DirectorySecurity AdvisoriesPricing
Sign in
Directory
atlantis logoHELM

atlantis

Helm chart
Last changed
Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Overview
Chart versions
Default values
Chart metadata
Images

Tag:

1
## -------------------------- ##
2
# Values to override for your instance.
3
## -------------------------- ##
4
5
# -- Provide a name to substitute for the full names of resources.
6
fullnameOverride: ""
7
# -- Provide a name to substitute for the name of the chart.
8
nameOverride: ""
9
# -- An option to override the atlantis url,
10
# if not using an ingress, set it to the external IP.
11
# Check values.yaml for examples.
12
atlantisUrl: ""
13
# Example: http://10.0.0.0
14
15
# -- Replace this with your own repo allowlist.
16
orgAllowlist: "<replace-me>"
17
# -- Deprecated in favor of orgAllowlist.
18
orgWhitelist: "<deprecated>"
19
# -- Specify the log level for Atlantis.
20
# Accepts: debug, info, warn, or error.
21
logLevel: ""
22
# -- If using GitHub, please enter your values as follows.
23
# The chart will perform the base64 encoding for values that are stored in secrets.
24
# The 'hostname' key is exclusive to GitHub Enterprise installations.
25
# The 'org' key is used to restrict which GitHub org Atlantis will respond to.
26
# Check values.yaml for examples.
27
github: {}
28
# github:
29
# user: foo
30
# token: bar
31
# secret: baz
32
# hostname: github.your.org
33
# org: your-org
34
35
# -- If using a GitHub App, please enter your values as follows.
36
# The chart will perform the base64 encoding for you for values that are stored in secrets.
37
# installationId is necessary when there are multiple installs of the Github App.
38
# Check values.yaml for examples.
39
githubApp: {}
40
# githubApp:
41
# id: 123456
42
# installationId: 1
43
# slug: foo
44
# key: |
45
# -----BEGIN PRIVATE KEY-----
46
# ...
47
# -----END PRIVATE KEY-----
48
# secret: baz
49
50
# -- If using Gitea, please enter your values as follows.
51
# The 'baseUrl' key is exclusive to self-hosted Gitea installations.
52
# The chart will perform the base64 encoding for you for values that are stored in secrets.
53
# Check values.yaml for examples.
54
gitea: {}
55
# gitea:
56
# user: foo
57
# token: bar
58
# secret: baz
59
# baseUrl: gitea.your.org
60
61
# -- If using GitLab, please enter your values as follows.
62
# The 'hostname' key is exclusive to GitLab Enterprise installations.
63
# The chart will perform the base64 encoding for you for values that are stored in secrets.
64
# Check values.yaml for examples.
65
gitlab: {}
66
# gitlab:
67
# user: foo
68
# token: bar
69
# secret: baz
70
# hostname: gitlab.your.org
71
72
# -- If using Bitbucket, there are two approaches:
73
# Bitbucket Server, deployed in your own infrastructure
74
# and Cloud available at (https://Bitbucket.org).
75
# The chart will perform the base64 encoding for you for values that are stored in secrets.
76
# Check values.yaml for examples.
77
bitbucket: {}
78
# Bitbucket Server
79
# bitbucket:
80
# user: foo
81
# token: bar
82
# secret: baz
83
# baseURL: https://bitbucket.yourorganization.com
84
85
# Bitbucket Cloud
86
# The recommendation is to genarate a service user on your cloud environment, but you can live on the edge using your own user :).
87
# Create an APP PASSWORD to the user for the token value.
88
# Base URL are not needed here, but keep in mind to provide an IP Whitelist as the Atlantis documentation.
89
# For API token authentication (recommended over app passwords), specify apiUser which may differ from the user field.
90
# bitbucket:
91
# user: foo
92
# token: bar
93
# apiUser: foo@example.com # Optional: specify if using API tokens and the API user differs from user
94
95
# -- If using Azure DevOps, please enter your values as follows.
96
# The chart will perform the base64 encoding for you for values that are stored in secrets.
97
# Check values.yaml for examples.
98
azuredevops: {}
99
# azuredevops:
100
# user: foo
101
# token: bar
102
# webhookUser: foo
103
# webhookPassword: baz
104
105
# -- If managing secrets outside the chart for the webhook, use this variable to reference the secret name
106
vcsSecretName: ""
107
# -- When referencing Terraform modules in private repositories, it may be helpful
108
# (necessary?) to use redirection in a .gitconfig.
109
# Check values.yaml for examples.
110
gitconfig: ""
111
# gitconfig: |
112
# [url "https://YOUR_GH_TOKEN@github.com"]
113
# insteadOf = https://github.com
114
# [url "https://YOUR_GH_TOKEN@github.com"]
115
# insteadOf = ssh://git@github.com
116
# [url "https://oauth2:YOUR_GITLAB_TOKEN@gitlab.com"]
117
# insteadOf = https://gitlab.com
118
# [url "https://oauth2:YOUR_GITLAB_TOKEN@gitlab.com"]
119
# insteadOf = ssh://git@gitlab.com
120
# Source: https://stackoverflow.com/questions/42148841/github-clone-with-oauth-access-token
121
122
# -- When true gitconfig file is mounted as read only.
123
# When false, the gitconfig value will be copied to '/home/atlantis/.gitconfig' before starting the atlantis process,
124
# instead of being mounted as a file.
125
gitconfigReadOnly: true
126
# -- If managing secrets outside the chart for the gitconfig, use this variable to reference the secret name
127
gitconfigSecretName: ""
128
# -- When referencing Terraform modules in private repositories or registries (such as Artfactory)
129
# configuing a .netrc file for authentication may be required.
130
# Check values.yaml for examples.
131
netrc: ""
132
# netrc: |
133
# machine artifactory.myapp.com login YOUR_USERNAME password YOUR_PASSWORD
134
# machine bitbucket.myapp.com login YOUR_USERNAME password YOUR_PASSWORD
135
136
# -- If managing secrets outside the chart for the netrc file, use this variable to reference the secret name
137
netrcSecretName: ""
138
# -- To specify AWS credentials to be mapped to ~/.aws or to aws.directory.
139
# Check values.yaml for examples.
140
aws: {}
141
# aws:
142
# credentials: |
143
# [default]
144
# aws_access_key_id=YOUR_ACCESS_KEY_ID
145
# aws_secret_access_key=YOUR_SECRET_ACCESS_KEY
146
# region=us-east-1
147
# config: |
148
# [profile a_role_to_assume]
149
# role_arn = arn:aws:iam::123456789:role/service-role/roleToAssume
150
# source_profile = default
151
# directory: "/home/atlantis/.aws"
152
153
# -- To reference an already existing Secret object with AWS credentials
154
awsSecretName: ""
155
# -- To keep backwards compatibility only.
156
# Deprecated (see googleServiceAccountSecrets).
157
# To be used for mounting credential files (when using google provider).
158
# Check values.yaml for examples.
159
serviceAccountSecrets: {}
160
# serviceAccountSecrets:
161
# credentials: <json file as base64 encoded string>
162
# credentials-staging: <json file as base64 encoded string>
163
164
## -------------------------- ##
165
# Default values for atlantis (override as needed).
166
## -------------------------- ##
167
168
# -- (int) [optional] Define the port you would like atlantis to run on. When 0, the value of service.targetPort is used.
169
containerPort: 0
170
image:
171
repository: cgr.dev/scratch-images/test-tmp/atlantis
172
# -- If not set appVersion field from Chart.yaml is used
173
tag: 0.46.0-r1@sha256:d3d60966b87d6f5cddfb9d9d94c1e9cd269bd5dafdc7efa91fe7eea57ee34df1
174
pullPolicy: Always
175
# -- Optionally specify an array of imagePullSecrets.
176
# Secrets must be manually created in the namespace.
177
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/.
