#atlantis (2023-03)

atlantis

Discuss the Atlantis (<http://runatlantis.iorunatlantis.io>)

**Archive: ** https://archive.sweetops.com/atlantis/

2023-03-01

Release notes from atlantis avatar
Release notes from atlantis
07:18:46 PM

v0.23.0 What’s Changed fix: PR status summary should remove Note: Objects have changed outside of Terraform by @krrrr38 in <a aria-label=”Pull request #3010” class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1548398257” data-permission-text=”Title is…

Release v0.23.0 · runatlantis/atlantisattachment image

What’s Changed

fix: PR status summary should remove Note: Objects have changed outside of Terraform by @krrrr38 in #3010 feat: state rm by @krrrr38 in #2880 fix: runatlantis.io search by @nitrocod…

krrrr38 - Overview

krrrr38 has 90 repositories available. Follow their code on GitHub.

Michael Liu avatar
Michael Liu

In the helm chart values.yaml, how you set multiple repos in the orgAllowlist?

```

————————–

Values to override for your instance.

————————–

An option to override the atlantis url,

if not using an ingress, set it to the external IP.

atlantisUrl: http://10.0.0.0

Replace this with your own repo allowlist:

orgAllowlist:

logLevel: “debug”

If using GitHub, specify like the following:

github: {}

github:

user: foo

token: bar

secret: baz

GitHub Enterprise only:

hostname: github.your.org

(The chart will perform the base64 encoding for you for values that are stored in secrets.)

If using a GitHub App, please enter your values as follows:

githubApp:

id: 123456

slug: foo

key: |

—–BEGIN PRIVATE KEY—–

—–END PRIVATE KEY—–

secret: baz

(The chart will perform the base64 encoding for you for values that are stored in secrets.)

If using GitLab, specify like the following:

gitlab:

user: foo

token: bar

secret: baz

GitLab Enterprise only:

hostname: gitlab.your.org

(The chart will perform the base64 encoding for you for values that are stored in secrets.)

If using Bitbucket, specify like the following:

bitbucket:

user: foo

token: bar

Bitbucket Server only:

secret: baz

baseURL: https://bitbucket.yourorganization.com

(The chart will perform the base64 encoding for you for values that are stored in secrets.)

If using Azure DevOps, specify like the following:

azuredevops:

user: foo

token: bar

webhookUser: foo

webhookPassword: baz

(The chart will perform the base64 encoding for you for values that are stored in secrets.)

If managing secrets outside the chart for the webhook, use this variable to reference the secret name

vcsSecretName: ‘mysecret’

When referencing Terraform modules in private repositories, it may be helpful

(necessary?) to use redirection in a .gitconfig like so:

gitconfig: |

# [url “https://[email protected]”] # insteadOf = https://github.com # [url “https://[email protected]”] # insteadOf = <ssh://[email protected]> # [url “https://oauth2:[email protected]”] # insteadOf = https://gitlab.com # [url “https://oauth2:[email protected]”] # insteadOf = <ssh://[email protected]>

Source: https://stackoverflow.com/questions/42148841/github-clone-with-oauth-access-token

If managing secrets outside the chart for the gitconfig, use this variable to reference the secret name

# gitconfigSecretName: ‘mygitconfigsecret’

When referencing Terraform modules in private repositories or registries (such as Artfactory)

configuing a .netrc file for authentication may be required:

netrc: |

# machine artifactory.myapp.com login YOUR_USERNAME password YOUR_PASSWORD # machine bitbucket.myapp.com login YOUR_USERNAME password YOUR_PASSWORD

If managing secrets outside the chart for the netrc file, use this variable to reference the secret name

netrcSecretName: ‘mynetrcsecret’

To specify AWS credentials to be mapped to ~/.aws or to aws.directory:

aws: {}

credentials: |

[default]

aws_access_key_id=YOUR_ACCESS_KEY_ID

aws_secret_access_key=YOUR_SECRET_ACCESS_KEY

region=us-east-1

config: |

[profile a_role_to_assume]

role_arn = arn:aws:iam::123456789:role/service-role/roleToAssume

source_profile = default

directory: “/home/atlantis/.aws”

To reference an already existing Secret object with AWS credentials

awsSecretName: ‘mysecretwithawscreds’

To be used for mounting credential files (when using google provider).

