DirectorySecurity AdvisoriesPricing
Sign in
Directory
atlantis logoHELM

atlantis

Helm chart
Last changed
Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Overview
Chart versions
Default values
Chart metadata
Images

Tag:
1
## -------------------------- ##
2
# Values to override for your instance.
3
## -------------------------- ##
4
5
# -- Provide a name to substitute for the full names of resources.
6
fullnameOverride: ""
7
# -- Provide a name to substitute for the name of the chart.
8
nameOverride: ""
9
# -- An option to override the atlantis url,
10
# if not using an ingress, set it to the external IP.
11
# Check values.yaml for examples.
12
atlantisUrl: ""
13
# Example: http://10.0.0.0
14
15
# -- Replace this with your own repo allowlist.
16
orgAllowlist: "<replace-me>"
17
# -- Deprecated in favor of orgAllowlist.
18
orgWhitelist: "<deprecated>"
19
# -- Specify the log level for Atlantis.
20
# Accepts: debug, info, warn, or error.
21
logLevel: ""
22
# -- If using GitHub, please enter your values as follows.
23
# The chart will perform the base64 encoding for values that are stored in secrets.
24
# The 'hostname' key is exclusive to GitHub Enterprise installations.
25
# The 'org' key is used to restrict which GitHub org Atlantis will respond to.
26
# Check values.yaml for examples.
27
github: {}
28
# github:
29
# user: foo
30
# token: bar
31
# secret: baz
32
# hostname: github.your.org
33
# org: your-org
34
35
# -- If using a GitHub App, please enter your values as follows.
36
# The chart will perform the base64 encoding for you for values that are stored in secrets.
37
# installationId is necessary when there are multiple installs of the Github App.
38
# Check values.yaml for examples.
39
githubApp: {}
40
# githubApp:
41
# id: 123456
42
# installationId: 1
43
# slug: foo
44
# key: |
45
# -----BEGIN PRIVATE KEY-----
46
# ...
47
# -----END PRIVATE KEY-----
48
# secret: baz
49
50
# -- If using Gitea, please enter your values as follows.
51
# The 'baseUrl' key is exclusive to self-hosted Gitea installations.
52
# The chart will perform the base64 encoding for you for values that are stored in secrets.
53
# Check values.yaml for examples.
54
gitea: {}
55
# gitea:
56
# user: foo
57
# token: bar
58
# secret: baz
59
# baseUrl: gitea.your.org
60
61
# -- If using GitLab, please enter your values as follows.
62
# The 'hostname' key is exclusive to GitLab Enterprise installations.
63
# The chart will perform the base64 encoding for you for values that are stored in secrets.
64
# Check values.yaml for examples.
65
gitlab: {}
66
# gitlab:
67
# user: foo
68
# token: bar
69
# secret: baz
70
# hostname: gitlab.your.org
71
72
# -- If using Bitbucket, there are two approaches:
73
# Bitbucket Server, deployed in your own infrastructure
74
# and Cloud available at (https://Bitbucket.org).
75
# The chart will perform the base64 encoding for you for values that are stored in secrets.
76
# Check values.yaml for examples.
77
bitbucket: {}
78
# Bitbucket Server
79
# bitbucket:
80
# user: foo
81
# token: bar
82
# secret: baz
83
# baseURL: https://bitbucket.yourorganization.com
84
85
# Bitbucket Cloud
86
# The recommendation is to genarate a service user on your cloud environment, but you can live on the edge using your own user :).