178
# Check values.yaml for examples.
179
imagePullSecrets: []
180
# imagePullSecrets:
181
# - myRegistryKeySecretName
182
183
# -- Override atlantis main configuration by config map,
184
# ref: https://www.runatlantis.io/docs/using-slack-hooks.html#configuring-atlantis.
185
# Check values.yaml for examples.
186
config: ""
187
# config: |
188
# ---
189
# webhooks:
190
# - event: apply
191
# workspace-regex: .*
192
# branch-regex: .*
193
# kind: slack
194
# channel: my-channel
195
196
# -- Use Server Side Repo Config,
197
# ref: https://www.runatlantis.io/docs/server-side-repo-config.html.
198
# Check values.yaml for examples.
199
repoConfig: ""
200
# Example with default configuration:
201
# repoConfig: |
202
# ---
203
# repos:
204
# - id: /.*/
205
# apply_requirements: []
206
# workflow: default
207
# allowed_overrides: []
208
# allow_custom_workflows: false
209
# workflows:
210
# default:
211
# plan:
212
# steps: [init, plan]
213
# apply:
214
# steps: [apply]
215
# metrics:
216
# prometheus:
217
# endpoint: /metrics
218
219
# -- Enables atlantis to run on a fork Pull Requests.
220
allowForkPRs: false
221
# -- Enables atlantis to run on a draft Pull Requests.
222
allowDraftPRs: false
223
# -- Enables atlantis to hide previous plan comments.
224
hidePrevPlanComments: false
225
# -- Enables atlantis to hide no-changes plan comments from the pull request.
226
hideUnchangedPlanComments: false
227
# -- Sets the default terraform distribution to use. Can be set to terraform or opentofu.
228
defaultTFDistribution: terraform
229
# -- Sets the default terraform version to be used in atlantis server.
230
# Check values.yaml for examples.
231
defaultTFVersion: ""
232
# Example: "0.12.0".
233
234
# -- Disables running `atlantis apply` regardless of which flags are sent with it.
235
disableApply: false
236
# -- Disables running `atlantis apply` without any flags.
237
disableApplyAll: false
238
# -- Stops atlantis locking projects and or workspaces when running terraform.
239
disableRepoLocking: false
240
# -- Use Diff Markdown Format for color coding diffs.
241
enableDiffMarkdownFormat: false
242
# -- Optionally specify an username and a password for basic authentication.
243
basicAuth:
244
username: ""
245
password: ""
246
# -- If managing secrets outside the chart for the Basic Auth secret, use this variable to reference the secret name.
247
basicAuthSecretName: ""
248
# -- Optionally specify an API secret to enable the API.
249
# Check values.yaml for examples.
250
api: {}
251
# api:
252
# secret: "s3cr3t"
253
254
# -- If managing secrets outside the chart for the API secret, use this variable to reference the secret name. The key containing the secret must be called 'apisecret'.
255
apiSecretName: ""
256
# -- Override the command field of the Atlantis container.
257
command: []
258
# -- Common Labels for all resources created by this chart.
259
commonLabels: {}
260
livenessProbe:
261
enabled: true
262
# -- We only need to check every 60s since Atlantis is not a high-throughput service.
263
periodSeconds: 60
264
initialDelaySeconds: 5
265
timeoutSeconds: 5
266
successThreshold: 1
267
failureThreshold: 5
268
scheme: HTTP
269
readinessProbe:
270
enabled: true
271
periodSeconds: 60
272
initialDelaySeconds: 5
273
timeoutSeconds: 5
274
successThreshold: 1
275
failureThreshold: 5
276
scheme: HTTP
277
service:
278
type: NodePort
279
annotations: {}
280
port: 80
281
portName: atlantis
282
nodePort: null
283
# -- (int) [optional] Define the port you would like atlantis to run on. Defaults to 4141.
284
targetPort: 4141
285
# -- (list) [optional] Additional ports to expose on the service, e.g. for an auth proxy sidecar. Each entry is a standard Service port object.
286
extraPorts: []
287
loadBalancerIP: null
288
loadBalancerSourceRanges: []
289
externalTrafficPolicy: null
290
# -- (string) [optional] Internal traffic policy for the Service. One of: Cluster, Local.
291
internalTrafficPolicy: null
292
# -- (string) [optional] Kubernetes Service sessionAffinity setting. One of: ClientIP, None.
293
sessionAffinity: null
294
# -- (object) [optional] Kubernetes Service sessionAffinityConfig. Only applicable when sessionAffinity=ClientIP.
295
sessionAffinityConfig: null
296
podTemplate:
297
# -- Check values.yaml for examples.
298
annotations: {}
299
# annotations:
300
# iam.amazonaws.com/role: role-arn # kube2iam example.
301
labels: {}
302
statefulSet:
303
annotations: {}
304
labels: {}
305
securityContext:
306
fsGroup: 1000
307
# -- It is not recommended to run atlantis as root.
308
runAsUser: 100
309
fsGroupChangePolicy: "OnRootMismatch"
310
priorityClassName: ""
311
updateStrategy: {}
312
# -- Option to share process namespace with atlantis container.
313
shareProcessNamespace: false
314
ingress:
315
enabled: true
316
ingressClassName:
317
labels: {}
318
# -- Check values.yaml for examples.
319
annotations: {}
320
# annotations:
321
# kubernetes.io/ingress.class: nginx
322
# kubernetes.io/tls-acme: "true"
323
# -- Use / for nginx.
324
path: /*
325
# -- Used when several paths under the same host, with different backend services, are required.
326
# Check values.yaml for examples.
327
paths: []
328
# - path: "/path1"
329
# service: test1
330
# port:
331
# - path: "/path2"
332
# service: test2
333
# port:
334
pathType: ImplementationSpecific
335
host: ""
336
# -- Used when several hosts are required.
337
# Check values.yaml for examples.
338
hosts: []
339
# - host: chart-example.local
340
# paths: ["/"]
341
# service: chart-example1
342
# - host: chart-example.local2
343
# service: chart-example1
344
# paths: ["/lala"]
345
# -- Check values.yaml for examples.
346
tls: []
347
# - secretName: chart-example-tls
348
# hosts:
349
# - chart-example.local
350
webhook_ingress:
351
# -- When true creates a secondary webhook.
352
enabled: false
353
ingressClassName:
354
# -- Check values.yaml for examples.
355
annotations: {}
356
# annotations:
357
# kubernetes.io/ingress.class: nginx
358
# kubernetes.io/tls-acme: "true"
359
# -- Use / for nginx.
360
path: /*
361
# -- Used when several paths under the same host, with different backend services, are required.
362
# Check values.yaml for examples.
363
paths: []
364
# - path: "/path1"
365
# service: test1
366
# port:
367
# - path: "/path2"
368
# service: test2
369
# port:
370
pathType: ImplementationSpecific
371
host: ""
372
# -- Used when several hosts are required.
373
# Check values.yaml for examples.
374
hosts: []
375
# - host: chart-example.local
376
# paths: ["/"]
377
# service: chart-example1
378
# - host: chart-example.local2
379
# service: chart-example1
380
# paths: ["/lala"]
381
# -- TLS configuration.
382
# Check values.yaml for examples.
383
tls: []
384
# - secretName: chart-example-tls
385
# hosts:
386
# - chart-example.local
387
labels: {}
388
route:
389
main:
390
# -- Enables or disables the route
391
enabled: false
392
# -- Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2
393
apiVersion: gateway.networking.k8s.io/v1
394
# -- Set the route kind
395
kind: HTTPRoute
396
annotations: {}
397
labels: {}
398
hostnames: []
399
# - atlantis.example.com
400
parentRefs: []
401
# - name: gateway
402
403
matches:
404
- path:
405
type: PathPrefix
406
value: /
407
## Filters define the filters that are applied to requests that match this rule.
408
filters: []
409
## Additional custom rules that can be added to the route
410
additionalRules: []
411
## httpsRedirect adds a filter for redirecting to https (HTTP 301 Moved Permanently).
412
httpsRedirect: false
413
# -- Allows to override the /etc/ssl/certs/ca-certificates.cer with your custom one.
414
# You have to create a secret with the specified name.
415
customPem: ""
416
# -- Resources for Atlantis.
417
# Check values.yaml for examples.
418
resources: {}
419
# resources:
420
# requests:
421
# memory: 1Gi
422
# cpu: 100m
423
# limits:
424
# memory: 1Gi
425
# cpu: 100m
426
427
# -- Path to the data directory for the volumeMount.
428
atlantisDataDirectory: /atlantis-data
429
volumeClaim:
430
enabled: true
431
# -- Disk space available to check out repositories.
432
dataStorage: 5Gi
433
# -- Storage class name (if possible, use a resizable one).
434
storageClassName: ""
435
# -- Volume attributes class name.
436
volumeAttributesClassName: ""
437
accessModes: ["ReadWriteOnce"]
438
# -- DEPRECATED - Disk space available to check out repositories.
439
# Example: 5Gi.
440
dataStorage: ""