serviceAccountSecrets: # credentials: # credentials-staging:

————————–

Default values for atlantis (override as needed).

————————–

image: repository: ghcr.io/runatlantis/atlantis # if not set appVersion field from Chart.yaml is used tag: “” pullPolicy: IfNotPresent

Optionally specify an array of imagePullSecrets.

Secrets must be manually created in the namespace.

ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

##

imagePullSecrets:

- myRegistryKeySecretName

Use Server Side Repo Config,

ref: https://www.runatlantis.io/docs/server-side-repo-config.html

Example default configuration

repoConfig: |

repos:

- id: /.*/

apply_requirements: []

workflow: default

allowed_overrides: []

allow_custom_workflows: false

workflows:

default:

plan:

steps: [init, plan]

apply:

steps: [apply]

# metrics:

# prometheus:

# endpoint: /metrics

allowForkPRs enables atlantis to run on a fork Pull Requests

allowForkPRs: false

allowDraftPRs enables atlantis to run on a draft Pull Requests

allowDraftPRs: false

hidePrevPlanComments enables atlantis to hide previous plan comments

hidePrevPlanComments: false

defaultTFVersion set the default terraform version to be used in atlantis server

defaultTFVersion: 0.12.0

disableApply disables running atlantis apply regardless of which flags are sent with it

disableApply: false

disableApplyAll disables running atlantis apply without any flags

disableApplyAll: false

disableRepoLocking stops atlantis locking projects and or workspaces when running terraform

disableRepoLocking: false

Use Diff Markdown Format for color coding diffs

enableDiffMarkdownFormat: false

Optionally specify an username and a password for basic authentication

basicAuth:

username: “atlantis”

password: “atlantis”

If managing secrets outside the chart for the Basic Auth secret, use this variable to reference the secret name

basicAuthSecretName: “basicauthsecret”

Optionally specify an API secret to enable the API

api:

secret: “s3cr3t”

If managing secrets outside the chart for the API secret, use this variable to reference the secret name

apiSecretName: “myapisecret”

Common Labels for all resources created by this chart.

commonLabels: {}

We only need to check every 60s since Atlantis is not a high-throughput service.

livenessProbe: enabled: true periodSeconds: 60 initialDelaySeconds: 5 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 scheme: HTTP readinessProbe: enabled: true periodSeconds: 60 initialDelaySeconds: 5 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 scheme: HTTP

service: type: NodePort port: 80 targetPort: 4141 loadBalancerIP: null

podTemplate: annotations: {} # kube2iam example: # iam.amazonaws.com/role: role-arn labels: {}

It is not recommended to run atlantis as root

statefulSet: annotations: {} labels: {} securityContext: fsGroup: 1000 runAsUser: 100 fsGroupChangePolicy: “OnRootMismatch” priorityClassName: “” updateStrategy: {} # option to share process namespace with atlantis container shareProcessNamespace: false

Optionally customize the terminationGracePeriodSeconds

terminationGracePeriodSeconds: 60

ingress: enabled: true ingressClassName: annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: “true” path: /*

this is in case we want several paths under the same host, with different backend services

paths:

- path: “/path1”

service: test1

port:

- path: “/path2”

service: test2

port:

pathType: ImplementationSpecific host:

in case we need several hosts:

hosts: # - host: chart-example.local # paths: [”/”] # service: chart-example1 # - host: chart-example.local2 # …

Michael Liu avatar
Michael Liu

figured this out. Just comma separate them without quotes.

```

————————–

Values to override for your instance.

————————–

An option to override the atlantis url,

if not using an ingress, set it to the external IP.

atlantisUrl: http://10.0.0.0

Replace this with your own repo allowlist:

orgAllowlist:

logLevel: “debug”

If using GitHub, specify like the following:

github: {}

github:

user: foo

token: bar

secret: baz

GitHub Enterprise only:

hostname: github.your.org

(The chart will perform the base64 encoding for you for values that are stored in secrets.)

