https://www.runatlantis.io/ logo
Title
p

Priyashree Shetty

03/13/2023, 10:06 AM
Hello Team. I deployed atlantis server on AWS EKS cluster using helm(service type used is Loadbalancer), which is currently running on a single pod with bitbucket as the VCS tool. I am able to plan and apply a simple resource. Currently, the atlantis URL is used without https. I want to use the URL securly with https. Can anyone please help me how can I use https for the atlantis URL? I tried to use following in helm values.yml file and after I did a helm upgrade , atlantis server URL is not loading either with http or https.
service:
  type: LoadBalancer
  port: 443
  targetPort: 4141
  loadBalancerIP: null
s

Sarath S Kumar

03/13/2023, 11:25 AM
Use nginx ingress
r

RB

03/13/2023, 1:25 PM
Or use the aws lb controller to create an alb with an acm cert and a 443 listener
p

Priyashree Shetty

03/13/2023, 4:30 PM
Hi. Should the aws lb controller be internet facing or internal facing ?
I have a custom domain at atlantis.abc.com and I want this domain to be used as the atlantis URL using which the bitbucket webhook will be configured. If at all I am using the custom domain then we should have internet facing LB connector right
r

RB

03/13/2023, 4:48 PM
Internet facing since the vcs webhooks need to hit atlantis
p

Priyashree Shetty

03/13/2023, 5:36 PM
I added the following ingress to values.yml and deployed the change using helm upgrade, I see a new load balancer is created.
ingress:
  enabled: true
  ingressClassName:
  annotations: 
      <http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: alb
      <http://alb.ingress.kubernetes.io/scheme|alb.ingress.kubernetes.io/scheme>: internet-facing
      <http://alb.ingress.kubernetes.io/certificate-arn|alb.ingress.kubernetes.io/certificate-arn>: "arn id"
      <http://alb.ingress.kubernetes.io/listen-ports|alb.ingress.kubernetes.io/listen-ports>: '[{"HTTP": 80}, {"HTTPS":443}]'
      <http://alb.ingress.kubernetes.io/actions.ssl-redirect|alb.ingress.kubernetes.io/actions.ssl-redirect>: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
I pointed the DNS for my custom domain to the above created load balancer, however, domain atlantis.abc.com is not loading securly(domain is not redirecting to https://atlantis.abc.com). Instead when I access the domain atlantis.abc.com with https , it is loading securly
r

RB

03/13/2023, 11:08 PM
Maybe redirect port 80 to 443?
p

Priyashree Shetty

03/14/2023, 9:19 AM
I am able to make this work now, however, I am trying to do a atlantis apply on a sample null resource, however, the plan is not getting applied. When I check the webhook request logs, it gives a 200 status code, however, plan is not getting applied.
Hi Team , Can someone please help here
Atlantis logs only show the following
{"level":"debug","ts":"2023-03-14T18:28:14.774Z","caller":"server/middleware.go:72","msg":"GET / – respond HTTP 200","json":{}}
{"level":"debug","ts":"2023-03-14T18:28:15.284Z","caller":"server/middleware.go:45","msg":"GET / – from <http://xxx.xxx.xxx.xxx:65165%22,%22json%22:{}}|xxx.xxx.xxx.xxx:65165","json":{}}>
{"level":"info","ts":"2023-03-14T18:28:15.285Z","caller":"server/server.go:1030","msg":"Apply Lock: {false 0001-01-01 00:00:00 +0000 UTC }","json":{}}
neither I am able to do a terraform plan, apply on the PR created.