Allow configuring of basic authentication (#98)

* Add values for configuring atlantis basic auth

* Update README

* Remove Basic Authorization header & fix README

README.md

@@ -119,7 +119,9 @@ The following options are supported.  See [values.yaml](/charts/atlantis/values.
 | `initContainers`                            | Containers used to initialize context for Atlantis pods                                  | `[]`                              |
 | `extraContainers`                           | Additionnal containers to use and depends of use cases. | `[]` |
 | `hostAliases[].hostnames`                   | Hostnames for host alias entry                                  | n/a                              |
-| `hostAliases[].ip`                          | IP for host alias entry                                  | `n/a                              |
+| `hostAliases[].ip`                          | IP for host alias entry                                  | n/a                               |
+| `basicAuth.username`                        | Username for basic authentication                        | n/a                               |
+| `basicAuth.password`                        | Password for basic authentication                        | n/a                               |
 
 **NOTE**: All the [Server Configurations](https://www.runatlantis.io/docs/server-configuration.html) are passed as [Environment Variables](https://www.runatlantis.io/docs/server-configuration.html#environment-variables).
 

charts/atlantis/templates/_helpers.tpl

@@ -81,3 +81,14 @@ Generates AWS Secret name
     {{ template "atlantis.fullname" . }}-aws
 {{- end -}}
 {{- end -}}
+
+{{/*
+Generates Basic Auth name
+*/}}
+{{- define "atlantis.basicAuthSecretName" -}}
+{{- if .Values.basicAuthSecretName -}}
+    {{ .Values.basicAuthSecretName }}
+{{- else -}}
+    {{ template "atlantis.fullname" . }}-basic-auth
+{{- end -}}
+{{- end -}}

charts/atlantis/templates/secret-basic-auth.yaml

@@ -0,0 +1,14 @@
+{{- if .Values.basicAuth }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "atlantis.fullname" . }}-basic-auth
+  labels:
+    app: {{ template "atlantis.name" . }}
+    chart: {{ template "atlantis.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+  username: {{ .Values.basicAuth.username | b64enc }}
+  password: {{ .Values.basicAuth.password | b64enc }}
+{{- end }}

charts/atlantis/templates/statefulset.yaml

@@ -311,6 +311,20 @@ spec:
                 name: {{ template "atlantis.vcsSecretName" . }}
                 key: azuredevops_webhook_password
           {{- end}}
+          {{- if .Values.basicAuth }}
+          - name: ATLANTIS_WEB_BASIC_AUTH
+            value: "true"
+          - name: ATLANTIS_WEB_USERNAME
+            valueFrom:
+              secretKeyRef:
+                name: {{ template "atlantis.basicAuthSecretName" . }}
+                key: username
+          - name: ATLANTIS_WEB_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: {{ template "atlantis.basicAuthSecretName" . }}
+                key: password
+          {{- end}}
           {{- if .Values.livenessProbe.enabled }}
           livenessProbe:
             httpGet:

charts/atlantis/values.yaml

@@ -152,6 +152,11 @@ disableRepoLocking: false
 # Use Diff Markdown Format for color coding diffs
 enableDiffMarkdownFormat: false
 
+# Optionally specify an username and a password for basic authentication 
+basicAuth:
+  username: "atlantis"
+  password: "atlantis"
+
 # We only need to check every 60s since Atlantis is not a high-throughput service.
 livenessProbe:
   enabled: true