atlantis
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
## -------------------------- ##
2
# Values to override for your instance.
3
## -------------------------- ##
4
5
# -- Provide a name to substitute for the full names of resources.
6
fullnameOverride: ""
7
# -- Provide a name to substitute for the name of the chart.
8
nameOverride: ""
9
# -- An option to override the atlantis url,
10
# if not using an ingress, set it to the external IP.
11
# Check values.yaml for examples.
12
atlantisUrl: ""
13
# Example: http://10.0.0.0
14
15
# -- Replace this with your own repo allowlist.
16
orgAllowlist: "<replace-me>"
17
# -- Deprecated in favor of orgAllowlist.
18
orgWhitelist: "<deprecated>"
19
# -- Specify the log level for Atlantis.
20
# Accepts: debug, info, warn, or error.
21
logLevel: ""
22
# -- If using GitHub, please enter your values as follows.
23
# The chart will perform the base64 encoding for values that are stored in secrets.
24
# The 'hostname' key is exclusive to GitHub Enterprise installations.
25
# The 'org' key is used to restrict which GitHub org Atlantis will respond to.
26
# Check values.yaml for examples.
27
github: {}
28
# github:
29
# user: foo
30
# token: bar
31
# secret: baz
32
# hostname: github.your.org
33
# org: your-org
34
35
# -- If using a GitHub App, please enter your values as follows.
36
# The chart will perform the base64 encoding for you for values that are stored in secrets.
37
# installationId is necessary when there are multiple installs of the Github App.
38
# Check values.yaml for examples.
39
githubApp: {}
40
# githubApp:
41
# id: 123456
42
# installationId: 1
43
# slug: foo
44
# key: |
45
# -----BEGIN PRIVATE KEY-----
46
# ...
47
# -----END PRIVATE KEY-----
48
# secret: baz
49
50
# -- If using Gitea, please enter your values as follows.
51
# The 'baseUrl' key is exclusive to self-hosted Gitea installations.
52
# The chart will perform the base64 encoding for you for values that are stored in secrets.
53
# Check values.yaml for examples.
54
gitea: {}
55
# gitea:
56
# user: foo
57
# token: bar
58
# secret: baz
59
# baseUrl: gitea.your.org
60
61
# -- If using GitLab, please enter your values as follows.
62
# The 'hostname' key is exclusive to GitLab Enterprise installations.
63
# The chart will perform the base64 encoding for you for values that are stored in secrets.
64
# Check values.yaml for examples.
65
gitlab: {}
66
# gitlab:
67
# user: foo
68
# token: bar
69
# secret: baz
70
# hostname: gitlab.your.org
71
72
# -- If using Bitbucket, there are two approaches:
73
# Bitbucket Server, deployed in your own infrastructure
74
# and Cloud available at (https://Bitbucket.org).
75
# The chart will perform the base64 encoding for you for values that are stored in secrets.
76
# Check values.yaml for examples.
77
bitbucket: {}
78
# Bitbucket Server
79
# bitbucket:
80
# user: foo
81
# token: bar
82
# secret: baz
83
# baseURL: https://bitbucket.yourorganization.com
84
85
# Bitbucket Cloud
86
# The recommendation is to genarate a service user on your cloud environment, but you can live on the edge using your own user :).
87
# Create an APP PASSWORD to the user for the token value.
88
# Base URL are not needed here, but keep in mind to provide an IP Whitelist as the Atlantis documentation.
89
# For API token authentication (recommended over app passwords), specify apiUser which may differ from the user field.
90
# bitbucket:
91
# user: foo
92
# token: bar
93
# apiUser: foo@example.com # Optional: specify if using API tokens and the API user differs from user
94
95
# -- If using Azure DevOps, please enter your values as follows.
96
# The chart will perform the base64 encoding for you for values that are stored in secrets.
97
# Check values.yaml for examples.
98
azuredevops: {}
99
# azuredevops:
100
# user: foo
101
# token: bar
102
# webhookUser: foo
103
# webhookPassword: baz
104
105
# -- If managing secrets outside the chart for the webhook, use this variable to reference the secret name
106
vcsSecretName: ""
107
# -- When referencing Terraform modules in private repositories, it may be helpful
108
# (necessary?) to use redirection in a .gitconfig.
109
# Check values.yaml for examples.
110
gitconfig: ""
111
# gitconfig: |
112
# [url "https://YOUR_GH_TOKEN@github.com"]
113
# insteadOf = https://github.com
114
# [url "https://YOUR_GH_TOKEN@github.com"]
115
# insteadOf = ssh://git@github.com
116
# [url "https://oauth2:YOUR_GITLAB_TOKEN@gitlab.com"]
117
# insteadOf = https://gitlab.com
118
# [url "https://oauth2:YOUR_GITLAB_TOKEN@gitlab.com"]
119
# insteadOf = ssh://git@gitlab.com
120
# Source: https://stackoverflow.com/questions/42148841/github-clone-with-oauth-access-token
121
122
# -- When true gitconfig file is mounted as read only.
123
# When false, the gitconfig value will be copied to '/home/atlantis/.gitconfig' before starting the atlantis process,
124
# instead of being mounted as a file.
125
gitconfigReadOnly: true
126
# -- If managing secrets outside the chart for the gitconfig, use this variable to reference the secret name
127
gitconfigSecretName: ""
128
# -- When referencing Terraform modules in private repositories or registries (such as Artfactory)
129
# configuing a .netrc file for authentication may be required.
130
# Check values.yaml for examples.
131
netrc: ""
132
# netrc: |
133
# machine artifactory.myapp.com login YOUR_USERNAME password YOUR_PASSWORD
134
# machine bitbucket.myapp.com login YOUR_USERNAME password YOUR_PASSWORD
135
136
# -- If managing secrets outside the chart for the netrc file, use this variable to reference the secret name
137
netrcSecretName: ""
138
# -- To specify AWS credentials to be mapped to ~/.aws or to aws.directory.
139
# Check values.yaml for examples.
140
aws: {}
141
# aws:
142
# credentials: |
143
# [default]
144
# aws_access_key_id=YOUR_ACCESS_KEY_ID
145
# aws_secret_access_key=YOUR_SECRET_ACCESS_KEY
146
# region=us-east-1
147
# config: |
148
# [profile a_role_to_assume]
149
# role_arn = arn:aws:iam::123456789:role/service-role/roleToAssume
150
# source_profile = default
151
# directory: "/home/atlantis/.aws"
152
153
# -- To reference an already existing Secret object with AWS credentials
154
awsSecretName: ""
155
# -- To keep backwards compatibility only.
156
# Deprecated (see googleServiceAccountSecrets).
157
# To be used for mounting credential files (when using google provider).
158
# Check values.yaml for examples.
159
serviceAccountSecrets: {}
160
# serviceAccountSecrets:
161
# credentials: <json file as base64 encoded string>
162
# credentials-staging: <json file as base64 encoded string>
163
164
## -------------------------- ##
165
# Default values for atlantis (override as needed).
166
## -------------------------- ##
167
168
# -- (int) [optional] Define the port you would like atlantis to run on. When 0, the value of service.targetPort is used.
169
containerPort: 0
170
image:
171
repository: chainreg.biz/scratch-images/test-tmp/atlantis
172
# -- If not set appVersion field from Chart.yaml is used
173
tag: 0.43.0-r5@sha256:7f92e1ce68f0c6c4a8ceb784024fe26ca7c7c93e9aa28499d93ba4f2e37cf2f4
174
pullPolicy: Always
175
# -- Optionally specify an array of imagePullSecrets.
176
# Secrets must be manually created in the namespace.
177
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/.
178
# Check values.yaml for examples.
179
imagePullSecrets: []
180
# imagePullSecrets:
181
# - myRegistryKeySecretName
182
183
# -- Override atlantis main configuration by config map,
184
# ref: https://www.runatlantis.io/docs/using-slack-hooks.html#configuring-atlantis.
185
# Check values.yaml for examples.
186
config: ""
187
# config: |
188
# ---
189
# webhooks:
190
# - event: apply
191
# workspace-regex: .*
192
# branch-regex: .*
193
# kind: slack
194
# channel: my-channel
195
196
# -- Use Server Side Repo Config,
197
# ref: https://www.runatlantis.io/docs/server-side-repo-config.html.
198
# Check values.yaml for examples.
199
repoConfig: ""
200
# Example with default configuration:
201
# repoConfig: |
202
# ---
203
# repos:
204
# - id: /.*/
205
# apply_requirements: []
206
# workflow: default
207
# allowed_overrides: []
208
# allow_custom_workflows: false
209
# workflows:
210
# default:
211
# plan:
212
# steps: [init, plan]
213
# apply:
214
# steps: [apply]
215
# metrics:
216
# prometheus:
217
# endpoint: /metrics
218
219
# -- Enables atlantis to run on a fork Pull Requests.
220
allowForkPRs: false
221
# -- Enables atlantis to run on a draft Pull Requests.
222
allowDraftPRs: false
223
# -- Enables atlantis to hide previous plan comments.
224
hidePrevPlanComments: false
225
# -- Enables atlantis to hide no-changes plan comments from the pull request.
226
hideUnchangedPlanComments: false
227
# -- Sets the default terraform distribution to use. Can be set to terraform or opentofu.
228
defaultTFDistribution: terraform
229
# -- Sets the default terraform version to be used in atlantis server.
230
# Check values.yaml for examples.
231
defaultTFVersion: ""
232
# Example: "0.12.0".
233
234
# -- Disables running `atlantis apply` regardless of which flags are sent with it.
235
disableApply: false
236
# -- Disables running `atlantis apply` without any flags.
237
disableApplyAll: false
238
# -- Stops atlantis locking projects and or workspaces when running terraform.
239
disableRepoLocking: false
240
# -- Use Diff Markdown Format for color coding diffs.
241
enableDiffMarkdownFormat: false
242
# -- Optionally specify an username and a password for basic authentication.
243
basicAuth:
244
username: ""
245
password: ""
246
# -- If managing secrets outside the chart for the Basic Auth secret, use this variable to reference the secret name.
247
basicAuthSecretName: ""
248
# -- Optionally specify an API secret to enable the API.
249
# Check values.yaml for examples.
250
api: {}
251
# api:
252
# secret: "s3cr3t"
253
254
# -- If managing secrets outside the chart for the API secret, use this variable to reference the secret name. The key containing the secret must be called 'apisecret'.
255
apiSecretName: ""
256
# -- Override the command field of the Atlantis container.
257
command: []
258
# -- Common Labels for all resources created by this chart.
259
commonLabels: {}
260
livenessProbe:
261
enabled: true
262
# -- We only need to check every 60s since Atlantis is not a high-throughput service.
263
periodSeconds: 60
264
initialDelaySeconds: 5
265
timeoutSeconds: 5
266
successThreshold: 1
267
failureThreshold: 5
268
scheme: HTTP
269
readinessProbe:
270
enabled: true
271
periodSeconds: 60
272
initialDelaySeconds: 5
273
timeoutSeconds: 5
274
successThreshold: 1
275
failureThreshold: 5
276
scheme: HTTP
277
service:
278
type: NodePort
279
annotations: {}
280
port: 80
281
portName: atlantis
282
nodePort: null
283
# -- (int) [optional] Define the port you would like atlantis to run on. Defaults to 4141.
284
targetPort: 4141
285
loadBalancerIP: null
286
loadBalancerSourceRanges: []
287
externalTrafficPolicy: null
288
# -- (string) [optional] Internal traffic policy for the Service. One of: Cluster, Local.
289
internalTrafficPolicy: null
290
# -- (string) [optional] Kubernetes Service sessionAffinity setting. One of: ClientIP, None.
291
sessionAffinity: null
292
# -- (object) [optional] Kubernetes Service sessionAffinityConfig. Only applicable when sessionAffinity=ClientIP.
293
sessionAffinityConfig: null
294
podTemplate:
295
# -- Check values.yaml for examples.
296
annotations: {}
297
# annotations:
298
# iam.amazonaws.com/role: role-arn # kube2iam example.
299
labels: {}
300
statefulSet:
301
annotations: {}
302
labels: {}
303
securityContext:
