From 93e51748abad646f6508306775d921d2920d91ed Mon Sep 17 00:00:00 2001 From: BrunoTarijon Date: Wed, 21 Jun 2023 19:29:53 -0300 Subject: [PATCH 01/10] Move atlantis-data volume to a separate PVC --- charts/atlantis/templates/pvc.yaml | 18 ++++++++++++++++++ charts/atlantis/templates/statefulset.yaml | 14 -------------- 2 files changed, 18 insertions(+), 14 deletions(-) create mode 100644 charts/atlantis/templates/pvc.yaml diff --git a/charts/atlantis/templates/pvc.yaml b/charts/atlantis/templates/pvc.yaml new file mode 100644 index 00000000..87bd3872 --- /dev/null +++ b/charts/atlantis/templates/pvc.yaml @@ -0,0 +1,18 @@ +{{- $usingVolumeClaimInterface := not .Values.dataStorage }} +{{- if and .Values.volumeClaim.enabled $usingVolumeClaimInterface }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: atlantis-data +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + # The biggest thing Atlantis stores is the Git repo when it checks it out. + # It deletes the repo after the pull request is merged. + storage: {{ .Values.volumeClaim.dataStorage }} + {{- if .Values.volumeClaim.storageClassName }} + storageClassName: {{ .Values.volumeClaim.storageClassName }} + {{- end }} +{{- end }} diff --git a/charts/atlantis/templates/statefulset.yaml b/charts/atlantis/templates/statefulset.yaml index 06dc47cb..a778ba3a 100644 --- a/charts/atlantis/templates/statefulset.yaml +++ b/charts/atlantis/templates/statefulset.yaml @@ -535,18 +535,4 @@ spec: # The biggest thing Atlantis stores is the Git repo when it checks it out. # It deletes the repo after the pull request is merged. storage: {{ .Values.dataStorage }} - {{- else if .Values.volumeClaim.enabled }} - volumeClaimTemplates: - - metadata: - name: atlantis-data - spec: - accessModes: ["ReadWriteOnce"] # Volume should not be shared by multiple nodes. - {{- if .Values.volumeClaim.storageClassName }} - storageClassName: {{ .Values.volumeClaim.storageClassName }} # Storage class of the volume - {{- end }} - resources: - requests: - # The biggest thing Atlantis stores is the Git repo when it checks it out. - # It deletes the repo after the pull request is merged. - storage: {{ .Values.volumeClaim.dataStorage }} {{- end }} From f56c4caa0fe5c83052d4f0b42f67c0d7f0e9d122 Mon Sep 17 00:00:00 2001 From: Bruno Aumiller Tarijon <42080746+BrunoTarijon@users.noreply.github.com> Date: Mon, 11 Sep 2023 15:57:12 -0300 Subject: [PATCH 02/10] bump chart version --- charts/atlantis/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/atlantis/Chart.yaml b/charts/atlantis/Chart.yaml index c0866d66..1f2e1fd8 100644 --- a/charts/atlantis/Chart.yaml +++ b/charts/atlantis/Chart.yaml @@ -3,7 +3,7 @@ apiVersion: v1 appVersion: v0.25.0 description: A Helm chart for Atlantis https://www.runatlantis.io name: atlantis -version: 4.15.1 +version: 4.15.2 keywords: - terraform home: https://www.runatlantis.io From b8d19f43a765fc860e309c766d19c1716ca1efd7 Mon Sep 17 00:00:00 2001 From: BrunoTarijon Date: Fri, 29 Sep 2023 15:57:04 -0300 Subject: [PATCH 03/10] change access mode to ReadWriteMany --- charts/atlantis/templates/pvc.yaml | 2 +- charts/atlantis/templates/statefulset.