This message was deleted.
# atlantis-contributorss
Slackbot
07/20/2023, 10:32 AMThis message was deleted.
j
Justin S
07/20/2023, 2:00 PM@Gabriel Martinez
We currently maintain a custom docker image for atlantis, to install Vault, and AWS CLI, and overwrite the startup script so that the vault authenticates.
I think your fix here would get us a pretty close to just being able to run the normal image. So im all for it
Justin S
07/20/2023, 2:00 PMHonestly, with your MR, and then maybe a custom workflow to auth to the vault before running a plan/apply, I could probably get around needing to maintain images
🙌 1
g
Gabriel Martinez
07/20/2023, 2:01 PMThe only downside is that for deployments using docker alone (not helm chart), the tools won’t be there.
j
Justin S
07/20/2023, 2:02 PM Copy code
FROM <http://ghcr.io/runatlantis/atlantis:v0.24.3-debian|ghcr.io/runatlantis/atlantis:v0.24.3-debian>
RUN sh -c 'curl <https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip> -o "awscliv2.zip" && \
unzip awscliv2.zip && \
./aws/install && \
rm -rf ./aws awscliv2.zip && \
aws --version' && \
curl <https://releases.hashicorp.com/vault/1.14.0/vault_1.14.0_linux_amd64.zip> -o vault.zip && \
unzip vault.zip && \
rm -rf vault.zip && \
mv vault /usr/local/bin && \
vault --version && \
curl -L <https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64> -o /usr/local/bin/yq && \
chmod +x /usr/local/bin/yq
COPY start.sh /usr/local/bin/start.sh
ENTRYPOINT ["start.sh"] Copy code
#!/bin/sh
set -e
vault write -field=token auth/kubernetes/login role=kube-admin jwt=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) | vault login -
docker-entrypoint.sh serverJustin S
07/20/2023, 2:02 PMI think your change would let me put.. aws CLI and vault on the path.
Justin S
07/20/2023, 2:03 PMjust need to get that
vault write😆 1
Justin S
07/20/2023, 2:04 PMi guess the custom pre-workflow stuff, causes multiple clones, making things slower
Justin S
07/20/2023, 2:04 PMWonder if I can just override the entry point of the image.. and use your init stuff to re-create my
start.shg
Gabriel Martinez
07/20/2023, 2:05 PMyou can always customize your command here, no? https://github.com/runatlantis/helm-charts/blob/d4d9b1cf164de5cd1ac9b950c11dc50a6e15a3cb/charts/atlantis/templates/statefulset.yaml#L145-L148
j
Justin S
07/20/2023, 2:05 PMThats what im thinnking
Justin S
07/20/2023, 2:05 PMit didnt help before, since i needed to maintain the image anyways to the tools in place
Justin S
07/20/2023, 2:06 PMbut with your changes, I think I can replace my custom images and use this
d
Dylan Page
07/24/2023, 5:59 PMI will take a look this week, its a very interesting concept. I would love to unload the image of all the artifact/binaries
🙏 1
Dylan Page
08/11/2023, 7:13 PMSorry I haven't gotten to this yet, I did take a look but not enough to give a thorough review. While I like the idea, some people use our images that don't use K8s/helm and I'm curious the impact if we were to continue to pursue this
g
Gabriel Martinez
08/11/2023, 9:19 PMNo worries. I understand that, it should be a nice to have on the helm chart, but can’t replace a custom docker image for all the other use cases.
d
Dylan Page
08/11/2023, 10:35 PMOkay awesome, I'll follow up early next week to get this out
🙏 1