Skip to main content

Exposing Spinnaker Sub-Services: Use Apache to Get a Reverse Proxy to All the Internal Sub-Systems

Spinnaker is a new continuous delivery tool developed originally by Netflix and supported by over 30 developers from Google, Pivotal, Netflix and Microsoft.

Out of the box it comes with very strict control and binds everything to localhost/loopback/127.0.0.1 such that none of it’s sub-services are accessible from an outside machine for security. But in many cases machines are already within a VPN/VPC and services can be free to bind to their IP.

Here are the steps to use Apache to get a reverse proxy to all the internal sub-systems.


aws ec2 run-instances \
--iam-instance-profile Arn=${BASE_IAM_ARN} \
--profile armory \
--image-id ami-01718261 \
--count 1 \
--instance-type m4.xlarge \
--key-name `${SPKR_KEYPAIR} \
--security-group-ids ${SG_ID} \
--region us-west-2

You’ll need to create a ${BASE_IAM_ARN} for Spinnaker to use to create instances and have the correct permissions. Throughout Spinnaker’s documentation you’ll see this called ‘BaseIAMRole’. You’ll also need to create a private/public keypair ${SPKR_KEYPAIR} specific for Spinnaker so that it can log into machines and bake images. You’ll also probably want to put Spinnaker in it’s own security group, so make sure to specify a security group id ${SG_ID}.

You’ll also need to have an m4.xlarge at first because of the memory requirements of Spinnaker. In another post we’ll follow up on how to reduce the memory requirements.

Configure Apache

You’ll first need to get Apache to listen on the all IPv4 addresses on the local machine as currently it only listens to 127.0.0.1.

Start by editing the spinnaker configuration file:
sudo vi /etc/apache2/sites-enabled/spinnaker.conf

Change: <VirtualHost 127.0.0.1:9000> to the following: <VirtualHost 0.0.0.0:9000>

restart Apache so the change can take affect

sudo service apache2 restart

Next you’ll want to make sure that the primary account is enabled and set to the correct roles. Start by editing the local yaml file

sudo vi /opt/spinnaker/config/spinnaker-local.yml

providers:
  aws:
    enabled: true
    defaultRegion: us-west-2
    defaultIAMRole: BaseIAMRole
    primaryCredentials:
      name:test-account

You’ll notice we placed a ‘test-account’ as the primary credentials name. We strongly advise creating a test account within AWS for pilots.

Update Deck

Deck is the system that sits in front of all of the subsystems and is the presentation layer for Spinnaker. We will need to tell Deck that it’s no longer listening to localhost and instead the ec2 service hostname.

deck:
    baseUrl: http://{YOUREC2HOSTNAME}:9000
    gateUrl: ${services.deck.baseUrl}/gate
    bakeryUrl: ${services.deck.baseUrl}/rosco

You can find your EC2 host name in your AWS dashboard. The final step is to reset deck

sudo /opt/spinnaker/bin/reconfigure_spinnaker.sh

You should now be able to access your host on port 9000 from the hostname you gave it earlier {YOUREC2HOSTNAME} given in the update deck step.

Let us know if you run into any problems!

May 11, 2021
|
by Nikema Prophet

#SpeedOfLife First Week Recap

It Begins We started the #SpeedOfLife campaign last week, yay! It has been a bumpy start but we’re happily moving forward. The first person I spoke with about delivering software at the speed of life was our CEO at Armory, DROdio. I posted a snippet of our conversation on Twitter last week and here that […]

Read more

May 4, 2021
|
by Nikema Prophet

What Does It Mean To Deliver Software At The #SpeedOfLife?

In this blog post, I’m excited to announce the #SpeedOfLife campaign that I will be leading for the month of May. I’m looking forward to getting to know more of the awesome people who make up our DevOps community. What is #SpeedOfLife? #SpeedOfLife is a social campaign meant to highlight users and experts in the […]

Read more

April 23, 2021
|
by Chad Tripod

Armory Enterprise install in 10 minutes

I was introduced to Armory and the open-source project Spinnaker a little over 18 months ago.  Up to that point, I’d worked with numerous open-source and proprietary software and was a specialist in application delivery and data analytics.  I immediately found out that Spinnaker was the continuous delivery platform of choice for many large scale […]

Read more