Move atlantis-data volume to a separate PVC (#304)

* Move atlantis-data volume to a separate PVC * bump chart version * change access mode to ReadWriteMany * Bump chart version * Add custom access modes to pvc * Add volumeClaim.accessModes in jsonSchema * Fix jsonSchema missing comma * add unit tests * concatenate conditions Co-authored-by: Gabriel Martinez <[email protected]> * add volume in sts if pvc is created --------- Co-authored-by: PePe Amengual <[email protected]> Co-authored-by: Gabriel Martinez <[email protected]>
runatlantis · Mar 6, 2024 · 4cdb790 · 4cdb790
1 parent 6d24ec5
commit 4cdb790
Show file tree

Hide file tree

Showing 7 changed files with 147 additions and 82 deletions.
diff --git a/charts/atlantis/Chart.yaml b/charts/atlantis/Chart.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 appVersion: v0.27.0
 description: A Helm chart for Atlantis https://www.runatlantis.io
 name: atlantis
-version: 4.21.1
+version: 4.22.0
 keywords:
   - terraform
 home: https://www.runatlantis.io

diff --git a/charts/atlantis/templates/pvc.yaml b/charts/atlantis/templates/pvc.yaml
@@ -0,0 +1,18 @@
+{{- if and .Values.volumeClaim.enabled ( not .Values.dataStorage ) }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ template "atlantis.fullname" . }}-data
+labels:
+  {{- include "atlantis.labels" . | nindent 2 }}
+spec:
+  accessModes: {{ .Values.volumeClaim.accessModes| toYaml | nindent 2 }}
+  resources:
+    requests:
+      # The biggest thing Atlantis stores is the Git repo when it checks it out.
+      # It deletes the repo after the pull request is merged.
+      storage: {{ .Values.volumeClaim.dataStorage }}
+  {{- if .Values.volumeClaim.storageClassName }}
+  storageClassName: {{ .Values.volumeClaim.storageClassName }} 
+  {{- end }}
+{{- end }}
diff --git a/charts/atlantis/templates/statefulset.yaml b/charts/atlantis/templates/statefulset.yaml
@@ -56,6 +56,11 @@ spec:
       priorityClassName: {{ .Values.statefulSet.priorityClassName }}
       {{- end }}
       volumes:
+      {{- if and .Values.volumeClaim.enabled ( not .Values.dataStorage ) }}
+      - name : atlantis-data
+        persistentVolumeClaim:
+          claimName: {{ template "atlantis.fullname" . }}-data
+      {{- end }}
       {{- if .Values.tlsSecretName }}
       - name: tls
         secret:
@@ -587,18 +592,4 @@ spec:
           # The biggest thing Atlantis stores is the Git repo when it checks it out.
           # It deletes the repo after the pull request is merged.
           storage: {{ .Values.dataStorage }}
-  {{- else if .Values.volumeClaim.enabled }}
-  volumeClaimTemplates:
-  - metadata:
-      name: atlantis-data
-    spec:
-      accessModes: ["ReadWriteOnce"] # Volume should not be shared by multiple nodes.
-      {{- if .Values.volumeClaim.storageClassName }}
-      storageClassName: {{ .Values.volumeClaim.storageClassName }} # Storage class of the volume
-      {{- end }}
-      resources:
-        requests:
-          # The biggest thing Atlantis stores is the Git repo when it checks it out.
-          # It deletes the repo after the pull request is merged.
-          storage: {{ .Values.volumeClaim.dataStorage }}
   {{- end }}
diff --git a/charts/atlantis/tests/pvc_test.yaml b/charts/atlantis/tests/pvc_test.yaml
@@ -0,0 +1,46 @@
+suite: test pvc
+templates:
+  - pvc.yaml
+chart:
+  appVersion: test-appVersion
+release:
+  name: my-release
+tests:
+  - it: pvc
+    template: pvc.yaml
+    asserts:
+      - isKind:
+          of: PersistentVolumeClaim
+      - equal:
+          path: apiVersion
+          value: v1
+      - equal:
+          path: metadata.name
+          value: my-release-atlantis-data
+      - equal:
+          path: spec.accessModes
+          value:
+            - ReadWriteOnce
+      - equal:
+          path: spec.resources.requests.storage
+          value: 5Gi
+  - it: accessModes
+    template: pvc.yaml
+    set:
+      volumeClaim:
+        accessModes:
+          - ReadWriteMany
+    asserts:
+      - equal:
+          path: spec.accessModes
+          value:
+            - ReadWriteMany
+  - it: storage requests
+    template: pvc.yaml
+    set:
+      volumeClaim:
+        dataStorage: 10Gi
+    asserts:
+      - equal:
+          path: spec.resources.requests.storage
+          value: 10Gi
diff --git a/charts/atlantis/tests/statefulset_test.yaml b/charts/atlantis/tests/statefulset_test.yaml
@@ -80,8 +80,12 @@ tests:
             runAsUser: 100
       - notExists:
           path: spec.template.spec.priorityClassName
-      - isNullOrEmpty:
+      - equal:
           path: spec.template.spec.volumes
+          value:
+            - name: atlantis-data
+              persistentVolumeClaim:
+                claimName: my-release-atlantis-data
       - notExists:
           path: spec.template.spec.imagePullSecrets
       - notExists:
@@ -160,17 +164,8 @@ tests:
           path: spec.template.spec.topologySpreadConstraints
       - notExists:
           path: spec.template.spec.updateStrategy
-      - equal:
+      - notExists:
           path: spec.volumeClaimTemplates
-          value:
-            - metadata:
-                name: atlantis-data
-              spec:
-                accessModes:
-                  - ReadWriteOnce
-                resources:
-                  requests:
-                    storage: 5Gi
   - it: replicaCount
     template: statefulset.yaml
     set:
@@ -239,11 +234,11 @@ tests:
       tlsSecretName: test-tls
     asserts:
       - equal:
-          path: spec.template.spec.volumes
+          path: spec.template.spec.volumes[1]
           value:
-            - name: tls
-              secret:
-                secretName: test-tls
+            name: tls
+            secret:
+              secretName: test-tls
       - equal:
           path: spec.template.spec.containers[0].volumeMounts[?(@.name == "tls")]
           value:
@@ -267,14 +262,17 @@ tests:
         credentials-staging: Q2FybWVsYSBTb3ByYW5v
     asserts:
       - equal:
-          path: spec.template.spec.volumes
+          path: spec.template.spec.volumes[1]
           value:
-            - name: credentials-volume
-              secret:
-                secretName: credentials
-            - name: credentials-staging-volume
-              secret:
-                secretName: credentials-staging
+            name: credentials-volume
+            secret:
+              secretName: credentials
+      - equal:
+          path: spec.template.spec.volumes[2]
+          value:
+            name: credentials-staging-volume
+            secret:
+              secretName: credentials-staging
       - equal:
           path: spec.template.spec.containers[0].volumeMounts[?(@.name ==
             "credentials-volume")]
@@ -299,14 +297,17 @@ tests:
           secretName: gcp-staging-secret
     asserts:
       - equal:
-          path: spec.template.spec.volumes
+          path: spec.template.spec.volumes[1]
+          value:
+            name: gcp-ci
+            secret:
+              secretName: gcp-ci-secret
+      - equal:
+          path: spec.template.spec.volumes[2]
           value:
-            - name: gcp-ci
-              secret:
-                secretName: gcp-ci-secret
-            - name: gcp-staging
-              secret:
-                secretName: gcp-staging-secret
+            name: gcp-staging
+            secret:
+              secretName: gcp-staging-secret
       - equal:
           path: spec.template.spec.containers[0].volumeMounts[?(@.name == "gcp-ci")]
           value:
@@ -327,11 +328,11 @@ tests:
         insteadOf = https://github.com
     asserts:
       - equal:
-          path: spec.template.spec.volumes
+          path: spec.template.spec.volumes[1]
           value:
-            - name: gitconfig-volume
-              secret:
-                secretName: my-release-atlantis-gitconfig
+            name: gitconfig-volume
+            secret:
+              secretName: my-release-atlantis-gitconfig
       - equal:
           path: spec.template.spec.containers[0].volumeMounts[?(@.name ==
             "gitconfig-volume")]
@@ -346,11 +347,11 @@ tests:
       gitconfigSecretName: atlantis-gitconfig
     asserts:
       - equal:
-          path: spec.template.spec.volumes
+          path: spec.template.spec.volumes[1]
           value:
-            - name: gitconfig-volume
-              secret:
-                secretName: atlantis-gitconfig
+            name: gitconfig-volume
+            secret:
+              secretName: atlantis-gitconfig
       - equal:
           path: spec.template.spec.containers[0].volumeMounts[?(@.name ==
             "gitconfig-volume")]
@@ -367,11 +368,11 @@ tests:
         machine bitbucket.myapp.com login YOUR_USERNAME password YOUR_PASSWORD
     asserts:
       - equal:
-          path: spec.template.spec.volumes
