Running a Spinnaker service behind HTTP proxy server

This blog focus on how to run a spinnaker service( Clouddriver, Echo, etc) behind an HTTP proxy server.

For most Spinnaker service communication, this can be accomplished by setting appropriate JVM options for the service you want to proxy. For example, if you wanted to proxy Echo communication for Slack notifications, you would add the following proxy settings to “~/.hal/default/service-settings/echo.yml”

env:
JAVA_OPTS: "-XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -XX:MaxRAMFraction=2
-Dhttp.proxyHost= -Dhttp.proxyPort= -Dhttps.proxyHost=
-Dhttps.proxyPort= -Dhttp.nonProxyHosts='localhost|127.|[::1]|.spinnaker'"

These settings will forward all external communication through the proxy server specified while keeping internal traffic non-proxied. 

 

In addition, the Kubernetes V2 provider must be handled differently because the Kubernetes V2 provider uses kubectl (which uses curl). You must set environment variables if you want Kubernetes V2 traffic to be proxied in clouddriver. In addition to the above JAVA_OPTS section, these extra env needs to be added to clouddriver.yml to proxy Kubernetes V2 provider traffic:

env:
HTTP_PROXY: "proxyaddress:proxyport"
HTTPS_PROXY: "proxyaddress:proxyport"
NO_PROXY: "localhost,127.0.0.1,*.spinnaker"

Leave a Comment

Your email address will not be published.

You may like