helm-charts icon indicating copy to clipboard operation
helm-charts copied to clipboard
verified publisher icon runatlantis

Does the helm chart support gitlab instances running on ports other than 443/https?

Open RoFz opened this issue 10 months ago • 3 comments

I'd like to set up Atlantis as a pod on the same cluster where our gitlab instance runs on. It happens that, by default and without TLS, the gitlab workhorse service listens on port 8181. This leads Atlantis' deployment to fail with the error below, since it apparently wants to connect to gitlab using port 443:

Defaulted container "atlantis" out of: atlantis, init-gitlab-runner-certs (init)
No files found in /docker-entrypoint.d/, skipping
WARNING: Flag --tf-distribution has been deprecated.
Error: initializing server: Get "https://gitlab-webservice-default.gitlab/api/v4/version": dial tcp 10.104.93.219:443: i/o timeout

Gitlab webservice service:

NAME                        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                               AGE
...
gitlab-webservice-default   ClusterIP   10.104.93.219    <none>        8080/TCP,8181/TCP,8083/TCP            17

Atlantis values.yaml:

    orgAllowlist: gitlab-webservice-default.gitlab/*
    logLevel: info
    gitlab:
      user: rofz
      token: glpat-<token>
      secret: <random_secret>
      hostname: gitlab-webservice-default.gitlab

Is it possible to tell Atlantis via its helm chart that Gitlab is in another port? Also, is it possible to use http instead of https?

Secondarily, could you clarify why the values.yaml file has the comment below, please? I understand that without the hostname key it would not be possible to have Atlantis to connect to our local Gitlab CE since it will target the default https://gitlab.com, is that correct?

# The 'hostname' key is exclusive to GitLab Enterprise installations.

RoFz avatar Feb 26 '25 14:02 RoFz

Update: setting the hostname value as such:

hostname: gitlab-webservice-default.gitlab.svc:8181

works for the port issue.

Still wondering though how one could achieve connectivity to a http-only (non-https)Gitlab instance.

Since the objective is to have Atlantis connect to the Gitlab service inside the same K8s cluster, I had to go through this setup and enable TLS between Gitlab internal components.

RoFz avatar Feb 27 '25 11:02 RoFz

This would be awesome to sort out, we have linkerd running so all of our inter-service traffic is already encrypted, so im not going through a gitlab doc to do it again. With gitlab randomly returning 4xx/5xx error we have time where atlantis will freak out and restart. It would be great to not have to target the LB/Nginx config and just hit the service directly.

jseiser avatar Mar 05 '25 13:03 jseiser

@RoFz

Have you tried specifying the protocol in gitlab-hostname?

hostname: http://gitlab-webservice-default.gitlab.svc:8181

Its implied here that it works: https://github.com/runatlantis/atlantis/pull/378#issuecomment-445042030

https://github.com/runatlantis/atlantis/blob/main/server/events/vcs/gitlab_client.go#L77

jseiser avatar Mar 05 '25 13:03 jseiser

This issue is stale because it has been open for 1 month with no activity. Remove stale label or comment or this will be closed in 1 month.'

github-actions[bot] avatar Sep 15 '25 02:09 github-actions[bot]