87
# Create an APP PASSWORD to the user for the token value.
88
# Base URL are not needed here, but keep in mind to provide an IP Whitelist as the Atlantis documentation.
89
# For API token authentication (recommended over app passwords), specify apiUser which may differ from the user field.
90
# bitbucket:
91
# user: foo
92
# token: bar
93
# apiUser: foo@example.com # Optional: specify if using API tokens and the API user differs from user
94
95
# -- If using Azure DevOps, please enter your values as follows.
96
# The chart will perform the base64 encoding for you for values that are stored in secrets.
97
# Check values.yaml for examples.
98
azuredevops: {}
99
# azuredevops:
100
# user: foo
101
# token: bar
102
# webhookUser: foo
103
# webhookPassword: baz
104
105
# -- If managing secrets outside the chart for the webhook, use this variable to reference the secret name
106
vcsSecretName: ""
107
# -- When referencing Terraform modules in private repositories, it may be helpful
108
# (necessary?) to use redirection in a .gitconfig.
109
# Check values.yaml for examples.
110
gitconfig: ""
111
# gitconfig: |
112
# [url "https://YOUR_GH_TOKEN@github.com"]
113
# insteadOf = https://github.com
114
# [url "https://YOUR_GH_TOKEN@github.com"]
115
# insteadOf = ssh://git@github.com
116
# [url "https://oauth2:YOUR_GITLAB_TOKEN@gitlab.com"]
117
# insteadOf = https://gitlab.com
118
# [url "https://oauth2:YOUR_GITLAB_TOKEN@gitlab.com"]
119
# insteadOf = ssh://git@gitlab.com
120
# Source: https://stackoverflow.com/questions/42148841/github-clone-with-oauth-access-token
121
122
# -- When true gitconfig file is mounted as read only.
123
# When false, the gitconfig value will be copied to '/home/atlantis/.gitconfig' before starting the atlantis process,
124
# instead of being mounted as a file.
125
gitconfigReadOnly: true
126
# -- If managing secrets outside the chart for the gitconfig, use this variable to reference the secret name
127
gitconfigSecretName: ""
128
# -- When referencing Terraform modules in private repositories or registries (such as Artfactory)
129
# configuing a .netrc file for authentication may be required.
130
# Check values.yaml for examples.
131
netrc: ""
132
# netrc: |
133
# machine artifactory.myapp.com login YOUR_USERNAME password YOUR_PASSWORD
134
# machine bitbucket.myapp.com login YOUR_USERNAME password YOUR_PASSWORD
135
136
# -- If managing secrets outside the chart for the netrc file, use this variable to reference the secret name
137
netrcSecretName: ""
138
# -- To specify AWS credentials to be mapped to ~/.aws or to aws.directory.
139
# Check values.yaml for examples.
140
aws: {}
141
# aws:
142
# credentials: |
143
# [default]
144
# aws_access_key_id=YOUR_ACCESS_KEY_ID
145
# aws_secret_access_key=YOUR_SECRET_ACCESS_KEY
146
# region=us-east-1
147
# config: |
148
# [profile a_role_to_assume]
149
# role_arn = arn:aws:iam::123456789:role/service-role/roleToAssume
150
# source_profile = default
151
# directory: "/home/atlantis/.aws"
152
153
# -- To reference an already existing Secret object with AWS credentials
154
awsSecretName: ""
155
# -- To keep backwards compatibility only.
156
# Deprecated (see googleServiceAccountSecrets).
157
# To be used for mounting credential files (when using google provider).
158
# Check values.yaml for examples.
159
serviceAccountSecrets: {}
160
# serviceAccountSecrets:
161
# credentials: <json file as base64 encoded string>
162
# credentials-staging: <json file as base64 encoded string>
163
164
## -------------------------- ##
165
# Default values for atlantis (override as needed).
166
## -------------------------- ##
167
168
# -- (int) [optional] Define the port you would like atlantis to run on. When 0, the value of service.targetPort is used.
169
containerPort: 0
170
image:
171
repository: cgr.dev/scratch-images/test-tmp/atlantis
172
# -- If not set appVersion field from Chart.yaml is used
173
tag: 0.43.0-r0@sha256:4e54fa23f7a455bef7b77996102cdc215b1fceca501416e21084960a227f30a4
174
pullPolicy: Always
175
# -- Optionally specify an array of imagePullSecrets.
176
# Secrets must be manually created in the namespace.
177
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/.
178
# Check values.yaml for examples.
179
imagePullSecrets: []
180
# imagePullSecrets:
181
# - myRegistryKeySecretName
182
183
# -- Override atlantis main configuration by config map,
184
# ref: https://www.runatlantis.io/docs/using-slack-hooks.html#configuring-atlantis.
185
# Check values.yaml for examples.
186
config: ""
187
# config: |
188
# ---
189
# webhooks:
190
# - event: apply
191
# workspace-regex: .*
192
# branch-regex: .*
193
# kind: slack
194
# channel: my-channel
195
196
# -- Use Server Side Repo Config,
197
# ref: https://www.runatlantis.io/docs/server-side-repo-config.html.
198
# Check values.yaml for examples.
199
repoConfig: ""
200
# Example with default configuration:
201
# repoConfig: |
202
# ---
203
# repos:
204
# - id: /.*/
205
# apply_requirements: []
206
# workflow: default
207
# allowed_overrides: []
208
# allow_custom_workflows: false
209
# workflows:
210
# default:
211
# plan:
212
# steps: [init, plan]
213
# apply:
214
# steps: [apply]
215
# metrics:
216
# prometheus:
217
# endpoint: /metrics
218
219
# -- Enables atlantis to run on a fork Pull Requests.
220
allowForkPRs: false
221
# -- Enables atlantis to run on a draft Pull Requests.
222
allowDraftPRs: false
223
# -- Enables atlantis to hide previous plan comments.
224
hidePrevPlanComments: false
225
# -- Enables atlantis to hide no-changes plan comments from the pull request.
226
hideUnchangedPlanComments: false
227
# -- Sets the default terraform distribution to use. Can be set to terraform or opentofu.
228
defaultTFDistribution: terraform
229
# -- Sets the default terraform version to be used in atlantis server.
230
# Check values.yaml for examples.
231
defaultTFVersion: ""
232
# Example: "0.12.0".
233
234
# -- Disables running `atlantis apply` regardless of which flags are sent with it.
235
disableApply: false
236
# -- Disables running `atlantis apply` without any flags.
237
disableApplyAll: false
238
# -- Stops atlantis locking projects and or workspaces when running terraform.
239
disableRepoLocking: false
240
# -- Use Diff Markdown Format for color coding diffs.
241
enableDiffMarkdownFormat: false
242
# -- Optionally specify an username and a password for basic authentication.
243
basicAuth:
244
username: ""
245
password: ""
246
# -- If managing secrets outside the chart for the Basic Auth secret, use this variable to reference the secret name.
247
basicAuthSecretName: ""
248
# -- Optionally specify an API secret to enable the API.
249
# Check values.yaml for examples.
250
api: {}
251
# api:
252
# secret: "s3cr3t"
253
254
# -- If managing secrets outside the chart for the API secret, use this variable to reference the secret name. The key containing the secret must be called 'apisecret'.
255
apiSecretName: ""
256
# -- Override the command field of the Atlantis container.
257
command: []
258
# -- Common Labels for all resources created by this chart.
259
commonLabels: {}
260
livenessProbe:
261
enabled: true
262
# -- We only need to check every 60s since Atlantis is not a high-throughput service.
263
periodSeconds: 60
264
initialDelaySeconds: 5
265
timeoutSeconds: 5
266
successThreshold: 1
267
failureThreshold: 5
268
scheme: HTTP
269
readinessProbe:
270
enabled: true
271
periodSeconds: 60
272
initialDelaySeconds: 5
273
timeoutSeconds: 5
274
successThreshold: 1
275
failureThreshold: 5
276
scheme: HTTP
277
service:
278
type: NodePort
279
annotations: {}
280
port: 80
281
portName: atlantis
282
nodePort: null
283
# -- (int) [optional] Define the port you would like atlantis to run on. Defaults to 4141.
284
targetPort: 4141
285
loadBalancerIP: null
286
loadBalancerSourceRanges: []
287
externalTrafficPolicy: null
288
# -- (string) [optional] Internal traffic policy for the Service. One of: Cluster, Local.
289
internalTrafficPolicy: null
290
# -- (string) [optional] Kubernetes Service sessionAffinity setting. One of: ClientIP, None.
291
sessionAffinity: null
292
# -- (object) [optional] Kubernetes Service sessionAffinityConfig. Only applicable when sessionAffinity=ClientIP.
293
sessionAffinityConfig: null
294
podTemplate:
295
# -- Check values.yaml for examples.
296
annotations: {}
297
# annotations:
298
# iam.amazonaws.com/role: role-arn # kube2iam example.
299
labels: {}
300
statefulSet:
301
annotations: {}
302
labels: {}
303
securityContext:
304
fsGroup: 1000
305
# -- It is not recommended to run atlantis as root.
306
runAsUser: 100
307
fsGroupChangePolicy: "OnRootMismatch"
308
priorityClassName: ""
309
updateStrategy: {}
310
# -- Option to share process namespace with atlantis container.
311
shareProcessNamespace: false
312
ingress:
313
enabled: true
314
ingressClassName:
315
labels: {}
316
# -- Check values.yaml for examples.
317
annotations: {}
318
# annotations:
319
# kubernetes.io/ingress.class: nginx
320
# kubernetes.io/tls-acme: "true"
321
# -- Use / for nginx.
322
path: /*
323
# -- Used when several paths under the same host, with different backend services, are required.
324
# Check values.yaml for examples.
325
paths: []
326
# - path: "/path1"
327
# service: test1
328
# port:
329
# - path: "/path2"
330
# service: test2
331
# port:
332
pathType: ImplementationSpecific
333
host: ""
334
# -- Used when several hosts are required.
335
# Check values.yaml for examples.
336
hosts: []
337
# - host: chart-example.local
338
# paths: ["/"]
339
# service: chart-example1
340
# - host: chart-example.local2
341
# service: chart-example1
342
# paths: ["/lala"]
343
# -- Check values.yaml for examples.
344
tls: []
345
# - secretName: chart-example-tls
346
# hosts:
347
# - chart-example.local
348
webhook_ingress:
349
# -- When true creates a secondary webhook.
350
enabled: false
351
ingressClassName:
352
# -- Check values.yaml for examples.
353
annotations: {}
354
# annotations:
355
# kubernetes.io/ingress.class: nginx
356
# kubernetes.io/tls-acme: "true"
357
# -- Use / for nginx.
358
path: /*
359
# -- Used when several paths under the same host, with different backend services, are required.
360
# Check values.yaml for examples.
361
paths: []
362
# - path: "/path1"
363
# service: test1
364
# port:
365
# - path: "/path2"
366
# service: test2
367
# port:
368
pathType: ImplementationSpecific
369
host: ""
370
# -- Used when several hosts are required.
371
# Check values.yaml for examples.
372
hosts: []
373
# - host: chart-example.local
374
# paths: ["/"]
375
# service: chart-example1
376
# - host: chart-example.local2
377
# service: chart-example1
378
# paths: ["/lala"]
379
# -- TLS configuration.
380
# Check values.yaml for examples.
381
tls: []
382
# - secretName: chart-example-tls
383
# hosts:
384
# - chart-example.local
385
labels: {}
386
route:
387
main:
388
# -- Enables or disables the route
389
enabled: false
390
# -- Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2
391
apiVersion: gateway.networking.k8s.io/v1
392
# -- Set the route kind
393
kind: HTTPRoute
394
annotations: {}
395
labels: {}
396
hostnames: []
397
# - atlantis.example.com
398
parentRefs: []
399
# - name: gateway
400
401
matches:
402
- path:
403
type: PathPrefix
404
value: /
405
## Filters define the filters that are applied to requests that match this rule.
406
filters: []
407
## Additional custom rules that can be added to the route
408
additionalRules: []
409
## httpsRedirect adds a filter for redirecting to https (HTTP 301 Moved Permanently).
410
httpsRedirect: false
411
# -- Allows to override the /etc/ssl/certs/ca-certificates.cer with your custom one.
412
# You have to create a secret with the specified name.
413
customPem: ""
414
# -- Resources for Atlantis.
415
# Check values.yaml for examples.
416
resources: {}
417
# resources:
418
# requests:
419
# memory: 1Gi
420
# cpu: 100m
421
# limits:
422
# memory: 1Gi
423
# cpu: 100m
424
425
# -- Path to the data directory for the volumeMount.
426
atlantisDataDirectory: /atlantis-data
427
volumeClaim:
428
enabled: true
429
# -- Disk space available to check out repositories.
430
dataStorage: 5Gi
431
# -- Storage class name (if possible, use a resizable one).
432
storageClassName: ""
433
accessModes: ["ReadWriteOnce"]
434
# -- DEPRECATED - Disk space available to check out repositories.
435
# Example: 5Gi.
436
dataStorage: ""
437
# -- DEPRECATED - Storage class name for Atlantis disk.
438
storageClassName: ""
439
# -- Replica count for Atlantis pods.
440
replicaCount: 1
441
test:
442
# -- Enables test container.
443
enabled: true
444
image: bats/bats
445
imageTag: 1.9.0
446
annotations: {}
447
nodeSelector: {}
448
tolerations: []
449
affinity: {}
450
# -- You can use topology spread constraints to control how Pods are spread across your cluster among failure-domains such as regions,
451
# zones, nodes, and other user-defined topology domains. (requires Kubernetes >= 1.19).
452
# Check values.yaml for examples.
453
topologySpreadConstraints: []
454
# - labelSelector:
455
# matchLabels:
456
# app.kubernetes.io/name: aws-example-cluster
457
# maxSkew: 1
458
# topologyKey: topology.kubernetes.io/zone
459
# whenUnsatisfiable: DoNotSchedule
460
461
serviceAccount:
462
# -- Specifies whether a ServiceAccount should be created.
463
create: true
464
# -- Set the `automountServiceAccountToken` field on the pod template spec.
465
# -- If false, no kubernetes service account token will be mounted to the pod.
466
mount: true
467
# -- The name of the ServiceAccount to use.
468
# If not set and create is true, a name is generated using the fullname template.
469
name: null
470
# -- Annotations for the Service Account.
471
# Check values.yaml for examples.
472
annotations: {}
473
# annotations:
474
# annotation1: value
475
# annotation2: value
476
# IRSA example:
477
# annotations:
478
# eks.amazonaws.com/role-arn: role-arn
479
# -- Optionally deploy rbac to allow for the serviceAccount to manage terraform state via the kubernetes backend.
480
enableKubernetesBackend: false
481
# -- TLS Secret Name for Atlantis pod.
482
tlsSecretName: ""
483
# -- Additional path (`:` separated) that will be appended to the system `PATH` environment variable.
484
extraPath: ""
485
# -- Environment values to add to the Atlantis pod.
486
# Check values.yaml for examples.
487
environment: {}
488
# environment:
489
# ATLANTIS_DEFAULT_TF_VERSION: v1.2.9
490
491
# -- Optionally specify additional environment variables to be populated from Kubernetes secrets.
492
# Useful for passing in TF_VAR_foo or other secret environment variables from Kubernetes secrets.
493
# Check values.yaml for examples.
494
environmentSecrets: []
495
# environmentSecrets:
496
# - name: THE_ENV_VAR
497
# secretKeyRef:
498
# name: the_k8s_secret_name
499
# key: the_key_of_the_value_in_the_secret
500
501
# -- Optionally specify additional environment variables in raw yaml format.
502
# Useful to specify variables refering to k8s objects.
503
# Check values.yaml for examples.
504
environmentRaw: []
505
# environmentRaw:
506
# - name: POD_IP
507
# valueFrom:
508
# fieldRef:
509
# fieldPath: status.podIP
510
511
# -- Optionally specify additional Kubernetes secrets to load environment variables from.
512
# All key-value pairs within these secrets will be set as environment variables.
513
# Note that any variables set here will be ignored if also defined in the env block of the atlantis statefulset.
514
# For example, providing ATLANTIS_GH_USER here and defining a value for github.user will result in the github.user value being used.
515
# Check values.yaml for examples.
516
loadEnvFromSecrets: []
517
# loadEnvFromSecrets:
518
# - secret_one
519
# - secret_two
520
521
# -- Optionally specify additional Kubernetes ConfigMaps to load environment variables from.
522
# All key-value pairs within these ConfigMaps will be set as environment variables.
523
# Note that any variables set here will be ignored if also defined in the env block of the atlantis statefulset.
524
# For example, providing ATLANTIS_ALLOW_FORK_PRS here and defining a value for allowForkPRs will result in the allowForkPRs value being used.
525
# Check values.yaml for examples.
526
loadEnvFromConfigMaps: []
527
# loadEnvFromConfigMaps:
528
# - config_one
529
# - config_two
530
531
# -- Optionally specify google service account credentials as Kubernetes secrets. If you are using the terraform google provider you can specify the credentials as "${file("/var/secrets/some-secret-name/key.json")}".
