Does the helm chart support gitlab instances running on ports other than 443/https?

[RoFz]

I'd like to set up Atlantis as a pod on the same cluster where our gitlab instance runs on. It happens that, by default and without TLS, the gitlab workhorse service listens on port 8181. This leads Atlantis' deployment to fail with the error below, since it apparently wants to connect to gitlab using port 443:

Defaulted container "atlantis" out of: atlantis, init-gitlab-runner-certs (init)
No files found in /docker-entrypoint.d/, skipping
WARNING: Flag --tf-distribution has been deprecated.
Error: initializing server: Get "https://gitlab-webservice-default.gitlab/api/v4/version": dial tcp 10.104.93.219:443: i/o timeout

Gitlab webservice service:

NAME                        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                               AGE
...
gitlab-webservice-default   ClusterIP   10.104.93.219    <none>        8080/TCP,8181/TCP,8083/TCP            17

Atlantis values.yaml:

    orgAllowlist: gitlab-webservice-default.gitlab/*
    logLevel: info
    gitlab:
      user: rofz
      token: glpat-<token>
      secret: <random_secret>
      hostname: gitlab-webservice-default.gitlab

Is it possible to tell Atlantis via its helm chart that Gitlab is in another port? Also, is it possible to use http instead of https?

Secondarily, could you clarify why the values.yaml file has the comment below, please? I understand that without the hostname key it would not be possible to have Atlantis to connect to our local Gitlab CE since it will target the default https://gitlab.com, is that correct?

# The 'hostname' key is exclusive to GitLab Enterprise installations.

[RoFz]

Update: setting the hostname value as such:

hostname: gitlab-webservice-default.gitlab.svc:8181

works for the port issue.

Still wondering though how one could achieve connectivity to a http-only (non-https)Gitlab instance.

Since the objective is to have Atlantis connect to the Gitlab service inside the same K8s cluster, I had to go through this setup and enable TLS between Gitlab internal components.

[jseiser]

This would be awesome to sort out, we have linkerd running so all of our inter-service traffic is already encrypted, so im not going through a gitlab doc to do it again. With gitlab randomly returning 4xx/5xx error we have time where atlantis will freak out and restart. It would be great to not have to target the LB/Nginx config and just hit the service directly.

[jseiser]

@RoFz

Have you tried specifying the protocol in gitlab-hostname?

hostname: http://gitlab-webservice-default.gitlab.svc:8181

Its implied here that it works: runatlantis/atlantis#378 (comment)

https://github.com/runatlantis/atlantis/blob/main/server/events/vcs/gitlab_client.go#L77