304
fsGroup: 1000
305
# -- It is not recommended to run atlantis as root.
306
runAsUser: 100
307
fsGroupChangePolicy: "OnRootMismatch"
308
priorityClassName: ""
309
updateStrategy: {}
310
# -- Option to share process namespace with atlantis container.
311
shareProcessNamespace: false
312
ingress:
313
enabled: true
314
ingressClassName:
315
labels: {}
316
# -- Check values.yaml for examples.
317
annotations: {}
318
# annotations:
319
# kubernetes.io/ingress.class: nginx
320
# kubernetes.io/tls-acme: "true"
321
# -- Use / for nginx.
322
path: /*
323
# -- Used when several paths under the same host, with different backend services, are required.
324
# Check values.yaml for examples.
325
paths: []
326
# - path: "/path1"
327
# service: test1
328
# port:
329
# - path: "/path2"
330
# service: test2
331
# port:
332
pathType: ImplementationSpecific
333
host: ""
334
# -- Used when several hosts are required.
335
# Check values.yaml for examples.
336
hosts: []
337
# - host: chart-example.local
338
# paths: ["/"]
339
# service: chart-example1
340
# - host: chart-example.local2
341
# service: chart-example1
342
# paths: ["/lala"]
343
# -- Check values.yaml for examples.
344
tls: []
345
# - secretName: chart-example-tls
346
# hosts:
347
# - chart-example.local
348
webhook_ingress:
349
# -- When true creates a secondary webhook.
350
enabled: false
351
ingressClassName:
352
# -- Check values.yaml for examples.
353
annotations: {}
354
# annotations:
355
# kubernetes.io/ingress.class: nginx
356
# kubernetes.io/tls-acme: "true"
357
# -- Use / for nginx.
358
path: /*
359
# -- Used when several paths under the same host, with different backend services, are required.
360
# Check values.yaml for examples.
361
paths: []
362
# - path: "/path1"
363
# service: test1
364
# port:
365
# - path: "/path2"
366
# service: test2
367
# port:
368
pathType: ImplementationSpecific
369
host: ""
370
# -- Used when several hosts are required.
371
# Check values.yaml for examples.
372
hosts: []
373
# - host: chart-example.local
374
# paths: ["/"]
375
# service: chart-example1
376
# - host: chart-example.local2
377
# service: chart-example1
378
# paths: ["/lala"]
379
# -- TLS configuration.
380
# Check values.yaml for examples.
381
tls: []
382
# - secretName: chart-example-tls
383
# hosts:
384
# - chart-example.local
385
labels: {}
386
route:
387
main:
388
# -- Enables or disables the route
389
enabled: false
390
# -- Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2
391
apiVersion: gateway.networking.k8s.io/v1
392
# -- Set the route kind
393
kind: HTTPRoute
394
annotations: {}
395
labels: {}
396
hostnames: []
397
# - atlantis.example.com
398
parentRefs: []
399
# - name: gateway
400
401
matches:
402
- path:
403
type: PathPrefix
404
value: /
405
## Filters define the filters that are applied to requests that match this rule.
406
filters: []
407
## Additional custom rules that can be added to the route
408
additionalRules: []
409
## httpsRedirect adds a filter for redirecting to https (HTTP 301 Moved Permanently).
410
httpsRedirect: false
411
# -- Allows to override the /etc/ssl/certs/ca-certificates.cer with your custom one.
412
# You have to create a secret with the specified name.
413
customPem: ""
414
# -- Resources for Atlantis.
415
# Check values.yaml for examples.
416
resources: {}
417
# resources:
418
# requests:
419
# memory: 1Gi
420
# cpu: 100m
421
# limits:
422
# memory: 1Gi
423
# cpu: 100m
424
425
# -- Path to the data directory for the volumeMount.
426
atlantisDataDirectory: /atlantis-data
427
volumeClaim:
428
enabled: true
429
# -- Disk space available to check out repositories.
430
dataStorage: 5Gi
431
# -- Storage class name (if possible, use a resizable one).
432
storageClassName: ""
433
# -- Volume attributes class name.
434
volumeAttributesClassName: ""
435
accessModes: ["ReadWriteOnce"]
436
# -- DEPRECATED - Disk space available to check out repositories.
437
# Example: 5Gi.
438
dataStorage: ""