If using a GitHub App, please enter your values as follows:

githubApp:

id: 123456

slug: foo

key: |

—–BEGIN PRIVATE KEY—–

—–END PRIVATE KEY—–

secret: baz

(The chart will perform the base64 encoding for you for values that are stored in secrets.)

If using GitLab, specify like the following:

gitlab:

user: foo

token: bar

secret: baz

GitLab Enterprise only:

hostname: gitlab.your.org

(The chart will perform the base64 encoding for you for values that are stored in secrets.)

If using Bitbucket, specify like the following:

bitbucket:

user: foo

token: bar

Bitbucket Server only:

secret: baz

baseURL: https://bitbucket.yourorganization.com

(The chart will perform the base64 encoding for you for values that are stored in secrets.)

If using Azure DevOps, specify like the following:

azuredevops:

user: foo

token: bar

webhookUser: foo

webhookPassword: baz

(The chart will perform the base64 encoding for you for values that are stored in secrets.)

If managing secrets outside the chart for the webhook, use this variable to reference the secret name

vcsSecretName: ‘mysecret’

When referencing Terraform modules in private repositories, it may be helpful

(necessary?) to use redirection in a .gitconfig like so:

gitconfig: |

# [url “https://[email protected]”] # insteadOf = https://github.com # [url “https://[email protected]”] # insteadOf = <ssh://[email protected]> # [url “https://oauth2:[email protected]”] # insteadOf = https://gitlab.com # [url “https://oauth2:[email protected]”] # insteadOf = <ssh://[email protected]>

Source: https://stackoverflow.com/questions/42148841/github-clone-with-oauth-access-token

If managing secrets outside the chart for the gitconfig, use this variable to reference the secret name

# gitconfigSecretName: ‘mygitconfigsecret’

When referencing Terraform modules in private repositories or registries (such as Artfactory)

configuing a .netrc file for authentication may be required:

netrc: |

# machine artifactory.myapp.com login YOUR_USERNAME password YOUR_PASSWORD # machine bitbucket.myapp.com login YOUR_USERNAME password YOUR_PASSWORD

If managing secrets outside the chart for the netrc file, use this variable to reference the secret name

netrcSecretName: ‘mynetrcsecret’

To specify AWS credentials to be mapped to ~/.aws or to aws.directory:

aws: {}

credentials: |

[default]

aws_access_key_id=YOUR_ACCESS_KEY_ID

aws_secret_access_key=YOUR_SECRET_ACCESS_KEY

region=us-east-1

config: |

[profile a_role_to_assume]

role_arn = arn:aws:iam::123456789:role/service-role/roleToAssume

source_profile = default

directory: “/home/atlantis/.aws”

To reference an already existing Secret object with AWS credentials

awsSecretName: ‘mysecretwithawscreds’

To be used for mounting credential files (when using google provider).

serviceAccountSecrets: # credentials: # credentials-staging:

————————–

Default values for atlantis (override as needed).

————————–

image: repository: ghcr.io/runatlantis/atlantis # if not set appVersion field from Chart.yaml is used tag: “” pullPolicy: IfNotPresent

Optionally specify an array of imagePullSecrets.

Secrets must be manually created in the namespace.

ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

##

imagePullSecrets:

- myRegistryKeySecretName

Use Server Side Repo Config,

ref: https://www.runatlantis.io/docs/server-side-repo-config.html

Example default configuration

repoConfig: |

repos:

- id: /.*/

apply_requirements: []

workflow: default

allowed_overrides: []

allow_custom_workflows: false

workflows:

default:

plan:

steps: [init, plan]

apply:

steps: [apply]

# metrics:

# prometheus:

# endpoint: /metrics

allowForkPRs enables atlantis to run on a fork Pull Requests

allowForkPRs: false

allowDraftPRs enables atlantis to run on a draft Pull Requests

allowDraftPRs: false

hidePrevPlanComments enables atlantis to hide previous plan comments

hidePrevPlanComments: false

defaultTFVersion set the default terraform version to be used in atlantis server

defaultTFVersion: 0.12.0

disableApply disables running atlantis apply regardless of which flags are sent with it

disableApply: false

disableApplyAll disables running atlantis apply without any flags

disableApplyAll: false

disableRepoLocking stops atlantis locking projects and or workspaces when running terraform

disableRepoLocking: false

Use Diff Markdown Format for color coding diffs

enableDiffMarkdownFormat: false

Optionally specify an username and a password for basic authentication

basicAuth:

username: “atlantis”

password: “atlantis”

