Exposing Spinnaker Sub-Services: Use Apache to Get a Reverse Proxy to All the Internal Sub-Systems

Aug 22, 2016 by Ben Mappen

Spinnaker is a new continuous delivery tool developed originally by Netflix and supported by over 30 developers from Google, Pivotal, Netflix and Microsoft.

Out of the box it comes with very strict control and binds everything to localhost/loopback/127.0.0.1 such that none of it’s sub-services are accessible from an outside machine for security. But in many cases machines are already within a VPN/VPC and services can be free to bind to their IP.

Here are the steps to use Apache to get a reverse proxy to all the internal sub-systems.


aws ec2 run-instances \
--iam-instance-profile Arn=${BASE_IAM_ARN} \
--profile armory \
--image-id ami-01718261 \
--count 1 \
--instance-type m4.xlarge \
--key-name `${SPKR_KEYPAIR} \
--security-group-ids ${SG_ID} \
--region us-west-2

You’ll need to create a ${BASE_IAM_ARN} for Spinnaker to use to create instances and have the correct permissions. Throughout Spinnaker’s documentation you’ll see this called ‘BaseIAMRole’. You’ll also need to create a private/public keypair ${SPKR_KEYPAIR} specific for Spinnaker so that it can log into machines and bake images. You’ll also probably want to put Spinnaker in it’s own security group, so make sure to specify a security group id ${SG_ID}.

You’ll also need to have an m4.xlarge at first because of the memory requirements of Spinnaker. In another post we’ll follow up on how to reduce the memory requirements.

Configure Apache

You’ll first need to get Apache to listen on the all IPv4 addresses on the local machine as currently it only listens to 127.0.0.1.

Start by editing the spinnaker configuration file:
sudo vi /etc/apache2/sites-enabled/spinnaker.conf

Change: <VirtualHost 127.0.0.1:9000> to the following: <VirtualHost 0.0.0.0:9000>

restart Apache so the change can take affect

sudo service apache2 restart

Next you’ll want to make sure that the primary account is enabled and set to the correct roles. Start by editing the local yaml file

sudo vi /opt/spinnaker/config/spinnaker-local.yml

providers:
  aws:
    enabled: true
    defaultRegion: us-west-2
    defaultIAMRole: BaseIAMRole
    primaryCredentials:
      name:test-account

You’ll notice we placed a ‘test-account’ as the primary credentials name. We strongly advise creating a test account within AWS for pilots.

Update Deck

Deck is the system that sits in front of all of the subsystems and is the presentation layer for Spinnaker. We will need to tell Deck that it’s no longer listening to localhost and instead the ec2 service hostname.

deck:
    baseUrl: http://{YOUREC2HOSTNAME}:9000
    gateUrl: ${services.deck.baseUrl}/gate
    bakeryUrl: ${services.deck.baseUrl}/rosco

You can find your EC2 host name in your AWS dashboard. The final step is to reset deck

sudo /opt/spinnaker/bin/reconfigure_spinnaker.sh

You should now be able to access your host on port 9000 from the hostname you gave it earlier {YOUREC2HOSTNAME} given in the update deck step.

Let us know if you run into any problems!

Recently Published Posts

Reduce the Blast Radius of a Bad Deployment with Automated Canary Analysis

May 23, 2022

Software deployment processes differ across organizations, teams, and applications. The most basic, and perhaps the riskiest, is the “big bang deployment.” This strategy updates all nodes within the target environment simultaneously with the new software version. This deployment strategy causes many issues, including potential downtime or other issues while the update is in progress. It […]

Read more

Reliable and Automatic Multi-Target Deployments

May 16, 2022

Multi-target deployments can feel tedious as you deploy the same code over and over to multiple clouds and environments — and none of them in the same way. With an automatic multi-target deployment tool, on the other hand, you do the work once and deliver your code everywhere it needs to be. Armory provides an […]

Read more

Learning out Loud: KubeCon EU edition

May 11, 2022

KubeCon+CloudNativeCon EU is one of the world’s largest tech conferences. Here, users, developers, and companies who have and intend to adopt the Cloud Native standard of running applications with Kubernetes in their organizations come together for 5 days. From May 16-20, 2022, tech enthusiasts will congregate both virtually and in person in Valencia, Spain to […]

Read more