forked from runatlantis/helm-charts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
values.yaml
385 lines (329 loc) · 10.7 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
## -------------------------- ##
# Values to override for your instance.
## -------------------------- ##
## An option to override the atlantis url,
## if not using an ingress, set it to the external IP.
# atlantisUrl: http://10.0.0.0
# Replace this with your own repo allowlist:
orgAllowlist: <replace-me>
# logLevel: "debug"
# If using GitHub, specify like the following:
# github:
# user: foo
# token: bar
# secret: baz
# GitHub Enterprise only:
# hostname: github.your.org
# (The chart will perform the base64 encoding for you for values that are stored in secrets.)
# If using a GitHub App, please enter your values as follows:
# githubApp:
# id: 123456
# key: |
# -----BEGIN PRIVATE KEY-----
# ...
# -----END PRIVATE KEY-----
# secret: baz
# (The chart will perform the base64 encoding for you for values that are stored in secrets.)
# If using GitLab, specify like the following:
# gitlab:
# user: foo
# token: bar
# secret: baz
# GitLab Enterprise only:
# hostname: gitlab.your.org
# (The chart will perform the base64 encoding for you for values that are stored in secrets.)
# If using Bitbucket, specify like the following:
# bitbucket:
# user: foo
# token: bar
# Bitbucket Server only:
# secret: baz
# baseURL: https://bitbucket.yourorganization.com
# (The chart will perform the base64 encoding for you for values that are stored in secrets.)
# If using Azure DevOps, specify like the following:
# azuredevops:
# user: foo
# token: bar
# webhookUser: foo
# webhookPassword: baz
# (The chart will perform the base64 encoding for you for values that are stored in secrets.)
# If managing secrets outside the chart for the webhook, use this variable to reference the secret name
# vcsSecretName: 'mysecret'
# When referencing Terraform modules in private repositories, it may be helpful
# (necessary?) to use redirection in a .gitconfig like so:
# gitconfig: |
# [url "https://YOUR_GH_TOKEN@github.com"]
# insteadOf = https://github.com
# [url "https://YOUR_GH_TOKEN@github.com"]
# insteadOf = ssh://git@github.com
# [url "https://oauth2:YOUR_GITLAB_TOKEN@gitlab.com"]
# insteadOf = https://gitlab.com
# [url "https://oauth2:YOUR_GITLAB_TOKEN@gitlab.com"]
# insteadOf = ssh://git@gitlab.com
# Source: https://stackoverflow.com/questions/42148841/github-clone-with-oauth-access-token
# If managing secrets outside the chart for the gitconfig, use this variable to reference the secret name
# gitconfigSecretName: 'mygitconfigsecret'
# To specify AWS credentials to be mapped to ~/.aws:
# aws:
# credentials: |
# [default]
# aws_access_key_id=YOUR_ACCESS_KEY_ID
# aws_secret_access_key=YOUR_SECRET_ACCESS_KEY
# region=us-east-1
# config: |
# [profile a_role_to_assume]
# role_arn = arn:aws:iam::123456789:role/service-role/roleToAssume
# source_profile = default
# To reference an already existing Secret object with AWS credentials
# awsSecretName: 'mysecretwithawscreds'
## To be used for mounting credential files (when using google provider).
serviceAccountSecrets:
# credentials: <json file as base64 encoded string>
# credentials-staging: <json file as base64 encoded string>
## -------------------------- ##
# Default values for atlantis (override as needed).
## -------------------------- ##
image:
repository: ghcr.io/runatlantis/atlantis
tag: v0.19.6
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# imagePullSecrets:
# - myRegistryKeySecretName
## Use Server Side Repo Config,
## ref: https://www.runatlantis.io/docs/server-side-repo-config.html
## Example default configuration
# repoConfig: |
# ---
# repos:
# - id: /.*/
# apply_requirements: []
# workflow: default
# allowed_overrides: []
# allow_custom_workflows: false
# workflows:
# default:
# plan:
# steps: [init, plan]
# apply:
# steps: [apply]
# allowForkPRs enables atlantis to run on a fork Pull Requests
allowForkPRs: false
# allowDraftPRs enables atlantis to run on a draft Pull Requests
allowDraftPRs: false
# hidePrevPlanComments enables atlantis to hide previous plan comments
hidePrevPlanComments: false
## defaultTFVersion set the default terraform version to be used in atlantis server
# defaultTFVersion: 0.12.0
# disableApply disables running `atlantis apply` regardless of which flags are sent with it
disableApply: false
# disableApplyAll disables running `atlantis apply` without any flags
disableApplyAll: false
# disableRepoLocking stops atlantis locking projects and or workspaces when running terraform
disableRepoLocking: false
# Use Diff Markdown Format for color coding diffs
enableDiffMarkdownFormat: false
# Optionally specify an username and a password for basic authentication
# basicAuth:
# username: "atlantis"
# password: "atlantis"
# Common Labels for all resources created by this chart.
commonLabels: {}
# We only need to check every 60s since Atlantis is not a high-throughput service.
livenessProbe:
enabled: true
periodSeconds: 60
initialDelaySeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
scheme: HTTP
readinessProbe:
enabled: true
periodSeconds: 60
initialDelaySeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
scheme: HTTP
service:
type: NodePort
port: 80
targetPort: 4141
loadBalancerIP: null
podTemplate:
annotations: {}
# kube2iam example:
# iam.amazonaws.com/role: role-arn
labels: {}
# It is not recommended to run atlantis as root
statefulSet:
annotations: {}
labels: {}
securityContext:
fsGroup: 1000
runAsUser: 100
fsGroupChangePolicy: "OnRootMismatch"
priorityClassName: ""
## Optionally customize the terminationGracePeriodSeconds
# terminationGracePeriodSeconds: 60
ingress:
enabled: true
ingressClassName:
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
path: /
## this is in case we want several paths under the same host, with different backend services
# paths:
# - path: "/path1"
# service: test1
# port:
# - path: "/path2"
# service: test2
# port:
pathType: Prefix
host:
## in case we need several hosts:
hosts:
- host: chart-example.local
paths: ["/"]
# service: chart-example1
- host: chart-example.local2
# service: chart-example1
paths: ["/lala"]
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
labels: {}
resources:
requests:
memory: 1Gi
cpu: 100m
limits:
memory: 1Gi
cpu: 100m
# Disk space for Atlantis to check out repositories
dataStorage: 5Gi
replicaCount: 1
## test container details
test:
enabled: true
image: lachlanevenson/k8s-kubectl
imageTag: v1.4.8-bash
nodeSelector: {}
tolerations: []
affinity: {}
serviceAccount:
# Specifies whether a ServiceAccount should be created
create: true
# Set the `automountServiceAccountToken` field on the pod template spec
# If false, no kubernetes service account token will be mounted to the pod
mount: true
# The name of the ServiceAccount to use.
# If not set and create is true, a name is generated using the fullname template
name:
# Annotations for the Service Account
# Example:
#
# annotations:
# annotation1: value
# annotation2: value
annotations: {}
# tlsSecretName: tls
# Optionally specify additional environment variables to be populated from Kubernetes secrets.
# Useful for passing in TF_VAR_foo or other secret environment variables from Kubernetes secrets.
environmentSecrets: []
# environmentSecrets:
# - name: THE_ENV_VAR
# secretKeyRef:
# name: the_k8s_secret_name
# key: the_key_of_the_value_in_the_secret
# Optionally specify additional environment variables in raw yaml format
# Useful to specify variables refering to k8s objects
# environmentRaw:
# - name: POD_IP
# valueFrom:
# fieldRef:
# fieldPath: status.podIP
environmentRaw: []
# Optionally specify additional Kubernetes secrets to load environment variables from.
# All key-value pairs within these secrets will be set as environment variables.
# Note that any variables set here will be ignored if also defined in the env block of the atlantis statefulset.
# For example, providing ATLANTIS_GH_USER here and defining a value for github.user will result in the github.user value being used.
loadEnvFromSecrets: []
# loadEnvFromSecrets:
# - secret_one
# - secret_two
# Optionally specify additional Kubernetes ConfigMaps to load environment variables from.
# All key-value pairs within these ConfigMaps will be set as environment variables.
# Note that any variables set here will be ignored if also defined in the env block of the atlantis statefulset.
# For example, providing ATLANTIS_ALLOW_FORK_PRS here and defining a value for allowForkPRs will result in the allowForkPRs value being used.
loadEnvFromConfigMaps: []
# loadEnvFromConfigMaps:
# - config_one
# - config_two
# Optionally specify google service account credentials as Kubernetes secrets. If you are using the terraform google provider you can specify the credentials as "${file("/var/secrets/some-secret-name/key.json")}".
googleServiceAccountSecrets: []
# googleServiceAccountSecrets:
# - name: some-secret-name
# secretName: the_k8s_secret_name
# Optionally specify additional volumes for the pod.
extraVolumes: []
# extraVolumes:
# - name: some-volume-name
# emptyDir: {}
# Optionally specify additional volume mounts for the container.
extraVolumeMounts: []
# extraVolumeMounts:
# - name: some-volume-name
# mountPath: /path/in/container
extraManifests: []
# extraManifests:
# - apiVersion: cloud.google.com/v1beta1
# kind: BackendConfig
# metadata:
# name: "{{ .Release.Name }}-test"
# spec:
# securityPolicy:
# name: "gcp-cloud-armor-policy-test"
initContainers: []
# initContainers:
# - name: example
# image: alpine:latest
# command: ['sh', '-c', 'echo The init container is running! && sleep 10']
# hostAliases:
# - hostnames:
# - aaa.com
# - test.ccc.com
# ip: 10.0.0.0
# - hostnames:
# - bbb.com
# ip: 10.0.0.2
extraArgs: []
# extraArgs:
# - --disable-autoplan
# - --disable-repo-locking
extraContainers: []
# extraContainers:
# - name: <container name>
# args:
# - ...
# image: <docker images>
# imagePullPolicy: IfNotPresent
# resources:
# limits:
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# volumeMounts:
# - ...
containerSecurityContext: {}
# containerSecurityContext:
# allowPrivilegeEscalation: false
# readOnlyRootFilesystem: true