/a |
-| `serviceAccount.annotations` | Additional Service Account annotations | n/a |
-| `serviceAccountSecrets.credentials` | Deprecated (see googleServiceAccountSecrets) JSON string representing secrets for a Google Cloud Platform production service account. Only applicable if hosting Atlantis on GKE. | n/a |
-| `serviceAccountSecrets.credentials-staging` | Deprecated (see googleServiceAccountSecrets) JSON string representing secrets for a Google Cloud Platform staging service account. Only applicable if hosting Atlantis on GKE. | n/a |
-| `googleServiceAccountSecrets` | An array of Kubernetes secrets containing Google Service Account credentials. See `values.yaml` for examples and additional documentation. | n/a |
-| `service.port` | Port of the `Service`. | `80` |
-| `service.targetPort` | Target Port of the `Service`. | `4141` |
-| `service.loadBalancerSourceRanges` | Array of allowlisted IP addresses for the Atlantis Service. If no value is specified, the Service will allow incoming traffic from all IP addresses (0.0.0.0/0). | n/a |
-| `service.loadBalancerIP` | Expose this service on the given ip if service.type = `LoadBalancerIP` | n/a |
-| `storageClassName` | DEPRECATED - Storage class of the volume mounted for the Atlantis data directory. | n/a |
-| `tlsSecretName` | Name of a Secret for Atlantis' HTTPS certificate containing the following data items `tls.crt` with the public certificate and `tls.key` with the private key. | n/a |
-| `ingress.enabled` | Whether to create a Kubernetes Ingress. | `true` |
-| `ingress.annotations` | Additional annotations to use for the Ingress. | `{}` |
-| `ingress.apiVersion` | Override ingress apiVersion. Useful in scenarios in which helm can't determine the capabilities of the Kubernetes cluster. | n/a |
-| `ingress.labels` | Additional labels to use for the Ingress. | `{}` |
-| `ingress.path` | Path to use in the `Ingress`. Should be set to `/*` if using gce-ingress in Google Cloud. | `/` |
-| `ingress.host` | Domain name Kubernetes Ingress rule looks for. Set it to the domain Atlantis will be hosted on. | | | `/` |
-| `ingress.hosts[0].host` | List of domain names Kubernetes Ingress rule looks for. Set it to the domains in which Atlantis will be hosted on. | `chart-example.local` |
-| `ingress.hosts[0].paths` | List of paths to use in Kubernetes Ingress rules. Should be set to `/*` if using gce-ingress in Google | `[/]` |
-| `ingress.tls` | Kubernetes tls block. See [Kubernetes docs](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) for details. | `[]` |
-| `test.enabled` | Whether to enable the test. | `true` |
-| `extraManifests` | Add additional manifests to deploy | `[]` |
-| `initContainers` | Containers used to initialize context for Atlantis pods | `[]` |
-| `extraContainers` | Additionnal containers to use and depends of use cases. | `[]` |
-| `hostAliases[].hostnames` | Hostnames for host alias entry | n/a |
-| `hostAliases[].ip` | IP for host alias entry | n/a |
-| `basicAuth.username` | Username for basic authentication | n/a |
-| `basicAuth.password` | Password for basic authentication | n/a |
-| `commonLabels` | Add Common Labels to all resources | `{}` |
-| `containerSecurityContext.allowPrivilegeEscalation` | Whether to enable privilege escalation | n/a |
-| `containerSecurityContext.readOnlyRootFilesystem` | Whether the root file system should be read-only | n/a |
-| `customPem` | SecretName of the custom `ca-certificates.cert` to override the `/etc/ssl/certs/ca-certificates.crt` with your custom one (self-signed certificates)
Secret has to be created manually and shal contain `ca-certificates.crt: PEM` | n/a |
-| `api.secret` | API secret to enable API endpoints | n/a |
-| `apiSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `apisecret` key. Use this instead of `api.secret` | n/a |
-| `lockingDbType` | Locking DB type for storing plan and apply locks. Allowed values are `boltdb` and `redis`. | n/a |
-| `redis.host` | Redis hostname for Locking DB of type `redis`. | n/a |
-| `redis.password` | Redis password for Locking DB of type `redis`. | n/a |
-| `redis.port` | Redis port for Locking DB of type `redis`. | n/a |
-| `redis.db` | Redis database number for Locking DB of type `redis`. | n/a |
-| `redis.tlsEnabled` | Whether to enable TLS connection to Redis. | n/a |
-| `redis.insecureSkipVerify` | Whether Redis client should skip verification of Redis server's certificate chain and hostname. Setting to `true` may introduce a security vulnerability. | n/a |
-| `redisSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `password` key. Use this instead of `redis.password`. | n/a |
-| `enableKubernetesBackend` | Deploy rbac to allow for the serviceAccount to manage terraform state via a kubernetes backend | false |
-| `lifecycle` | Configure pod container lifecycle hooks. See [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) for details. | `{}` |
+| Parameter | Description | Default |
+|-----------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|
+| `dataStorage` | DEPRECATED - Amount of storage available for Atlantis' data directory (mostly used to check out git repositories). | `5Gi` |
+| `volumeClaim.enabled` | Activate embedded volume claim for Atlantis' data directory (mostly used to check out git repositories). | `true` |
+| `volumeClaim.dataStorage` | Amount of storage available for embedded Atlantis' data directory | `5Gi` |
+| `volumeClaim.storageClassName` | Storage class of the embedded volume mounted for the Atlantis data directory. | n/a |
+| `atlantisUrl` | Base URL of atlantis server. This URL also reflects in pull-requests CI hooks where terraform changes are displayed. | n/a |
+| `netrc` | Contents of a file to be mounted to `~/.netrc`. Use to authenticate with private registries hosting terraform modules. | n/a |
+| `netrcSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `netrc` key. Use this instead of `netrc` (optional) | n/a |
+| `aws.config` | Contents of a file to be mounted to `~/.aws/config`. | n/a |
+| `aws.credentials` | Contents of a file to be mounted to `~/.aws/credentials`. | n/a |
+| `awsSecretName` | Secret name containing AWS credentials - will override aws.credentials and aws.config. Will be used a volume mount on `$HOME/.aws`, so it needs a `credentials` key. The key `config` is optional. See the file `templates/secret-aws.yml` for more info on the Secret contents. | n/a |
+| `bitbucket.user` | Name of the Atlantis Bitbucket user. | n/a |
+| `bitbucket.token` | Personal access token for the Atlantis Bitbucket user. | n/a |
+| `bitbucket.secret` | Webhook secret for Bitbucket repositories (Bitbucket Server only). | n/a |
+| `bitbucket.baseURL` | Base URL of Bitbucket Server installation. | n/a |
+| `environment` | Map of environment variables for the container. | `{}` |
+| `environmentSecrets` | Array of Kubernetes secrets that can be used to set environment variables. See `values.yaml` for example. | `{}` |
+| `environmentRaw` | Array environment variables in plain Kubernetes yaml format. See `values.yaml` for example. | `[]` |
+| `loadEnvFromSecrets` | Array of Kubernetes secrets to set all key-value pairs as environment variables. See `values.yaml` for example. | `[]` |
+| `loadEnvFromConfigMaps` | Array of Kubernetes `ConfigMap`s to set all key-value pairs as environment variables. See `values.yaml` for example. | `[]` |
+| `extraVolumes` | List of additional volumes available to the pod. | `[]` |
+| `extraVolumeMounts` | List of additional volumes mounted to the container. | `[]` |
+| `imagePullSecrets` | List of secrets for pulling images from private registries. | `[]` |
+| `gitconfig` | Contents of a file to be mounted to `~/.gitconfig`. Use to allow redirection for Terraform modules in private git repositories. | n/a |
+| `gitconfigSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `gitconfig` key. Use this instead of `gitconfig` (optional) | n/a |
+| `command` | Optionally override the [`command` field](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.14/#container-v1-core) of the Atlantis Docker container. If not set, the default Atlantis `ENTRYPOINT` is used. Must be an array. | n/a |
+| `github.user` | Name of the Atlantis GitHub user. | n/a |
+| `github.token` | Personal access token for the Atlantis GitHub user. | n/a |
+| `github.secret` | Repository or organization-wide webhook secret for the Atlantis GitHub integration. All repositories in GitHub that are to be integrated with Atlantis must share the same value. | n/a |
+| `github.hostname` | Hostname of your GitHub Enterprise installation. | n/a |
+| `githubApp.id` | GitHub app ID. If set, GitHub authentication will be performed as an [installation](https://developer.github.com/v3/apps/installations/). | n/a |
+| `githubApp.key` | A GitHub App PEM encoded private key file. If set, GitHub authentication will be performed as an [installation]((https://developer.github.com/v3/apps/installations/)). | n/a |
+| `githubApp.secret` | Secret used to validate GitHub webhooks (see [Securing your webhooks](https://developer.github.com/webhooks/securing/)). | n/a |
+| `gitlab.user` | Repository or organization-wide secret for the Atlantis GitLab,integration. All repositories in GitLab that are to be integrated with Atlantis must share the same value. | n/a |
+| `gitlab.token` | Personal access token for the Atlantis GitLab user. | n/a |
+| `gitlab.secret` | Webhook secret for the Atlantis GitLab integration. All repositories in GitLab that are to be integrated with Atlantis must share the same value. | n/a |
+| `gitlab.hostname` | Hostname of your GitLab Enterprise installation. | n/a |
+| `azuredevops.user` | Repository or organization-wide secret for the Atlantis Azure DevOps,integration. All repositories in Azure DevOps that are to be integrated with Atlantis must share the same value. | n/a |
+| `azuredevops.token` | Personal access token for the Atlantis Azure DevOps user. | n/a |
+| `azuredevops.webhookUser` | Webhook user for the Atlantis Azure DevOps integration. | n/a |
+| `azuredevops.webhookPassword` | Webhook password for the Atlantis Azure DevOps integration. All repositories in Azure DevOps that are to be integrated with Atlantis must share the same value. | n/a |
+| `vcsSecretName` | Name of a pre-existing Kubernetes `Secret` containing `token` and `secret` keys set to your VCS provider's API token and webhook secret, respectively. Use this instead of `github.token`/`github.secret`, etc. (optional) | n/a |
+| `podTemplate.annotations` | Additional annotations to use for the StatefulSet. | n/a |
+| `podTemplate.annotations` | Additional annotations to use for pods. | `{}` |
+| `podTemplate.labels` | Additional labels to use for pods. | `{}` |
+| `statefulSet.annotations` | Additional annotations to use for StatefulSet. | `{}` |
+| `statefulSet.shareProcessNamespace` | Share the process namespace between all containers in a pod. | `false` |
+| `statefulSet.labels` | Additional labels to use for StatefulSet. | `{}` |
+| `terminationGracePeriodSeconds` | Set terminationGracePeriodSeconds for the StatefulSet. | `{}` |
+| `statefulSet.securityContext` | Allow customizing fsGroup/runAsUser. | `{}` |
+| `statefulSet.priorityClassName` | Leverage a PriorityClass to ensure your pods survive resource shortages. | `{}` |
+| `statefulSet.updateStrategy` | Configure [updateStrategy](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies) of the StatefulSet. | `{}` |
+| `logLevel` | Level to use for logging. Either debug, info, warn, or error. | n/a |
+| `orgAllowlist` | Allowlist of repositories from which Atlantis will accept webhooks. **This value must be set for Atlantis to function correctly.** Accepts wildcard characters (`*`). Multiple values may be comma-separated. | none |
+| `orgWhitelist` | Deprecated (see orgAllowlist) List of repositories from which Atlantis will accept webhooks. Accepts wildcard characters (`*`). Multiple values may be comma-separated. | none |
+| `config` | Override atlantis main configuration by config map. It's allow some additional functionality like slack notifications. | n/a |
+| `repoConfig` | [Server-side Repository Configuration](https://www.runatlantis.io/docs/server-side-repo-config.html) as a raw YAML string. Configuration is stored in ConfigMap. | n/a |
+| `defaultTFVersion` | Default Terraform version to be used by atlantis server | n/a |
+| `allowForkPRs` | Allow atlantis to run on fork Pull Requests | `false` |
+| `allowDraftPRs` | Allow atlantis to run on draft Pull Requests | `false` |
+| `hidePrevPlanComments` | Allow atlantis to hide previous plan comments | `false` |
+| `disableApply` | Disables running `atlantis apply` regardless of what options are specified | `false` |
+| `disableApplyAll` | Disables running `atlantis apply` without any flags | `false` |
+| `disableRepoLocking` | Stops atlantis locking projects and or workspaces when running terraform | `false` |
+| `serviceAccount.create` | Whether to create a Kubernetes ServiceAccount if no account matching `serviceAccount.name` exists. | `true` |
+| `serviceAccount.mount` | Whether to mount the Kubernetes ServiceAccount into the pod | `true` |
+| `serviceAccount.name` | Name of the Kubernetes ServiceAccount under which Atlantis should run. If no value is specified and `serviceAccount.create` is `true`, Atlantis will be run under a ServiceAccount whose name is the FullName of the Helm chart's instance, else Atlantis will be run under the `default` ServiceAccount. | n/a |
+| `serviceAccount.annotations` | Additional Service Account annotations | n/a |
+| `serviceAccountSecrets.credentials` | Deprecated (see googleServiceAccountSecrets) JSON string representing secrets for a Google Cloud Platform production service account. Only applicable if hosting Atlantis on GKE. | n/a |
+| `serviceAccountSecrets.credentials-staging` | Deprecated (see googleServiceAccountSecrets) JSON string representing secrets for a Google Cloud Platform staging service account. Only applicable if hosting Atlantis on GKE. | n/a |
+| `googleServiceAccountSecrets` | An array of Kubernetes secrets containing Google Service Account credentials. See `values.yaml` for examples and additional documentation. | n/a |
+| `service.port` | Port of the `Service`. | `80` |
+| `service.targetPort` | Target Port of the `Service`. | `4141` |
+| `service.loadBalancerSourceRanges` | Array of allowlisted IP addresses for the Atlantis Service. If no value is specified, the Service will allow incoming traffic from all IP addresses (0.0.0.0/0). | n/a |
+| `service.loadBalancerIP` | Expose this service on the given ip if service.type = `LoadBalancerIP` | n/a |
+| `storageClassName` | DEPRECATED - Storage class of the volume mounted for the Atlantis data directory. | n/a |
+| `tlsSecretName` | Name of a Secret for Atlantis' HTTPS certificate containing the following data items `tls.crt` with the public certificate and `tls.key` with the private key. | n/a |
+| `ingress.enabled` | Whether to create a Kubernetes Ingress. | `true` |
+| `ingress.annotations` | Additional annotations to use for the Ingress. | `{}` |
+| `ingress.apiVersion` | Override ingress apiVersion. Useful in scenarios in which helm can't determine the capabilities of the Kubernetes cluster. | n/a |
+| `ingress.labels` | Additional labels to use for the Ingress. | `{}` |
+| `ingress.path` | Path to use in the `Ingress`. Should be set to `/*` if using gce-ingress in Google Cloud. | `/` |
+| `ingress.host` | Domain name Kubernetes Ingress rule looks for. Set it to the domain Atlantis will be hosted on. | | | `/` |
+| `ingress.hosts[0].host` | List of domain names Kubernetes Ingress rule looks for. Set it to the domains in which Atlantis will be hosted on. | `chart-example.local` |
+| `ingress.hosts[0].paths` | List of paths to use in Kubernetes Ingress rules. Should be set to `/*` if using gce-ingress in Google | `[/]` |
+| `ingress.tls` | Kubernetes tls block. See [Kubernetes docs](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) for details. | `[]` |
+| `test.enabled` | Whether to enable the test. | `true` |
+| `extraManifests` | Add additional manifests to deploy | `[]` |
+| `initContainers` | Containers used to initialize context for Atlantis pods | `[]` |
+| `extraContainers` | Additionnal containers to use and depends of use cases. | `[]` |
+| `hostAliases[].hostnames` | Hostnames for host alias entry | n/a |
+| `hostAliases[].ip` | IP for host alias entry | n/a |
+| `basicAuth.username` | Username for basic authentication | n/a |
+| `basicAuth.password` | Password for basic authentication | n/a |
+| `commonLabels` | Add Common Labels to all resources | `{}` |
+| `containerSecurityContext.allowPrivilegeEscalation` | Whether to enable privilege escalation | n/a |
+| `containerSecurityContext.readOnlyRootFilesystem` | Whether the root file system should be read-only | n/a |
+| `customPem` | SecretName of the custom `ca-certificates.cert` to override the `/etc/ssl/certs/ca-certificates.crt` with your custom one (self-signed certificates)
Secret has to be created manually and shal contain `ca-certificates.crt: PEM` | n/a |
+| `api.secret` | API secret to enable API endpoints | n/a |
+| `apiSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `apisecret` key. Use this instead of `api.secret` | n/a |
+| `lockingDbType` | Locking DB type for storing plan and apply locks. Allowed values are `boltdb` and `redis`. | n/a |
+| `redis.host` | Redis hostname for Locking DB of type `redis`. | n/a |
+| `redis.password` | Redis password for Locking DB of type `redis`. | n/a |
+| `redis.port` | Redis port for Locking DB of type `redis`. | n/a |
+| `redis.db` | Redis database number for Locking DB of type `redis`. | n/a |
+| `redis.tlsEnabled` | Whether to enable TLS connection to Redis. | n/a |
+| `redis.insecureSkipVerify` | Whether Redis client should skip verification of Redis server's certificate chain and hostname. Setting to `true` may introduce a security vulnerability. | n/a |
+| `redisSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `password` key. Use this instead of `redis.password`. | n/a |
+| `enableKubernetesBackend` | Deploy rbac to allow for the serviceAccount to manage terraform state via a kubernetes backend | false |
+| `lifecycle` | Configure pod container lifecycle hooks. See [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) for details. | `{}` |
**NOTE**: All the [Server Configurations](https://www.runatlantis.io/docs/server-configuration.html) are passed as [Environment Variables](https://www.runatlantis.io/docs/server-configuration.html#environment-variables).
