I have deployed atlantis based on original documents on EKS, text I have added ingress to use AWS-loadbalancer-controller to create ALb with ACM certificate for encryption and using externalDNS to create DNS record on Route53. Now Atlantis is running and the loadbalancer created and the Record on Route53 is created as well, the Atlantis webpage is broken and not loading correctly ( below snapshot)
apiVersion: apps/v1
kind: Deployment
metadata:
name: atlantis
namespace: atlantis
labels:
app.kubernetes.io/name: atlantis
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: atlantis
template:
metadata:
labels:
app.kubernetes.io/name: atlantis
spec:
containers:
- name: atlantis
image: ghcr.io/runatlantis/atlantis:v0.27.1 # 1. Replace <VERSION> with the most recent release.
env:
- name: ATLANTIS_REPO_ALLOWLIST
value: github.com/**********/test/* # 2. Replace this with your own repo allowlist.
### GitHub Config ###
- name: ATLANTIS_GH_USER
value: test-user # 3i. If you're using GitHub replace <YOUR_GITHUB_USER> with the username of your Atlantis GitHub user without the `@`.
- name: ATLANTIS_GH_TOKEN
valueFrom:
secretKeyRef:
name: atlantis-vcs
key: token
- name: ATLANTIS_GH_WEBHOOK_SECRET
valueFrom:
secretKeyRef:
name: atlantis-vcs
key: webhook-secret
### End GitHub Config ###
- name: ATLANTIS_PORT
value: "4141" # Kubernetes sets an ATLANTIS_PORT variable so we need to override.
ports:
- name: atlantis
containerPort: 4141
resources:
requests:
memory: 512Mi
cpu: 100m
limits:
memory: 512Mi
cpu: 100m
livenessProbe:
# We only need to check every 60s since Atlantis is not a
# high-throughput service.
periodSeconds: 60
httpGet:
path: /healthz
port: 4141
# If using https, change this to HTTPS
scheme: HTTP
readinessProbe:
periodSeconds: 60
httpGet:
path: /healthz
port: 4141
# If using https, change this to HTTPS
scheme: HTTP
---
apiVersion: v1
kind: Service
metadata:
name: atlantis
namespace: atlantis
spec:
type: ClusterIP
ports:
- name: atlantis
port: 80
targetPort: 4141
selector:
app.kubernetes.io/name: atlantis
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: atlantis
namespace: atlantis
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/group.name: atlantis
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:****************
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/ssl-redirect: '443'
spec:
ingressClassName: alb
rules:
- host: atlantis.example.com
http:
paths:
- path: /
pathType: Exact
backend:
service:
name: atlantis
port:
number: 80
The same deployment without ingress, exposing the service as LoadBalancer can load the page correctly
The pathType in the Ingress should Prefix. Since the path is Exact, only the HTML which is actually served at the root path is being served, and other queries are rejected. Prefix type will allow all requests as long as those match the root path
pathType: Prefix
See the following description from the docs:
Path types
Each path in an Ingress is required to have a corresponding path type. Paths that do not include an explicit pathType will fail validation. There are three supported path types:
ImplementationSpecific: With this path type, matching is up to the IngressClass. Implementations can treat this as a separate pathType or treat it identically to Prefix or Exact path types.
Exact: Matches the URL path exactly and with case sensitivity.
Prefix: Matches based on a URL path prefix split by /. Matching is case sensitive and done on a path element by element basis. A path element refers to the list of labels in the path split by the / separator. A request is a match for path p if every p is an element-wise prefix of p of the request path.
Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types