Initial Kustomize work

CONTRIBUTING.md

@@ -104,6 +104,7 @@ This is easier to read and more consistent
 
 # Creating a New Release
 1. Update version number in `main.go`.
+1. Update image tag version in the [kustomize/bundle.yaml](kustomize/bundle.yaml).
 1. Update `CHANGELOG.md` with latest release number and information (this URL might be useful: https://github.com/runatlantis/atlantis/compare/v0.3.5...master)
 1. Create a pull request and merge to master
 1. Check out master and fetch latest

kustomize/bundle.yaml

@@ -0,0 +1,82 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: atlantis
+spec:
+  serviceName: atlantis
+  replicas: 1
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      partition: 0
+  selector:
+    matchLabels:
+      app: atlantis
+  template:
+    metadata:
+      labels:
+        app: atlantis
+    spec:
+      securityContext:
+        fsGroup: 1000 # Atlantis group (1000) read/write access to volumes.
+      containers:
+      - name: atlantis
+        image: runatlantis/atlantis:v0.10.1 
+        volumes:
+        - name: ATLANTIS_DATA_DIR
+          value: /atlantis
+        - name: ATLANTIS_PORT
+          value: "4141" # Kubernetes sets an ATLANTIS_PORT variable so we need to override.
+        volumeMounts:
+        - name: atlantis-data
+          mountPath: /atlantis
+        ports:
+        - name: atlantis
+          containerPort: 4141
+        resources:
+          requests:
+            memory: 256Mi
+            cpu: 100m
+          limits:
+            memory: 256Mi
+            cpu: 100m
+        livenessProbe:
+          # We only need to check every 60s since Atlantis is not a
+          # high-throughput service.
+          periodSeconds: 60
+          httpGet:
+            path: /healthz
+            port: 4141
+            # If using https, change this to HTTPS
+            scheme: HTTP
+        readinessProbe:
+          periodSeconds: 60
+          httpGet:
+            path: /healthz
+            port: 4141
+            # If using https, change this to HTTPS
+            scheme: HTTP
+  volumeClaimTemplates:
+  - metadata:
+      name: atlantis-data
+    spec:
+      accessModes: ["ReadWriteOnce"] # Volume should not be shared by multiple nodes.
+      resources:
+        requests:
+          # The biggest thing Atlantis stores is the Git repo when it checks it out.
+          # It deletes the repo after the pull request is merged.
+          storage: 5Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: atlantis
+spec:
+  type: ClusterIP
+  ports:
+  - name: atlantis
+    port: 80
+    targetPort: 4141
+  selector:
+    app: atlantis

kustomize/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- bundle.yaml

runatlantis.io/docs/deployment.md

@@ -34,6 +34,7 @@ for Atlantis.
 Pick your deployment type:
 * [Kubernetes Helm Chart](#kubernetes-helm-chart)
 * [Kubernetes Manifests](#kubernetes-manifests)
+* [Kustomize](#kubernetes-kustomize)
 * [OpenShift](#openshift)
 * [AWS Fargate](#aws-fargate)
 * [Google Kubernetes Engine (GKE)](#google-kubernetes-engine-gke)
@@ -364,6 +365,84 @@ You could also set up SSL at your LoadBalancer.
 
 **You're done! See [Next Steps](#next-steps) for what to do next.**
 
+### Kubernetes Kustomize
+
+A `kustomization.yaml` file is rovided at in the direpctory `kustomize/`, so you may use this repository as a remote target.
+
+Example:
+```yaml
+resources:
+- github.com/runatlantis/atlantis/kustomize
+```
+
+**Important:** You must ensure you patch the provided manifests with the correct environment variables for your installation, such as the following:
+
+#### Required
+```yaml
+...
+ containers:
+  - name: atlantis
+    env:
+      - name: ATLANTIS_REPO_WHITELIST
+        value: github.com/yourorg/* # 2. Replace this with your own repo whitelist.
+```
+
+#### GitLab
+```yaml
+...
+containers:
+- name: atlantis
+  env:
+    - name: ATLANTIS_GITLAB_USER
+      value: <YOUR_GITLAB_USER> # 4i. If you're using GitLab replace <YOUR_GITLAB_USER> with the username of your Atlantis GitLab user without the `@`.
+    - name: ATLANTIS_GITLAB_TOKEN
+      valueFrom:
+        secretKeyRef:
+          name: atlantis-vcs
+          key: token
+    - name: ATLANTIS_GITLAB_WEBHOOK_SECRET
+      valueFrom:
+        secretKeyRef:
+          name: atlantis-vcs
+          key: webhook-secret
+```
+#### GitHub
+
+```yaml
+...
+containers:
+- name: atlantis
+  env:
+    - name: ATLANTIS_GH_USER
+      value: <YOUR_GITHUB_USER> # 3i. If you're using GitHub replace <YOUR_GITHUB_USER> with the username of your Atlantis GitHub user without the `@`.
+    - name: ATLANTIS_GH_TOKEN
+      valueFrom:
+        secretKeyRef:
+          name: atlantis-vcs
+          key: token
+    - name: ATLANTIS_GH_WEBHOOK_SECRET
+      valueFrom:
+        secretKeyRef:
+          name: atlantis-vcs
+          key: webhook-secret
+```
+
+#### BitBucket
+```yaml
+...
+containers:
+- name: atlantis
+  env:
+    - name: ATLANTIS_BITBUCKET_USER
+          value: <YOUR_BITBUCKET_USER> # 5i. If you're using Bitbucket replace <YOUR_BITBUCKET_USER> with the username of your Atlantis Bitbucket user without the `@`.
+    - name: ATLANTIS_BITBUCKET_TOKEN
+      valueFrom:
+        secretKeyRef:
+          name: atlantis-vcs
+          key: token
+```
+
+
 ### OpenShift
 The Helm chart and Kubernetes manifests above are compatible with OpenShift, however you need to run
 with an additional environment variable: `ATLANTIS_DATA_DIR=/home/atlantis`. This is required because