441
# -- DEPRECATED - Storage class name for Atlantis disk.
442
storageClassName: ""
443
# -- Replica count for Atlantis pods.
444
replicaCount: 1
445
test:
446
# -- Enables test container.
447
enabled: true
448
image: bats/bats
449
imageTag: 1.9.0
450
annotations: {}
451
nodeSelector: {}
452
tolerations: []
453
affinity: {}
454
# -- You can use topology spread constraints to control how Pods are spread across your cluster among failure-domains such as regions,
455
# zones, nodes, and other user-defined topology domains. (requires Kubernetes >= 1.19).
456
# Check values.yaml for examples.
457
topologySpreadConstraints: []
458
# - labelSelector:
459
# matchLabels:
460
# app.kubernetes.io/name: aws-example-cluster
461
# maxSkew: 1
462
# topologyKey: topology.kubernetes.io/zone
463
# whenUnsatisfiable: DoNotSchedule
464
465
serviceAccount:
466
# -- Specifies whether a ServiceAccount should be created.
467
create: true
468
# -- Set the `automountServiceAccountToken` field on the pod template spec.
469
# -- If false, no kubernetes service account token will be mounted to the pod.
470
mount: true
471
# -- The name of the ServiceAccount to use.
472
# If not set and create is true, a name is generated using the fullname template.
473
name: null
474
# -- Annotations for the Service Account.
475
# Check values.yaml for examples.
476
annotations: {}
477
# annotations:
478
# annotation1: value
479
# annotation2: value
480
# IRSA example:
481
# annotations:
482
# eks.amazonaws.com/role-arn: role-arn
483
# -- Optionally deploy rbac to allow for the serviceAccount to manage terraform state via the kubernetes backend.
484
enableKubernetesBackend: false
485
# -- TLS Secret Name for Atlantis pod.
486
tlsSecretName: ""
487
# -- Additional path (`:` separated) that will be appended to the system `PATH` environment variable.
488
extraPath: ""
489
# -- Environment values to add to the Atlantis pod.
490
# Check values.yaml for examples.
491
environment: {}
492
# environment:
493
# ATLANTIS_DEFAULT_TF_VERSION: v1.2.9
494
495
# -- Optionally specify additional environment variables to be populated from Kubernetes secrets.
496
# Useful for passing in TF_VAR_foo or other secret environment variables from Kubernetes secrets.
497
# Check values.yaml for examples.
498
environmentSecrets: []
499
# environmentSecrets:
500
# - name: THE_ENV_VAR
501
# secretKeyRef:
502
# name: the_k8s_secret_name
503
# key: the_key_of_the_value_in_the_secret
504
505
# -- Optionally specify additional environment variables in raw yaml format.
506
# Useful to specify variables refering to k8s objects.
507
# Check values.yaml for examples.
508
environmentRaw: []
509
# environmentRaw:
510
# - name: POD_IP
511
# valueFrom:
512
# fieldRef:
513
# fieldPath: status.podIP
514
515
# -- Optionally specify additional Kubernetes secrets to load environment variables from.
516
# All key-value pairs within these secrets will be set as environment variables.
517
# Note that any variables set here will be ignored if also defined in the env block of the atlantis statefulset.
518
# For example, providing ATLANTIS_GH_USER here and defining a value for github.user will result in the github.user value being used.
519
# Check values.yaml for examples.
520
loadEnvFromSecrets: []
521
# loadEnvFromSecrets:
522
# - secret_one
523
# - secret_two
524
525
# -- Optionally specify additional Kubernetes ConfigMaps to load environment variables from.
526
# All key-value pairs within these ConfigMaps will be set as environment variables.
527
# Note that any variables set here will be ignored if also defined in the env block of the atlantis statefulset.
528
# For example, providing ATLANTIS_ALLOW_FORK_PRS here and defining a value for allowForkPRs will result in the allowForkPRs value being used.
529
# Check values.yaml for examples.
530
loadEnvFromConfigMaps: []
531
# loadEnvFromConfigMaps:
532
# - config_one
533
# - config_two
534
535
# -- Optionally specify google service account credentials as Kubernetes secrets. If you are using the terraform google provider you can specify the credentials as "${file("/var/secrets/some-secret-name/key.json")}".
536
# Check values.yaml for examples.
537
googleServiceAccountSecrets: []
538
# googleServiceAccountSecrets:
539
# - name: some-secret-name
540
# secretName: the_k8s_secret_name
541
542
# -- Optionally specify additional volumes for the pod.
543
# Check values.yaml for examples.
544
extraVolumes: []
545
# extraVolumes:
546
# - name: some-volume-name
547
# emptyDir: {}
548
549
# -- Optionally specify additional volume mounts for the container.
550
# Check values.yaml for examples.
551
extraVolumeMounts: []
552
# extraVolumeMounts:
553
# - name: some-volume-name
554
# mountPath: /path/in/container
555
556
# -- Optionally specify additional manifests to be created.
557
# Check values.yaml for examples.
558
extraManifests: []
559
# extraManifests:
560
# - apiVersion: cloud.google.com/v1beta1
561
# kind: BackendConfig
562
# metadata:
563
# name: "{{ .Release.Name }}-test"
564
# spec:
565
# securityPolicy:
566
# name: "gcp-cloud-armor-policy-test"
567
568
# -- Optionally specify init containers manifests to be added to the Atlantis pod.
569
# Check values.yaml for examples.
570
initContainers: []
571
# initContainers:
572
# - name: example
573
# image: alpine:latest
574
# command: ['sh', '-c', 'echo The init container is running! && sleep 10']
575
576
initConfig:
577
# -- Install providers/plugins into a path shared with the Atlantis pod.
578
enabled: false
579
image: cgr.dev/scratch-images/test-tmp/busybox:latest@sha256:272cf135b92c85c19481205b6c352084522360ec305842d9c83b1bc5183e3b33
580
imagePullPolicy: IfNotPresent
581
# -- SharedDir is set as env var INIT_SHARED_DIR.
582
sharedDir: /plugins
583
sharedDirReadOnly: true
584
workDir: /tmp
585
# -- Size for the shared volume.
586
sizeLimit: 300Mi
587
# -- Security context for the container.
588
containerSecurityContext: {}
589
# -- Script to run on the init container.
590
# @default -- Check values.yaml.
591
script: |
592
#!/bin/sh
593
set -eoux pipefail
594
595
# example for terragrunt
596
TG_VERSION="v0.67.5"
597
TG_SHA256_SUM="4e5ae67854a774be6419f7215733990b481662375dc0bd5f2eda05211a692cf0"
598
TG_FILE="${INIT_SHARED_DIR}/terragrunt"
599
wget https://github.com/gruntwork-io/terragrunt/releases/download/${TG_VERSION}/terragrunt_linux_amd64 -O "${TG_FILE}"
600
echo "${TG_SHA256_SUM} ${TG_FILE}" | sha256sum -c
601
chmod 755 "${TG_FILE}"
602
terragrunt -v
603
604
# example for terragrunt-atlantis-config
605
TAC_VERSION="1.18.0" # without v
606
TAC_SHA256_SUM="59178dcd3e426abf4b5d8fcb1ac8dbdea548a04aa64eaf39be200484a5e6f2ca"
607
TAC_FILE="${INIT_SHARED_DIR}/terragrunt-atlantis-config"
608
wget "https://github.com/transcend-io/terragrunt-atlantis-config/releases/download/v${TAC_VERSION}/terragrunt-atlantis-config_${TAC_VERSION}_linux_amd64"
609
echo "${TAC_SHA256_SUM} terragrunt-atlantis-config_${TAC_VERSION}_linux_amd64" | sha256sum -c
610
cp -fv "terragrunt-atlantis-config_${TAC_VERSION}_linux_amd64" "${TAC_FILE}"
611
chmod 755 "${TAC_FILE}"
612
terragrunt-atlantis-config version
613
# -- Optionally specify hostAliases for the Atlantis pod.
614
# Check values.yaml for examples.
615
hostAliases: []
616
# hostAliases:
617
# - hostnames:
618
# - aaa.com
619
# - test.ccc.com
620
# ip: 10.0.0.0
621
# - hostnames:
622
# - bbb.com
623
# ip: 10.0.0.2
624
625
# -- Optionally specify dnsPolicy parameter to specify a DNS policy for a pod
626
# Check https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
627
dnsPolicy: "ClusterFirst"
628
# -- Optionally specify dnsConfig for the Atlantis pod.
629
# Check values.yaml for examples.
630
dnsConfig: {}
631
# dnsConfig:
632
# nameservers:
633
# - 8.8.8.8
634
# searches:
635
# - mydomain.com
636
# options:
637
# - name: ndots
638
# value: "3"
639
640
hostNetwork: false
641
secret:
642
# -- Annotations for the Secrets.
643
# Check values.yaml for examples.
644
annotations: {}
645
# annotations:
646
# annotation1: value
647
# annotation2: value
648
# -- These annotations will be added to all the resources.
649
# Check values.yaml for examples.
650
extraAnnotations: {}
651
# extraAnnotations:
652
# team: example
653
654
# -- Optionally specify extra arguments for the Atlantis pod.
655
# Check values.yaml for examples.
656
extraArgs: []
657
# extraArgs:
658
# - --disable-autoplan
659
# - --disable-repo-locking
660
661
# -- Optionally specify extra containers for the Atlantis pod.
662
# Check values.yaml for examples.
663
extraContainers: []
664
# extraContainers:
665
# - name: <container name>
666
# args:
667
# - ...
668
# image: <docker images>
669
# imagePullPolicy: IfNotPresent
670
# resources:
671
# limits:
672
# memory: 128Mi
673
# requests:
674
# cpu: 100m
675
# memory: 128Mi
676
# volumeMounts:
677
# - ...
678
679
# -- Check values.yaml for examples.
680
containerSecurityContext: {}
681
# containerSecurityContext:
682
# allowPrivilegeEscalation: false
683
# readOnlyRootFilesystem: true
684
685
servicemonitor:
686
# -- To enable a Prometheus servicemonitor, set enabled to true,
687
# and enable the metrics in this file's repoConfig
688
# by setting a value for metrics.prometheus.endpoint.
689
enabled: false
690
interval: "30s"
691
path: /metrics
692
# -- Prometheus ServiceMonitor labels.
693
additionalLabels: {}
694
auth:
695
# -- If auth is enabled on Atlantis, use one of the following mechanism.
696
basicAuth:
697
# -- Authentication from the secret generated with the basicAuth values
698
# this will reference the username and password keys
699
# from the atlantis-basic-auth secret.
700
enabled: false
701
externalSecret:
702
# -- Authentication based on an external secret
703
enabled: false
704
name: ""
705
# -- Check values.yaml for examples.
706
keys: {}
707
# keys:
708
# username: USERNAME
709
# password: ATLANTIS_WEB_PASSWORD
710
# -- Optional metric relabelings to drop or modify metrics.
711
metricRelabelings: []
712
# metricRelabelings:
713
# - action: drop
714
# regex: "atlantis_project_apply_execution_.*"
715
# sourceLabels: [__name__]
716
# -- Enable this if you're using Google Managed Prometheus.
717
podMonitor:
718
enabled: false
719
interval: "30s"
720
metricRelabeling: []
721
# -- Set the desired Locking DB type
722
# Accepts boltdb or redis.
723
lockingDbType: ""
724
# -- Configure Redis Locking DB.
725
# lockingDbType value must be redis for the config to take effect.
726
# Check values.yaml for examples.
727
redis: {}
728
# redis:
729
# host: redis.host.name
730
# password: myRedisPassword
731
# port: 6379
732
# db: 0
733
# tlsEnabled: false
734
# insecureSkipVerify: false
735
736
# -- When managing secrets outside the chart for the Redis secret, use this variable to reference the secret name.
737
redisSecretName: ""
738
# -- Key within the existing Redis secret that contains the password value.
739
redisSecretPasswordKey: password
740
# -- (int) Optionally customize the termination grace period in seconds.
741
# @default -- default depends on the kubernetes version.
742
terminationGracePeriodSeconds:
743
# terminationGracePeriodSeconds: 300
744
745
# -- Set lifecycle hooks.
746
# https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/.
747
lifecycle: {}
748
# lifecycle:
749
# preStop:
750
# exec:
751
# command:
752
# - /bin/sh
753
# - -c
754
# - while pgrep -x "terraform|tofu|terragrunt" > /dev/null; do sleep 1; done
755

The trusted source for open source

Talk to an expert
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsChainguard OS PackagesChainguard ActionsChainguard Agent SkillsIntegrationsPricing
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.