532
# Check values.yaml for examples.
533
googleServiceAccountSecrets: []
534
# googleServiceAccountSecrets:
535
# - name: some-secret-name
536
# secretName: the_k8s_secret_name
537
538
# -- Optionally specify additional volumes for the pod.
539
# Check values.yaml for examples.
540
extraVolumes: []
541
# extraVolumes:
542
# - name: some-volume-name
543
# emptyDir: {}
544
545
# -- Optionally specify additional volume mounts for the container.
546
# Check values.yaml for examples.
547
extraVolumeMounts: []
548
# extraVolumeMounts:
549
# - name: some-volume-name
550
# mountPath: /path/in/container
551
552
# -- Optionally specify additional manifests to be created.
553
# Check values.yaml for examples.
554
extraManifests: []
555
# extraManifests:
556
# - apiVersion: cloud.google.com/v1beta1
557
# kind: BackendConfig
558
# metadata:
559
# name: "{{ .Release.Name }}-test"
560
# spec:
561
# securityPolicy:
562
# name: "gcp-cloud-armor-policy-test"
563
564
# -- Optionally specify init containers manifests to be added to the Atlantis pod.
565
# Check values.yaml for examples.
566
initContainers: []
567
# initContainers:
568
# - name: example
569
# image: alpine:latest
570
# command: ['sh', '-c', 'echo The init container is running! && sleep 10']
571
572
initConfig:
573
# -- Install providers/plugins into a path shared with the Atlantis pod.
574
enabled: false
575
image: cgr.dev/scratch-images/test-tmp/busybox:latest@sha256:f59facaf2ddfa00a7ab584dab0976d075d1be0dac21e70270694a78eab93bf94
576
imagePullPolicy: IfNotPresent
577
# -- SharedDir is set as env var INIT_SHARED_DIR.
578
sharedDir: /plugins
579
sharedDirReadOnly: true
580
workDir: /tmp
581
# -- Size for the shared volume.
582
sizeLimit: 300Mi
583
# -- Security context for the container.
584
containerSecurityContext: {}
585
# -- Script to run on the init container.
586
# @default -- Check values.yaml.
587
script: |
588
#!/bin/sh
589
set -eoux pipefail
590
591
# example for terragrunt
592
TG_VERSION="v0.67.5"
593
TG_SHA256_SUM="4e5ae67854a774be6419f7215733990b481662375dc0bd5f2eda05211a692cf0"
594
TG_FILE="${INIT_SHARED_DIR}/terragrunt"
595
wget https://github.com/gruntwork-io/terragrunt/releases/download/${TG_VERSION}/terragrunt_linux_amd64 -O "${TG_FILE}"
596
echo "${TG_SHA256_SUM} ${TG_FILE}" | sha256sum -c
597
chmod 755 "${TG_FILE}"
598
terragrunt -v
599
600
# example for terragrunt-atlantis-config
601
TAC_VERSION="1.18.0" # without v
602
TAC_SHA256_SUM="59178dcd3e426abf4b5d8fcb1ac8dbdea548a04aa64eaf39be200484a5e6f2ca"
603
TAC_FILE="${INIT_SHARED_DIR}/terragrunt-atlantis-config"
604
wget "https://github.com/transcend-io/terragrunt-atlantis-config/releases/download/v${TAC_VERSION}/terragrunt-atlantis-config_${TAC_VERSION}_linux_amd64"
605
echo "${TAC_SHA256_SUM} terragrunt-atlantis-config_${TAC_VERSION}_linux_amd64" | sha256sum -c
606
cp -fv "terragrunt-atlantis-config_${TAC_VERSION}_linux_amd64" "${TAC_FILE}"
607
chmod 755 "${TAC_FILE}"
608
terragrunt-atlantis-config version
609
# -- Optionally specify hostAliases for the Atlantis pod.
610
# Check values.yaml for examples.
611
hostAliases: []
612
# hostAliases:
613
# - hostnames:
614
# - aaa.com
615
# - test.ccc.com
616
# ip: 10.0.0.0
617
# - hostnames:
618
# - bbb.com
619
# ip: 10.0.0.2
620
621
# -- Optionally specify dnsPolicy parameter to specify a DNS policy for a pod
622
# Check https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
623
dnsPolicy: "ClusterFirst"
