From e2294ac1b9f58c84a01078e3a3f300030e7491a2 Mon Sep 17 00:00:00 2001 From: Wilfrido Vidana Date: Tue, 28 May 2019 10:32:11 -0500 Subject: [PATCH 1/4] Adding secret name reference for AWS credentials Signed-off-by: Wilfrido Vidana --- stable/atlantis/README.md | 1 + stable/atlantis/templates/_helpers.tpl | 11 +++++++++++ stable/atlantis/templates/statefulset.yaml | 6 +++--- stable/atlantis/values.yaml | 2 ++ 4 files changed, 17 insertions(+), 3 deletions(-) diff --git a/stable/atlantis/README.md b/stable/atlantis/README.md index ac2f0af7d62a..158b550db6d8 100644 --- a/stable/atlantis/README.md +++ b/stable/atlantis/README.md @@ -28,6 +28,7 @@ The following options are supported. See [values.yaml](values.yaml) for more de | `dataStorage` | Amount of storage available for Atlantis' data directory (mostly used to check out git repositories). | `5Gi` | | `aws.config` | Contents of a file to be mounted to `~/.aws/config`. | n/a | | `aws.credentials` | Contents of a file to be mounted to `~/.aws/credentials`. | n/a | +| `awsSecretName` | Secret name containing AWS credentials - will override aws.credentials and aws.config | n/a | | `bitbucket.user` | Name of the Atlantis Bitbucket user. | n/a | | `bitbucket.token` | Personal access token for the Atlantis Bitbucket user. | n/a | | `bitbucket.secret` | Webhook secret for Bitbucket repositories (Bitbucket Server only). | n/a | diff --git a/stable/atlantis/templates/_helpers.tpl b/stable/atlantis/templates/_helpers.tpl index 78cc254ec21b..a55b7dce62a5 100644 --- a/stable/atlantis/templates/_helpers.tpl +++ b/stable/atlantis/templates/_helpers.tpl @@ -70,3 +70,14 @@ Generates secret-webhook name {{ template "atlantis.fullname" . }}-webhook {{- end -}} {{- end -}} + +{{/* +Generates AWS Secret name +*/}} +{{- define "atlantis.awsSecretName" -}} +{{- if .Values.awsSecretName -}} + {{ .Values.awsSecretName }} +{{- else -}} + {{ template "atlantis.fullname" . }}-aws +{{- end -}} +{{- end -}} diff --git a/stable/atlantis/templates/statefulset.yaml b/stable/atlantis/templates/statefulset.yaml index b35f2f48f68a..76a7907830b2 100644 --- a/stable/atlantis/templates/statefulset.yaml +++ b/stable/atlantis/templates/statefulset.yaml @@ -46,10 +46,10 @@ spec: secret: secretName: {{ template "atlantis.fullname" . }}-gitconfig {{- end }} - {{- if .Values.aws }} + {{- if or .Values.aws .Values.awsSecretName}} - name: aws-volume secret: - secretName: {{ template "atlantis.fullname" . }}-aws + secretName: {{ template "atlantis.awsSecretName" . }} {{- end }} {{- if .Values.repoConfig }} - name: repo-config @@ -214,7 +214,7 @@ spec: readOnly: true mountPath: /etc/secret-gitconfig {{- end }} - {{- if .Values.aws}} + {{- if or .Values.aws .Values.awsSecretName}} - name: aws-volume readOnly: true mountPath: /home/atlantis/.aws diff --git a/stable/atlantis/values.yaml b/stable/atlantis/values.yaml index a55194f092b4..9e355057662a 100644 --- a/stable/atlantis/values.yaml +++ b/stable/atlantis/values.yaml @@ -64,6 +64,8 @@ orgWhitelist: # [profile a_role_to_assume] # role_arn = arn:aws:iam::123456789:role/service-role/roleToAssume # source_profile = default +# To reference an already exsistent Secret object with AWS credentials +# awsSecretName: 'mysecretwithawscreds' ## To be used for mounting credential files (when using google provider). serviceAccountSecrets: From 7a8f7743ae9aaff9166aa237f8564b7e784ba807 Mon Sep 17 00:00:00 2001 From: Wilfrido Vidana Date: Tue, 28 May 2019 10:57:20 -0500 Subject: [PATCH 2/4] Version bump - new feature Signed-off-by: Wilfrido Vidana --- stable/atlantis/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stable/atlantis/Chart.yaml b/stable/atlantis/Chart.yaml index 9ed195982b1a..66abb8b5d062 100644 --- a/stable/atlantis/Chart.yaml +++ b/stable/atlantis/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "v0.7.1" description: A Helm chart for Atlantis https://www.runatlantis.io name: atlantis -version: 3.4.1 +version: 3.5.1 keywords: - terraform home: https://www.runatlantis.io From fafe9339489994b974fab7b742d9fb89dabfdd79 Mon Sep 17 00:00:00 2001 From: Wilfrido Vidana Date: Tue, 28 May 2019 11:20:13 -0500 Subject: [PATCH 3/4] Describe contents of AWS Secret for awsSecretName Signed-off-by: Wilfrido Vidana --- stable/atlantis/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stable/atlantis/README.md b/stable/atlantis/README.md index 158b550db6d8..05ab2db2b6cd 100644 --- a/stable/atlantis/README.md +++ b/stable/atlantis/README.md @@ -28,7 +28,7 @@ The following options are supported. See [values.yaml](values.yaml) for more de | `dataStorage` | Amount of storage available for Atlantis' data directory (mostly used to check out git repositories). | `5Gi` | | `aws.config` | Contents of a file to be mounted to `~/.aws/config`. | n/a | | `aws.credentials` | Contents of a file to be mounted to `~/.aws/credentials`. | n/a | -| `awsSecretName` | Secret name containing AWS credentials - will override aws.credentials and aws.config | n/a | +| `awsSecretName` | Secret name containing AWS credentials - will override aws.credentials and aws.config. Will be used a volume mount on `$HOME/.aws`, so it needs a `credentials` key. The key `config` is optional. See the file `templates/secret-aws.yml` for more info on the Secret contents. | n/a | | `bitbucket.user` | Name of the Atlantis Bitbucket user. | n/a | | `bitbucket.token` | Personal access token for the Atlantis Bitbucket user. | n/a | | `bitbucket.secret` | Webhook secret for Bitbucket repositories (Bitbucket Server only). | n/a | From 80adf750a8964f9e95422155553f9230932ecb20 Mon Sep 17 00:00:00 2001 From: Wilfrido Vidana <4426659+wvidana@users.noreply.github.com> Date: Tue, 28 May 2019 14:53:48 -0500 Subject: [PATCH 4/4] Update stable/atlantis/values.yaml Co-Authored-By: Luke Kysow <1034429+lkysow@users.noreply.github.com> Signed-off-by: Wilfrido Vidana --- stable/atlantis/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stable/atlantis/values.yaml b/stable/atlantis/values.yaml index 9e355057662a..36c35068adb8 100644 --- a/stable/atlantis/values.yaml +++ b/stable/atlantis/values.yaml @@ -64,7 +64,7 @@ orgWhitelist: # [profile a_role_to_assume] # role_arn = arn:aws:iam::123456789:role/service-role/roleToAssume # source_profile = default -# To reference an already exsistent Secret object with AWS credentials +# To reference an already existing Secret object with AWS credentials # awsSecretName: 'mysecretwithawscreds' ## To be used for mounting credential files (when using google provider).