If managing secrets outside the chart for the Basic Auth secret, use this variable to reference the secret name

basicAuthSecretName: “basicauthsecret”

Optionally specify an API secret to enable the API

api:

secret: “s3cr3t”

If managing secrets outside the chart for the API secret, use this variable to reference the secret name

apiSecretName: “myapisecret”

Common Labels for all resources created by this chart.

commonLabels: {}

We only need to check every 60s since Atlantis is not a high-throughput service.

livenessProbe: enabled: true periodSeconds: 60 initialDelaySeconds: 5 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 scheme: HTTP readinessProbe: enabled: true periodSeconds: 60 initialDelaySeconds: 5 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 scheme: HTTP

service: type: NodePort port: 80 targetPort: 4141 loadBalancerIP: null

podTemplate: annotations: {} # kube2iam example: # iam.amazonaws.com/role: role-arn labels: {}

It is not recommended to run atlantis as root

statefulSet: annotations: {} labels: {} securityContext: fsGroup: 1000 runAsUser: 100 fsGroupChangePolicy: “OnRootMismatch” priorityClassName: “” updateStrategy: {} # option to share process namespace with atlantis container shareProcessNamespace: false

Optionally customize the terminationGracePeriodSeconds

terminationGracePeriodSeconds: 60

ingress: enabled: true ingressClassName: annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: “true” path: /*

this is in case we want several paths under the same host, with different backend services

paths:

- path: “/path1”

service: test1

port:

- path: “/path2”

service: test2

port:

pathType: ImplementationSpecific host:

in case we need several hosts:

hosts: # - host: chart-example.local # paths: [”/”] # service: chart-example1 # - host: chart-example.local2 # …

2023-03-02

Release notes from atlantis avatar
Release notes from atlantis
06:28:57 PM

v0.23.1 What’s Changed fix(docker): add prefix v to tags again by @nitrocode in <a aria-label=”Pull request #3177” class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1605914937” data-permission-text=”Title is private”…

Release v0.23.1 · runatlantis/atlantisattachment image

What’s Changed

fix(docker): add prefix v to tags again by @nitrocode in #3177

Full Changelog: v0.23.0…v0.23.1

2023-03-03

Release notes from atlantis avatar
Release notes from atlantis
11:58:34 PM

v0.23.2 What’s Changed fix(clone): omit checkout depth if it is zero for git clone by @nitrocode in <a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1607880282” data-permission-text=”Title is private”…

Release v0.23.2 · runatlantis/atlantisattachment image

What’s Changed

fix(clone): omit checkout depth if it is zero for git clone by @nitrocode in #3185 fix(clone): omit checkout depth if it is zero for git fetch by @nitrocode in #3188

Full Changelog…

Release notes from atlantis avatar
Release notes from atlantis
12:08:33 AM

v0.23.2 What’s Changed fix(clone): omit checkout depth if it is zero for git clone by @nitrocode in <a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1607880282” data-permission-text=”Title is private”…

2023-03-20

Release notes from atlantis avatar
Release notes from atlantis
11:38:37 PM

v0.23.3 What’s Changed fix(deps): update github.com/shurcool/githubv4 digest to efb6239 in go.mod by @renovate in <a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1610510131” data-permission-text=”Title is private”…

Release v0.23.3 · runatlantis/atlantisattachment image

What’s Changed

fix(deps): update github.com/shurcool/githubv4 digest to efb6239 in go.mod by @renovate in #3190 test(command-output): stabilize server jobs test by @finnag in #3194 feat: add terra…

Release notes from atlantis avatar
Release notes from atlantis
11:48:35 PM

v0.23.3 What’s Changed fix(deps): update github.com/shurcool/githubv4 digest to efb6239 in go.mod by @renovate in <a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1610510131” data-permission-text=”Title is private”…

    keyboard_arrow_up