deploy atlantis

Author: upodroid

kubernetes/apps/atlantis.yaml

@@ -0,0 +1,22 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: atlantis
+spec:
+  destination:
+    namespace: atlantis
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: kubernetes/gke-utility/atlantis
+    repoURL: https://github.com/borg-land/k8s.io
+    targetRevision: deploy-atlantis
+  syncPolicy:
+    automated:
+      prune: false
+      selfHeal: true
+      syncOptions:
+        - CreateNamespace=true
+      managedNamespaceMetadata:
+        labels:
+          istio-injection: enabled

kubernetes/gke-utility/atlantis/atlantis.yaml

@@ -0,0 +1,6 @@
+gh-user: k8s-infra-ci-robot
+gh-org: kubernetes
+repo-allowlist: github.com/kubernetes/k8s.io
+allow-fork-prs: true
+atlantis-url: https://atlantis.k8s.io
+autodiscover-mode: auto

kubernetes/gke-utility/atlantis/extras.yaml

@@ -0,0 +1,15 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: atlantis-vcs
+spec:
+  data:
+    - secretKey: webhook
+      remoteRef:
+        key: atlantis-webhook-k8s-io-repo
+    - secretKey: token
+      remoteRef:
+        key: k8s-infra-ci-robot-github-token
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: k8s-infra-prow

kubernetes/gke-utility/atlantis/httproute.yaml

@@ -0,0 +1,37 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: atlantis
+spec:
+  parentRefs:
+  - name: prow
+    sectionName: https
+  hostnames:
+  - atlantis.k8s.io
+  rules:
+  - matches:
+    - path:
+        value: /
+    backendRefs:
+    - name: atlantis
+      port: 80
+---
+apiVersion: security.istio.io/v1
+kind: AuthorizationPolicy
+metadata:
+  name: atlantis
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: atlantis
+  action: ALLOW
+  rules:
+    - from:
+      - source:
+          remoteIpBlocks: 
+            - "192.30.252.0/22"
+            - "185.199.108.0/22"
+            - "140.82.112.0/20"
+            - "143.55.64.0/20"
+            - "2a0a:a440::/29"
+            - "2606:50c0::/32"

kubernetes/gke-utility/atlantis/kustomization.yaml

@@ -0,0 +1,52 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: atlantis
+
+resources:
+- github.com/runatlantis/atlantis//kustomize
+- extras.yaml
+- httproute.yaml
+
+images:
+ - name: ghcr.io/runatlantis/atlantis
+   newTag: v0.30.0 
+
+configMapGenerator:
+- name: atlantis-config
+  files:
+    - atlantis.yaml
+
+patchesStrategicMerge:
+- |-
+  apiVersion: apps/v1
+  kind: StatefulSet
+  metadata:
+    name: atlantis
+  spec:
+    template:
+      spec:
+        containers:
+        - name: atlantis
+          env:
+            - name: ATLANTIS_CONFIG
+              value: /config/atlantis.yaml
+            - name: ATLANTIS_GH_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: atlantis-vcs
+                  key: token
+            - name: ATLANTIS_GH_WEBHOOK_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: atlantis-vcs
+                  key: webhook-secret
+          volumeMounts:
+          - name: config
+            mountPath: /config
+        volumes:
+        - name: config
+          configMap:
+            name: atlantis-config
+        - name: config
+          configMap:
+            name: atlantis-config