624
# -- Optionally specify dnsConfig for the Atlantis pod.
625
# Check values.yaml for examples.
626
dnsConfig: {}
627
# dnsConfig:
628
# nameservers:
629
# - 8.8.8.8
630
# searches:
631
# - mydomain.com
632
633
hostNetwork: false
634
secret:
635
# -- Annotations for the Secrets.
636
# Check values.yaml for examples.
637
annotations: {}
638
# annotations:
639
# annotation1: value
640
# annotation2: value
641
# -- These annotations will be added to all the resources.
642
# Check values.yaml for examples.
643
extraAnnotations: {}
644
# extraAnnotations:
645
# team: example
646
647
# -- Optionally specify extra arguments for the Atlantis pod.
648
# Check values.yaml for examples.
649
extraArgs: []
650
# extraArgs:
651
# - --disable-autoplan
652
# - --disable-repo-locking
653
654
# -- Optionally specify extra containers for the Atlantis pod.
655
# Check values.yaml for examples.
656
extraContainers: []
657
# extraContainers:
658
# - name: <container name>
659
# args:
660
# - ...
661
# image: <docker images>
662
# imagePullPolicy: IfNotPresent
663
# resources:
664
# limits:
665
# memory: 128Mi
666
# requests:
667
# cpu: 100m
668
# memory: 128Mi
669
# volumeMounts:
670
# - ...
671
672
# -- Check values.yaml for examples.
673
containerSecurityContext: {}
674
# containerSecurityContext:
675
# allowPrivilegeEscalation: false
676
# readOnlyRootFilesystem: true
677
678
servicemonitor:
679
# -- To enable a Prometheus servicemonitor, set enabled to true,
680
# and enable the metrics in this file's repoConfig
681
# by setting a value for metrics.prometheus.endpoint.
682
enabled: false
683
interval: "30s"
684
path: /metrics
685
# -- Prometheus ServiceMonitor labels.
686
additionalLabels: {}
687
auth:
688
# -- If auth is enabled on Atlantis, use one of the following mechanism.
689
basicAuth:
690
# -- Authentication from the secret generated with the basicAuth values
691
# this will reference the username and password keys
692
# from the atlantis-basic-auth secret.
693
enabled: false
694
externalSecret:
695
# -- Authentication based on an external secret
696
enabled: false
697
name: ""
698
# -- Check values.yaml for examples.
699
keys: {}
700
# keys:
701
# username: USERNAME
702
# password: ATLANTIS_WEB_PASSWORD
703
# -- Optional metric relabelings to drop or modify metrics.
704
metricRelabelings: []
705
# metricRelabelings:
706
# - action: drop
707
# regex: "atlantis_project_apply_execution_.*"
708
# sourceLabels: [__name__]
709
# -- Enable this if you're using Google Managed Prometheus.
710
podMonitor:
711
enabled: false
712
interval: "30s"
713
metricRelabeling: []
714
# -- Set the desired Locking DB type
715
# Accepts boltdb or redis.
716
lockingDbType: ""
717
# -- Configure Redis Locking DB.
718
# lockingDbType value must be redis for the config to take effect.
719
# Check values.yaml for examples.
720
redis: {}
721
# redis:
722
# host: redis.host.name
723
# password: myRedisPassword
724
# port: 6379
725
# db: 0
726
# tlsEnabled: false
727
# insecureSkipVerify: false
728
729
# -- When managing secrets outside the chart for the Redis secret, use this variable to reference the secret name.
730
redisSecretName: ""
731
# -- Key within the existing Redis secret that contains the password value.
732
redisSecretPasswordKey: password
733
# -- (int) Optionally customize the termination grace period in seconds.
734
# @default -- default depends on the kubernetes version.
735
terminationGracePeriodSeconds:
736
# terminationGracePeriodSeconds: 300
737
738
# -- Set lifecycle hooks.
739
# https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/.
740
lifecycle: {}
741
# lifecycle:
742
# preStop:
743
# exec:
744
# command:
745
# - /bin/sh
746
# - -c
747
# - while pgrep -x "terraform|tofu|terragrunt" > /dev/null; do sleep 1; done
748

The trusted source for open source

Talk to an expert
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsChainguard OS PackagesChainguard ActionsChainguard Agent SkillsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0SOC 2Golden ImagesCVE RemediationPublic SectorStartups

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogOpen Source LeadershipPartnersNewsroomCareersLegal
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.