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/atlantis/templates/pvc.yaml b/charts/atlantis/templates/pvc.yaml index 87bd3872..60318e67 100644 --- a/charts/atlantis/templates/pvc.yaml +++ b/charts/atlantis/templates/pvc.yaml @@ -6,7 +6,7 @@ metadata: name: atlantis-data spec: accessModes: - - ReadWriteOnce + - ReadWriteMany resources: requests: # The biggest thing Atlantis stores is the Git repo when it checks it out. diff --git a/charts/atlantis/templates/statefulset.yaml b/charts/atlantis/templates/statefulset.yaml index d75bfe4a..b442f7a1 100644 --- a/charts/atlantis/templates/statefulset.yaml +++ b/charts/atlantis/templates/statefulset.yaml @@ -531,7 +531,7 @@ spec: - metadata: name: atlantis-data spec: - accessModes: ["ReadWriteOnce"] # Volume should not be shared by multiple nodes. + accessModes: ["ReadWriteMany"] # Volume should not be shared by multiple nodes. {{- if .Values.storageClassName }} storageClassName: {{ .Values.storageClassName }} # Storage class of the volume {{- end }} From 282922adf663fa55854acf8e00c9b64a80e24bae Mon Sep 17 00:00:00 2001 From: BrunoTarijon Date: Fri, 29 Sep 2023 15:57:46 -0300 Subject: [PATCH 04/10] Bump chart version --- charts/atlantis/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/atlantis/Chart.yaml b/charts/atlantis/Chart.yaml index 1f2e1fd8..085cb05a 100644 --- a/charts/atlantis/Chart.yaml +++ b/charts/atlantis/Chart.yaml @@ -3,7 +3,7 @@ apiVersion: v1 appVersion: v0.25.0 description: A Helm chart for Atlantis https://www.runatlantis.io name: atlantis -version: 4.15.2 +version: 4.15.3 keywords: - terraform home: https://www.runatlantis.io From 50af23c5173f8b71815d534ef6f721264a494733 Mon Sep 17 00:00:00 2001 From: BrunoTarijon Date: Sat, 20 Jan 2024 15:07:59 -0300 Subject: [PATCH 05/10] Add custom access modes to pvc --- charts/atlantis/templates/pvc.yaml | 3 +-- charts/atlantis/templates/statefulset.yaml | 2 +- charts/atlantis/values.yaml | 1 + 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/atlantis/templates/pvc.yaml b/charts/atlantis/templates/pvc.yaml index 60318e67..d541e319 100644 --- a/charts/atlantis/templates/pvc.yaml +++ b/charts/atlantis/templates/pvc.yaml @@ -5,8 +5,7 @@ kind: PersistentVolumeClaim metadata: name: atlantis-data spec: - accessModes: - - ReadWriteMany + accessModes: {{ .Values.volumeClaim.accessModes| toYaml | nindent 2 }} resources: requests: # The biggest thing Atlantis stores is the Git repo when it checks it out. diff --git a/charts/atlantis/templates/statefulset.yaml b/charts/atlantis/templates/statefulset.yaml index f85c584f..0357596a 100644 --- a/charts/atlantis/templates/statefulset.yaml +++ b/charts/atlantis/templates/statefulset.yaml @@ -578,7 +578,7 @@ spec: - metadata: name: atlantis-data spec: - accessModes: ["ReadWriteMany"] # Volume should not be shared by multiple nodes. + accessModes: ["ReadWriteOnce"] # Volume should not be shared by multiple nodes. {{- if .Values.storageClassName }} storageClassName: {{ .Values.storageClassName }} # Storage class of the volume {{- end }} diff --git a/charts/atlantis/values.yaml b/charts/atlantis/values.yaml index 090b704b..5ce1bc68 100644 --- a/charts/atlantis/values.yaml +++ b/charts/atlantis/values.yaml @@ -356,6 +356,7 @@ volumeClaim: dataStorage: 5Gi ## Storage class name (if possible, use a resizable one) # storageClassName: value + accessModes: ["ReadWriteOnce"] ## To keep backwards compatibility ## DEPRECATED - Disk space for Atlantis to check out repositories From 85d13f256da0b6063f8ca5b4e4a195303440dcd0 Mon Sep 17 00:00:00 2001 From: BrunoTarijon Date: Sat, 20 Jan 2024 15:09:38 -0300 Subject: [PATCH 06/10] Add volumeClaim.accessModes in jsonSchema --- charts/atlantis/values.schema.json | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/charts/atlantis/values.schema.json b/charts/atlantis/values.schema.json index 7b7f2b5d..16bd308e 100644 --- a/charts/atlantis/values.schema.json +++ b/charts/atlantis/values.schema.json @@ -738,6 +738,14 @@ "type":"string", "description":"Amount of