feat(annotations): add secret annotations

charts/atlantis/Chart.yaml

@@ -3,7 +3,7 @@ apiVersion: v1
 appVersion: v0.33.0
 description: A Helm chart for Atlantis https://www.runatlantis.io
 name: atlantis
-version: 5.14.0
+version: 5.15.0
 keywords:
   - terraform
 home: https://www.runatlantis.io

charts/atlantis/README.md

@@ -104,7 +104,7 @@ extraManifests:
 | environment | object | `{}` | Environment values to add to the Atlantis pod. Check values.yaml for examples. |
 | environmentRaw | list | `[]` | Optionally specify additional environment variables in raw yaml format. Useful to specify variables refering to k8s objects. Check values.yaml for examples. |
 | environmentSecrets | list | `[]` | Optionally specify additional environment variables to be populated from Kubernetes secrets. Useful for passing in TF_VAR_foo or other secret environment variables from Kubernetes secrets. Check values.yaml for examples. |
-| extraAnnotations | object | `{}` |  |
+| extraAnnotations | object | `{}` | These annotations will be added to all the resources. Check values.yaml for examples. |
 | extraArgs | list | `[]` | Optionally specify extra arguments for the Atlantis pod. Check values.yaml for examples. |
 | extraContainers | list | `[]` | Optionally specify extra containers for the Atlantis pod. Check values.yaml for examples. |
 | extraManifests | list | `[]` | Optionally specify additional manifests to be created. Check values.yaml for examples. |
@@ -183,6 +183,7 @@ extraManifests:
 | replicaCount | int | `1` | Replica count for Atlantis pods. |
 | repoConfig | string | `""` | Use Server Side Repo Config, ref: https://www.runatlantis.io/docs/server-side-repo-config.html. Check values.yaml for examples. |
 | resources | object | `{}` | Resources for Atlantis. Check values.yaml for examples. |
+| secretAnnotations | object | `{}` | These annotations will be added to secrets. Check values.yaml for examples. |
 | service.annotations | object | `{}` |  |
 | service.externalTrafficPolicy | string | `nil` |  |
 | service.loadBalancerIP | string | `nil` |  |

charts/atlantis/templates/secret-api.yaml

@@ -6,9 +6,14 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
-  {{- with .Values.extraAnnotations }}
+  {{- if or .Values.secretAnnotations .Values.extraAnnotations }}
   annotations:
+    {{- with .Values.secretAnnotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   apisecret: {{ .Values.api.secret | b64enc }}

charts/atlantis/templates/secret-aws.yaml

@@ -6,9 +6,14 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
-  {{- with .Values.extraAnnotations }}
+  {{- if or .Values.secretAnnotations .Values.extraAnnotations }}
   annotations:
+    {{- with .Values.secretAnnotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   {{- if .Values.aws.credentials }}

charts/atlantis/templates/secret-basic-auth.yaml

@@ -6,9 +6,14 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
-  {{- with .Values.extraAnnotations }}
+  {{- if or .Values.secretAnnotations .Values.extraAnnotations }}
   annotations:
+    {{- with .Values.secretAnnotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   username: {{ .Values.basicAuth.username | b64enc }}

charts/atlantis/templates/secret-gitconfig.yaml

@@ -6,9 +6,14 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
-  {{- with .Values.extraAnnotations }}
+  {{- if or .Values.secretAnnotations .Values.extraAnnotations }}
   annotations:
+    {{- with .Values.secretAnnotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   gitconfig: {{ .Values.gitconfig | b64enc }}

charts/atlantis/templates/secret-netrc.yaml

@@ -6,9 +6,14 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
-  {{- with .Values.extraAnnotations }}
+  {{- if or .Values.secretAnnotations .Values.extraAnnotations }}
   annotations:
+    {{- with .Values.secretAnnotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   netrc: {{ .Values.netrc | b64enc }}

charts/atlantis/templates/secret-redis.yaml

@@ -6,9 +6,14 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
-  {{- with .Values.extraAnnotations }}
+  {{- if or .Values.secretAnnotations .Values.extraAnnotations }}
   annotations:
+    {{- with .Values.secretAnnotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   password: {{ .Values.redis.password | b64enc }}

charts/atlantis/templates/secret-service-account.yaml

@@ -8,9 +8,14 @@ metadata:
   labels:
     component: service-account-secret
     {{- include "atlantis.labels" $ | nindent 4 }}
-  {{- with $.Values.extraAnnotations }}
+  {{- if or .Values.secretAnnotations .Values.extraAnnotations }}
   annotations:
+    {{- with .Values.secretAnnotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   service-account.json: {{ $secret }}

charts/atlantis/templates/secret-webhook.yaml

@@ -6,9 +6,14 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
-  {{- with .Values.extraAnnotations }}
+  {{- if or .Values.secretAnnotations .Values.extraAnnotations }}
   annotations:
+    {{- with .Values.secretAnnotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   {{- if .Values.githubApp }}

charts/atlantis/values.schema.json

@@ -1193,6 +1193,16 @@
       "description": "SecurityContext configuration for atlantis containers.",
       "$ref": "#/definitions/io.k8s.api.core.v1.SecurityContext"
     },
+    "secretAnnotations": {
+      "type": "object",
+      "description": "Add additional secret annotations",
+      "items": {
+        "type": "object"
+      },
+      "examples": {
+        "team": "example"
+      }
+    },
     "servicemonitor": {
       "type": "object",
       "description": "ServiceMonitor configuration for atlantis containers.",

charts/atlantis/values.yaml

@@ -652,7 +652,13 @@ dnsConfig: {}
 
 hostNetwork: false
 
-# - These annotations will be added to all the resources.
+# -- These annotations will be added to secrets.
+# Check values.yaml for examples.
+secretAnnotations: {}
+# secretAnnotations:
+#   team: example
+
+# -- These annotations will be added to all the resources.
 # Check values.yaml for examples.
 extraAnnotations: {}
 # extraAnnotations: