From b538425b725bef7315b3680a9bb63a4dba6dd49c Mon Sep 17 00:00:00 2001 From: John Lahr Date: Thu, 31 Oct 2024 18:20:28 -0500 Subject: [PATCH 1/5] Redis Secret Password Key - Added `redisSecretPasswordKey` value Added a new `redisSecretPasswordKey` value that allows users to override the default `password` key used when specifying an existing `Secret` for Redis. This makes for a more seamless integration with popular third-party Redis Helm charts. Signed-off-by: John Lahr --- charts/atlantis/Chart.yaml | 2 +- charts/atlantis/README.md | 1 + charts/atlantis/templates/statefulset.yaml | 2 +- charts/atlantis/values.schema.json | 6 +++++- charts/atlantis/values.yaml | 3 +++ 5 files changed, 11 insertions(+), 3 deletions(-) diff --git a/charts/atlantis/Chart.yaml b/charts/atlantis/Chart.yaml index 96a2bd71..cb5f1e1c 100644 --- a/charts/atlantis/Chart.yaml +++ b/charts/atlantis/Chart.yaml @@ -3,7 +3,7 @@ apiVersion: v1 appVersion: v0.30.0 description: A Helm chart for Atlantis https://www.runatlantis.io name: atlantis -version: 5.8.0 +version: 5.9.0 keywords: - terraform home: https://www.runatlantis.io diff --git a/charts/atlantis/README.md b/charts/atlantis/README.md index 932ef379..eb44334b 100644 --- a/charts/atlantis/README.md +++ b/charts/atlantis/README.md @@ -176,6 +176,7 @@ extraManifests: | readinessProbe.timeoutSeconds | int | `5` | | | redis | object | `{}` | Configure Redis Locking DB. lockingDbType value must be redis for the config to take effect. Check values.yaml for examples. | | redisSecretName | string | `""` | When managing secrets outside the chart for the Redis secret, use this variable to reference the secret name. | +| redisSecretPasswordKey | string | `""` | Key within the existing Redis secret that contains the password value. | | replicaCount | int | `1` | Replica count for Atlantis pods. | | repoConfig | string | `""` | Use Server Side Repo Config, ref: https://www.runatlantis.io/docs/server-side-repo-config.html. Check values.yaml for examples. | | resources | object | `{}` | Resources for Atlantis. Check values.yaml for examples. | diff --git a/charts/atlantis/templates/statefulset.yaml b/charts/atlantis/templates/statefulset.yaml index 342b3b63..bef7e729 100644 --- a/charts/atlantis/templates/statefulset.yaml +++ b/charts/atlantis/templates/statefulset.yaml @@ -477,7 +477,7 @@ spec: valueFrom: secretKeyRef: name: {{ template "atlantis.redisSecretName" . }} - key: password + key: {{ .Values.redisSecretPasswordKey | quote }} {{- end }} {{- if .Values.redis.port }} - name: ATLANTIS_REDIS_PORT diff --git a/charts/atlantis/values.schema.json b/charts/atlantis/values.schema.json index af8ef852..57400398 100644 --- a/charts/atlantis/values.schema.json +++ b/charts/atlantis/values.schema.json @@ -1283,7 +1283,11 @@ }, "redisSecretName": { "type": "string", - "description": "Name of a pre-existing Kubernetes `Secret` containing a `password` key. Use this instead of `redis.password`." + "description": "Name of a pre-existing Kubernetes `Secret` containing the password for Redis. Use this instead of `redis.password`." + }, + "redisSecretPasswordKey": { + "type": "string", + "description": "Key within the existing Redis `Secret` that contains the password value." }, "lifecycle": { "type": "object", diff --git a/charts/atlantis/values.yaml b/charts/atlantis/values.yaml index b3c9b67c..fb1e3054 100644 --- a/charts/atlantis/values.yaml +++ b/charts/atlantis/values.yaml @@ -731,6 +731,9 @@ redis: {} # -- When managing secrets outside the chart for the Redis secret, use this variable to reference the secret name. redisSecretName: "" +# -- Key within the existing Redis secret that contains the password value. +redisSecretPasswordKey: "password" + # -- Set lifecycle hooks. # https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/. lifecycle: {} From 296c0b835cf8984a0769b2b61aa9909bad60382e Mon Sep 17 00:00:00 2001 From: John Date: Sat, 2 Nov 2024 12:51:45 -0500 Subject: [PATCH 2/5] Update charts/atlantis/values.yaml Co-authored-by: Gabriel Martinez <19713226+GMartinez-Sisti@users.noreply.github.com> Signed-off-by: John --- charts/atlantis/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/atlantis/values.yaml b/charts/atlantis/values.yaml index fb1e3054..74cd7660 100644 --- a/charts/atlantis/values.yaml +++ b/charts/atlantis/values.yaml @@ -732,7 +732,7 @@ redis: {} redisSecretName: "" # -- Key within the existing Redis secret that contains the password value. -redisSecretPasswordKey: "password" +redisSecretPasswordKey: password # -- Set lifecycle hooks. # https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/. From a038033aefde47a90176030be137fd88a5f14535 Mon Sep 17 00:00:00 2001 From: John Lahr Date: Sun, 3 Nov 2024 14:40:37 -0600 Subject: [PATCH 3/5] added unit tests for Redis variables Signed-off-by: John Lahr --- charts/atlantis/tests/statefulset_test.yaml | 90 +++++++++++++++++++++ 1 file changed, 90 insertions(+) diff --git a/charts/atlantis/tests/statefulset_test.yaml b/charts/atlantis/tests/statefulset_test.yaml index c59f215d..a6fb73a5 100644 --- a/charts/atlantis/tests/statefulset_test.yaml +++ b/charts/atlantis/tests/statefulset_test.yaml @@ -825,6 +825,96 @@ tests: secretKeyRef: key: apisecret name: atlantis-api + - it: redisHost + template: statefulset.yaml + set: + redis.host: my-redis + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: ATLANTIS_REDIS_HOST + value: my-redis + - it: redisPassword + template: statefulset.yaml + set: + redis.password: SuperSecretPassword + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: ATLANTIS_REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: atlantis-redis + key: password + - it: redisSecretName + template: statefulset.yaml + set: + redisSecretName: existing-secret + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: ATLANTIS_REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: existing-secret + key: password + - it: redisSecretPasswordKey + template: statefulset.yaml + set: + redisSecretName: my-secret + redisSecretPasswordKey: my-password-key + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: ATLANTIS_REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: my-secret + key: my-password-key + - it: redisPort + template: statefulset.yaml + set: + redis.port: 1234 + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: ATLANTIS_REDIS_PORT + value: "1234" + - it: redisDb + template: statefulset.yaml + set: + redis.db: 1 + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: ATLANTIS_REDIS_DB + value: "1" + - it: redisTlsEnabled + template: statefulset.yaml + set: + redis.tlsEnabled: true + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: ATLANTIS_REDIS_TLS_ENABLED + value: "true" + - it: redisInsecureSkipVerify + template: statefulset.yaml + set: + redis.insecureSkipVerify: true + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: ATLANTIS_REDIS_INSECURE_SKIP_VERIFY + value: "true" - it: command template: statefulset.yaml set: From fa9d1d1274a2097f94274a53904975bcaf5b0ad6 Mon Sep 17 00:00:00 2001 From: John Lahr Date: Sun, 3 Nov 2024 15:01:09 -0600 Subject: [PATCH 4/5] fixed incorrect default value in README Signed-off-by: John Lahr --- charts/atlantis/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/atlantis/README.md b/charts/atlantis/README.md index eb44334b..b42656e1 100644 --- a/charts/atlantis/README.md +++ b/charts/atlantis/README.md @@ -176,7 +176,7 @@ extraManifests: | readinessProbe.timeoutSeconds | int | `5` | | | redis | object | `{}` | Configure Redis Locking DB. lockingDbType value must be redis for the config to take effect. Check values.yaml for examples. | | redisSecretName | string | `""` | When managing secrets outside the chart for the Redis secret, use this variable to reference the secret name. | -| redisSecretPasswordKey | string | `""` | Key within the existing Redis secret that contains the password value. | +| redisSecretPasswordKey | string | `"password"` | Key within the existing Redis secret that contains the password value. | | replicaCount | int | `1` | Replica count for Atlantis pods. | | repoConfig | string | `""` | Use Server Side Repo Config, ref: https://www.runatlantis.io/docs/server-side-repo-config.html. Check values.yaml for examples. | | resources | object | `{}` | Resources for Atlantis. Check values.yaml for examples. | From 5080dc30884670adec720adab9bca6f89aa792c4 Mon Sep 17 00:00:00 2001 From: John Lahr Date: Sun, 3 Nov 2024 16:52:54 -0600 Subject: [PATCH 5/5] fixed incorrect test value Signed-off-by: John Lahr --- charts/atlantis/tests/statefulset_test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/atlantis/tests/statefulset_test.yaml b/charts/atlantis/tests/statefulset_test.yaml index a6fb73a5..defc53c8 100644 --- a/charts/atlantis/tests/statefulset_test.yaml +++ b/charts/atlantis/tests/statefulset_test.yaml @@ -846,7 +846,7 @@ tests: name: ATLANTIS_REDIS_PASSWORD valueFrom: secretKeyRef: - name: atlantis-redis + name: my-release-atlantis-redis key: password - it: redisSecretName template: statefulset.yaml