Exposing Spinnaker Sub-Services: Use Apache to Get a Reverse Proxy to All the Internal Sub-Systems

Aug 22, 2016 by Ben Mappen

Spinnaker is a new continuous delivery tool developed originally by Netflix and supported by over 30 developers from Google, Pivotal, Netflix and Microsoft.

Out of the box it comes with very strict control and binds everything to localhost/loopback/127.0.0.1 such that none of it’s sub-services are accessible from an outside machine for security. But in many cases machines are already within a VPN/VPC and services can be free to bind to their IP.

Here are the steps to use Apache to get a reverse proxy to all the internal sub-systems.


aws ec2 run-instances \
--iam-instance-profile Arn=${BASE_IAM_ARN} \
--profile armory \
--image-id ami-01718261 \
--count 1 \
--instance-type m4.xlarge \
--key-name `${SPKR_KEYPAIR} \
--security-group-ids ${SG_ID} \
--region us-west-2

You’ll need to create a ${BASE_IAM_ARN} for Spinnaker to use to create instances and have the correct permissions. Throughout Spinnaker’s documentation you’ll see this called ‘BaseIAMRole’. You’ll also need to create a private/public keypair ${SPKR_KEYPAIR} specific for Spinnaker so that it can log into machines and bake images. You’ll also probably want to put Spinnaker in it’s own security group, so make sure to specify a security group id ${SG_ID}.

You’ll also need to have an m4.xlarge at first because of the memory requirements of Spinnaker. In another post we’ll follow up on how to reduce the memory requirements.

Configure Apache

You’ll first need to get Apache to listen on the all IPv4 addresses on the local machine as currently it only listens to 127.0.0.1.

Start by editing the spinnaker configuration file:
sudo vi /etc/apache2/sites-enabled/spinnaker.conf

Change: <VirtualHost 127.0.0.1:9000> to the following: <VirtualHost 0.0.0.0:9000>

restart Apache so the change can take affect

sudo service apache2 restart

Next you’ll want to make sure that the primary account is enabled and set to the correct roles. Start by editing the local yaml file

sudo vi /opt/spinnaker/config/spinnaker-local.yml

providers:
  aws:
    enabled: true
    defaultRegion: us-west-2
    defaultIAMRole: BaseIAMRole
    primaryCredentials:
      name:test-account

You’ll notice we placed a ‘test-account’ as the primary credentials name. We strongly advise creating a test account within AWS for pilots.

Update Deck

Deck is the system that sits in front of all of the subsystems and is the presentation layer for Spinnaker. We will need to tell Deck that it’s no longer listening to localhost and instead the ec2 service hostname.

deck:
    baseUrl: http://{YOUREC2HOSTNAME}:9000
    gateUrl: ${services.deck.baseUrl}/gate
    bakeryUrl: ${services.deck.baseUrl}/rosco

You can find your EC2 host name in your AWS dashboard. The final step is to reset deck

sudo /opt/spinnaker/bin/reconfigure_spinnaker.sh

You should now be able to access your host on port 9000 from the hostname you gave it earlier {YOUREC2HOSTNAME} given in the update deck step.

Let us know if you run into any problems!

Share this post:

Recently Published Posts

Navigating AWS Deployment Targets with Armory

Jan 20, 2023

Many organizations look to Amazon Web Services (AWS) to host and deploy their applications in the cloud. However, they’re finding that their deployment tooling, often built as an extension of their legacy continuous integration (CI), is one of the main impediments to adopting cloud services.  Custom-scripted production pipelines built with in-house tooling need to be […]

Read more

Release Roundup – January 2023

Jan 11, 2023

Get the latest product news on Continuous Deployment-as-a-Service and the most recent release for Continuous Deployment Self Hosted, 2.28.2. Welcome to 2023!  Just like every organization, Armory is looking for ways to improve our practices and deliver more value (and faster!) to you, our customers. That’s why our engineering team is working to deliver features, […]

Read more

Learn Continuous Deployment with Armory and Wilco

Jan 6, 2023

Armory is excited to announce we have launched an interactive, narrative-driven developer experience that teaches continuous deployment concepts. And now you can try it out for yourself! Wilco, also known as the “flight simulator” for software developers, allows companies to create engaging interactive developer challenges (called quests) that enable developers to acquire and practice skills […]

Read more