+          path: spec.template.spec.volumes[1]
           value:
-            - name: netrc-volume
-              secret:
-                secretName: my-release-atlantis-netrc
+            name: netrc-volume
+            secret:
+              secretName: my-release-atlantis-netrc
       - equal:
           path: spec.template.spec.containers[0].volumeMounts[?(@.name == "netrc-volume")]
           value:
@@ -385,11 +386,11 @@ tests:
       netrcSecretName: atlantis-netrc
     asserts:
       - equal:
-          path: spec.template.spec.volumes
+          path: spec.template.spec.volumes[1]
           value:
-            - name: netrc-volume
-              secret:
-                secretName: atlantis-netrc
+            name: netrc-volume
+            secret:
+              secretName: atlantis-netrc
       - equal:
           path: spec.template.spec.containers[0].volumeMounts[?(@.name == "netrc-volume")]
           value:
@@ -412,11 +413,11 @@ tests:
           source_profile = default
     asserts:
       - equal:
-          path: spec.template.spec.volumes
+          path: spec.template.spec.volumes[1]
           value:
-            - name: aws-volume
-              secret:
-                secretName: my-release-atlantis-aws
+            name: aws-volume
+            secret:
+              secretName: my-release-atlantis-aws
       - equal:
           path: spec.template.spec.containers[0].volumeMounts[?(@.name == "aws-volume")]
           value:
@@ -445,11 +446,11 @@ tests:
       awsSecretName: atlantis-aws
     asserts:
       - equal:
-          path: spec.template.spec.volumes
+          path: spec.template.spec.volumes[1]
           value:
-            - name: aws-volume
-              secret:
-                secretName: atlantis-aws
+            name: aws-volume
+            secret:
+              secretName: atlantis-aws
       - equal:
           path: spec.template.spec.containers[0].volumeMounts[?(@.name == "aws-volume")]
           value:
@@ -469,14 +470,14 @@ tests:
         secret: baz
     asserts:
       - equal:
-          path: spec.template.spec.volumes
+          path: spec.template.spec.volumes[1]
           value:
-            - name: github-app-key-volume
-              secret:
-                items:
-                  - key: key.pem
-                    path: key.pem
-                secretName: my-release-atlantis-webhook
+            name: github-app-key-volume
+            secret:
+              items:
+                - key: key.pem
+                  path: key.pem
+              secretName: my-release-atlantis-webhook
       - equal:
           path: spec.template.spec.containers[0].volumeMounts[?(@.name ==
             "github-app-key-volume")]
@@ -516,14 +517,14 @@ tests:
         slug: foo
     asserts:
       - equal:
-          path: spec.template.spec.volumes
+          path: spec.template.spec.volumes[1]
           value:
-            - name: github-app-key-volume
-              secret:
-                items:
-                  - key: key.pem
-                    path: key.pem
-                secretName: atlantis-vcs
+            name: github-app-key-volume
+            secret:
+              items:
+                - key: key.pem
+                  path: key.pem
+              secretName: atlantis-vcs
       - equal:
           path: spec.template.spec.containers[0].volumeMounts[?(@.name ==
             "github-app-key-volume")]

diff --git a/charts/atlantis/values.schema.json b/charts/atlantis/values.schema.json
@@ -738,6 +738,14 @@
           "type":"string",
           "description":"Amount of storage available for embedded Atlantis' data directory"
         },
+        "accessModes":{
+          "type":"array",
+          "description":"Array of requested access modes for the volume.",
+          "items":{
+            "type":"string",
+            "description":"The access mode to be requested."
+          }
+        },
         "storageClassName":{
           "type":"string",
           "description":"Storage class of the embedded volume mounted for the Atlantis data directory."

diff --git a/charts/atlantis/values.yaml b/charts/atlantis/values.yaml
@@ -359,6 +359,7 @@ volumeClaim:
   dataStorage: 5Gi
   ## Storage class name (if possible, use a resizable one)
   # storageClassName: value
+  accessModes: ["ReadWriteOnce"]
 
 ## To keep backwards compatibility
 ## DEPRECATED - Disk space for Atlantis to check out repositories