From 6a4baa7e8082dbc94bbb0c77e94b1efb1eacbdd2 Mon Sep 17 00:00:00 2001
From: Teko012 <112829523+Teko012@users.noreply.github.com>
Date: Thu, 29 Dec 2022 13:57:47 +0100
Subject: [PATCH 02/10] Add githubApp.slug value support
---
README.md | 223 +++++++++++----------
charts/atlantis/templates/statefulset.yaml | 4 +
charts/atlantis/values.yaml | 1 +
3 files changed, 117 insertions(+), 111 deletions(-)
diff --git a/README.md b/README.md
index a57f3f64..64b5bbb2 100644
--- a/README.md
+++ b/README.md
@@ -55,117 +55,118 @@ extraManifests:
## Customization
The following options are supported. See [values.yaml](/charts/atlantis/values.yaml) for more detailed documentation and examples:
-| Parameter | Description | Default |
-|-----------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|
-| `dataStorage` | DEPRECATED - Amount of storage available for Atlantis' data directory (mostly used to check out git repositories). | `5Gi` |
-| `volumeClaim.enabled` | Activate embedded volume claim for Atlantis' data directory (mostly used to check out git repositories). | `true` |
-| `volumeClaim.dataStorage` | Amount of storage available for embedded Atlantis' data directory | `5Gi` |
-| `volumeClaim.storageClassName` | Storage class of the embedded volume mounted for the Atlantis data directory. | n/a |
-| `atlantisUrl` | Base URL of atlantis server. This URL also reflects in pull-requests CI hooks where terraform changes are displayed. | n/a |
-| `netrc` | Contents of a file to be mounted to `~/.netrc`. Use to authenticate with private registries hosting terraform modules. | n/a |
-| `netrcSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `netrc` key. Use this instead of `netrc` (optional) | n/a |
-| `aws.config` | Contents of a file to be mounted to `~/.aws/config`. | n/a |
-| `aws.credentials` | Contents of a file to be mounted to `~/.aws/credentials`. | n/a |
-| `awsSecretName` | Secret name containing AWS credentials - will override aws.credentials and aws.config. Will be used a volume mount on `$HOME/.aws`, so it needs a `credentials` key. The key `config` is optional. See the file `templates/secret-aws.yml` for more info on the Secret contents. | n/a |
-| `bitbucket.user` | Name of the Atlantis Bitbucket user. | n/a |
-| `bitbucket.token` | Personal access token for the Atlantis Bitbucket user. | n/a |
-| `bitbucket.secret` | Webhook secret for Bitbucket repositories (Bitbucket Server only). | n/a |
-| `bitbucket.baseURL` | Base URL of Bitbucket Server installation. | n/a |
-| `environment` | Map of environment variables for the container. | `{}` |
-| `environmentSecrets` | Array of Kubernetes secrets that can be used to set environment variables. See `values.yaml` for example. | `{}` |
-| `environmentRaw` | Array environment variables in plain Kubernetes yaml format. See `values.yaml` for example. | `[]` |
-| `loadEnvFromSecrets` | Array of Kubernetes secrets to set all key-value pairs as environment variables. See `values.yaml` for example. | `[]` |
-| `loadEnvFromConfigMaps` | Array of Kubernetes `ConfigMap`s to set all key-value pairs as environment variables. See `values.yaml` for example. | `[]` |
-| `extraVolumes` | List of additional volumes available to the pod. | `[]` |
-| `extraVolumeMounts` | List of additional volumes mounted to the container. | `[]` |
-| `imagePullSecrets` | List of secrets for pulling images from private registries. | `[]` |
-| `gitconfig` | Contents of a file to be mounted to `~/.gitconfig`. Use to allow redirection for Terraform modules in private git repositories. | n/a |
-| `gitconfigSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `gitconfig` key. Use this instead of `gitconfig` (optional) | n/a |
-| `command` | Optionally override the [`command` field](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.14/#container-v1-core) of the Atlantis Docker container. If not set, the default Atlantis `ENTRYPOINT` is used. Must be an array. | n/a |
-| `github.user` | Name of the Atlantis GitHub user. | n/a |
-| `github.token` | Personal access token for the Atlantis GitHub user. | n/a |
-| `github.secret` | Repository or organization-wide webhook secret for the Atlantis GitHub integration. All repositories in GitHub that are to be integrated with Atlantis must share the same value. | n/a |
-| `github.hostname` | Hostname of your GitHub Enterprise installation. | n/a |
-| `githubApp.id` | GitHub app ID. If set, GitHub authentication will be performed as an [installation](https://developer.github.com/v3/apps/installations/). | n/a |
-| `githubApp.key` | A GitHub App PEM encoded private key file. If set, GitHub authentication will be performed as an [installation]((https://developer.github.com/v3/apps/installations/)). | n/a |
-| `githubApp.secret` | Secret used to validate GitHub webhooks (see [Securing your webhooks](https://developer.github.com/webhooks/securing/)). | n/a |
-| `gitlab.user` | Repository or organization-wide secret for the Atlantis GitLab,integration. All repositories in GitLab that are to be integrated with Atlantis must share the same value. | n/a |
-| `gitlab.token` | Personal access token for the Atlantis GitLab user. | n/a |
-| `gitlab.secret` | Webhook secret for the Atlantis GitLab integration. All repositories in GitLab that are to be integrated with Atlantis must share the same value. | n/a |
-| `gitlab.hostname` | Hostname of your GitLab Enterprise installation. | n/a |
-| `azuredevops.user` | Repository or organization-wide secret for the Atlantis Azure DevOps,integration. All repositories in Azure DevOps that are to be integrated with Atlantis must share the same value. | n/a |
-| `azuredevops.token` | Personal access token for the Atlantis Azure DevOps user. | n/a |
-| `azuredevops.webhookUser` | Webhook user for the Atlantis Azure DevOps integration. | n/a |
-| `azuredevops.webhookPassword` | Webhook password for the Atlantis Azure DevOps integration. All repositories in Azure DevOps that are to be integrated with Atlantis must share the same value. | n/a |
-| `vcsSecretName` | Name of a pre-existing Kubernetes `Secret` containing `token` and `secret` keys set to your VCS provider's API token and webhook secret, respectively. Use this instead of `github.token`/`github.secret`, etc. (optional) | n/a |
-| `podTemplate.annotations` | Additional annotations to use for the StatefulSet. | n/a |
-| `podTemplate.annotations` | Additional annotations to use for pods. | `{}` |
-| `podTemplate.labels` | Additional labels to use for pods. | `{}` |
-| `statefulSet.annotations` | Additional annotations to use for StatefulSet. | `{}` |
-| `statefulSet.shareProcessNamespace` | Share the process namespace between all containers in a pod. | `false` |
-| `statefulSet.labels` | Additional labels to use for StatefulSet. | `{}` |
-| `terminationGracePeriodSeconds` | Set terminationGracePeriodSeconds for the StatefulSet. | `{}` |
-| `statefulSet.securityContext` | Allow customizing fsGroup/runAsUser. | `{}` |
-| `statefulSet.priorityClassName` | Leverage a PriorityClass to ensure your pods survive resource shortages. | `{}` |
-| `statefulSet.updateStrategy` | Configure [updateStrategy](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies) of the StatefulSet. | `{}` |
-| `logLevel` | Level to use for logging. Either debug, info, warn, or error. | n/a |
-| `orgAllowlist` | Allowlist of repositories from which Atlantis will accept webhooks. **This value must be set for Atlantis to function correctly.** Accepts wildcard characters (`*`). Multiple values may be comma-separated. | none |
-| `orgWhitelist` | Deprecated (see orgAllowlist) List of repositories from which Atlantis will accept webhooks. Accepts wildcard characters (`*`). Multiple values may be comma-separated. | none |
-| `config` | Override atlantis main configuration by config map. It's allow some additional functionality like slack notifications. | n/a |
-| `repoConfig` | [Server-side Repository Configuration](https://www.runatlantis.io/docs/server-side-repo-config.html) as a raw YAML string. Configuration is stored in ConfigMap. | n/a |
-| `defaultTFVersion` | Default Terraform version to be used by atlantis server | n/a |
-| `allowForkPRs` | Allow atlantis to run on fork Pull Requests | `false` |
-| `allowDraftPRs` | Allow atlantis to run on draft Pull Requests | `false` |
-| `hidePrevPlanComments` | Allow atlantis to hide previous plan comments | `false` |
-| `disableApply` | Disables running `atlantis apply` regardless of what options are specified | `false` |
-| `disableApplyAll` | Disables running `atlantis apply` without any flags | `false` |
-| `disableRepoLocking` | Stops atlantis locking projects and or workspaces when running terraform | `false` |
-| `serviceAccount.create` | Whether to create a Kubernetes ServiceAccount if no account matching `serviceAccount.name` exists. | `true` |
-| `serviceAccount.mount` | Whether to mount the Kubernetes ServiceAccount into the pod | `true` |
-| `serviceAccount.name` | Name of the Kubernetes ServiceAccount under which Atlantis should run. If no value is specified and `serviceAccount.create` is `true`, Atlantis will be run under a ServiceAccount whose name is the FullName of the Helm chart's instance, else Atlantis will be run under the `default` ServiceAccount. | n/a |
-| `serviceAccount.annotations` | Additional Service Account annotations | n/a |
-| `serviceAccountSecrets.credentials` | Deprecated (see googleServiceAccountSecrets) JSON string representing secrets for a Google Cloud Platform production service account. Only applicable if hosting Atlantis on GKE. | n/a |
-| `serviceAccountSecrets.credentials-staging` | Deprecated (see googleServiceAccountSecrets) JSON string representing secrets for a Google Cloud Platform staging service account. Only applicable if hosting Atlantis on GKE. | n/a |
-| `googleServiceAccountSecrets` | An array of Kubernetes secrets containing Google Service Account credentials. See `values.yaml` for examples and additional documentation. | n/a |
-| `service.port` | Port of the `Service`. | `80` |
-| `service.targetPort` | Target Port of the `Service`. | `4141` |
-| `service.loadBalancerSourceRanges` | Array of allowlisted IP addresses for the Atlantis Service. If no value is specified, the Service will allow incoming traffic from all IP addresses (0.0.0.0/0). | n/a |
-| `service.loadBalancerIP` | Expose this service on the given ip if service.type = `LoadBalancerIP` | n/a |
-| `storageClassName` | DEPRECATED - Storage class of the volume mounted for the Atlantis data directory. | n/a |
-| `tlsSecretName` | Name of a Secret for Atlantis' HTTPS certificate containing the following data items `tls.crt` with the public certificate and `tls.key` with the private key. | n/a |
-| `ingress.enabled` | Whether to create a Kubernetes Ingress. | `true` |
-| `ingress.annotations` | Additional annotations to use for the Ingress. | `{}` |
-| `ingress.apiVersion` | Override ingress apiVersion. Useful in scenarios in which helm can't determine the capabilities of the Kubernetes cluster. | n/a |
-| `ingress.labels` | Additional labels to use for the Ingress. | `{}` |
-| `ingress.path` | Path to use in the `Ingress`. Should be set to `/*` if using gce-ingress in Google Cloud. | `/` |
-| `ingress.host` | Domain name Kubernetes Ingress rule looks for. Set it to the domain Atlantis will be hosted on. | | | `/` |
-| `ingress.hosts[0].host` | List of domain names Kubernetes Ingress rule looks for. Set it to the domains in which Atlantis will be hosted on. | `chart-example.local` |
-| `ingress.hosts[0].paths` | List of paths to use in Kubernetes Ingress rules. Should be set to `/*` if using gce-ingress in Google | `[/]` |
-| `ingress.tls` | Kubernetes tls block. See [Kubernetes docs](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) for details. | `[]` |
-| `test.enabled` | Whether to enable the test. | `true` |
-| `extraManifests` | Add additional manifests to deploy | `[]` |
-| `initContainers` | Containers used to initialize context for Atlantis pods | `[]` |
-| `extraContainers` | Additionnal containers to use and depends of use cases. | `[]` |
-| `hostAliases[].hostnames` | Hostnames for host alias entry | n/a |
-| `hostAliases[].ip` | IP for host alias entry | n/a |
-| `basicAuth.username` | Username for basic authentication | n/a |
-| `basicAuth.password` | Password for basic authentication | n/a |
-| `commonLabels` | Add Common Labels to all resources | `{}` |
-| `containerSecurityContext.allowPrivilegeEscalation` | Whether to enable privilege escalation | n/a |
-| `containerSecurityContext.readOnlyRootFilesystem` | Whether the root file system should be read-only | n/a |
-| `customPem` | SecretName of the custom `ca-certificates.cert` to override the `/etc/ssl/certs/ca-certificates.crt` with your custom one (self-signed certificates)
Secret has to be created manually and shal contain `ca-certificates.crt: PEM` | n/a |
-| `api.secret` | API secret to enable API endpoints | n/a |
-| `apiSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `apisecret` key. Use this instead of `api.secret` | n/a |
-| `lockingDbType` | Locking DB type for storing plan and apply locks. Allowed values are `boltdb` and `redis`. | n/a |
-| `redis.host` | Redis hostname for Locking DB of type `redis`. | n/a |
-| `redis.password` | Redis password for Locking DB of type `redis`. | n/a |
-| `redis.port` | Redis port for Locking DB of type `redis`. | n/a |
-| `redis.db` | Redis database number for Locking DB of type `redis`. | n/a |
-| `redis.tlsEnabled` | Whether to enable TLS connection to Redis. | n/a |
-| `redis.insecureSkipVerify` | Whether Redis client should skip verification of Redis server's certificate chain and hostname. Setting to `true` may introduce a security vulnerability. | n/a |
-| `redisSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `password` key. Use this instead of `redis.password`. | n/a |
-| `enableKubernetesBackend` | Deploy rbac to allow for the serviceAccount to manage terraform state via a kubernetes backend | false |
-| `lifecycle` | Configure pod container lifecycle hooks. See [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) for details. | `{}` |
+| Parameter | Description | Default |
+|-----------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|
+| `dataStorage` | DEPRECATED - Amount of storage available for Atlantis' data directory (mostly used to check out git repositories). | `5Gi` |
+| `volumeClaim.enabled` | Activate embedded volume claim for Atlantis' data directory (mostly used to check out git repositories). | `true` |
+| `volumeClaim.dataStorage` | Amount of storage available for embedded Atlantis' data directory | `5Gi` |
+| `volumeClaim.storageClassName` | Storage class of the embedded volume mounted for the Atlantis data directory. | n/a |
+| `atlantisUrl` | Base URL of atlantis server. This URL also reflects in pull-requests CI hooks where terraform changes are displayed. | n/a |
+| `netrc` | Contents of a file to be mounted to `~/.netrc`. Use to authenticate with private registries hosting terraform modules. | n/a |
+| `netrcSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `netrc` key. Use this instead of `netrc` (optional) | n/a |
+| `aws.config` | Contents of a file to be mounted to `~/.aws/config`. | n/a |
+| `aws.credentials` | Contents of a file to be mounted to `~/.aws/credentials`. | n/a |
+| `awsSecretName` | Secret name containing AWS credentials - will override aws.credentials and aws.config. Will be used a volume mount on `$HOME/.aws`, so it needs a `credentials` key. The key `config` is optional. See the file `templates/secret-aws.yml` for more info on the Secret contents. | n/a |
+| `bitbucket.user` | Name of the Atlantis Bitbucket user. | n/a |
+| `bitbucket.token` | Personal access token for the Atlantis Bitbucket user. | n/a |
+| `bitbucket.secret` | Webhook secret for Bitbucket repositories (Bitbucket Server only). | n/a |
+| `bitbucket.baseURL` | Base URL of Bitbucket Server installation. | n/a |
+| `environment` | Map of environment variables for the container. | `{}` |
+| `environmentSecrets` | Array of Kubernetes secrets that can be used to set environment variables. See `values.yaml` for example. | `{}` |
+| `environmentRaw` | Array environment variables in plain Kubernetes yaml format. See `values.yaml` for example. | `[]` |
+| `loadEnvFromSecrets` | Array of Kubernetes secrets to set all key-value pairs as environment variables. See `values.yaml` for example. | `[]` |
+| `loadEnvFromConfigMaps` | Array of Kubernetes `ConfigMap`s to set all key-value pairs as environment variables. See `values.yaml` for example. | `[]` |
+| `extraVolumes` | List of additional volumes available to the pod. | `[]` |
+| `extraVolumeMounts` | List of additional volumes mounted to the container. | `[]` |
+| `imagePullSecrets` | List of secrets for pulling images from private registries. | `[]` |
+| `gitconfig` | Contents of a file to be mounted to `~/.gitconfig`. Use to allow redirection for Terraform modules in private git repositories. | n/a |
+| `gitconfigSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `gitconfig` key. Use this instead of `gitconfig` (optional) | n/a |
+| `command` | Optionally override the [`command` field](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.14/#container-v1-core) of the Atlantis Docker container. If not set, the default Atlantis `ENTRYPOINT` is used. Must be an array. | n/a |
+| `github.user` | Name of the Atlantis GitHub user. | n/a |
+| `github.token` | Personal access token for the Atlantis GitHub user. | n/a |
+| `github.secret` | Repository or organization-wide webhook secret for the Atlantis GitHub integration. All repositories in GitHub that are to be integrated with Atlantis must share the same value. | n/a |
+| `github.hostname` | Hostname of your GitHub Enterprise installation. | n/a |
+| `githubApp.id` | GitHub app ID. If set, GitHub authentication will be performed as an [installation](https://developer.github.com/v3/apps/installations/). | n/a |
+| `githubApp.slug` | A slugged version of GitHub app name shown in pull requests comments, etc (not Atlantis App but something like atlantis-app). Atlantis uses the value of this parameter to identify the comments it has left on GitHub pull requests. This is used for functions such as `hidePrevPlanComments`. | n/a |
+| `githubApp.key` | A GitHub App PEM encoded private key file. If set, GitHub authentication will be performed as an [installation]((https://developer.github.com/v3/apps/installations/)). | n/a |
+| `githubApp.secret` | Secret used to validate GitHub webhooks (see [Securing your webhooks](https://developer.github.com/webhooks/securing/)). | n/a |
+| `gitlab.user` | Repository or organization-wide secret for the Atlantis GitLab,integration. All repositories in GitLab that are to be integrated with Atlantis must share the same value. | n/a |
+| `gitlab.token` | Personal access token for the Atlantis GitLab user. | n/a |
+| `gitlab.secret` | Webhook secret for the Atlantis GitLab integration. All repositories in GitLab that are to be integrated with Atlantis must share the same value. | n/a |
+| `gitlab.hostname` | Hostname of your GitLab Enterprise installation. | n/a |
+| `azuredevops.user` | Repository or organization-wide secret for the Atlantis Azure DevOps,integration. All repositories in Azure DevOps that are to be integrated with Atlantis must share the same value. | n/a |
+| `azuredevops.token` | Personal access token for the Atlantis Azure DevOps user. | n/a |
+| `azuredevops.webhookUser` | Webhook user for the Atlantis Azure DevOps integration. | n/a |
+| `azuredevops.webhookPassword` | Webhook password for the Atlantis Azure DevOps integration. All repositories in Azure DevOps that are to be integrated with Atlantis must share the same value. | n/a |
+| `vcsSecretName` | Name of a pre-existing Kubernetes `Secret` containing `token` and `secret` keys set to your VCS provider's API token and webhook secret, respectively. Use this instead of `github.token`/`github.secret`, etc. (optional) | n/a |
+| `podTemplate.annotations` | Additional annotations to use for the StatefulSet. | n/a |
+| `podTemplate.annotations` | Additional annotations to use for pods. | `{}` |
+| `podTemplate.labels` | Additional labels to use for pods. | `{}` |
+| `statefulSet.annotations` | Additional annotations to use for StatefulSet. | `{}` |
+| `statefulSet.shareProcessNamespace` | Share the process namespace between all containers in a pod. | `false` |
+| `statefulSet.labels` | Additional labels to use for StatefulSet. | `{}` |
+| `terminationGracePeriodSeconds` | Set terminationGracePeriodSeconds for the StatefulSet. | `{}` |
+| `statefulSet.securityContext` | Allow customizing fsGroup/runAsUser. | `{}` |
+| `statefulSet.priorityClassName` | Leverage a PriorityClass to ensure your pods survive resource shortages. | `{}` |
+| `statefulSet.updateStrategy` | Configure [updateStrategy](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies) of the StatefulSet. | `{}` |
+| `logLevel` | Level to use for logging. Either debug, info, warn, or error. | n/a |
+| `orgAllowlist` | Allowlist of repositories from which Atlantis will accept webhooks. **This value must be set for Atlantis to function correctly.** Accepts wildcard characters (`*`). Multiple values may be comma-separated. | none |
+| `orgWhitelist` | Deprecated (see orgAllowlist) List of repositories from which Atlantis will accept webhooks. Accepts wildcard characters (`*`). Multiple values may be comma-separated. | none |
+| `config` | Override atlantis main configuration by config map. It's allow some additional functionality like slack notifications. | n/a |
+| `repoConfig` | [Server-side Repository Configuration](https://www.runatlantis.io/docs/server-side-repo-config.html) as a raw YAML string. Configuration is stored in ConfigMap. | n/a |
+| `defaultTFVersion` | Default Terraform version to be used by atlantis server | n/a |
+| `allowForkPRs` | Allow atlantis to run on fork Pull Requests | `false` |
+| `allowDraftPRs` | Allow atlantis to run on draft Pull Requests | `false` |
+| `hidePrevPlanComments` | Allow atlantis to hide previous plan comments | `false` |
+| `disableApply` | Disables running `atlantis apply` regardless of what options are specified | `false` |
+| `disableApplyAll` | Disables running `atlantis apply` without any flags | `false` |
+| `disableRepoLocking` | Stops atlantis locking projects and or workspaces when running terraform | `false` |
+| `serviceAccount.create` | Whether to create a Kubernetes ServiceAccount if no account matching `serviceAccount.name` exists. | `true` |
+| `serviceAccount.mount` | Whether to mount the Kubernetes ServiceAccount into the pod | `true` |
+| `serviceAccount.name` | Name of the Kubernetes ServiceAccount under which Atlantis should run. If no value is specified and `serviceAccount.create` is `true`, Atlantis will be run under a ServiceAccount whose name is the FullName of the Helm chart's instance, else Atlantis will be run under the `default` ServiceAccount. | n/a |
+| `serviceAccount.annotations` | Additional Service Account annotations | n/a |
+| `serviceAccountSecrets.credentials` | Deprecated (see googleServiceAccountSecrets) JSON string representing secrets for a Google Cloud Platform production service account. Only applicable if hosting Atlantis on GKE. | n/a |
+| `serviceAccountSecrets.credentials-staging` | Deprecated (see googleServiceAccountSecrets) JSON string representing secrets for a Google Cloud Platform staging service account. Only applicable if hosting Atlantis on GKE. | n/a |
+| `googleServiceAccountSecrets` | An array of Kubernetes secrets containing Google Service Account credentials. See `values.yaml` for examples and additional documentation. | n/a |
+| `service.port` | Port of the `Service`. | `80` |
+| `service.targetPort` | Target Port of the `Service`. | `4141` |
+| `service.loadBalancerSourceRanges` | Array of allowlisted IP addresses for the Atlantis Service. If no value is specified, the Service will allow incoming traffic from all IP addresses (0.0.0.0/0). | n/a |
+| `service.loadBalancerIP` | Expose this service on the given ip if service.type = `LoadBalancerIP` | n/a |
+| `storageClassName` | DEPRECATED - Storage class of the volume mounted for the Atlantis data directory. | n/a |
+| `tlsSecretName` | Name of a Secret for Atlantis' HTTPS certificate containing the following data items `tls.crt` with the public certificate and `tls.key` with the private key. | n/a |
+| `ingress.enabled` | Whether to create a Kubernetes Ingress. | `true` |
+| `ingress.annotations` | Additional annotations to use for the Ingress. | `{}` |
+| `ingress.apiVersion` | Override ingress apiVersion. Useful in scenarios in which helm can't determine the capabilities of the Kubernetes cluster. | n/a |
+| `ingress.labels` | Additional labels to use for the Ingress. | `{}` |
+| `ingress.path` | Path to use in the `Ingress`. Should be set to `/*` if using gce-ingress in Google Cloud. | `/` |
+| `ingress.host` | Domain name Kubernetes Ingress rule looks for. Set it to the domain Atlantis will be hosted on. | | | `/` |
+| `ingress.hosts[0].host` | List of domain names Kubernetes Ingress rule looks for. Set it to the domains in which Atlantis will be hosted on. | `chart-example.local` |
+| `ingress.hosts[0].paths` | List of paths to use in Kubernetes Ingress rules. Should be set to `/*` if using gce-ingress in Google | `[/]` |
+| `ingress.tls` | Kubernetes tls block. See [Kubernetes docs](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) for details. | `[]` |
+| `test.enabled` | Whether to enable the test. | `true` |
+| `extraManifests` | Add additional manifests to deploy | `[]` |
+| `initContainers` | Containers used to initialize context for Atlantis pods | `[]` |
+| `extraContainers` | Additionnal containers to use and depends of use cases. | `[]` |
+| `hostAliases[].hostnames` | Hostnames for host alias entry | n/a |
+| `hostAliases[].ip` | IP for host alias entry | n/a |
+| `basicAuth.username` | Username for basic authentication | n/a |
+| `basicAuth.password` | Password for basic authentication | n/a |
+| `commonLabels` | Add Common Labels to all resources | `{}` |
+| `containerSecurityContext.allowPrivilegeEscalation` | Whether to enable privilege escalation | n/a |
+| `containerSecurityContext.readOnlyRootFilesystem` | Whether the root file system should be read-only | n/a |
+| `customPem` | SecretName of the custom `ca-certificates.cert` to override the `/etc/ssl/certs/ca-certificates.crt` with your custom one (self-signed certificates)
Secret has to be created manually and shal contain `ca-certificates.crt: PEM` | n/a |
+| `api.secret` | API secret to enable API endpoints | n/a |
+| `apiSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `apisecret` key. Use this instead of `api.secret` | n/a |
+| `lockingDbType` | Locking DB type for storing plan and apply locks. Allowed values are `boltdb` and `redis`. | n/a |
+| `redis.host` | Redis hostname for Locking DB of type `redis`. | n/a |
+| `redis.password` | Redis password for Locking DB of type `redis`. | n/a |
+| `redis.port` | Redis port for Locking DB of type `redis`. | n/a |
+| `redis.db` | Redis database number for Locking DB of type `redis`. | n/a |
+| `redis.tlsEnabled` | Whether to enable TLS connection to Redis. | n/a |
+| `redis.insecureSkipVerify` | Whether Redis client should skip verification of Redis server's certificate chain and hostname. Setting to `true` may introduce a security vulnerability. | n/a |
+| `redisSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `password` key. Use this instead of `redis.password`. | n/a |
+| `enableKubernetesBackend` | Deploy rbac to allow for the serviceAccount to manage terraform state via a kubernetes backend | false |
+| `lifecycle` | Configure pod container lifecycle hooks. See [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) for details. | `{}` |
**NOTE**: All the [Server Configurations](https://www.runatlantis.io/docs/server-configuration.html) are passed as [Environment Variables](https://www.runatlantis.io/docs/server-configuration.html#environment-variables).
