diff --git a/k8s/helm/atlantis/.helmignore b/k8s/helm/atlantis/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/k8s/helm/atlantis/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/k8s/helm/atlantis/Chart.yaml b/k8s/helm/atlantis/Chart.yaml new file mode 100644 index 0000000..dc8613b --- /dev/null +++ b/k8s/helm/atlantis/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: atlantis +description: atlantis simple helm chart +type: application +version: 1.0.3 +appVersion: v0.23.3 diff --git a/k8s/helm/atlantis/templates/NOTES.txt b/k8s/helm/atlantis/templates/NOTES.txt new file mode 100644 index 0000000..779d192 --- /dev/null +++ b/k8s/helm/atlantis/templates/NOTES.txt @@ -0,0 +1,6 @@ +--------------------------------------------------------- + +Atlantis release is done. +Deployed version {{ .Chart.AppVersion }}. + +--------------------------------------------------------- diff --git a/k8s/helm/atlantis/templates/deployment.yaml b/k8s/helm/atlantis/templates/deployment.yaml new file mode 100644 index 0000000..c801903 --- /dev/null +++ b/k8s/helm/atlantis/templates/deployment.yaml @@ -0,0 +1,56 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: {{ .Chart.Name }}-{{ .Values.environment }} + service: atlantis + name: {{ .Chart.Name }}-{{ .Values.environment }} +spec: + replicas: {{ .Values.atlantis.replicasCount }} + selector: + matchLabels: + app: {{ .Chart.Name }}-{{ .Values.environment }} + service: atlantis + template: + metadata: + labels: + app: {{ .Chart.Name }}-{{ .Values.environment }} + service: atlantis + spec: + containers: + - image: {{ .Values.image.name }}:{{ .Chart.AppVersion }} + imagePullPolicy: Always + name: atlantis + ports: + - name: web + containerPort: 4141 + env: + - name: ATLANTIS_GH_USER + value: {{ .Values.atlantis.config.github.user }} + - name: ATLANTIS_GH_TOKEN + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-{{ .Values.environment }} + key: github_token + - name: ATLANTIS_GH_WEBHOOK_SECRET + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-{{ .Values.environment }} + key: github_secret + - name: ATLANTIS_REPO_ALLOWLIST + value: {{ toYaml (.Values.atlantis.config.orgAllowlist) }} + - name: ATLANTIS_ALLOW_COMMANDS + value: {{ .Values.atlantis.config.allowCommands }} + resources: + {{- toYaml .Values.atlantis.resources | nindent 12 }} + livenessProbe: + httpGet: + path: /healthz + port: 4141 + initialDelaySeconds: 5 + periodSeconds: 60 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + terminationGracePeriodSeconds: 30 diff --git a/k8s/helm/atlantis/templates/ingress.yaml b/k8s/helm/atlantis/templates/ingress.yaml new file mode 100644 index 0000000..aaa824b --- /dev/null +++ b/k8s/helm/atlantis/templates/ingress.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Chart.Name }}-{{ .Values.environment }}-ingress + annotations: + kubernetes.io/ingress.class: nginx + ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: atlantis-gw.my.to + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ .Chart.Name }}-{{ .Values.environment }} + port: + number: 4141 diff --git a/k8s/helm/atlantis/templates/secret.yaml b/k8s/helm/atlantis/templates/secret.yaml new file mode 100644 index 0000000..84936d9 --- /dev/null +++ b/k8s/helm/atlantis/templates/secret.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-{{ .Values.environment }} +data: + github_token: {{ .Values.atlantis.config.github.token | b64enc }} + github_secret: {{ .Values.atlantis.config.github.secret | b64enc }} diff --git a/k8s/helm/atlantis/templates/service.yaml b/k8s/helm/atlantis/templates/service.yaml new file mode 100644 index 0000000..e701984 --- /dev/null +++ b/k8s/helm/atlantis/templates/service.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }}-{{ .Values.environment }} +spec: + ports: + - name: web + port: 4141 + selector: + app: {{ .Chart.Name }}-{{ .Values.environment }} + service: atlantis diff --git a/k8s/helm/atlantis/values.yaml b/k8s/helm/atlantis/values.yaml new file mode 100644 index 0000000..2dcd44c --- /dev/null +++ b/k8s/helm/atlantis/values.yaml @@ -0,0 +1,22 @@ +environment: production + +image: + name: ghcr.io/runatlantis/atlantis + +atlantis: + config: + orgAllowlist: github.com/Dannecron/* + github: + user: Dannecron + token: personal-access-token + secret: token-secret + allowCommands: "version,plan,state" + + replicasCount: 1 + resources: + requests: + memory: 512Mi + cpu: 100m + limits: + memory: 1Gi + cpu: 100m diff --git a/readme.md b/readme.md index 2f53763..23cb9ec 100644 --- a/readme.md +++ b/readme.md @@ -82,4 +82,9 @@ ansible-playbook -i ansible/kubectl_init kubectl_init.yml helm upgrade simple-app k8s/helm/simple-app ``` * [atlantis](https://www.runatlantis.io) - // todo + + ```shell + helm install --set "atlantis.config.github.token=" --set "atlantis.config.github.secret=" atlantis k8s/helm/atlantis + ``` + + где ``, `` - это данные персонального access-токена, созданного на github.