storage available for embedded Atlantis' data directory" }, + "accessModes":{ + "type":"array", + "description":"Array of requested access modes for the volume." + "items":{ + "type":"string", + "description":"The access mode to be requested." + } + }, "storageClassName":{ "type":"string", "description":"Storage class of the embedded volume mounted for the Atlantis data directory." From c314993f0188bc2a0434b1703e38c80820c28c6c Mon Sep 17 00:00:00 2001 From: BrunoTarijon Date: Sat, 20 Jan 2024 15:12:55 -0300 Subject: [PATCH 07/10] Fix jsonSchema missing comma --- charts/atlantis/values.schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/atlantis/values.schema.json b/charts/atlantis/values.schema.json index 16bd308e..ef008357 100644 --- a/charts/atlantis/values.schema.json +++ b/charts/atlantis/values.schema.json @@ -740,7 +740,7 @@ }, "accessModes":{ "type":"array", - "description":"Array of requested access modes for the volume." + "description":"Array of requested access modes for the volume.", "items":{ "type":"string", "description":"The access mode to be requested." From 9355803cb3568285fc3dcbce2135c21b616df1bf Mon Sep 17 00:00:00 2001 From: BrunoTarijon Date: Tue, 5 Mar 2024 10:49:24 -0300 Subject: [PATCH 08/10] add unit tests --- charts/atlantis/templates/pvc.yaml | 4 +- charts/atlantis/tests/pvc_test.yaml | 46 +++++++++++++++++++++ charts/atlantis/tests/statefulset_test.yaml | 11 +---- 3 files changed, 50 insertions(+), 11 deletions(-) create mode 100644 charts/atlantis/tests/pvc_test.yaml diff --git a/charts/atlantis/templates/pvc.yaml b/charts/atlantis/templates/pvc.yaml index d541e319..a6858ffc 100644 --- a/charts/atlantis/templates/pvc.yaml +++ b/charts/atlantis/templates/pvc.yaml @@ -3,7 +3,9 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: atlantis-data + name: {{ template "atlantis.fullname" . }}-data +labels: + {{- include "atlantis.labels" . | nindent 2 }} spec: accessModes: {{ .Values.volumeClaim.accessModes| toYaml | nindent 2 }} resources: diff --git a/charts/atlantis/tests/pvc_test.yaml b/charts/atlantis/tests/pvc_test.yaml new file mode 100644 index 00000000..ff9684aa --- /dev/null +++ b/charts/atlantis/tests/pvc_test.yaml @@ -0,0 +1,46 @@ +suite: test pvc +templates: + - pvc.yaml +chart: + appVersion: test-appVersion +release: + name: my-release +tests: + - it: pvc + template: pvc.yaml + asserts: + - isKind: + of: PersistentVolumeClaim + - equal: + path: apiVersion + value: v1 + - equal: + path: metadata.name + value: my-release-atlantis-data + - equal: + path: spec.accessModes + value: + - ReadWriteOnce + - equal: + path: spec.resources.requests.storage + value: 5Gi + - it: accessModes + template: pvc.yaml + set: + volumeClaim: + accessModes: + - ReadWriteMany + asserts: + - equal: + path: spec.accessModes + value: + - ReadWriteMany + - it: storage requests + template: pvc.yaml + set: + volumeClaim: + dataStorage: 10Gi + asserts: + - equal: + path: spec.resources.requests.storage + value: 10Gi diff --git a/charts/atlantis/tests/statefulset_test.yaml b/charts/atlantis/tests/statefulset_test.yaml index 34d5e5ba..3d19be2a 100644 --- a/charts/atlantis/tests/statefulset_test.yaml +++ b/charts/atlantis/tests/statefulset_test.yaml @@ -160,17 +160,8 @@ tests: path: spec.template.spec.topologySpreadConstraints - notExists: path: spec.template.spec.updateStrategy - - equal: + - notExists: path: spec.volumeClaimTemplates - value: - - metadata: - name: atlantis-data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi - it: replicaCount template: statefulset.yaml set: From dfbd3bf61a09faecdd3ffa40db73b681056aa867 Mon Sep 17 00:00:00 2001 From: Bruno Aumiller Tarijon <42080746+BrunoTarijon@users.noreply.github.com> Date: Tue, 5 Mar 2024 11:21:11 -0300 Subject: [PATCH 09/10] concatenate conditions Co-authored-by: Gabriel Martinez <19713226+GMartinez-Sisti@users.noreply.github.com> --- charts/atlantis/templates/pvc.