diff --git a/charts/atlantis/templates/statefulset.yaml b/charts/atlantis/templates/statefulset.yaml
index f9338fe6..e978254e 100644
--- a/charts/atlantis/templates/statefulset.yaml
+++ b/charts/atlantis/templates/statefulset.yaml
@@ -275,6 +275,10 @@ spec:
- name: ATLANTIS_GH_APP_ID
value: {{ .Values.githubApp.id | quote}}
{{- end }}
+ {{- if .Values.githubApp.slug }}
+ - name: ATLANTIS_GH_APP_SLUG
+ value: {{ .Values.githubApp.slug | quote}}
+ {{- end }}
- name: ATLANTIS_WRITE_GIT_CREDS
value: "true"
{{- if or .Values.githubApp.secret .Values.vcsSecretName}}
diff --git a/charts/atlantis/values.yaml b/charts/atlantis/values.yaml
index aa100a57..8737303c 100644
--- a/charts/atlantis/values.yaml
+++ b/charts/atlantis/values.yaml
@@ -22,6 +22,7 @@ orgAllowlist:
# If using a GitHub App, please enter your values as follows:
# githubApp:
# id: 123456
+# slug: foo
# key: |
# -----BEGIN PRIVATE KEY-----
# ...
From 531b466e2389991ac69ab0f80c47f15f6a31fa8d Mon Sep 17 00:00:00 2001
From: Teko012 <112829523+Teko012@users.noreply.github.com>
Date: Thu, 29 Dec 2022 14:00:54 +0100
Subject: [PATCH 03/10] Order customization in README.md
---
README.md | 166 +++++++++++++++++++++++++++---------------------------
1 file changed, 83 insertions(+), 83 deletions(-)
diff --git a/README.md b/README.md
index 64b5bbb2..e6b2c4b5 100644
--- a/README.md
+++ b/README.md
@@ -57,116 +57,116 @@ The following options are supported. See [values.yaml](/charts/atlantis/values.
| Parameter | Description | Default |
|-----------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|
-| `dataStorage` | DEPRECATED - Amount of storage available for Atlantis' data directory (mostly used to check out git repositories). | `5Gi` |
-| `volumeClaim.enabled` | Activate embedded volume claim for Atlantis' data directory (mostly used to check out git repositories). | `true` |
-| `volumeClaim.dataStorage` | Amount of storage available for embedded Atlantis' data directory | `5Gi` |
-| `volumeClaim.storageClassName` | Storage class of the embedded volume mounted for the Atlantis data directory. | n/a |
+| `allowDraftPRs` | Allow atlantis to run on draft Pull Requests | `false` |
+| `allowForkPRs` | Allow atlantis to run on fork Pull Requests | `false` |
+| `api.secret` | API secret to enable API endpoints | n/a |
+| `apiSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `apisecret` key. Use this instead of `api.secret` | n/a |
| `atlantisUrl` | Base URL of atlantis server. This URL also reflects in pull-requests CI hooks where terraform changes are displayed. | n/a |
-| `netrc` | Contents of a file to be mounted to `~/.netrc`. Use to authenticate with private registries hosting terraform modules. | n/a |
-| `netrcSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `netrc` key. Use this instead of `netrc` (optional) | n/a |
| `aws.config` | Contents of a file to be mounted to `~/.aws/config`. | n/a |
| `aws.credentials` | Contents of a file to be mounted to `~/.aws/credentials`. | n/a |
| `awsSecretName` | Secret name containing AWS credentials - will override aws.credentials and aws.config. Will be used a volume mount on `$HOME/.aws`, so it needs a `credentials` key. The key `config` is optional. See the file `templates/secret-aws.yml` for more info on the Secret contents. | n/a |
-| `bitbucket.user` | Name of the Atlantis Bitbucket user. | n/a |
-| `bitbucket.token` | Personal access token for the Atlantis Bitbucket user. | n/a |
-| `bitbucket.secret` | Webhook secret for Bitbucket repositories (Bitbucket Server only). | n/a |
+| `azuredevops.token` | Personal access token for the Atlantis Azure DevOps user. | n/a |
+| `azuredevops.user` | Repository or organization-wide secret for the Atlantis Azure DevOps,integration. All repositories in Azure DevOps that are to be integrated with Atlantis must share the same value. | n/a |
+| `azuredevops.webhookPassword` | Webhook password for the Atlantis Azure DevOps integration. All repositories in Azure DevOps that are to be integrated with Atlantis must share the same value. | n/a |
+| `azuredevops.webhookUser` | Webhook user for the Atlantis Azure DevOps integration. | n/a |
+| `basicAuth.password` | Password for basic authentication | n/a |
+| `basicAuth.username` | Username for basic authentication | n/a |
| `bitbucket.baseURL` | Base URL of Bitbucket Server installation. | n/a |
-| `environment` | Map of environment variables for the container. | `{}` |
-| `environmentSecrets` | Array of Kubernetes secrets that can be used to set environment variables. See `values.yaml` for example. | `{}` |
+| `bitbucket.secret` | Webhook secret for Bitbucket repositories (Bitbucket Server only). | n/a |
+| `bitbucket.token` | Personal access token for the Atlantis Bitbucket user. | n/a |
+| `bitbucket.user` | Name of the Atlantis Bitbucket user. | n/a |
+| `command` | Optionally override the [`command` field](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.14/#container-v1-core) of the Atlantis Docker container. If not set, the default Atlantis `ENTRYPOINT` is used. Must be an array. | n/a |
+| `commonLabels` | Add Common Labels to all resources | `{}` |
+| `config` | Override atlantis main configuration by config map. It's allow some additional functionality like slack notifications. | n/a |
+| `containerSecurityContext.allowPrivilegeEscalation` | Whether to enable privilege escalation | n/a |
+| `containerSecurityContext.readOnlyRootFilesystem` | Whether the root file system should be read-only | n/a |
+| `customPem` | SecretName of the custom `ca-certificates.cert` to override the `/etc/ssl/certs/ca-certificates.crt` with your custom one (self-signed certificates)
Secret has to be created manually and shal contain `ca-certificates.crt: PEM` | n/a |
+| `dataStorage` | DEPRECATED - Amount of storage available for Atlantis' data directory (mostly used to check out git repositories). | `5Gi` |
+| `defaultTFVersion` | Default Terraform version to be used by atlantis server | n/a |
+| `disableApplyAll` | Disables running `atlantis apply` without any flags | `false` |
+| `disableApply` | Disables running `atlantis apply` regardless of what options are specified | `false` |
+| `disableRepoLocking` | Stops atlantis locking projects and or workspaces when running terraform | `false` |
+| `enableKubernetesBackend` | Deploy rbac to allow for the serviceAccount to manage terraform state via a kubernetes backend | false |
| `environmentRaw` | Array environment variables in plain Kubernetes yaml format. See `values.yaml` for example. | `[]` |
-| `loadEnvFromSecrets` | Array of Kubernetes secrets to set all key-value pairs as environment variables. See `values.yaml` for example. | `[]` |
-| `loadEnvFromConfigMaps` | Array of Kubernetes `ConfigMap`s to set all key-value pairs as environment variables. See `values.yaml` for example. | `[]` |
-| `extraVolumes` | List of additional volumes available to the pod. | `[]` |
+| `environmentSecrets` | Array of Kubernetes secrets that can be used to set environment variables. See `values.yaml` for example. | `{}` |
+| `environment` | Map of environment variables for the container. | `{}` |
+| `extraContainers` | Additionnal containers to use and depends of use cases. | `[]` |
+| `extraManifests` | Add additional manifests to deploy | `[]` |
| `extraVolumeMounts` | List of additional volumes mounted to the container. | `[]` |
-| `imagePullSecrets` | List of secrets for pulling images from private registries. | `[]` |
-| `gitconfig` | Contents of a file to be mounted to `~/.gitconfig`. Use to allow redirection for Terraform modules in private git repositories. | n/a |
+| `extraVolumes` | List of additional volumes available to the pod. | `[]` |
| `gitconfigSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `gitconfig` key. Use this instead of `gitconfig` (optional) | n/a |
-| `command` | Optionally override the [`command` field](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.14/#container-v1-core) of the Atlantis Docker container. If not set, the default Atlantis `ENTRYPOINT` is used. Must be an array. | n/a |
-| `github.user` | Name of the Atlantis GitHub user. | n/a |
-| `github.token` | Personal access token for the Atlantis GitHub user. | n/a |
-| `github.secret` | Repository or organization-wide webhook secret for the Atlantis GitHub integration. All repositories in GitHub that are to be integrated with Atlantis must share the same value. | n/a |
+| `gitconfig` | Contents of a file to be mounted to `~/.gitconfig`. Use to allow redirection for Terraform modules in private git repositories. | n/a |
| `github.hostname` | Hostname of your GitHub Enterprise installation. | n/a |
+| `github.secret` | Repository or organization-wide webhook secret for the Atlantis GitHub integration. All repositories in GitHub that are to be integrated with Atlantis must share the same value. | n/a |
+| `github.token` | Personal access token for the Atlantis GitHub user. | n/a |
+| `github.user` | Name of the Atlantis GitHub user. | n/a |
| `githubApp.id` | GitHub app ID. If set, GitHub authentication will be performed as an [installation](https://developer.github.com/v3/apps/installations/). | n/a |
-| `githubApp.slug` | A slugged version of GitHub app name shown in pull requests comments, etc (not Atlantis App but something like atlantis-app). Atlantis uses the value of this parameter to identify the comments it has left on GitHub pull requests. This is used for functions such as `hidePrevPlanComments`. | n/a |
| `githubApp.key` | A GitHub App PEM encoded private key file. If set, GitHub authentication will be performed as an [installation]((https://developer.github.com/v3/apps/installations/)). | n/a |
| `githubApp.secret` | Secret used to validate GitHub webhooks (see [Securing your webhooks](https://developer.github.com/webhooks/securing/)). | n/a |
-| `gitlab.user` | Repository or organization-wide secret for the Atlantis GitLab,integration. All repositories in GitLab that are to be integrated with Atlantis must share the same value. | n/a |
-| `gitlab.token` | Personal access token for the Atlantis GitLab user. | n/a |
-| `gitlab.secret` | Webhook secret for the Atlantis GitLab integration. All repositories in GitLab that are to be integrated with Atlantis must share the same value. | n/a |
+| `githubApp.slug` | A slugged version of GitHub app name shown in pull requests comments, etc (not Atlantis App but something like atlantis-app). Atlantis uses the value of this parameter to identify the comments it has left on GitHub pull requests. This is used for functions such as `hidePrevPlanComments`. | n/a |
| `gitlab.hostname` | Hostname of your GitLab Enterprise installation. | n/a |
-| `azuredevops.user` | Repository or organization-wide secret for the Atlantis Azure DevOps,integration. All repositories in Azure DevOps that are to be integrated with Atlantis must share the same value. | n/a |
-| `azuredevops.token` | Personal access token for the Atlantis Azure DevOps user. | n/a |
-| `azuredevops.webhookUser` | Webhook user for the Atlantis Azure DevOps integration. | n/a |
-| `azuredevops.webhookPassword` | Webhook password for the Atlantis Azure DevOps integration. All repositories in Azure DevOps that are to be integrated with Atlantis must share the same value. | n/a |
-| `vcsSecretName` | Name of a pre-existing Kubernetes `Secret` containing `token` and `secret` keys set to your VCS provider's API token and webhook secret, respectively. Use this instead of `github.token`/`github.secret`, etc. (optional) | n/a |
-| `podTemplate.annotations` | Additional annotations to use for the StatefulSet. | n/a |
-| `podTemplate.annotations` | Additional annotations to use for pods. | `{}` |
-| `podTemplate.labels` | Additional labels to use for pods. | `{}` |
-| `statefulSet.annotations` | Additional annotations to use for StatefulSet. | `{}` |
-| `statefulSet.shareProcessNamespace` | Share the process namespace between all containers in a pod. | `false` |
-| `statefulSet.labels` | Additional labels to use for StatefulSet. | `{}` |
-| `terminationGracePeriodSeconds` | Set terminationGracePeriodSeconds for the StatefulSet. | `{}` |
-| `statefulSet.securityContext` | Allow customizing fsGroup/runAsUser. | `{}` |
-| `statefulSet.priorityClassName` | Leverage a PriorityClass to ensure your pods survive resource shortages. | `{}` |
-| `statefulSet.updateStrategy` | Configure [updateStrategy](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies) of the StatefulSet. | `{}` |
-| `logLevel` | Level to use for logging. Either debug, info, warn, or error. | n/a |
-| `orgAllowlist` | Allowlist of repositories from which Atlantis will accept webhooks. **This value must be set for Atlantis to function correctly.** Accepts wildcard characters (`*`). Multiple values may be comma-separated. | none |
-| `orgWhitelist` | Deprecated (see orgAllowlist) List of repositories from which Atlantis will accept webhooks. Accepts wildcard characters (`*`). Multiple values may be comma-separated. | none |
-| `config` | Override atlantis main configuration by config map. It's allow some additional functionality like slack notifications. | n/a |
-| `repoConfig` | [Server-side Repository Configuration](https://www.runatlantis.io/docs/server-side-repo-config.html) as a raw YAML string. Configuration is stored in ConfigMap. | n/a |
-| `defaultTFVersion` | Default Terraform version to be used by atlantis server | n/a |
-| `allowForkPRs` | Allow atlantis to run on fork Pull Requests | `false` |
-| `allowDraftPRs` | Allow atlantis to run on draft Pull Requests | `false` |
-| `hidePrevPlanComments` | Allow atlantis to hide previous plan comments | `false` |
-| `disableApply` | Disables running `atlantis apply` regardless of what options are specified | `false` |
-| `disableApplyAll` | Disables running `atlantis apply` without any flags | `false` |
-| `disableRepoLocking` | Stops atlantis locking projects and or workspaces when running terraform | `false` |
-| `serviceAccount.create` | Whether to create a Kubernetes ServiceAccount if no account matching `serviceAccount.name` exists. | `true` |
-| `serviceAccount.mount` | Whether to mount the Kubernetes ServiceAccount into the pod | `true` |
-| `serviceAccount.name` | Name of the Kubernetes ServiceAccount under which Atlantis should run. If no value is specified and `serviceAccount.create` is `true`, Atlantis will be run under a ServiceAccount whose name is the FullName of the Helm chart's instance, else Atlantis will be run under the `default` ServiceAccount. | n/a |
-| `serviceAccount.annotations` | Additional Service Account annotations | n/a |
-| `serviceAccountSecrets.credentials` | Deprecated (see googleServiceAccountSecrets) JSON string representing secrets for a Google Cloud Platform production service account. Only applicable if hosting Atlantis on GKE. | n/a |
-| `serviceAccountSecrets.credentials-staging` | Deprecated (see googleServiceAccountSecrets) JSON string representing secrets for a Google Cloud Platform staging service account. Only applicable if hosting Atlantis on GKE. | n/a |
+| `gitlab.secret` | Webhook secret for the Atlantis GitLab integration. All repositories in GitLab that are to be integrated with Atlantis must share the same value. | n/a |
+| `gitlab.token` | Personal access token for the Atlantis GitLab user. | n/a |
+| `gitlab.user` | Repository or organization-wide secret for the Atlantis GitLab,integration. All repositories in GitLab that are to be integrated with Atlantis must share the same value. | n/a |
| `googleServiceAccountSecrets` | An array of Kubernetes secrets containing Google Service Account credentials. See `values.yaml` for examples and additional documentation. | n/a |
-| `service.port` | Port of the `Service`. | `80` |
-| `service.targetPort` | Target Port of the `Service`. | `4141` |
-| `service.loadBalancerSourceRanges` | Array of allowlisted IP addresses for the Atlantis Service. If no value is specified, the Service will allow incoming traffic from all IP addresses (0.0.0.0/0). | n/a |
-| `service.loadBalancerIP` | Expose this service on the given ip if service.type = `LoadBalancerIP` | n/a |
-| `storageClassName` | DEPRECATED - Storage class of the volume mounted for the Atlantis data directory. | n/a |
-| `tlsSecretName` | Name of a Secret for Atlantis' HTTPS certificate containing the following data items `tls.crt` with the public certificate and `tls.key` with the private key. | n/a |
-| `ingress.enabled` | Whether to create a Kubernetes Ingress. | `true` |
+| `hidePrevPlanComments` | Allow atlantis to hide previous plan comments | `false` |
+| `hostAliases[].hostnames` | Hostnames for host alias entry | n/a |
+| `hostAliases[].ip` | IP for host alias entry | n/a |
+| `imagePullSecrets` | List of secrets for pulling images from private registries. | `[]` |
| `ingress.annotations` | Additional annotations to use for the Ingress. | `{}` |
| `ingress.apiVersion` | Override ingress apiVersion. Useful in scenarios in which helm can't determine the capabilities of the Kubernetes cluster. | n/a |
-| `ingress.labels` | Additional labels to use for the Ingress. | `{}` |
-| `ingress.path` | Path to use in the `Ingress`. Should be set to `/*` if using gce-ingress in Google Cloud. | `/` |
+| `ingress.enabled` | Whether to create a Kubernetes Ingress. | `true` |
| `ingress.host` | Domain name Kubernetes Ingress rule looks for. Set it to the domain Atlantis will be hosted on. | | | `/` |
| `ingress.hosts[0].host` | List of domain names Kubernetes Ingress rule looks for. Set it to the domains in which Atlantis will be hosted on. | `chart-example.local` |
| `ingress.hosts[0].paths` | List of paths to use in Kubernetes Ingress rules. Should be set to `/*` if using gce-ingress in Google | `[/]` |
+| `ingress.labels` | Additional labels to use for the Ingress. | `{}` |
+| `ingress.path` | Path to use in the `Ingress`. Should be set to `/*` if using gce-ingress in Google Cloud. | `/` |
| `ingress.tls` | Kubernetes tls block. See [Kubernetes docs](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) for details. | `[]` |
-| `test.enabled` | Whether to enable the test. | `true` |
-| `extraManifests` | Add additional manifests to deploy | `[]` |
| `initContainers` | Containers used to initialize context for Atlantis pods | `[]` |
-| `extraContainers` | Additionnal containers to use and depends of use cases. | `[]` |
-| `hostAliases[].hostnames` | Hostnames for host alias entry | n/a |
-| `hostAliases[].ip` | IP for host alias entry | n/a |
-| `basicAuth.username` | Username for basic authentication | n/a |
-| `basicAuth.password` | Password for basic authentication | n/a |
-| `commonLabels` | Add Common Labels to all resources | `{}` |
-| `containerSecurityContext.allowPrivilegeEscalation` | Whether to enable privilege escalation | n/a |
-| `containerSecurityContext.readOnlyRootFilesystem` | Whether the root file system should be read-only | n/a |
-| `customPem` | SecretName of the custom `ca-certificates.cert` to override the `/etc/ssl/certs/ca-certificates.crt` with your custom one (self-signed certificates)
Secret has to be created manually and shal contain `ca-certificates.crt: PEM` | n/a |
-| `api.secret` | API secret to enable API endpoints | n/a |
-| `apiSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `apisecret` key. Use this instead of `api.secret` | n/a |
+| `lifecycle` | Configure pod container lifecycle hooks. See [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) for details. | `{}` |
+| `loadEnvFromConfigMaps` | Array of Kubernetes `ConfigMap`s to set all key-value pairs as environment variables. See `values.yaml` for example. | `[]` |
+| `loadEnvFromSecrets` | Array of Kubernetes secrets to set all key-value pairs as environment variables. See `values.yaml` for example. | `[]` |
| `lockingDbType` | Locking DB type for storing plan and apply locks. Allowed values are `boltdb` and `redis`. | n/a |
+| `logLevel` | Level to use for logging. Either debug, info, warn, or error. | n/a |
+| `netrcSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `netrc` key. Use this instead of `netrc` (optional) | n/a |
+| `netrc` | Contents of a file to be mounted to `~/.netrc`. Use to authenticate with private registries hosting terraform modules. | n/a |
+| `orgAllowlist` | Allowlist of repositories from which Atlantis will accept webhooks. **This value must be set for Atlantis to function correctly.** Accepts wildcard characters (`*`). Multiple values may be comma-separated. | none |
+| `orgWhitelist` | Deprecated (see orgAllowlist) List of repositories from which Atlantis will accept webhooks. Accepts wildcard characters (`*`). Multiple values may be comma-separated. | none |
+| `podTemplate.annotations` | Additional annotations to use for pods. | `{}` |
+| `podTemplate.annotations` | Additional annotations to use for the StatefulSet. | n/a |
+| `podTemplate.labels` | Additional labels to use for pods. | `{}` |
+| `redis.db` | Redis database number for Locking DB of type `redis`. | n/a |
| `redis.host` | Redis hostname for Locking DB of type `redis`. | n/a |
+| `redis.insecureSkipVerify` | Whether Redis client should skip verification of Redis server's certificate chain and hostname. Setting to `true` may introduce a security vulnerability. | n/a |
| `redis.password` | Redis password for Locking DB of type `redis`. | n/a |
| `redis.port` | Redis port for Locking DB of type `redis`. | n/a |
-| `redis.db` | Redis database number for Locking DB of type `redis`. | n/a |
| `redis.tlsEnabled` | Whether to enable TLS connection to Redis. | n/a |
-| `redis.insecureSkipVerify` | Whether Redis client should skip verification of Redis server's certificate chain and hostname. Setting to `true` may introduce a security vulnerability. | n/a |
| `redisSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `password` key. Use this instead of `redis.password`. | n/a |
-| `enableKubernetesBackend` | Deploy rbac to allow for the serviceAccount to manage terraform state via a kubernetes backend | false |
-| `lifecycle` | Configure pod container lifecycle hooks. See [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) for details. | `{}` |
+| `repoConfig` | [Server-side Repository Configuration](https://www.runatlantis.io/docs/server-side-repo-config.html) as a raw YAML string. Configuration is stored in ConfigMap. | n/a |
+| `service.loadBalancerIP` | Expose this service on the given ip if service.type = `LoadBalancerIP` | n/a |
+| `service.loadBalancerSourceRanges` | Array of allowlisted IP addresses for the Atlantis Service. If no value is specified, the Service will allow incoming traffic from all IP addresses (0.0.0.0/0). | n/a |
+| `service.port` | Port of the `Service`. | `80` |
+| `service.targetPort` | Target Port of the `Service`. | `4141` |
+| `serviceAccount.annotations` | Additional Service Account annotations | n/a |
+| `serviceAccount.create` | Whether to create a Kubernetes ServiceAccount if no account matching `serviceAccount.name` exists. | `true` |
+| `serviceAccount.mount` | Whether to mount the Kubernetes ServiceAccount into the pod | `true` |
+| `serviceAccount.name` | Name of the Kubernetes ServiceAccount under which Atlantis should run. If no value is specified and `serviceAccount.create` is `true`, Atlantis will be run under a ServiceAccount whose name is the FullName of the Helm chart's instance, else Atlantis will be run under the `default` ServiceAccount. | n/a |
+| `serviceAccountSecrets.credentials-staging` | Deprecated (see googleServiceAccountSecrets) JSON string representing secrets for a Google Cloud Platform staging service account. Only applicable if hosting Atlantis on GKE. | n/a |
+| `serviceAccountSecrets.credentials` | Deprecated (see googleServiceAccountSecrets) JSON string representing secrets for a Google Cloud Platform production service account. Only applicable if hosting Atlantis on GKE. | n/a |
+| `statefulSet.annotations` | Additional annotations to use for StatefulSet. | `{}` |
+| `statefulSet.labels` | Additional labels to use for StatefulSet. | `{}` |
+| `statefulSet.priorityClassName` | Leverage a PriorityClass to ensure your pods survive resource shortages. | `{}` |
+| `statefulSet.securityContext` | Allow customizing fsGroup/runAsUser. | `{}` |
+| `statefulSet.shareProcessNamespace` | Share the process namespace between all containers in a pod. | `false` |
+| `statefulSet.updateStrategy` | Configure [updateStrategy](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies) of the StatefulSet. | `{}` |
+| `storageClassName` | DEPRECATED - Storage class of the volume mounted for the Atlantis data directory. | n/a |
+| `terminationGracePeriodSeconds` | Set terminationGracePeriodSeconds for the StatefulSet. | `{}` |
+| `test.enabled` | Whether to enable the test. | `true` |
+| `tlsSecretName` | Name of a Secret for Atlantis' HTTPS certificate containing the following data items `tls.crt` with the public certificate and `tls.key` with the private key. | n/a |
+| `vcsSecretName` | Name of a pre-existing Kubernetes `Secret` containing `token` and `secret` keys set to your VCS provider's API token and webhook secret, respectively. Use this instead of `github.token`/`github.secret`, etc. (optional) | n/a |
+| `volumeClaim.dataStorage` | Amount of storage available for embedded Atlantis' data directory | `5Gi` |
+| `volumeClaim.enabled` | Activate embedded volume claim for Atlantis' data directory (mostly used to check out git repositories). | `true` |
+| `volumeClaim.storageClassName` | Storage class of the embedded volume mounted for the Atlantis data directory. | n/a |
**NOTE**: All the [Server Configurations](https://www.runatlantis.io/docs/server-configuration.html) are passed as [Environment Variables](https://www.runatlantis.io/docs/server-configuration.html#environment-variables).
