Skip to main content

Exposing Spinnaker Sub-Services: Use Apache to Get a Reverse Proxy to All the Internal Sub-Systems

Aug 22, 2016 by Ben Mappen

Spinnaker is a new continuous delivery tool developed originally by Netflix and supported by over 30 developers from Google, Pivotal, Netflix and Microsoft.

Out of the box it comes with very strict control and binds everything to localhost/loopback/127.0.0.1 such that none of it’s sub-services are accessible from an outside machine for security. But in many cases machines are already within a VPN/VPC and services can be free to bind to their IP.

Here are the steps to use Apache to get a reverse proxy to all the internal sub-systems.


aws ec2 run-instances \
--iam-instance-profile Arn=${BASE_IAM_ARN} \
--profile armory \
--image-id ami-01718261 \
--count 1 \
--instance-type m4.xlarge \
--key-name `${SPKR_KEYPAIR} \
--security-group-ids ${SG_ID} \
--region us-west-2

You’ll need to create a ${BASE_IAM_ARN} for Spinnaker to use to create instances and have the correct permissions. Throughout Spinnaker’s documentation you’ll see this called ‘BaseIAMRole’. You’ll also need to create a private/public keypair ${SPKR_KEYPAIR} specific for Spinnaker so that it can log into machines and bake images. You’ll also probably want to put Spinnaker in it’s own security group, so make sure to specify a security group id ${SG_ID}.

You’ll also need to have an m4.xlarge at first because of the memory requirements of Spinnaker. In another post we’ll follow up on how to reduce the memory requirements.

Configure Apache

You’ll first need to get Apache to listen on the all IPv4 addresses on the local machine as currently it only listens to 127.0.0.1.

Start by editing the spinnaker configuration file:
sudo vi /etc/apache2/sites-enabled/spinnaker.conf

Change: <VirtualHost 127.0.0.1:9000> to the following: <VirtualHost 0.0.0.0:9000>

restart Apache so the change can take affect

sudo service apache2 restart

Next you’ll want to make sure that the primary account is enabled and set to the correct roles. Start by editing the local yaml file

sudo vi /opt/spinnaker/config/spinnaker-local.yml

providers:
  aws:
    enabled: true
    defaultRegion: us-west-2
    defaultIAMRole: BaseIAMRole
    primaryCredentials:
      name:test-account

You’ll notice we placed a ‘test-account’ as the primary credentials name. We strongly advise creating a test account within AWS for pilots.

Update Deck

Deck is the system that sits in front of all of the subsystems and is the presentation layer for Spinnaker. We will need to tell Deck that it’s no longer listening to localhost and instead the ec2 service hostname.

deck:
    baseUrl: http://{YOUREC2HOSTNAME}:9000
    gateUrl: ${services.deck.baseUrl}/gate
    bakeryUrl: ${services.deck.baseUrl}/rosco

You can find your EC2 host name in your AWS dashboard. The final step is to reset deck

sudo /opt/spinnaker/bin/reconfigure_spinnaker.sh

You should now be able to access your host on port 9000 from the hostname you gave it earlier {YOUREC2HOSTNAME} given in the update deck step.

Let us know if you run into any problems!

Recently Published Posts

October 20, 2021
|
by Jason McIntosh

Monitoring Spinnaker: Part 1

Overview One of the questions that comes up a lot is how you monitor Spinnaker itself.  Not the apps Spinnaker is deploying, but Spinnaker itself and how it’s performing.  This is a question that has a lot of different answers. There are a few guidelines, but many of the answers are the same as how […]

Read more

October 18, 2021
|
by David Morgenthaler

The Importance of Patents: Interview with Nick Petrella, Head of Legal

    In honor of Armory’s recent acquisition of a patent for continuous software deployment, we sat down with Nick Petrella, Head of Legal, for a casual conversation covering a wide range of subjects, from patent law to Nick’s background as a software engineer and why he made the leap to the law. Check out […]

Read more

October 11, 2021
|
by Carl Timm

Armory Agent for Kubernetes Simplifies K8s Complexity

I’ll be upfront with you, I’m a sucker for a good origin story. It’s one of the reasons I spent hours engrossed in the Marvel Cinematic Universe not too long ago.  Rooting for incredibly flawed individuals with an outsized sense of duty and superpowers to back it up….What’s not to love?  My partner has a […]

Read more