Skip to content

Commit 9981c13

Browse files
upodroidupodroid
committed
enable authorization on atlantis urls
1 parent 87483bd commit 9981c13

File tree

5 files changed

+13
-25
lines changed

5 files changed

+13
-25
lines changed

kubernetes/apps/atlantis.yaml

+3-3
Original file line numberDiff line numberDiff line change
@@ -9,11 +9,11 @@ spec:
99
project: default
1010
source:
1111
path: kubernetes/gke-utility/atlantis
12-
repoURL: https://github.com/borg-land/k8s.io
13-
targetRevision: deploy-atlantis
12+
repoURL: https://github.com/kubernetes/k8s.io
13+
targetRevision: main
1414
syncPolicy:
1515
automated:
16-
prune: false
16+
prune: true
1717
selfHeal: true
1818
syncOptions:
1919
- CreateNamespace=true

kubernetes/apps/kustomization.yaml

+1
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
22
kind: Kustomization
33
resources:
44
# - argocd.yaml This has been manually applied to fix sync issues
5+
- atlantis.yaml
56
- external-secrets.yaml
67
- cert-manager.yaml
78
- prow.yaml

kubernetes/gke-utility/atlantis/httproute.yaml

+2-21
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,8 @@ metadata:
44
name: atlantis
55
spec:
66
parentRefs:
7-
- name: prow
7+
- name: istio-ingressgateway
8+
namespace: istio-system
89
sectionName: https
910
hostnames:
1011
- atlantis.k8s.io
@@ -15,23 +16,3 @@ spec:
1516
backendRefs:
1617
- name: atlantis
1718
port: 80
18-
---
19-
apiVersion: security.istio.io/v1
20-
kind: AuthorizationPolicy
21-
metadata:
22-
name: atlantis
23-
spec:
24-
selector:
25-
matchLabels:
26-
app.kubernetes.io/name: atlantis
27-
action: ALLOW
28-
rules:
29-
- from:
30-
- source:
31-
remoteIpBlocks:
32-
- "192.30.252.0/22"
33-
- "185.199.108.0/22"
34-
- "140.82.112.0/20"
35-
- "143.55.64.0/20"
36-
- "2a0a:a440::/29"
37-
- "2606:50c0::/32"

kubernetes/gke-utility/atlantis/kustomization.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ resources:
99

1010
images:
1111
- name: ghcr.io/runatlantis/atlantis
12-
newTag: v0.30.0
12+
newTag: v0.30.0
1313

1414
configMapGenerator:
1515
- name: atlantis-config

kubernetes/gke-utility/istio-system/auth-policy.yaml

+6
Original file line numberDiff line numberDiff line change
@@ -16,3 +16,9 @@ spec:
1616
hosts:
1717
- argo.k8s.io
1818
- monitoring.prow.k8s.io
19+
# we want to force auth to atlantis.k8s.io/* except /events
20+
- operation:
21+
hosts:
22+
- atlantis.k8s.io
23+
notPaths:
24+
- "/events"

0 commit comments

Comments
 (0)