From 0a145707260c0a944b4059d3dbaf97b827f7c950 Mon Sep 17 00:00:00 2001
From: Teko012 <112829523+Teko012@users.noreply.github.com>
Date: Thu, 29 Dec 2022 14:10:44 +0100
Subject: [PATCH 04/10] Additional README fixes
---
README.md | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/README.md b/README.md
index e6b2c4b5..6a171d68 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@
- [Testing the Deployment](#testing-the-deployment)
## Introduction
-This chart creates a single pod in a StatefulSet running Atlantis. Atlantis persists Terraform [plan files](https://www.terraform.io/docs/commands/plan.html) and [lockfiles](https://www.terraform.io/docs/state/locking.html) to disk for the duration of a Pull/Merge Request. These files are stored in a PersistentVolumeClaim to survive Pod failures.
+This chart creates a single pod in a StatefulSet running Atlantis. Atlantis persists Terraform [plan files](https://www.terraform.io/docs/commands/plan.html) and [lockfiles](https://www.terraform.io/docs/state/locking.html) to disk for the duration of a Pull/Merge Request. These files are stored in a PersistentVolumeClaim to survive Pod failures.
## Prerequisites
- Kubernetes 1.9+
@@ -35,7 +35,7 @@ In order for Atlantis to start and run successfully:
Refer to [values.yaml](/charts/atlantis/values.yaml) for detailed examples.
They can also be provided directly through a Kubernetes `Secret`, use the variable `vcsSecretName` to reference it.
-1. Supply a value for `orgAllowlist`, e.g. `github.com/myorg/*`.
+2. Supply a value for `orgAllowlist`, e.g. `github.com/myorg/*`.
## Additional manifests
@@ -53,7 +53,7 @@ extraManifests:
```
## Customization
-The following options are supported. See [values.yaml](/charts/atlantis/values.yaml) for more detailed documentation and examples:
+The following options are supported. See [values.yaml](/charts/atlantis/values.yaml) for more detailed documentation and examples:
| Parameter | Description | Default |
|-----------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|
@@ -90,7 +90,7 @@ The following options are supported. See [values.yaml](/charts/atlantis/values.
| `environmentRaw` | Array environment variables in plain Kubernetes yaml format. See `values.yaml` for example. | `[]` |
| `environmentSecrets` | Array of Kubernetes secrets that can be used to set environment variables. See `values.yaml` for example. | `{}` |
| `environment` | Map of environment variables for the container. | `{}` |
-| `extraContainers` | Additionnal containers to use and depends of use cases. | `[]` |
+| `extraContainers` | Additional containers to use and depends of use cases. | `[]` |
| `extraManifests` | Add additional manifests to deploy | `[]` |
| `extraVolumeMounts` | List of additional volumes mounted to the container. | `[]` |
| `extraVolumes` | List of additional volumes available to the pod. | `[]` |
@@ -133,7 +133,6 @@ The following options are supported. See [values.yaml](/charts/atlantis/values.
| `orgAllowlist` | Allowlist of repositories from which Atlantis will accept webhooks. **This value must be set for Atlantis to function correctly.** Accepts wildcard characters (`*`). Multiple values may be comma-separated. | none |
| `orgWhitelist` | Deprecated (see orgAllowlist) List of repositories from which Atlantis will accept webhooks. Accepts wildcard characters (`*`). Multiple values may be comma-separated. | none |
| `podTemplate.annotations` | Additional annotations to use for pods. | `{}` |
-| `podTemplate.annotations` | Additional annotations to use for the StatefulSet. | n/a |
| `podTemplate.labels` | Additional labels to use for pods. | `{}` |
| `redis.db` | Redis database number for Locking DB of type `redis`. | n/a |
| `redis.host` | Redis hostname for Locking DB of type `redis`. | n/a |
@@ -143,6 +142,7 @@ The following options are supported. See [values.yaml](/charts/atlantis/values.
| `redis.tlsEnabled` | Whether to enable TLS connection to Redis. | n/a |
| `redisSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `password` key. Use this instead of `redis.password`. | n/a |
| `repoConfig` | [Server-side Repository Configuration](https://www.runatlantis.io/docs/server-side-repo-config.html) as a raw YAML string. Configuration is stored in ConfigMap. | n/a |
+| `service.annotations` | Additional annotations to use for the service. | n/a |
| `service.loadBalancerIP` | Expose this service on the given ip if service.type = `LoadBalancerIP` | n/a |
| `service.loadBalancerSourceRanges` | Array of allowlisted IP addresses for the Atlantis Service. If no value is specified, the Service will allow incoming traffic from all IP addresses (0.0.0.0/0). | n/a |
| `service.port` | Port of the `Service`. | `80` |
@@ -228,14 +228,14 @@ repoConfig: |
## Testing the Deployment
To perform a smoke test of the deployment (i.e. ensure that the Atlantis UI is up and running):
-1. Install the chart. Supply your own values file or use `test-values.yaml`, which has a minimal set of values required in order for Atlantis to start.
+1. Install the chart. Supply your own values file or use `test-values.yaml`, which has a minimal set of values required in order for Atlantis to start.
```bash
helm repo add runatlantis https://runatlantis.github.io/helm-charts
helm install -f test-values.yaml my-atlantis runatlantis/atlantis --debug
```
-1. Run the tests:
+2. Run the tests:
```bash
helm test my-atlantis
```
From a942cb1d47d8f9edcb719b6a88cd08e43f1e3d61 Mon Sep 17 00:00:00 2001
From: Teko012 <112829523+Teko012@users.noreply.github.com>
Date: Thu, 29 Dec 2022 14:12:49 +0100
Subject: [PATCH 05/10] Bump version
---
charts/atlantis/Chart.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/charts/atlantis/Chart.yaml b/charts/atlantis/Chart.yaml
index a0230d69..c3be1990 100644
--- a/charts/atlantis/Chart.yaml
+++ b/charts/atlantis/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
appVersion: v0.21.0
description: A Helm chart for Atlantis https://www.runatlantis.io
name: atlantis
-version: 4.8.1
+version: 4.9.1
keywords:
- terraform
home: https://www.runatlantis.io
From ab10a597bd6ecf1ccf4b8efba9e6c7633feac5f0 Mon Sep 17 00:00:00 2001
From: Teko012 <112829523+Teko012@users.noreply.github.com>
Date: Thu, 29 Dec 2022 14:19:02 +0100
Subject: [PATCH 06/10] Upstream rebase
---
README.md | 225 +++++++++++----------
charts/atlantis/templates/secret-aws.yaml | 4 +-
charts/atlantis/templates/statefulset.yaml | 12 +-
charts/atlantis/values.yaml | 5 +-
4 files changed, 127 insertions(+), 119 deletions(-)
diff --git a/README.md b/README.md
index 6a171d68..7e6ed4fe 100644
--- a/README.md
+++ b/README.md
@@ -55,118 +55,119 @@ extraManifests:
## Customization
The following options are supported. See [values.yaml](/charts/atlantis/values.yaml) for more detailed documentation and examples:
-| Parameter | Description | Default |
-|-----------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|
-| `allowDraftPRs` | Allow atlantis to run on draft Pull Requests | `false` |
-| `allowForkPRs` | Allow atlantis to run on fork Pull Requests | `false` |
-| `api.secret` | API secret to enable API endpoints | n/a |
-| `apiSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `apisecret` key. Use this instead of `api.secret` | n/a |
-| `atlantisUrl` | Base URL of atlantis server. This URL also reflects in pull-requests CI hooks where terraform changes are displayed. | n/a |
-| `aws.config` | Contents of a file to be mounted to `~/.aws/config`. | n/a |
-| `aws.credentials` | Contents of a file to be mounted to `~/.aws/credentials`. | n/a |
-| `awsSecretName` | Secret name containing AWS credentials - will override aws.credentials and aws.config. Will be used a volume mount on `$HOME/.aws`, so it needs a `credentials` key. The key `config` is optional. See the file `templates/secret-aws.yml` for more info on the Secret contents. | n/a |
-| `azuredevops.token` | Personal access token for the Atlantis Azure DevOps user. | n/a |
-| `azuredevops.user` | Repository or organization-wide secret for the Atlantis Azure DevOps,integration. All repositories in Azure DevOps that are to be integrated with Atlantis must share the same value. | n/a |
-| `azuredevops.webhookPassword` | Webhook password for the Atlantis Azure DevOps integration. All repositories in Azure DevOps that are to be integrated with Atlantis must share the same value. | n/a |
-| `azuredevops.webhookUser` | Webhook user for the Atlantis Azure DevOps integration. | n/a |
-| `basicAuth.password` | Password for basic authentication | n/a |
-| `basicAuth.username` | Username for basic authentication | n/a |
-| `bitbucket.baseURL` | Base URL of Bitbucket Server installation. | n/a |
-| `bitbucket.secret` | Webhook secret for Bitbucket repositories (Bitbucket Server only). | n/a |
-| `bitbucket.token` | Personal access token for the Atlantis Bitbucket user. | n/a |
-| `bitbucket.user` | Name of the Atlantis Bitbucket user. | n/a |
-| `command` | Optionally override the [`command` field](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.14/#container-v1-core) of the Atlantis Docker container. If not set, the default Atlantis `ENTRYPOINT` is used. Must be an array. | n/a |
-| `commonLabels` | Add Common Labels to all resources | `{}` |
-| `config` | Override atlantis main configuration by config map. It's allow some additional functionality like slack notifications. | n/a |
-| `containerSecurityContext.allowPrivilegeEscalation` | Whether to enable privilege escalation | n/a |
-| `containerSecurityContext.readOnlyRootFilesystem` | Whether the root file system should be read-only | n/a |
-| `customPem` | SecretName of the custom `ca-certificates.cert` to override the `/etc/ssl/certs/ca-certificates.crt` with your custom one (self-signed certificates)
Secret has to be created manually and shal contain `ca-certificates.crt: PEM` | n/a |
-| `dataStorage` | DEPRECATED - Amount of storage available for Atlantis' data directory (mostly used to check out git repositories). | `5Gi` |
-| `defaultTFVersion` | Default Terraform version to be used by atlantis server | n/a |
-| `disableApplyAll` | Disables running `atlantis apply` without any flags | `false` |
-| `disableApply` | Disables running `atlantis apply` regardless of what options are specified | `false` |
-| `disableRepoLocking` | Stops atlantis locking projects and or workspaces when running terraform | `false` |
-| `enableKubernetesBackend` | Deploy rbac to allow for the serviceAccount to manage terraform state via a kubernetes backend | false |
-| `environmentRaw` | Array environment variables in plain Kubernetes yaml format. See `values.yaml` for example. | `[]` |
-| `environmentSecrets` | Array of Kubernetes secrets that can be used to set environment variables. See `values.yaml` for example. | `{}` |
-| `environment` | Map of environment variables for the container. | `{}` |
-| `extraContainers` | Additional containers to use and depends of use cases. | `[]` |
-| `extraManifests` | Add additional manifests to deploy | `[]` |
-| `extraVolumeMounts` | List of additional volumes mounted to the container. | `[]` |
-| `extraVolumes` | List of additional volumes available to the pod. | `[]` |
-| `gitconfigSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `gitconfig` key. Use this instead of `gitconfig` (optional) | n/a |
-| `gitconfig` | Contents of a file to be mounted to `~/.gitconfig`. Use to allow redirection for Terraform modules in private git repositories. | n/a |
-| `github.hostname` | Hostname of your GitHub Enterprise installation. | n/a |
-| `github.secret` | Repository or organization-wide webhook secret for the Atlantis GitHub integration. All repositories in GitHub that are to be integrated with Atlantis must share the same value. | n/a |
-| `github.token` | Personal access token for the Atlantis GitHub user. | n/a |
-| `github.user` | Name of the Atlantis GitHub user. | n/a |
-| `githubApp.id` | GitHub app ID. If set, GitHub authentication will be performed as an [installation](https://developer.github.com/v3/apps/installations/). | n/a |
-| `githubApp.key` | A GitHub App PEM encoded private key file. If set, GitHub authentication will be performed as an [installation]((https://developer.github.com/v3/apps/installations/)). | n/a |
-| `githubApp.secret` | Secret used to validate GitHub webhooks (see [Securing your webhooks](https://developer.github.com/webhooks/securing/)). | n/a |
-| `githubApp.slug` | A slugged version of GitHub app name shown in pull requests comments, etc (not Atlantis App but something like atlantis-app). Atlantis uses the value of this parameter to identify the comments it has left on GitHub pull requests. This is used for functions such as `hidePrevPlanComments`. | n/a |
-| `gitlab.hostname` | Hostname of your GitLab Enterprise installation. | n/a |
-| `gitlab.secret` | Webhook secret for the Atlantis GitLab integration. All repositories in GitLab that are to be integrated with Atlantis must share the same value. | n/a |
-| `gitlab.token` | Personal access token for the Atlantis GitLab user. | n/a |
-| `gitlab.user` | Repository or organization-wide secret for the Atlantis GitLab,integration. All repositories in GitLab that are to be integrated with Atlantis must share the same value. | n/a |
-| `googleServiceAccountSecrets` | An array of Kubernetes secrets containing Google Service Account credentials. See `values.yaml` for examples and additional documentation. | n/a |
-| `hidePrevPlanComments` | Allow atlantis to hide previous plan comments | `false` |
-| `hostAliases[].hostnames` | Hostnames for host alias entry | n/a |
-| `hostAliases[].ip` | IP for host alias entry | n/a |
-| `imagePullSecrets` | List of secrets for pulling images from private registries. | `[]` |
-| `ingress.annotations` | Additional annotations to use for the Ingress. | `{}` |
-| `ingress.apiVersion` | Override ingress apiVersion. Useful in scenarios in which helm can't determine the capabilities of the Kubernetes cluster. | n/a |
