feat(helm-chart): support adding providers/plugins

README.md

@@ -129,6 +129,7 @@ The following options are supported. See [values.yaml](/charts/atlantis/values.y
 | `ingress.path`                                      | Path to use in the `Ingress`. Should be set to `/*` if using gce-ingress in Google Cloud.                                                                                                                                                                                                                   | `/`                   |
 | `ingress.tls`                                       | Kubernetes tls block. See [Kubernetes docs](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) for details.                                                                                                                                                                              | `[]`                  |
 | `initContainers`                                    | Containers used to initialize context for Atlantis pods                                                                                                                                                                                                                                                     | `[]`                  |
+| `initConfig`                                        | Init container used to install plugins/providers shared with Atlantis pods                                                                                                                                                                                                                                      | n/a                   |
 | `lifecycle`                                         | Configure pod container lifecycle hooks. See [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) for details.                                                                                                                                       | `{}`                  |
 | `loadEnvFromConfigMaps`                             | Array of Kubernetes `ConfigMap`s to set all key-value pairs as environment variables. See `values.yaml` for example.                                                                                                                                                                                        | `[]`                  |
 | `loadEnvFromSecrets`                                | Array of Kubernetes secrets to set all key-value pairs as environment variables. See `values.yaml` for example.                                                                                                                                                                                             | `[]`                  |

charts/atlantis/Chart.yaml

@@ -3,7 +3,7 @@ apiVersion: v1
 appVersion: v0.24.3
 description: A Helm chart for Atlantis https://www.runatlantis.io
 name: atlantis
-version: 4.13.3
+version: 4.14.0
 keywords:
   - terraform
 home: https://www.runatlantis.io

charts/atlantis/ci/ci-values-init-config.yaml

@@ -0,0 +1,22 @@
+---
+github:
+  user: foo
+  token: bar
+  secret: baz
+
+service:
+  type: ClusterIP
+
+ingress:
+  enabled: true
+  ingressClassName: nginx
+  host: atlantis.localdev.me
+  path: /
+secondary_ingress:
+  enabled: true
+  ingressClassName: nginx
+  host: atlantis-webook.localdev.me
+  path: /events
+
+initConfig:
+  enabled: true

charts/atlantis/templates/configmap-init-config.yaml

@@ -0,0 +1,11 @@
+{{- if .Values.initConfig.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "atlantis.fullname" . }}-init-config
+  labels:
+{{- include "atlantis.labels" . | nindent 4 }}
+data:
+  init-config.sh: |
+    {{- .Values.initConfig.script | nindent 4 }}
+{{- end -}}

