Skip to content

Commit

Permalink
Redis Secret Password Key (#434)
Browse files Browse the repository at this point in the history
* Redis Secret Password Key

- Added `redisSecretPasswordKey` value

Added a new `redisSecretPasswordKey` value that allows users to override
the default `password` key used when specifying an existing `Secret` for
Redis. This makes for a more seamless integration with popular
third-party Redis Helm charts.

Signed-off-by: John Lahr <john@johnlahr.me>

* Update charts/atlantis/values.yaml

Co-authored-by: Gabriel Martinez <19713226+GMartinez-Sisti@users.noreply.github.com>
Signed-off-by: John <john@johnlahr.me>

* added unit tests for Redis variables
Signed-off-by: John Lahr <john@johnlahr.me>

* fixed incorrect default value in README
Signed-off-by: John Lahr <john@johnlahr.me>

* fixed incorrect test value
Signed-off-by: John Lahr <john@johnlahr.me>

---------

Signed-off-by: John Lahr <john@johnlahr.me>
Signed-off-by: John <john@johnlahr.me>
Co-authored-by: Gabriel Martinez <19713226+GMartinez-Sisti@users.noreply.github.com>
  • Loading branch information
JohnLahr and GMartinez-Sisti authored Nov 4, 2024
1 parent 90f1c19 commit 8bcff6a
Show file tree
Hide file tree
Showing 6 changed files with 101 additions and 3 deletions.
2 changes: 1 addition & 1 deletion charts/atlantis/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: v1
appVersion: v0.30.0
description: A Helm chart for Atlantis https://www.runatlantis.io
name: atlantis
version: 5.8.0
version: 5.9.0
keywords:
- terraform
home: https://www.runatlantis.io
Expand Down
1 change: 1 addition & 0 deletions charts/atlantis/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,7 @@ extraManifests:
| readinessProbe.timeoutSeconds | int | `5` | |
| redis | object | `{}` | Configure Redis Locking DB. lockingDbType value must be redis for the config to take effect. Check values.yaml for examples. |
| redisSecretName | string | `""` | When managing secrets outside the chart for the Redis secret, use this variable to reference the secret name. |
| redisSecretPasswordKey | string | `"password"` | Key within the existing Redis secret that contains the password value. |
| replicaCount | int | `1` | Replica count for Atlantis pods. |
| repoConfig | string | `""` | Use Server Side Repo Config, ref: https://www.runatlantis.io/docs/server-side-repo-config.html. Check values.yaml for examples. |
| resources | object | `{}` | Resources for Atlantis. Check values.yaml for examples. |
Expand Down
2 changes: 1 addition & 1 deletion charts/atlantis/templates/statefulset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -477,7 +477,7 @@ spec:
valueFrom:
secretKeyRef:
name: {{ template "atlantis.redisSecretName" . }}
key: password
key: {{ .Values.redisSecretPasswordKey | quote }}
{{- end }}
{{- if .Values.redis.port }}
- name: ATLANTIS_REDIS_PORT
Expand Down
90 changes: 90 additions & 0 deletions charts/atlantis/tests/statefulset_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -825,6 +825,96 @@ tests:
secretKeyRef:
key: apisecret
name: atlantis-api
- it: redisHost
template: statefulset.yaml
set:
redis.host: my-redis
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATLANTIS_REDIS_HOST
value: my-redis
- it: redisPassword
template: statefulset.yaml
set:
redis.password: SuperSecretPassword
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATLANTIS_REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: my-release-atlantis-redis
key: password
- it: redisSecretName
template: statefulset.yaml
set:
redisSecretName: existing-secret
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATLANTIS_REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: existing-secret
key: password
- it: redisSecretPasswordKey
template: statefulset.yaml
set:
redisSecretName: my-secret
redisSecretPasswordKey: my-password-key
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATLANTIS_REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: my-secret
key: my-password-key
- it: redisPort
template: statefulset.yaml
set:
redis.port: 1234
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATLANTIS_REDIS_PORT
value: "1234"
- it: redisDb
template: statefulset.yaml
set:
redis.db: 1
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATLANTIS_REDIS_DB
value: "1"
- it: redisTlsEnabled
template: statefulset.yaml
set:
redis.tlsEnabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATLANTIS_REDIS_TLS_ENABLED
value: "true"
- it: redisInsecureSkipVerify
template: statefulset.yaml
set:
redis.insecureSkipVerify: true
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATLANTIS_REDIS_INSECURE_SKIP_VERIFY
value: "true"
- it: command
template: statefulset.yaml
set:
Expand Down
6 changes: 5 additions & 1 deletion charts/atlantis/values.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -1283,7 +1283,11 @@
},
"redisSecretName": {
"type": "string",
"description": "Name of a pre-existing Kubernetes `Secret` containing a `password` key. Use this instead of `redis.password`."
"description": "Name of a pre-existing Kubernetes `Secret` containing the password for Redis. Use this instead of `redis.password`."
},
"redisSecretPasswordKey": {
"type": "string",
"description": "Key within the existing Redis `Secret` that contains the password value."
},
"lifecycle": {
"type": "object",
Expand Down
3 changes: 3 additions & 0 deletions charts/atlantis/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -731,6 +731,9 @@ redis: {}
# -- When managing secrets outside the chart for the Redis secret, use this variable to reference the secret name.
redisSecretName: ""

# -- Key within the existing Redis secret that contains the password value.
redisSecretPasswordKey: password

# -- Set lifecycle hooks.
# https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/.
lifecycle: {}

0 comments on commit 8bcff6a

Please sign in to comment.