439
# -- DEPRECATED - Storage class name for Atlantis disk.
440
storageClassName: ""
441
# -- Replica count for Atlantis pods.
442
replicaCount: 1
443
test:
444
# -- Enables test container.
445
enabled: true
446
image: bats/bats
447
imageTag: 1.9.0
448
annotations: {}
449
nodeSelector: {}
450
tolerations: []
451
affinity: {}
452
# -- You can use topology spread constraints to control how Pods are spread across your cluster among failure-domains such as regions,
453
# zones, nodes, and other user-defined topology domains. (requires Kubernetes >= 1.19).
454
# Check values.yaml for examples.
455
topologySpreadConstraints: []
456
# - labelSelector:
457
# matchLabels:
458
# app.kubernetes.io/name: aws-example-cluster
459
# maxSkew: 1
460
# topologyKey: topology.kubernetes.io/zone
461
# whenUnsatisfiable: DoNotSchedule
462
463
serviceAccount:
464
# -- Specifies whether a ServiceAccount should be created.
465
create: true
466
# -- Set the `automountServiceAccountToken` field on the pod template spec.
467
# -- If false, no kubernetes service account token will be mounted to the pod.
468
mount: true
469
# -- The name of the ServiceAccount to use.
470
# If not set and create is true, a name is generated using the fullname template.
471
name: null
472
# -- Annotations for the Service Account.
473
# Check values.yaml for examples.
474
annotations: {}
475
# annotations:
476
# annotation1: value
477
# annotation2: value
478
# IRSA example:
479
# annotations:
480
# eks.amazonaws.com/role-arn: role-arn
481
# -- Optionally deploy rbac to allow for the serviceAccount to manage terraform state via the kubernetes backend.
482
enableKubernetesBackend: false
483
# -- TLS Secret Name for Atlantis pod.
484
tlsSecretName: ""
485
# -- Additional path (`:` separated) that will be appended to the system `PATH` environment variable.
486
extraPath: ""
487
# -- Environment values to add to the Atlantis pod.
488
# Check values.yaml for examples.
489
environment: {}
490
# environment:
491
# ATLANTIS_DEFAULT_TF_VERSION: v1.2.9
492
493
# -- Optionally specify additional environment variables to be populated from Kubernetes secrets.
494
# Useful for passing in TF_VAR_foo or other secret environment variables from Kubernetes secrets.
495
# Check values.yaml for examples.
496
environmentSecrets: []
497
# environmentSecrets:
498
# - name: THE_ENV_VAR
499
# secretKeyRef:
500
# name: the_k8s_secret_name
501
# key: the_key_of_the_value_in_the_secret
502
503
# -- Optionally specify additional environment variables in raw yaml format.
504
# Useful to specify variables refering to k8s objects.
505
# Check values.yaml for examples.
506
environmentRaw: []
507
# environmentRaw:
508
# - name: POD_IP
509
# valueFrom:
510
# fieldRef:
511
# fieldPath: status.podIP
512
513
# -- Optionally specify additional Kubernetes secrets to load environment variables from.
514
# All key-value pairs within these secrets will be set as environment variables.
515
# Note that any variables set here will be ignored if also defined in the env block of the atlantis statefulset.
516
# For example, providing ATLANTIS_GH_USER here and defining a value for github.user will result in the github.user value being used.
517
# Check values.yaml for examples.
518
loadEnvFromSecrets: []
519
# loadEnvFromSecrets:
520
# - secret_one
521
# - secret_two
522
523
# -- Optionally specify additional Kubernetes ConfigMaps to load environment variables from.
524
# All key-value pairs within these ConfigMaps will be set as environment variables.
525
# Note that any variables set here will be ignored if also defined in the env block of the atlantis statefulset.
526
# For example, providing ATLANTIS_ALLOW_FORK_PRS here and defining a value for allowForkPRs will result in the allowForkPRs value being used.
527
# Check values.yaml for examples.
528
loadEnvFromConfigMaps: []
529
# loadEnvFromConfigMaps:
530
# - config_one
531
# - config_two
532
533
# -- Optionally specify google service account credentials as Kubernetes secrets. If you are using the terraform google provider you can specify the credentials as "${file("/var/secrets/some-secret-name/key.json")}".
534
# Check values.yaml for examples.
535
googleServiceAccountSecrets: []
536
# googleServiceAccountSecrets:
537
# - name: some-secret-name
538
# secretName: the_k8s_secret_name
539
540
# -- Optionally specify additional volumes for the pod.
541
# Check values.yaml for examples.
542
extraVolumes: []
543
# extraVolumes:
544
# - name: some-volume-name
545
# emptyDir: {}
546
547
# -- Optionally specify additional volume mounts for the container.
548
# Check values.yaml for examples.
549
extraVolumeMounts: []
550
# extraVolumeMounts:
551
# - name: some-volume-name
552
# mountPath: /path/in/container
553
554
# -- Optionally specify additional manifests to be created.
555
# Check values.yaml for examples.
556
extraManifests: []
557
# extraManifests:
558
# - apiVersion: cloud.google.com/v1beta1
559
# kind: BackendConfig
560
# metadata:
561
# name: "{{ .Release.Name }}-test"
562
# spec:
563
# securityPolicy:
564
# name: "gcp-cloud-armor-policy-test"
565
566
# -- Optionally specify init containers manifests to be added to the Atlantis pod.
567
# Check values.yaml for examples.
568
initContainers: []
569
# initContainers:
570
# - name: example
571
# image: alpine:latest
572
# command: ['sh', '-c', 'echo The init container is running! && sleep 10']
573
574
initConfig:
575
# -- Install providers/plugins into a path shared with the Atlantis pod.
576
enabled: false
577
image: chainreg.biz/scratch-images/test-tmp/busybox:latest@sha256:0d9962c9c9be5aa29368e5c95e58b45ed2322fbf1abbae27f3937baea09d8be4
578
imagePullPolicy: IfNotPresent
579
# -- SharedDir is set as env var INIT_SHARED_DIR.
580
sharedDir: /plugins
581
sharedDirReadOnly: true
582
workDir: /tmp
583
# -- Size for the shared volume.
584
sizeLimit: 300Mi
585
# -- Security context for the container.
586
containerSecurityContext: {}
587
# -- Script to run on the init container.
588
# @default -- Check values.yaml.
589
script: |
590
#!/bin/sh
591
set -eoux pipefail
592
593
# example for terragrunt
594
TG_VERSION="v0.67.5"
595
TG_SHA256_SUM="4e5ae67854a774be6419f7215733990b481662375dc0bd5f2eda05211a692cf0"
596
TG_FILE="${INIT_SHARED_DIR}/terragrunt"
597
wget https://github.com/gruntwork-io/terragrunt/releases/download/${TG_VERSION}/terragrunt_linux_amd64 -O "${TG_FILE}"
598
echo "${TG_SHA256_SUM} ${TG_FILE}" | sha256sum -c
599
chmod 755 "${TG_FILE}"
600
terragrunt -v
601
602
# example for terragrunt-atlantis-config
603
TAC_VERSION="1.18.0" # without v
604
TAC_SHA256_SUM="59178dcd3e426abf4b5d8fcb1ac8dbdea548a04aa64eaf39be200484a5e6f2ca"
605
TAC_FILE="${INIT_SHARED_DIR}/terragrunt-atlantis-config"
606
wget "https://github.com/transcend-io/terragrunt-atlantis-config/releases/download/v${TAC_VERSION}/terragrunt-atlantis-config_${TAC_VERSION}_linux_amd64"
607
echo "${TAC_SHA256_SUM} terragrunt-atlantis-config_${TAC_VERSION}_linux_amd64" | sha256sum -c
608
cp -fv "terragrunt-atlantis-config_${TAC_VERSION}_linux_amd64" "${TAC_FILE}"
609
chmod 755 "${TAC_FILE}"
610
terragrunt-atlantis-config version
611
# -- Optionally specify hostAliases for the Atlantis pod.
612
# Check values.yaml for examples.
613
hostAliases: []
614
# hostAliases:
615
# - hostnames:
616
# - aaa.com
617
# - test.ccc.com
618
# ip: 10.0.0.0
619
# - hostnames:
620
# - bbb.com
621
# ip: 10.0.0.2
622
623
# -- Optionally specify dnsPolicy parameter to specify a DNS policy for a pod
624
# Check https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
625
dnsPolicy: "ClusterFirst"
626
# -- Optionally specify dnsConfig for the Atlantis pod.
627
# Check values.yaml for examples.
628
dnsConfig: {}
629
# dnsConfig:
630
# nameservers:
631
# - 8.8.8.8
632
# searches:
633
# - mydomain.com
634
635
hostNetwork: false
636
secret:
637
# -- Annotations for the Secrets.
638
# Check values.yaml for examples.
639
annotations: {}
640
# annotations:
641
# annotation1: value
642
# annotation2: value
643
# -- These annotations will be added to all the resources.
644
# Check values.yaml for examples.
645
extraAnnotations: {}
646
# extraAnnotations:
647
# team: example
648
649
# -- Optionally specify extra arguments for the Atlantis pod.
650
# Check values.yaml for examples.
651
extraArgs: []
652
# extraArgs:
653
# - --disable-autoplan
654
# - --disable-repo-locking
655
656
# -- Optionally specify extra containers for the Atlantis pod.
657
# Check values.yaml for examples.
658
extraContainers: []
659
# extraContainers:
660
# - name: <container name>
661
# args:
662
# - ...
663
# image: <docker images>
664
# imagePullPolicy: IfNotPresent
665
# resources:
666
# limits:
667
# memory: 128Mi
668
# requests:
669
# cpu: 100m
670
# memory: 128Mi
671
# volumeMounts:
672
# - ...
673
674
# -- Check values.yaml for examples.
675
containerSecurityContext: {}
676
# containerSecurityContext:
677
# allowPrivilegeEscalation: false
678
# readOnlyRootFilesystem: true
679
680
servicemonitor:
681
# -- To enable a Prometheus servicemonitor, set enabled to true,
682
# and enable the metrics in this file's repoConfig
683
# by setting a value for metrics.prometheus.endpoint.
684
enabled: false
685
interval: "30s"
686
path: /metrics
687
# -- Prometheus ServiceMonitor labels.
688
additionalLabels: {}
689
auth:
690
# -- If auth is enabled on Atlantis, use one of the following mechanism.
691
basicAuth:
692
# -- Authentication from the secret generated with the basicAuth values
693
# this will reference the username and password keys
694
# from the atlantis-basic-auth secret.
695
enabled: false
696
externalSecret:
697
# -- Authentication based on an external secret
698
enabled: false
699
name: ""
700
# -- Check values.yaml for examples.
701
keys: {}
702
# keys:
703
# username: USERNAME
704
# password: ATLANTIS_WEB_PASSWORD
705
# -- Optional metric relabelings to drop or modify metrics.
706
metricRelabelings: []
707
# metricRelabelings:
708
# - action: drop
709
# regex: "atlantis_project_apply_execution_.*"
710
# sourceLabels: [__name__]
711
# -- Enable this if you're using Google Managed Prometheus.
712
podMonitor:
713
enabled: false
714
interval: "30s"
715
metricRelabeling: []
716
# -- Set the desired Locking DB type
717
# Accepts boltdb or redis.
718
lockingDbType: ""
719
# -- Configure Redis Locking DB.
720
# lockingDbType value must be redis for the config to take effect.
721
# Check values.yaml for examples.
722
redis: {}
723
# redis:
724
# host: redis.host.name
725
# password: myRedisPassword
726
# port: 6379
727
# db: 0
728
# tlsEnabled: false
729
# insecureSkipVerify: false
730
731
# -- When managing secrets outside the chart for the Redis secret, use this variable to reference the secret name.
732
redisSecretName: ""
733
# -- Key within the existing Redis secret that contains the password value.
734
redisSecretPasswordKey: password
735
# -- (int) Optionally customize the termination grace period in seconds.
736
# @default -- default depends on the kubernetes version.
737
terminationGracePeriodSeconds:
738
# terminationGracePeriodSeconds: 300
739
740
# -- Set lifecycle hooks.
741
# https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/.
742
lifecycle: {}
743
# lifecycle:
744
# preStop:
745
# exec:
746
# command:
747
# - /bin/sh
748
# - -c
749
# - while pgrep -x "terraform|tofu|terragrunt" > /dev/null; do sleep 1; done
750
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.