helm · k8s-ci-robot · May 28, 2019 · May 28, 2019 · May 28, 2019 · May 28, 2019
diff --git a/stable/atlantis/Chart.yaml b/stable/atlantis/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "v0.7.1"
 description: A Helm chart for Atlantis https://www.runatlantis.io
 name: atlantis
-version: 3.4.1
+version: 3.5.1
 keywords:
 - terraform
 home: https://www.runatlantis.io

diff --git a/stable/atlantis/README.md b/stable/atlantis/README.md
@@ -28,6 +28,7 @@ The following options are supported.  See [values.yaml](values.yaml) for more de
 | `dataStorage`                               | Amount of storage available for Atlantis' data directory (mostly used to check out git repositories).                                                                                                                                                                                                     | `5Gi`   |
 | `aws.config`                                | Contents of a file to be mounted to `~/.aws/config`.                                                                                                                                                                                                                                                      | n/a     |
 | `aws.credentials`                           | Contents of a file to be mounted to `~/.aws/credentials`.                                                                                                                                                                                                                                                 | n/a     |
+| `awsSecretName`                           | Secret name containing AWS credentials - will override aws.credentials and aws.config. Will be used a volume mount on `$HOME/.aws`, so it needs a `credentials` key. The key `config` is optional. See the file `templates/secret-aws.yml` for more info on the Secret contents.                                                                                                                                     | n/a     |
 | `bitbucket.user`                            | Name of the Atlantis Bitbucket user.                                                                                                                                                                                                                                                                      | n/a     |
 | `bitbucket.token`                           | Personal access token for the Atlantis Bitbucket user.                                                                                                                                                                                                                                                    | n/a     |
 | `bitbucket.secret`                          | Webhook secret for Bitbucket repositories (Bitbucket Server only).                                                                                                                                                                                                                                        | n/a     |

diff --git a/stable/atlantis/templates/_helpers.tpl b/stable/atlantis/templates/_helpers.tpl
@@ -70,3 +70,14 @@ Generates secret-webhook name
     {{ template "atlantis.fullname" . }}-webhook
 {{- end -}}
 {{- end -}}
+
+{{/*
+Generates AWS Secret name
+*/}}
+{{- define "atlantis.awsSecretName" -}}
+{{- if .Values.awsSecretName -}}
+    {{ .Values.awsSecretName }}
+{{- else -}}
+    {{ template "atlantis.fullname" . }}-aws
+{{- end -}}
+{{- end -}}
diff --git a/stable/atlantis/templates/statefulset.yaml b/stable/atlantis/templates/statefulset.yaml
@@ -46,10 +46,10 @@ spec:
         secret:
           secretName: {{ template "atlantis.fullname" . }}-gitconfig
       {{- end }}
-      {{- if .Values.aws }}
+      {{- if or .Values.aws .Values.awsSecretName}}
       - name: aws-volume
         secret:
-          secretName: {{ template "atlantis.fullname" . }}-aws
+          secretName: {{ template "atlantis.awsSecretName" . }}
       {{- end }}
       {{- if .Values.repoConfig }}
       - name: repo-config
@@ -214,7 +214,7 @@ spec:
             readOnly: true
             mountPath: /etc/secret-gitconfig
           {{- end }}
-          {{- if .Values.aws}}
+          {{- if or .Values.aws .Values.awsSecretName}}
           - name: aws-volume
             readOnly: true
             mountPath: /home/atlantis/.aws

diff --git a/stable/atlantis/values.yaml b/stable/atlantis/values.yaml
@@ -64,6 +64,8 @@ orgWhitelist: <replace-me>
 #     [profile a_role_to_assume]
 #     role_arn = arn:aws:iam::123456789:role/service-role/roleToAssume
 #     source_profile = default
+# To reference an already exsistent Secret object with AWS credentials
+# awsSecretName: 'mysecretwithawscreds'
 
 ## To be used for mounting credential files (when using google provider).
 serviceAccountSecrets: