-
Notifications
You must be signed in to change notification settings - Fork 9
/
atlantis-on-aci.sh
141 lines (117 loc) · 3.92 KB
/
atlantis-on-aci.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
#! /bin/bash
set -e
if [ "$GITHUB_USER" == "" ]; then
echo "GITHUB_USER variable not set."
exit 1
fi
if [ "$GITHUB_TOKEN" == "" ]; then
echo "GITHUB_TOKEN variable not set."
exit 1
fi
if [ "$GITHUB_WEBHOOK_SECRET" == "" ]; then
echo "GITHUB_WEBHOOK_SECRET variable not set."
exit 1
fi
if [ "$REPO_WHITELIST" == "" ]; then
echo "REPO_WHITELIST variable not set."
exit 1
fi
if [ "$ATLANTIS_LOCATION" == "" ]; then
echo "ATLANTIS_LOCATION variable not set."
exit 1
fi
if [ "$SUFFIX" == "" ]; then
SUFFIX=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 10 | head -n 1)
fi
if [ "$ATLANTIS_RG_NAME" == "" ]; then
ATLANTIS_RG_NAME="atlantis-resources-$SUFFIX"
fi
if [ "$ATLANTIS_STORAGE_NAME" == "" ]; then
ATLANTIS_STORAGE_NAME="atlantisstorage$SUFFIX"
fi
if [ "$ATLANTIS_STORAGE_STATE_CONTAINER_NAME" == "" ]; then
ATLANTIS_STORAGE_STATE_CONTAINER_NAME="atlantis-tf-state"
fi
if [ "$ATLANTIS_CONTAINER_GROUP_NAME" == "" ]; then
ATLANTIS_CONTAINER_GROUP_NAME="atlantis-container-group-$SUFFIX"
fi
if [ "$ATLANTIS_CONTAINER_DNS_NAME" == "" ]; then
ATLANTIS_CONTAINER_DNS_NAME="atlantis-server-$SUFFIX"
fi
if [ "$SKIP_CREDENTIALS_VALIDATION" == "" ]; then
SKIP_CREDENTIALS_VALIDATION="true"
fi
if [ "$SKIP_PROVIDER_REGISTRATION" == "" ]; then
SKIP_PROVIDER_REGISTRATION="true"
fi
az group create --location $ATLANTIS_LOCATION --name $ATLANTIS_RG_NAME --tags atlantis
az storage account create \
--name $ATLANTIS_STORAGE_NAME \
--resource-group $ATLANTIS_RG_NAME \
--location $ATLANTIS_LOCATION \
--sku Standard_LRS \
--https-only true \
--kind StorageV2 \
--access-tier Hot
STORAGE_KEY=$(az storage account keys list \
--account-name $ATLANTIS_STORAGE_NAME \
--query "[0].value" -o tsv | tr -d '"')
az storage container create \
--name $ATLANTIS_STORAGE_STATE_CONTAINER_NAME \
--account-name $ATLANTIS_STORAGE_NAME \
--account-key $STORAGE_KEY
openssl req \
-new \
-newkey rsa:4096 \
-x509 \
-subj "/C=US/ST=Denial/L=Anytown/O=Dis/CN=$ATLANTIS_CONTAINER_DNS_NAME.$ATLANTIS_LOCATION.azurecontainer.io" \
-sha256 \
-days 365 \
-nodes \
-out atlantis.crt \
-keyout atlantis.key
az storage share create \
--name "atlantis-cert-share" \
--account-name $ATLANTIS_STORAGE_NAME \
--account-key $STORAGE_KEY
az storage file upload \
--share-name "atlantis-cert-share" \
--source ./atlantis.crt \
--account-name $ATLANTIS_STORAGE_NAME \
--account-key $STORAGE_KEY
az storage file upload \
--share-name "atlantis-cert-share" \
--source ./atlantis.key \
--account-name $ATLANTIS_STORAGE_NAME \
--account-key $STORAGE_KEY
SUB_ID=$(az account show --query "id" -o tsv | tr -d '"')
az container create \
--name $ATLANTIS_CONTAINER_GROUP_NAME \
--resource-group $ATLANTIS_RG_NAME \
--location $ATLANTIS_LOCATION \
--assign-identity \
--scope /subscriptions/$SUB_ID \
--azure-file-volume-account-name $ATLANTIS_STORAGE_NAME \
--azure-file-volume-account-key $STORAGE_KEY \
--azure-file-volume-share-name "atlantis-cert-share" \
--azure-file-volume-mount-path /mnt/atlantis-certs \
--image ghcr.io/runatlantis/atlantis:latest \
--os-type Linux \
--restart-policy OnFailure \
--cpu 1 \
--memory 2 \
--ports 4141 \
--dns-name-label $ATLANTIS_CONTAINER_DNS_NAME \
--command-line "atlantis server \
--gh-user=$GITHUB_USER \
--gh-token=$GITHUB_TOKEN \
--gh-webhook-secret=$GITHUB_WEBHOOK_SECRET \
--repo-whitelist=$REPO_WHITELIST \
--ssl-cert-file=/mnt/atlantis-certs/atlantis.crt \
--ssl-key-file=/mnt/atlantis-certs/atlantis.key" \
--environment-variables \
ARM_USE_MSI=true \
ARM_SKIP_CREDENTIALS_VALIDATION=$SKIP_CREDENTIALS_VALIDATION \
ARM_SKIP_PROVIDER_REGISTRATION=$SKIP_PROVIDER_REGISTRATION \
ARM_ACCESS_KEY=$STORAGE_KEY \
ARM_SUBSCRIPTION_ID=$SUB_ID