feat(annotations): add secret annotations (#458)

al-cheb · web-flow · commit 49e6b4869813 · 2025-02-26T14:44:31.000Z
* feat(annotations): add secret annotations

Allow adding annotations to secret resources.

Signed-off-by: Alexander Chebotov &lt;a.chebotov@arenadata.io&gt;
diff --git a/charts/atlantis/Chart.yaml b/charts/atlantis/Chart.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 appVersion: v0.33.0
 description: A Helm chart for Atlantis https://www.runatlantis.io
 name: atlantis
-version: 5.14.0
+version: 5.15.0
 keywords:
   - terraform
 home: https://www.runatlantis.io
diff --git a/charts/atlantis/README.md b/charts/atlantis/README.md
@@ -104,7 +104,7 @@ extraManifests:
 | environment | object | `{}` | Environment values to add to the Atlantis pod. Check values.yaml for examples. |
 | environmentRaw | list | `[]` | Optionally specify additional environment variables in raw yaml format. Useful to specify variables refering to k8s objects. Check values.yaml for examples. |
 | environmentSecrets | list | `[]` | Optionally specify additional environment variables to be populated from Kubernetes secrets. Useful for passing in TF_VAR_foo or other secret environment variables from Kubernetes secrets. Check values.yaml for examples. |
-| extraAnnotations | object | `{}` |  |
+| extraAnnotations | object | `{}` | These annotations will be added to all the resources. Check values.yaml for examples. |
 | extraArgs | list | `[]` | Optionally specify extra arguments for the Atlantis pod. Check values.yaml for examples. |
 | extraContainers | list | `[]` | Optionally specify extra containers for the Atlantis pod. Check values.yaml for examples. |
 | extraManifests | list | `[]` | Optionally specify additional manifests to be created. Check values.yaml for examples. |
@@ -183,6 +183,7 @@ extraManifests:
 | replicaCount | int | `1` | Replica count for Atlantis pods. |
 | repoConfig | string | `""` | Use Server Side Repo Config, ref: https://www.runatlantis.io/docs/server-side-repo-config.html. Check values.yaml for examples. |
 | resources | object | `{}` | Resources for Atlantis. Check values.yaml for examples. |
+| secret.annotations | object | `{}` | Annotations for the Secrets. Check values.yaml for examples. |
 | service.annotations | object | `{}` |  |
 | service.externalTrafficPolicy | string | `nil` |  |
 | service.loadBalancerIP | string | `nil` |  |
diff --git a/charts/atlantis/templates/secret-api.yaml b/charts/atlantis/templates/secret-api.yaml
@@ -6,9 +6,14 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
-  {{- with .Values.extraAnnotations }}
+  {{- if or .Values.secret.annotations .Values.extraAnnotations }}
   annotations:
+    {{- with .Values.secret.annotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   apisecret: {{ .Values.api.secret | b64enc }}
diff --git a/charts/atlantis/templates/secret-aws.yaml b/charts/atlantis/templates/secret-aws.yaml
@@ -6,9 +6,14 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
-  {{- with .Values.extraAnnotations }}
+  {{- if or .Values.secret.annotations .Values.extraAnnotations }}
   annotations:
+    {{- with .Values.secret.annotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   {{- if .Values.aws.credentials }}
diff --git a/charts/atlantis/templates/secret-basic-auth.yaml b/charts/atlantis/templates/secret-basic-auth.yaml
@@ -6,9 +6,14 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
-  {{- with .Values.extraAnnotations }}
+  {{- if or .Values.secret.annotations .Values.extraAnnotations }}
   annotations:
+    {{- with .Values.secret.annotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   username: {{ .Values.basicAuth.username | b64enc }}
diff --git a/charts/atlantis/templates/secret-gitconfig.yaml b/charts/atlantis/templates/secret-gitconfig.yaml
@@ -6,9 +6,14 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
-  {{- with .Values.extraAnnotations }}
+  {{- if or .Values.secret.annotations .Values.extraAnnotations }}
   annotations:
+    {{- with .Values.secret.annotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   gitconfig: {{ .Values.gitconfig | b64enc }}
diff --git a/charts/atlantis/templates/secret-netrc.yaml b/charts/atlantis/templates/secret-netrc.yaml
@@ -6,9 +6,14 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
-  {{- with .Values.extraAnnotations }}
+  {{- if or .Values.secret.annotations .Values.extraAnnotations }}
   annotations:
+    {{- with .Values.secret.annotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   netrc: {{ .Values.netrc | b64enc }}
diff --git a/charts/atlantis/templates/secret-redis.yaml b/charts/atlantis/templates/secret-redis.yaml
@@ -6,9 +6,14 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
-  {{- with .Values.extraAnnotations }}
+  {{- if or .Values.secret.annotations .Values.extraAnnotations }}
   annotations:
+    {{- with .Values.secret.annotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   password: {{ .Values.redis.password | b64enc }}
diff --git a/charts/atlantis/templates/secret-service-account.yaml b/charts/atlantis/templates/secret-service-account.yaml
@@ -8,9 +8,14 @@ metadata:
   labels:
     component: service-account-secret
     {{- include "atlantis.labels" $ | nindent 4 }}
-  {{- with $.Values.extraAnnotations }}
+  {{- if or $.Values.secret.annotations $.Values.extraAnnotations }}
   annotations:
+    {{- with $.Values.secret.annotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with $.Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   service-account.json: {{ $secret }}
diff --git a/charts/atlantis/templates/secret-webhook.yaml b/charts/atlantis/templates/secret-webhook.yaml
@@ -6,9 +6,14 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
-  {{- with .Values.extraAnnotations }}
+  {{- if or .Values.secret.annotations .Values.extraAnnotations }}
   annotations:
+    {{- with .Values.secret.annotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   {{- if .Values.githubApp }}
diff --git a/charts/atlantis/values.schema.json b/charts/atlantis/values.schema.json
@@ -1193,6 +1193,19 @@
       "description": "SecurityContext configuration for atlantis containers.",
       "$ref": "#/definitions/io.k8s.api.core.v1.SecurityContext"
     },
+    "secret": {
+      "type": "object",
+      "description": "Secret configuration for atlantis.",
+      "properties": {
+        "annotations": {
+          "type": "object",
+          "description": "Additional Secret annotations",
+          "additionalProperties": {
+            "type": "string"
+          }
+        }
+      }
+    },
     "servicemonitor": {
       "type": "object",
       "description": "ServiceMonitor configuration for atlantis containers.",
diff --git a/charts/atlantis/values.yaml b/charts/atlantis/values.yaml
@@ -652,7 +652,15 @@ dnsConfig: {}
 
 hostNetwork: false
 
-# - These annotations will be added to all the resources.
+secret:
+  # -- Annotations for the Secrets.
+  # Check values.yaml for examples.
+  annotations: {}
+  # annotations:
+  #   annotation1: value
+  #   annotation2: value
+
+# -- These annotations will be added to all the resources.
 # Check values.yaml for examples.
 extraAnnotations: {}
 # extraAnnotations:
