diff --git a/charts/atlantis/Chart.yaml b/charts/atlantis/Chart.yaml index 6abd96a4..6cfb97f6 100644 --- a/charts/atlantis/Chart.yaml +++ b/charts/atlantis/Chart.yaml @@ -3,7 +3,7 @@ apiVersion: v1 appVersion: v0.27.0 description: A Helm chart for Atlantis https://www.runatlantis.io name: atlantis -version: 4.21.1 +version: 4.22.0 keywords: - terraform home: https://www.runatlantis.io diff --git a/charts/atlantis/templates/pvc.yaml b/charts/atlantis/templates/pvc.yaml new file mode 100644 index 00000000..e6f90219 --- /dev/null +++ b/charts/atlantis/templates/pvc.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.volumeClaim.enabled ( not .Values.dataStorage ) }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "atlantis.fullname" . }}-data +labels: + {{- include "atlantis.labels" . | nindent 2 }} +spec: + accessModes: {{ .Values.volumeClaim.accessModes| toYaml | nindent 2 }} + resources: + requests: + # The biggest thing Atlantis stores is the Git repo when it checks it out. + # It deletes the repo after the pull request is merged. + storage: {{ .Values.volumeClaim.dataStorage }} + {{- if .Values.volumeClaim.storageClassName }} + storageClassName: {{ .Values.volumeClaim.storageClassName }} + {{- end }} +{{- end }} diff --git a/charts/atlantis/templates/statefulset.yaml b/charts/atlantis/templates/statefulset.yaml index 05e5b654..d8daa154 100644 --- a/charts/atlantis/templates/statefulset.yaml +++ b/charts/atlantis/templates/statefulset.yaml @@ -56,6 +56,11 @@ spec: priorityClassName: {{ .Values.statefulSet.priorityClassName }} {{- end }} volumes: + {{- if and .Values.volumeClaim.enabled ( not .Values.dataStorage ) }} + - name : atlantis-data + persistentVolumeClaim: + claimName: {{ template "atlantis.fullname" . }}-data + {{- end }} {{- if .Values.tlsSecretName }} - name: tls secret: @@ -587,18 +592,4 @@ spec: # The biggest thing Atlantis stores is the Git repo when it checks it out. # It deletes the repo after the pull request is merged. storage: {{ .Values.dataStorage }} - {{- else if .Values.volumeClaim.enabled }} - volumeClaimTemplates: - - metadata: - name: atlantis-data - spec: - accessModes: ["ReadWriteOnce"] # Volume should not be shared by multiple nodes. - {{- if .Values.volumeClaim.storageClassName }} - storageClassName: {{ .Values.volumeClaim.storageClassName }} # Storage class of the volume - {{- end }} - resources: - requests: - # The biggest thing Atlantis stores is the Git repo when it checks it out. - # It deletes the repo after the pull request is merged. - storage: {{ .Values.volumeClaim.dataStorage }} {{- end }} diff --git a/charts/atlantis/tests/pvc_test.yaml b/charts/atlantis/tests/pvc_test.yaml new file mode 100644 index 00000000..ff9684aa --- /dev/null +++ b/charts/atlantis/tests/pvc_test.yaml @@ -0,0 +1,46 @@ +suite: test pvc +templates: + - pvc.yaml +chart: + appVersion: test-appVersion +release: + name: my-release +tests: + - it: pvc + template: pvc.yaml + asserts: + - isKind: + of: PersistentVolumeClaim + - equal: + path: apiVersion + value: v1 + - equal: + path: metadata.name + value: my-release-atlantis-data + - equal: + path: spec.accessModes + value: + - ReadWriteOnce + - equal: + path: spec.resources.requests.storage + value: 5Gi + - it: accessModes + template: pvc.yaml + set: + volumeClaim: + accessModes: + - ReadWriteMany + asserts: + - equal: + path: spec.accessModes + value: + - ReadWriteMany + - it: storage requests + template: pvc.yaml + set: + volumeClaim: + dataStorage: 10Gi + asserts: + - equal: + path: spec.resources.requests.storage + value: 10Gi diff --git a/charts/atlantis/tests/statefulset_test.yaml b/charts/atlantis/tests/statefulset_test.yaml index 34d5e5ba..edcb1628 100644 --- a/charts/atlantis/tests/statefulset_test.yaml +++ b/charts/atlantis/tests/statefulset_test.yaml @@ -80,8 +80,12 @@ tests: runAsUser: 100 - notExists: path: spec.template.spec.priorityClassName - - isNullOrEmpty: + - equal: path: spec.template.spec.volumes + value: + - name: atlantis-data + persistentVolumeClaim: + claimName: my-release-atlantis-data - notExists: path: spec.template.spec.imagePullSecrets - notExists: @@ -160,17 +164,8 @@ tests: path: spec.template.spec.topologySpreadConstraints - notExists: path: spec.template.spec.updateStrategy - - equal: + - notExists: path: spec.volumeClaimTemplates - value: - - metadata: - name: atlantis-data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi - it: replicaCount template: statefulset.yaml set: @@ -239,11 +234,11 @@ tests: tlsSecretName: test-tls asserts: - equal: - path: spec.template.spec.volumes + path: spec.template.spec.volumes[1] value: - - name: tls - secret: - secretName: test-tls + name: tls + secret: + secretName: test-tls - equal: path: spec.template.spec.containers[0].volumeMounts[?(@.name == "tls")] value: @@ -267,14 +262,17 @@ tests: credentials-staging: Q2FybWVsYSBTb3ByYW5v asserts: - equal: - path: spec.template.spec.volumes + path: spec.template.spec.volumes[1] value: - - name: credentials-volume - secret: - secretName: credentials - - name: credentials-staging-volume - secret: - secretName: credentials-staging + name: credentials-volume + secret: + secretName: credentials + - equal: + path: spec.template.spec.volumes[2] + value: + name: credentials-staging-volume + secret: + secretName: credentials-staging - equal: path: spec.template.spec.containers[0].volumeMounts[?(@.name == "credentials-volume")] @@ -299,14 +297,17 @@ tests: secretName: gcp-staging-secret asserts: - equal: - path: spec.template.spec.volumes + path: spec.template.spec.volumes[1] + value: + name: gcp-ci + secret: + secretName: gcp-ci-secret + - equal: + path: spec.template.spec.volumes[2] value: - - name: gcp-ci - secret: - secretName: gcp-ci-secret - - name: gcp-staging - secret: - secretName: gcp-staging-secret + name: gcp-staging + secret: + secretName: gcp-staging-secret - equal: path: spec.template.spec.containers[0].volumeMounts[?(@.name == "gcp-ci")] value: @@ -327,11 +328,11 @@ tests: insteadOf = https://github.com asserts: - equal: - path: spec.template.spec.volumes + path: spec.template.spec.volumes[1] value: - - name: gitconfig-volume - secret: - secretName: my-release-atlantis-gitconfig + name: gitconfig-volume + secret: + secretName: my-release-atlantis-gitconfig - equal: path: spec.template.spec.containers[0].volumeMounts[?(@.name == "gitconfig-volume")] @@ -346,11 +347,11 @@ tests: gitconfigSecretName: atlantis-gitconfig asserts: - equal: - path: spec.template.spec.volumes + path: spec.template.spec.volumes[1] value: - - name: gitconfig-volume - secret: - secretName: atlantis-gitconfig + name: gitconfig-volume + secret: + secretName: atlantis-gitconfig - equal: path: spec.template.spec.containers[0].volumeMounts[?(@.name == "gitconfig-volume")] @@ -367,11 +368,11 @@ tests: machine bitbucket.myapp.com login YOUR_USERNAME password YOUR_PASSWORD asserts: - equal: - path: spec.template.spec.volumes + path: spec.template.spec.volumes[1] value: - - name: netrc-volume - secret: - secretName: my-release-atlantis-netrc + name: netrc-volume + secret: + secretName: my-release-atlantis-netrc - equal: path: spec.template.spec.containers[0].volumeMounts[?(@.name == "netrc-volume")] value: @@ -385,11 +386,11 @@ tests: netrcSecretName: atlantis-netrc asserts: - equal: - path: spec.template.spec.volumes + path: spec.template.spec.volumes[1] value: - - name: netrc-volume - secret: - secretName: atlantis-netrc + name: netrc-volume + secret: + secretName: atlantis-netrc - equal: path: spec.template.spec.containers[0].volumeMounts[?(@.name == "netrc-volume")] value: @@ -412,11 +413,11 @@ tests: source_profile = default asserts: - equal: - path: spec.template.spec.volumes + path: spec.template.spec.volumes[1] value: - - name: aws-volume - secret: - secretName: my-release-atlantis-aws + name: aws-volume + secret: + secretName: my-release-atlantis-aws - equal: path: spec.template.spec.containers[0].volumeMounts[?(@.name == "aws-volume")] value: @@ -445,11 +446,11 @@ tests: awsSecretName: atlantis-aws asserts: - equal: - path: spec.template.spec.volumes + path: spec.template.spec.volumes[1] value: - - name: aws-volume - secret: - secretName: atlantis-aws + name: aws-volume + secret: + secretName: atlantis-aws - equal: path: spec.template.spec.containers[0].volumeMounts[?(@.name == "aws-volume")] value: @@ -469,14 +470,14 @@ tests: secret: baz asserts: - equal: - path: spec.template.spec.volumes + path: spec.template.spec.volumes[1] value: - - name: github-app-key-volume - secret: - items: - - key: key.pem - path: key.pem - secretName: my-release-atlantis-webhook + name: github-app-key-volume + secret: + items: + - key: key.pem + path: key.pem + secretName: my-release-atlantis-webhook - equal: path: spec.template.spec.containers[0].volumeMounts[?(@.name == "github-app-key-volume")] @@ -516,14 +517,14 @@ tests: slug: foo asserts: - equal: - path: spec.template.spec.volumes + path: spec.template.spec.volumes[1] value: - - name: github-app-key-volume - secret: - items: - - key: key.pem - path: key.pem - secretName: atlantis-vcs + name: github-app-key-volume + secret: + items: + - key: key.pem + path: key.pem + secretName: atlantis-vcs - equal: path: spec.template.spec.containers[0].volumeMounts[?(@.name == "github-app-key-volume")] diff --git a/charts/atlantis/values.schema.json b/charts/atlantis/values.schema.json index 7b7f2b5d..ef008357 100644 --- a/charts/atlantis/values.schema.json +++ b/charts/atlantis/values.schema.json @@ -738,6 +738,14 @@ "type":"string", "description":"Amount of storage available for embedded Atlantis' data directory" }, + "accessModes":{ + "type":"array", + "description":"Array of requested access modes for the volume.", + "items":{ + "type":"string", + "description":"The access mode to be requested." + } + }, "storageClassName":{ "type":"string", "description":"Storage class of the embedded volume mounted for the Atlantis data directory." diff --git a/charts/atlantis/values.yaml b/charts/atlantis/values.yaml index f57f6393..8c97ab46 100644 --- a/charts/atlantis/values.yaml +++ b/charts/atlantis/values.yaml @@ -359,6 +359,7 @@ volumeClaim: dataStorage: 5Gi ## Storage class name (if possible, use a resizable one) # storageClassName: value + accessModes: ["ReadWriteOnce"] ## To keep backwards compatibility ## DEPRECATED - Disk space for Atlantis to check out repositories