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/charts/atlantis/templates/pvc.yaml b/charts/atlantis/templates/pvc.yaml index a6858ffc..e6f90219 100644 --- a/charts/atlantis/templates/pvc.yaml +++ b/charts/atlantis/templates/pvc.yaml @@ -1,5 +1,4 @@ -{{- $usingVolumeClaimInterface := not .Values.dataStorage }} -{{- if and .Values.volumeClaim.enabled $usingVolumeClaimInterface }} +{{- if and .Values.volumeClaim.enabled ( not .Values.dataStorage ) }} apiVersion: v1 kind: PersistentVolumeClaim metadata: From fad4e553960feaf0445f888343e4dc564c5325df Mon Sep 17 00:00:00 2001 From: BrunoTarijon Date: Tue, 5 Mar 2024 12:33:29 -0300 Subject: [PATCH 10/10] add volume in sts if pvc is created --- charts/atlantis/templates/statefulset.yaml | 5 + charts/atlantis/tests/statefulset_test.yaml | 124 +++++++++++--------- 2 files changed, 72 insertions(+), 57 deletions(-) diff --git a/charts/atlantis/templates/statefulset.yaml b/charts/atlantis/templates/statefulset.yaml index 2fcab0d8..d8daa154 100644 --- a/charts/atlantis/templates/statefulset.yaml +++ b/charts/atlantis/templates/statefulset.yaml @@ -56,6 +56,11 @@ spec: priorityClassName: {{ .Values.statefulSet.priorityClassName }} {{- end }} volumes: + {{- if and .Values.volumeClaim.enabled ( not .Values.dataStorage ) }} + - name : atlantis-data + persistentVolumeClaim: + claimName: {{ template "atlantis.fullname" . }}-data + {{- end }} {{- if .Values.tlsSecretName }} - name: tls secret: diff --git a/charts/atlantis/tests/statefulset_test.yaml b/charts/atlantis/tests/statefulset_test.yaml index 3d19be2a..edcb1628 100644 --- a/charts/atlantis/tests/statefulset_test.yaml +++ b/charts/atlantis/tests/statefulset_test.yaml @@ -80,8 +80,12 @@ tests: runAsUser: 100 - notExists: path: spec.template.spec.priorityClassName - - isNullOrEmpty: + - equal: path: spec.template.spec.volumes + value: + - name: atlantis-data + persistentVolumeClaim: + claimName: my-release-atlantis-data - notExists: path: spec.template.spec.imagePullSecrets - notExists: @@ -230,11 +234,11 @@ tests: tlsSecretName: test-tls asserts: - equal: - path: spec.template.spec.volumes + path: spec.template.spec.volumes[1] value: - - name: tls - secret: - secretName: test-tls + name: tls + secret: + secretName: test-tls - equal: path: spec.template.spec.containers[0].volumeMounts[?(@.name == "tls")] value: @@ -258,14 +262,17 @@ tests: credentials-staging: Q2FybWVsYSBTb3ByYW5v asserts: - equal: - path: spec.template.spec.volumes + path: spec.template.spec.volumes[1] + value: + name: credentials-volume + secret: + secretName: credentials + - equal: + path: spec.template.spec.volumes[2] value: - - name: credentials-volume - secret: - secretName: credentials - - name: credentials-staging-volume - secret: - secretName: credentials-staging + name: credentials-staging-volume + secret: + secretName: credentials-staging - equal: path: spec.template.spec.containers[0].volumeMounts[?(@.name == "credentials-volume")] @@ -290,14 +297,17 @@ tests: secretName: gcp-staging-secret asserts: - equal: - path: spec.template.spec.volumes + path: spec.template.spec.volumes[1] + value: + name: gcp-ci + secret: + secretName: gcp-ci-secret + - equal: + path: spec.template.spec.volumes[2] value: - - name: gcp-ci - secret: - secretName: gcp-ci-secret - - name: gcp-staging - secret: - secretName: gcp-staging-secret + name: gcp-staging + secret: + secretName: gcp-staging-secret - equal: path: spec.template.spec.containers[0].volumeMounts[?(@.name == "gcp-ci")] value: @@ -318,11 +328,11 @@ tests: insteadOf = https://github.com asserts: - equal: - path: spec.template.spec.volumes + path: spec.template.spec.volumes[1] value: - - name: gitconfig-volume - secret: - secretName: my-release-atlantis-gitconfig + name: gitconfig-volume + secret: + secretName: my-release-atlantis-gitconfig - equal: path: spec.template.spec.containers[0].volumeMounts[?(@.name == "gitconfig-volume")] @@ -337,11 +347,11 @@ tests: gitconfigSecretName: atlantis-gitconfig asserts: - equal: - path: spec.template.spec.volumes + path: spec.template.spec.volumes[1] value: - - name: gitconfig-volume - secret: - secretName: atlantis-gitconfig + name: gitconfig-volume + secret: + secretName: atlantis-gitconfig - equal: path: spec.template.spec.containers[0].volumeMounts[?(@.name == "gitconfig-volume")] @@ -358,11 +368,11 @@ tests: machine bitbucket.myapp.com login YOUR_USERNAME password YOUR_PASSWORD asserts: - equal: - path: spec.template.spec.volumes + path: spec.template.spec.volumes[1] value: - - name: netrc-volume - secret: - secretName: my-release-atlantis-netrc + name: netrc-volume + secret: + secretName: my-release-atlantis-netrc - equal: path: spec.template.spec.containers[0].volumeMounts[?(@.name == "netrc-volume")] value: @@ -376,11 +386,11 @@ tests: netrcSecretName: atlantis-netrc asserts: - equal: - path: spec.template.spec.volumes + path: spec.template.spec.volumes[1] value: - - name: netrc-volume - secret: - secretName: atlantis-netrc + name: netrc-volume + secret: + secretName: atlantis-netrc - equal: path: spec.template.spec.containers[0].volumeMounts[?(@.name == "netrc-volume")] value: @@ -403,11 +413,11 @@ tests: source_profile = default asserts: - equal: - path: spec.template.spec.volumes + path: spec.template.spec.volumes[1] value: - - name: aws-volume - secret: - secretName: my-release-atlantis-aws + name: aws-volume + secret: + secretName: my-release-atlantis-aws - equal: path: spec.template.spec.containers[0].volumeMounts[?(@.name == "aws-volume")] value: @@ -436,11 +446,11 @@ tests: awsSecretName: atlantis-aws asserts: - equal: - path: spec.template.spec.volumes + path: spec.template.spec.volumes[1] value: - - name: aws-volume - secret: - secretName: atlantis-aws + name: aws-volume + secret: + secretName: atlantis-aws - equal: path: spec.template.spec.containers[0].volumeMounts[?(@.name == "aws-volume")] value: @@ -460,14 +470,14 @@ tests: secret: baz asserts: - equal: - path: spec.template.spec.volumes + path: spec.template.spec.volumes[1] value: - - name: github-app-key-volume - secret: - items: - - key: key.pem - path: key.pem - secretName: my-release-atlantis-webhook + name: github-app-key-volume + secret: + items: + - key: key.pem + path: key.pem + secretName: my-release-atlantis-webhook - equal: path: spec.template.spec.containers[0].volumeMounts[?(@.name == "github-app-key-volume")] @@ -507,14 +517,14 @@ tests: slug: foo asserts: - equal: - path: spec.template.spec.volumes + path: spec.template.spec.volumes[1] value: - - name: github-app-key-volume - secret: - items: - - key: key.pem - path: key.pem - secretName: atlantis-vcs + name: github-app-key-volume + secret: + items: + - key: key.pem + path: key.pem + secretName: atlantis-vcs - equal: path: spec.template.spec.containers[0].volumeMounts[?(@.name == "github-app-key-volume")]