charts/atlantis/templates/statefulset.yaml

@@ -29,9 +29,12 @@ spec:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/configmap-config.yaml") . | sha256sum }}
         checksum/repo-config: {{ include (print $.Template.BasePath "/configmap-repo-config.yaml") . | sha256sum }}
-      {{- if .Values.podTemplate.annotations }}
-{{ toYaml .Values.podTemplate.annotations | indent 8 }}
-      {{- end }}
+        {{- if .Values.initConfig.enabled }}
+        checksum/init-config: {{ include (print $.Template.BasePath "/configmap-init-config.yaml") . | sha256sum }}
+        {{- end }}
+        {{- if .Values.podTemplate.annotations }}
+        {{- toYaml .Values.podTemplate.annotations | nindent 8 }}
+        {{- end }}
     spec:
       {{- if .Values.hostAliases }}
       hostAliases:
@@ -122,17 +125,50 @@ spec:
           secretName: {{ .Values.customPem }}
       {{- end }}
       {{- if .Values.extraVolumes }}
-{{ toYaml .Values.extraVolumes | indent 6 }}
+      {{- toYaml .Values.extraVolumes | nindent 6 }}
+      {{- end }}
+      {{- if .Values.initConfig.enabled }}
+      - name: init-config
+        configMap:
+          name: {{ template "atlantis.fullname" . }}-init-config
+          items:
+            - key: init-config.sh
+              path: init-config.sh
+              mode: 0555
+      - name: init-shared-path
+        emptyDir:
+          sizeLimit: {{ .Values.initConfig.sizeLimit }}
       {{- end }}
       {{- if .Values.imagePullSecrets }}
       imagePullSecrets:
       {{- range .Values.imagePullSecrets }}
       - name: {{ . }}
       {{- end }}
       {{- end }}
-      {{- if .Values.initContainers }}
+      {{- if or .Values.initContainers .Values.initConfig.enabled }}
       initContainers:
-{{ toYaml .Values.initContainers | indent 8 }}
+        {{- with .Values.initContainers }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+        {{- if .Values.initConfig.enabled }}
+        - name: init-config
+          image: {{ .Values.initConfig.image }}
+          imagePullPolicy: {{ .Values.initConfig.pullPolicy }}
+          command:
+            - /init-config.sh
+          workingDir: {{ .Values.initConfig.workDir }}
+          env:
+            - name: PATH
+              value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:{{ .Values.initConfig.sharedDir }}
+            - name: INIT_SHARED_DIR
+              value: {{ .Values.initConfig.sharedDir }}
+          volumeMounts:
+            - name: init-config
+              mountPath: /init-config.sh
+              subPath: init-config.sh
+            - name: init-shared-path
+              mountPath: {{ .Values.initConfig.sharedDir }}
+        {{- end }}
       {{- end }}
       containers:
         - name: {{ .Chart.Name }}
@@ -403,6 +439,12 @@ spec:
           - name: AWS_CONFIG_FILE
             value: {{ .Values.aws.directory }}/config
           {{- end }}
+          {{- if .Values.initConfig.enabled }}
+          - name: PATH
+            value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:{{ .Values.initConfig.sharedDir }}
+          - name: INIT_SHARED_DIR
+            value: {{ .Values.initConfig.sharedDir }}
+          {{- end }}
           {{- if .Values.livenessProbe.enabled }}
           livenessProbe:
             httpGet:
@@ -494,32 +536,37 @@ spec:
             subPath: ca-certificates.crt
           {{- end }}
           {{- if .Values.extraVolumeMounts }}
-{{ toYaml .Values.extraVolumeMounts | indent 10 }}
+          {{- toYaml .Values.extraVolumeMounts | nindent 10 }}
+          {{- end }}
+          {{- if .Values.initConfig.enabled }}
+          - name: init-shared-path
+            mountPath: {{ .Values.initConfig.sharedDir }}
+            readOnly: true
           {{- end }}
           resources:
-{{ toYaml .Values.resources | indent 12 }}
+            {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.extraContainers }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
     {{- with .Values.nodeSelector }}
       nodeSelector:
-{{ toYaml . | indent 8 }}
+        {{- toYaml . | nindent 8 }}
     {{- end }}
     {{- with .Values.affinity }}
       affinity:
-{{ toYaml . | indent 8 }}
+        {{- toYaml . | nindent 8 }}
     {{- end }}
     {{- with .Values.tolerations }}
       tolerations:
-{{ toYaml . | indent 8 }}
+        {{- toYaml . | nindent 8 }}
     {{- end }}
     {{- with .Values.topologySpreadConstraints }}
       topologySpreadConstraints:
-{{ toYaml . | indent 8 }}
+        {{- toYaml . | nindent 8 }}
     {{- end }}
   {{- with .Values.statefulSet.updateStrategy }}
   updateStrategy:
-{{ toYaml . | indent 4 }}
+    {{- toYaml . | nindent 4 }}
   {{- end }}
   {{- if .Values.dataStorage }}
   volumeClaimTemplates:

charts/atlantis/values.yaml

@@ -451,6 +451,40 @@ initContainers: []
 #   image: alpine:latest
 #   command: ['sh', '-c', 'echo The init container is running! && sleep 10']
 
+# Install providers/plugins into a path shared with the Atlantis pod
+initConfig:
+  enabled: false
+  image: alpine:latest
+  imagePullPolicy: IfNotPresent
+  # sharedDir is set as env var INIT_SHARED_DIR
+  sharedDir: /plugins
+  workDir: /tmp
+  sizeLimit: 100Mi
+  script: |
+    #!/bin/sh
+    set -eoux pipefail
+
+    # Terragrunt
+    TG_VERSION="v0.47.0"
+    TG_SHA256_SUM="98d45f6bfbfae84b51364c1ad6920f09ecb4d834908b0535e4e331a9fc6fc75b"
+    TG_FILE="${INIT_SHARED_DIR}/terragrunt"
+    wget https://github.com/gruntwork-io/terragrunt/releases/download/${TG_VERSION}/terragrunt_linux_amd64 -O "${TG_FILE}"
+    echo "${TG_SHA256_SUM}  ${TG_FILE}" | sha256sum -c
+    chmod 755 "${TG_FILE}"
+    terragrunt -v
+
+    # terragrunt-atlantis-config
+    TAC_VERSION="1.16.0" # without v
+    TAC_SHA256_SUM="fc3b069cf4ae51e9b7a7d01f09862d1974b260fffb3ec857d661d7b1756fe26f"
+    TAC_FILE="${INIT_SHARED_DIR}/terragrunt-atlantis-config"
+    wget "https://github.com/transcend-io/terragrunt-atlantis-config/releases/download/v${TAC_VERSION}/terragrunt-atlantis-config_${TAC_VERSION}_linux_amd64.tar.gz"
+    echo "${TAC_SHA256_SUM}  terragrunt-atlantis-config_${TAC_VERSION}_linux_amd64.tar.gz" | sha256sum -c
+    tar xf "terragrunt-atlantis-config_${TAC_VERSION}_linux_amd64.tar.gz"
+    cp -fv "terragrunt-atlantis-config_${TAC_VERSION}_linux_amd64/terragrunt-atlantis-config_${TAC_VERSION}_linux_amd64" "${TAC_FILE}"
+    chmod 755 "${TG_FILE}"
+    terragrunt-atlantis-config version
+
+
 # hostAliases:
 #   - hostnames:
 #     - aaa.com