-| `ingress.enabled` | Whether to create a Kubernetes Ingress. | `true` |
-| `ingress.host` | Domain name Kubernetes Ingress rule looks for. Set it to the domain Atlantis will be hosted on. | | | `/` |
-| `ingress.hosts[0].host` | List of domain names Kubernetes Ingress rule looks for. Set it to the domains in which Atlantis will be hosted on. | `chart-example.local` |
-| `ingress.hosts[0].paths` | List of paths to use in Kubernetes Ingress rules. Should be set to `/*` if using gce-ingress in Google | `[/]` |
-| `ingress.labels` | Additional labels to use for the Ingress. | `{}` |
-| `ingress.path` | Path to use in the `Ingress`. Should be set to `/*` if using gce-ingress in Google Cloud. | `/` |
-| `ingress.tls` | Kubernetes tls block. See [Kubernetes docs](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) for details. | `[]` |
-| `initContainers` | Containers used to initialize context for Atlantis pods | `[]` |
-| `lifecycle` | Configure pod container lifecycle hooks. See [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) for details. | `{}` |
-| `loadEnvFromConfigMaps` | Array of Kubernetes `ConfigMap`s to set all key-value pairs as environment variables. See `values.yaml` for example. | `[]` |
-| `loadEnvFromSecrets` | Array of Kubernetes secrets to set all key-value pairs as environment variables. See `values.yaml` for example. | `[]` |
-| `lockingDbType` | Locking DB type for storing plan and apply locks. Allowed values are `boltdb` and `redis`. | n/a |
-| `logLevel` | Level to use for logging. Either debug, info, warn, or error. | n/a |
-| `netrcSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `netrc` key. Use this instead of `netrc` (optional) | n/a |
-| `netrc` | Contents of a file to be mounted to `~/.netrc`. Use to authenticate with private registries hosting terraform modules. | n/a |
-| `orgAllowlist` | Allowlist of repositories from which Atlantis will accept webhooks. **This value must be set for Atlantis to function correctly.** Accepts wildcard characters (`*`). Multiple values may be comma-separated. | none |
-| `orgWhitelist` | Deprecated (see orgAllowlist) List of repositories from which Atlantis will accept webhooks. Accepts wildcard characters (`*`). Multiple values may be comma-separated. | none |
-| `podTemplate.annotations` | Additional annotations to use for pods. | `{}` |
-| `podTemplate.labels` | Additional labels to use for pods. | `{}` |
-| `redis.db` | Redis database number for Locking DB of type `redis`. | n/a |
-| `redis.host` | Redis hostname for Locking DB of type `redis`. | n/a |
-| `redis.insecureSkipVerify` | Whether Redis client should skip verification of Redis server's certificate chain and hostname. Setting to `true` may introduce a security vulnerability. | n/a |
-| `redis.password` | Redis password for Locking DB of type `redis`. | n/a |
-| `redis.port` | Redis port for Locking DB of type `redis`. | n/a |
-| `redis.tlsEnabled` | Whether to enable TLS connection to Redis. | n/a |
-| `redisSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `password` key. Use this instead of `redis.password`. | n/a |
-| `repoConfig` | [Server-side Repository Configuration](https://www.runatlantis.io/docs/server-side-repo-config.html) as a raw YAML string. Configuration is stored in ConfigMap. | n/a |
-| `service.annotations` | Additional annotations to use for the service. | n/a |
-| `service.loadBalancerIP` | Expose this service on the given ip if service.type = `LoadBalancerIP` | n/a |
-| `service.loadBalancerSourceRanges` | Array of allowlisted IP addresses for the Atlantis Service. If no value is specified, the Service will allow incoming traffic from all IP addresses (0.0.0.0/0). | n/a |
-| `service.port` | Port of the `Service`. | `80` |
-| `service.targetPort` | Target Port of the `Service`. | `4141` |
-| `serviceAccount.annotations` | Additional Service Account annotations | n/a |
-| `serviceAccount.create` | Whether to create a Kubernetes ServiceAccount if no account matching `serviceAccount.name` exists. | `true` |
-| `serviceAccount.mount` | Whether to mount the Kubernetes ServiceAccount into the pod | `true` |
-| `serviceAccount.name` | Name of the Kubernetes ServiceAccount under which Atlantis should run. If no value is specified and `serviceAccount.create` is `true`, Atlantis will be run under a ServiceAccount whose name is the FullName of the Helm chart's instance, else Atlantis will be run under the `default` ServiceAccount. | n/a |
-| `serviceAccountSecrets.credentials-staging` | Deprecated (see googleServiceAccountSecrets) JSON string representing secrets for a Google Cloud Platform staging service account. Only applicable if hosting Atlantis on GKE. | n/a |
-| `serviceAccountSecrets.credentials` | Deprecated (see googleServiceAccountSecrets) JSON string representing secrets for a Google Cloud Platform production service account. Only applicable if hosting Atlantis on GKE. | n/a |
-| `statefulSet.annotations` | Additional annotations to use for StatefulSet. | `{}` |
-| `statefulSet.labels` | Additional labels to use for StatefulSet. | `{}` |
-| `statefulSet.priorityClassName` | Leverage a PriorityClass to ensure your pods survive resource shortages. | `{}` |
-| `statefulSet.securityContext` | Allow customizing fsGroup/runAsUser. | `{}` |
-| `statefulSet.shareProcessNamespace` | Share the process namespace between all containers in a pod. | `false` |
-| `statefulSet.updateStrategy` | Configure [updateStrategy](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies) of the StatefulSet. | `{}` |
-| `storageClassName` | DEPRECATED - Storage class of the volume mounted for the Atlantis data directory. | n/a |
-| `terminationGracePeriodSeconds` | Set terminationGracePeriodSeconds for the StatefulSet. | `{}` |
-| `test.enabled` | Whether to enable the test. | `true` |
-| `tlsSecretName` | Name of a Secret for Atlantis' HTTPS certificate containing the following data items `tls.crt` with the public certificate and `tls.key` with the private key. | n/a |
-| `vcsSecretName` | Name of a pre-existing Kubernetes `Secret` containing `token` and `secret` keys set to your VCS provider's API token and webhook secret, respectively. Use this instead of `github.token`/`github.secret`, etc. (optional) | n/a |
-| `volumeClaim.dataStorage` | Amount of storage available for embedded Atlantis' data directory | `5Gi` |
-| `volumeClaim.enabled` | Activate embedded volume claim for Atlantis' data directory (mostly used to check out git repositories). | `true` |
-| `volumeClaim.storageClassName` | Storage class of the embedded volume mounted for the Atlantis data directory. | n/a |
+| Parameter | Description | Default |
+|-----------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|
+| `allowDraftPRs` | Allow atlantis to run on draft Pull Requests | `false` |
+| `allowForkPRs` | Allow atlantis to run on fork Pull Requests | `false` |
+| `api.secret` | API secret to enable API endpoints | n/a |
+| `apiSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `apisecret` key. Use this instead of `api.secret` | n/a |
+| `atlantisUrl` | Base URL of atlantis server. This URL also reflects in pull-requests CI hooks where terraform changes are displayed. | n/a |
+| `aws.config` | Contents of a file to be mounted to `~/.aws/config` or `aws.directory/config`. | n/a |
+| `aws.credentials` | Contents of a file to be mounted to `~/.aws/credentials` `aws.directory/credentials`. | n/a |
+| `aws.directory` | If set, will mount AWS credentials to the specified path and set `AWS_SHARED_CREDENTIALS_FILE` and `AWS_CONFIG_FILE` variables. If not set, default path `/home/atlantis/.aws` will be used. | n/a |
+| `awsSecretName` | Secret name containing AWS credentials - will override aws.credentials and aws.config. Will be used a volume mount on `$HOME/.aws` or `aws.directory`, so it needs a `credentials` key. The key `config` is optional. See the file `templates/secret-aws.yml` for more info on the Secret contents. | n/a |
+| `azuredevops.token` | Personal access token for the Atlantis Azure DevOps user. | n/a |
+| `azuredevops.user` | Repository or organization-wide secret for the Atlantis Azure DevOps,integration. All repositories in Azure DevOps that are to be integrated with Atlantis must share the same value. | n/a |
+| `azuredevops.webhookPassword` | Webhook password for the Atlantis Azure DevOps integration. All repositories in Azure DevOps that are to be integrated with Atlantis must share the same value. | n/a |
+| `azuredevops.webhookUser` | Webhook user for the Atlantis Azure DevOps integration. | n/a |
+| `basicAuth.password` | Password for basic authentication | n/a |
+| `basicAuth.username` | Username for basic authentication | n/a |
+| `bitbucket.baseURL` | Base URL of Bitbucket Server installation. | n/a |
+| `bitbucket.secret` | Webhook secret for Bitbucket repositories (Bitbucket Server only). | n/a |
+| `bitbucket.token` | Personal access token for the Atlantis Bitbucket user. | n/a |
+| `bitbucket.user` | Name of the Atlantis Bitbucket user. | n/a |
+| `command` | Optionally override the [`command` field](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.14/#container-v1-core) of the Atlantis Docker container. If not set, the default Atlantis `ENTRYPOINT` is used. Must be an array. | n/a |
+| `commonLabels` | Add Common Labels to all resources | `{}` |
+| `config` | Override atlantis main configuration by config map. It's allow some additional functionality like slack notifications. | n/a |
+| `containerSecurityContext.allowPrivilegeEscalation` | Whether to enable privilege escalation | n/a |
+| `containerSecurityContext.readOnlyRootFilesystem` | Whether the root file system should be read-only | n/a |
+| `customPem` | SecretName of the custom `ca-certificates.cert` to override the `/etc/ssl/certs/ca-certificates.crt` with your custom one (self-signed certificates)
Secret has to be created manually and shal contain `ca-certificates.crt: PEM` | n/a |
+| `dataStorage` | DEPRECATED - Amount of storage available for Atlantis' data directory (mostly used to check out git repositories). | `5Gi` |
+| `defaultTFVersion` | Default Terraform version to be used by atlantis server | n/a |
+| `disableApplyAll` | Disables running `atlantis apply` without any flags | `false` |
+| `disableApply` | Disables running `atlantis apply` regardless of what options are specified | `false` |
+| `disableRepoLocking` | Stops atlantis locking projects and or workspaces when running terraform | `false` |
+| `enableKubernetesBackend` | Deploy rbac to allow for the serviceAccount to manage terraform state via a kubernetes backend | false |
+| `environmentRaw` | Array environment variables in plain Kubernetes yaml format. See `values.yaml` for example. | `[]` |
+| `environmentSecrets` | Array of Kubernetes secrets that can be used to set environment variables. See `values.yaml` for example. | `{}` |
+| `environment` | Map of environment variables for the container. | `{}` |
+| `extraContainers` | Additional containers to use and depends of use cases. | `[]` |
+| `extraManifests` | Add additional manifests to deploy | `[]` |
+| `extraVolumeMounts` | List of additional volumes mounted to the container. | `[]` |
+| `extraVolumes` | List of additional volumes available to the pod. | `[]` |
+| `gitconfigSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `gitconfig` key. Use this instead of `gitconfig` (optional) | n/a |
+| `gitconfig` | Contents of a file to be mounted to `~/.gitconfig`. Use to allow redirection for Terraform modules in private git repositories. | n/a |
+| `github.hostname` | Hostname of your GitHub Enterprise installation. | n/a |
+| `github.secret` | Repository or organization-wide webhook secret for the Atlantis GitHub integration. All repositories in GitHub that are to be integrated with Atlantis must share the same value. | n/a |
+| `github.token` | Personal access token for the Atlantis GitHub user. | n/a |
+| `github.user` | Name of the Atlantis GitHub user. | n/a |
+| `githubApp.id` | GitHub app ID. If set, GitHub authentication will be performed as an [installation](https://developer.github.com/v3/apps/installations/). | n/a |
+| `githubApp.key` | A GitHub App PEM encoded private key file. If set, GitHub authentication will be performed as an [installation]((https://developer.github.com/v3/apps/installations/)). | n/a |
+| `githubApp.secret` | Secret used to validate GitHub webhooks (see [Securing your webhooks](https://developer.github.com/webhooks/securing/)). | n/a |
+| `githubApp.slug` | A slugged version of GitHub app name shown in pull requests comments, etc (not Atlantis App but something like atlantis-app). Atlantis uses the value of this parameter to identify the comments it has left on GitHub pull requests. This is used for functions such as `hidePrevPlanComments`. | n/a |
+| `gitlab.hostname` | Hostname of your GitLab Enterprise installation. | n/a |
+| `gitlab.secret` | Webhook secret for the Atlantis GitLab integration. All repositories in GitLab that are to be integrated with Atlantis must share the same value. | n/a |
+| `gitlab.token` | Personal access token for the Atlantis GitLab user. | n/a |
+| `gitlab.user` | Repository or organization-wide secret for the Atlantis GitLab,integration. All repositories in GitLab that are to be integrated with Atlantis must share the same value. | n/a |
+| `googleServiceAccountSecrets` | An array of Kubernetes secrets containing Google Service Account credentials. See `values.yaml` for examples and additional documentation. | n/a |
+| `hidePrevPlanComments` | Allow atlantis to hide previous plan comments | `false` |
+| `hostAliases[].hostnames` | Hostnames for host alias entry | n/a |
+| `hostAliases[].ip` | IP for host alias entry | n/a |
+| `imagePullSecrets` | List of secrets for pulling images from private registries. | `[]` |
+| `ingress.annotations` | Additional annotations to use for the Ingress. | `{}` |
+| `ingress.apiVersion` | Override ingress apiVersion. Useful in scenarios in which helm can't determine the capabilities of the Kubernetes cluster. | n/a |
+| `ingress.enabled` | Whether to create a Kubernetes Ingress. | `true` |
+| `ingress.host` | Domain name Kubernetes Ingress rule looks for. Set it to the domain Atlantis will be hosted on. | | | `/` |
+| `ingress.hosts[0].host` | List of domain names Kubernetes Ingress rule looks for. Set it to the domains in which Atlantis will be hosted on. | `chart-example.local` |
+| `ingress.hosts[0].paths` | List of paths to use in Kubernetes Ingress rules. Should be set to `/*` if using gce-ingress in Google | `[/]` |
+| `ingress.labels` | Additional labels to use for the Ingress. | `{}` |
+| `ingress.path` | Path to use in the `Ingress`. Should be set to `/*` if using gce-ingress in Google Cloud. | `/` |
+| `ingress.tls` | Kubernetes tls block. See [Kubernetes docs](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) for details. | `[]` |
+| `initContainers` | Containers used to initialize context for Atlantis pods | `[]` |
+| `lifecycle` | Configure pod container lifecycle hooks. See [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) for details. | `{}` |
+| `loadEnvFromConfigMaps` | Array of Kubernetes `ConfigMap`s to set all key-value pairs as environment variables. See `values.yaml` for example. | `[]` |
+| `loadEnvFromSecrets` | Array of Kubernetes secrets to set all key-value pairs as environment variables. See `values.yaml` for example. | `[]` |
+| `lockingDbType` | Locking DB type for storing plan and apply locks. Allowed values are `boltdb` and `redis`. | n/a |
+| `logLevel` | Level to use for logging. Either debug, info, warn, or error. | n/a |
+| `netrcSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `netrc` key. Use this instead of `netrc` (optional) | n/a |
+| `netrc` | Contents of a file to be mounted to `~/.netrc`. Use to authenticate with private registries hosting terraform modules. | n/a |
+| `orgAllowlist` | Allowlist of repositories from which Atlantis will accept webhooks. **This value must be set for Atlantis to function correctly.** Accepts wildcard characters (`*`). Multiple values may be comma-separated. | none |
+| `orgWhitelist` | Deprecated (see orgAllowlist) List of repositories from which Atlantis will accept webhooks. Accepts wildcard characters (`*`). Multiple values may be comma-separated. | none |
+| `podTemplate.annotations` | Additional annotations to use for pods. | `{}` |
+| `podTemplate.labels` | Additional labels to use for pods. | `{}` |
+| `redis.db` | Redis database number for Locking DB of type `redis`. | n/a |
+| `redis.host` | Redis hostname for Locking DB of type `redis`. | n/a |
+| `redis.insecureSkipVerify` | Whether Redis client should skip verification of Redis server's certificate chain and hostname. Setting to `true` may introduce a security vulnerability. | n/a |
+| `redis.password` | Redis password for Locking DB of type `redis`. | n/a |
+| `redis.port` | Redis port for Locking DB of type `redis`. | n/a |
+| `redis.tlsEnabled` | Whether to enable TLS connection to Redis. | n/a |
+| `redisSecretName` | Name of a pre-existing Kubernetes `Secret` containing a `password` key. Use this instead of `redis.password`. | n/a |
+| `repoConfig` | [Server-side Repository Configuration](https://www.runatlantis.io/docs/server-side-repo-config.html) as a raw YAML string. Configuration is stored in ConfigMap. | n/a |
+| `service.annotations` | Additional annotations to use for the service. | n/a |
+| `service.loadBalancerIP` | Expose this service on the given ip if service.type = `LoadBalancerIP` | n/a |
+| `service.loadBalancerSourceRanges` | Array of allowlisted IP addresses for the Atlantis Service. If no value is specified, the Service will allow incoming traffic from all IP addresses (0.0.0.0/0). | n/a |
+| `service.port` | Port of the `Service`. | `80` |
+| `service.targetPort` | Target Port of the `Service`. | `4141` |
+| `serviceAccount.annotations` | Additional Service Account annotations | n/a |
+| `serviceAccount.create` | Whether to create a Kubernetes ServiceAccount if no account matching `serviceAccount.name` exists. | `true` |
+| `serviceAccount.mount` | Whether to mount the Kubernetes ServiceAccount into the pod | `true` |
+| `serviceAccount.name` | Name of the Kubernetes ServiceAccount under which Atlantis should run. If no value is specified and `serviceAccount.create` is `true`, Atlantis will be run under a ServiceAccount whose name is the FullName of the Helm chart's instance, else Atlantis will be run under the `default` ServiceAccount. | n/a |
+| `serviceAccountSecrets.credentials-staging` | Deprecated (see googleServiceAccountSecrets) JSON string representing secrets for a Google Cloud Platform staging service account. Only applicable if hosting Atlantis on GKE. | n/a |
+| `serviceAccountSecrets.credentials` | Deprecated (see googleServiceAccountSecrets) JSON string representing secrets for a Google Cloud Platform production service account. Only applicable if hosting Atlantis on GKE. | n/a |
+| `statefulSet.annotations` | Additional annotations to use for StatefulSet. | `{}` |
+| `statefulSet.labels` | Additional labels to use for StatefulSet. | `{}` |
+| `statefulSet.priorityClassName` | Leverage a PriorityClass to ensure your pods survive resource shortages. | `{}` |
+| `statefulSet.securityContext` | Allow customizing fsGroup/runAsUser. | `{}` |
+| `statefulSet.shareProcessNamespace` | Share the process namespace between all containers in a pod. | `false` |
+| `statefulSet.updateStrategy` | Configure [updateStrategy](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies) of the StatefulSet. | `{}` |
+| `storageClassName` | DEPRECATED - Storage class of the volume mounted for the Atlantis data directory. | n/a |
+| `terminationGracePeriodSeconds` | Set terminationGracePeriodSeconds for the StatefulSet. | `{}` |
+| `test.enabled` | Whether to enable the test. | `true` |
+| `tlsSecretName` | Name of a Secret for Atlantis' HTTPS certificate containing the following data items `tls.crt` with the public certificate and `tls.key` with the private key. | n/a |
+| `vcsSecretName` | Name of a pre-existing Kubernetes `Secret` containing `token` and `secret` keys set to your VCS provider's API token and webhook secret, respectively. Use this instead of `github.token`/`github.secret`, etc. (optional) | n/a |
+| `volumeClaim.dataStorage` | Amount of storage available for embedded Atlantis' data directory | `5Gi` |
+| `volumeClaim.enabled` | Activate embedded volume claim for Atlantis' data directory (mostly used to check out git repositories). | `true` |
+| `volumeClaim.storageClassName` | Storage class of the embedded volume mounted for the Atlantis data directory. | n/a |
**NOTE**: All the [Server Configurations](https://www.runatlantis.io/docs/server-configuration.html) are passed as [Environment Variables](https://www.runatlantis.io/docs/server-configuration.html#environment-variables).
diff --git a/charts/atlantis/templates/secret-aws.yaml b/charts/atlantis/templates/secret-aws.yaml
index 412425cd..f26fa0e3 100644
--- a/charts/atlantis/templates/secret-aws.yaml
+++ b/charts/atlantis/templates/secret-aws.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.aws -}}
+{{- if or .Values.aws.credentials .Values.aws.config }}
apiVersion: v1
kind: Secret
metadata:
@@ -12,4 +12,4 @@ data:
{{- if .Values.aws.config }}
config: {{ .Values.aws.config | b64enc }}
{{- end }}
-{{- end -}}
+{{- end }}
diff --git a/charts/atlantis/templates/statefulset.yaml b/charts/atlantis/templates/statefulset.yaml
index e978254e..8f5cd074 100644
--- a/charts/atlantis/templates/statefulset.yaml
+++ b/charts/atlantis/templates/statefulset.yaml
@@ -85,7 +85,7 @@ spec:
secret:
secretName: {{ .Values.netrcSecretName }}
{{- end }}
- {{- if or .Values.aws .Values.awsSecretName}}
+ {{- if or .Values.aws.credentials .Values.aws.config .Values.awsSecretName }}
- name: aws-volume
secret:
secretName: {{ template "atlantis.awsSecretName" . }}
@@ -397,6 +397,12 @@ spec:
- name: ATLANTIS_REDIS_INSECURE_SKIP_VERIFY
value: {{ .Values.redis.insecureSkipVerify | quote }}
{{- end }}
+ {{ - if .Values.aws.directory }}
+ - name: AWS_SHARED_CREDENTIALS_FILE
+ value: {{ .Values.aws.directory }}/credentials
+ - name: AWS_CONFIG_FILE
+ value: {{ .Values.aws.directory }}/config
+ {{- end }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
httpGet:
@@ -448,10 +454,10 @@ spec:
mountPath: /home/atlantis/.netrc
subPath: netrc
{{- end }}
- {{- if or .Values.aws .Values.awsSecretName }}
+ {{- if or .Values.aws.credentials .Values.aws.config .Values.awsSecretName }}
- name: aws-volume
readOnly: true
- mountPath: /home/atlantis/.aws
+ mountPath: {{ .Values.aws.directory | default "/home/atlantis/.aws" }}
{{- end }}
{{- if .Values.tlsSecretName }}
- name: tls
diff --git a/charts/atlantis/values.yaml b/charts/atlantis/values.yaml
index 8737303c..cd08cf47 100644
--- a/charts/atlantis/values.yaml
+++ b/charts/atlantis/values.yaml
@@ -84,8 +84,8 @@ orgAllowlist:
# If managing secrets outside the chart for the netrc file, use this variable to reference the secret name
# netrcSecretName: 'mynetrcsecret'
-# To specify AWS credentials to be mapped to ~/.aws:
-# aws:
+# To specify AWS credentials to be mapped to ~/.aws or to aws.directory:
+aws: {}
# credentials: |
# [default]
# aws_access_key_id=YOUR_ACCESS_KEY_ID
@@ -95,6 +95,7 @@ orgAllowlist:
# [profile a_role_to_assume]
# role_arn = arn:aws:iam::123456789:role/service-role/roleToAssume
# source_profile = default
+# directory: "/home/atlantis/.aws"
# To reference an already existing Secret object with AWS credentials
# awsSecretName: 'mysecretwithawscreds'
From c577218dfa669044e3a72df55190b12c6740214b Mon Sep 17 00:00:00 2001
From: Teko012 <112829523+Teko012@users.noreply.github.com>
Date: Thu, 29 Dec 2022 17:37:54 +0100
Subject: [PATCH 07/10] Move github hostname out of github user dependency
---
charts/atlantis/templates/statefulset.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/charts/atlantis/templates/statefulset.yaml b/charts/atlantis/templates/statefulset.yaml
index bb57717a..dc761c54 100644
--- a/charts/atlantis/templates/statefulset.yaml
+++ b/charts/atlantis/templates/statefulset.yaml
@@ -265,11 +265,11 @@ spec:
secretKeyRef:
name: {{ template "atlantis.vcsSecretName" . }}
key: github_secret
+ {{- end}}
{{- if .Values.github.hostname }}
- name: ATLANTIS_GH_HOSTNAME
value: {{ .Values.github.hostname }}
{{- end }}
- {{- end}}
{{- if .Values.githubApp }}
{{- if .Values.githubApp.id }}
- name: ATLANTIS_GH_APP_ID
From 660268a60672e3b339f7048bd91e281093c9ef53 Mon Sep 17 00:00:00 2001
From: Teko012 <112829523+Teko012@users.noreply.github.com>
Date: Thu, 29 Dec 2022 17:41:19 +0100
Subject: [PATCH 08/10] Formatting fixes
---
charts/atlantis/templates/statefulset.yaml | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/charts/atlantis/templates/statefulset.yaml b/charts/atlantis/templates/statefulset.yaml
index dc761c54..f0dce2cc 100644
--- a/charts/atlantis/templates/statefulset.yaml
+++ b/charts/atlantis/templates/statefulset.yaml
@@ -37,7 +37,7 @@ spec:
hostAliases:
{{- range .Values.hostAliases }}
- hostnames: {{- range .hostnames }}
- - {{ . }}{{- end}}
+ - {{ . }}{{- end }}
ip: {{ .ip }}
{{- end }}
{{- end }}
@@ -265,7 +265,7 @@ spec:
secretKeyRef:
name: {{ template "atlantis.vcsSecretName" . }}
key: github_secret
- {{- end}}
+ {{- end }}
{{- if .Values.github.hostname }}
- name: ATLANTIS_GH_HOSTNAME
value: {{ .Values.github.hostname }}
@@ -310,7 +310,7 @@ spec:
- name: ATLANTIS_GITLAB_HOSTNAME
value: {{ .Values.gitlab.hostname }}
{{- end }}
- {{- end}}
+ {{- end }}
{{- if .Values.bitbucket }}
- name: ATLANTIS_BITBUCKET_USER
value: {{ required "bitbucket.user is required if bitbucket configuration is specified." .Values.bitbucket.user }}
@@ -344,7 +344,7 @@ spec:
secretKeyRef:
name: {{ template "atlantis.vcsSecretName" . }}
key: azuredevops_webhook_password
- {{- end}}
+ {{- end }}
{{- if .Values.basicAuth }}
- name: ATLANTIS_WEB_BASIC_AUTH
value: "true"
@@ -358,14 +358,14 @@ spec:
secretKeyRef:
name: {{ template "atlantis.basicAuthSecretName" . }}
key: password
- {{- end}}
+ {{- end }}
{{- if or .Values.api .Values.apiSecretName }}
- name: ATLANTIS_API_SECRET
valueFrom:
secretKeyRef:
name: {{ template "atlantis.apiSecretName" . }}
key: apisecret
- {{- end}}
+ {{- end }}
{{- if .Values.lockingDbType }}
- name: ATLANTIS_LOCKING_DB_TYPE
value: {{ .Values.lockingDbType | quote }}
From fcaf49fe8240db99910d9e96deb63f9c20da81ad Mon Sep 17 00:00:00 2001
From: Teko <112829523+Teko012@users.noreply.github.com>
Date: Thu, 29 Dec 2022 18:05:06 +0100
Subject: [PATCH 09/10] Update README.md numbering
Co-authored-by: nitrocode <7775707+nitrocode@users.noreply.github.com>
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 7e6ed4fe..ca5a5b8a 100644
--- a/README.md
+++ b/README.md
@@ -35,7 +35,7 @@ In order for Atlantis to start and run successfully:
Refer to [values.yaml](/charts/atlantis/values.yaml) for detailed examples.
They can also be provided directly through a Kubernetes `Secret`, use the variable `vcsSecretName` to reference it.
-2. Supply a value for `orgAllowlist`, e.g. `github.com/myorg/*`.
+1. Supply a value for `orgAllowlist`, e.g. `github.com/myorg/*`.
## Additional manifests
From add83b47b2a257049dced2f3596c6d460c11feaf Mon Sep 17 00:00:00 2001
From: Teko <112829523+Teko012@users.noreply.github.com>
Date: Thu, 29 Dec 2022 18:05:37 +0100
Subject: [PATCH 10/10] Update README.md numbering
Co-authored-by: nitrocode <7775707+nitrocode@users.noreply.github.com>
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index ca5a5b8a..4ef5da77 100644
--- a/README.md
+++ b/README.md
@@ -236,7 +236,7 @@ To perform a smoke test of the deployment (i.e. ensure that the Atlantis UI is u
helm install -f test-values.yaml my-atlantis runatlantis/atlantis --debug
```
-2. Run the tests:
+1. Run the tests:
```bash
helm test my-atlantis
```