• This blog focus on how to run a spinnaker service( Clouddriver, Echo, etc) behind an HTTP proxy server.
  • For most Spinnaker service communication, this can be accomplished by setting appropriate JVM options for the service you want to proxy. For example, if you wanted to proxy Echo communication for Slack notifications, you would add the following proxy settings to “~/.hal/default/service-settings/echo.yml”

JAVA_OPTS: "-XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -XX:MaxRAMFraction=2
-Dhttp.proxyHost= -Dhttp.proxyPort= -Dhttps.proxyHost=
-Dhttps.proxyPort= -Dhttp.nonProxyHosts='localhost|127.|[::1]|.spinnaker'"

  • These settings will forward all external communication through the proxy server specified while keeping internal traffic non-proxied. Additional information can be found in this Networking document.
  • The Kubernetes V2 provider must be handled differently. Because the Kubernetes V2 provider uses kubectl (which uses curl), you must set environment variablesif you want Kubernetes V2 traffic to be proxied.
  • An example clouddriver.yml that will proxy Kubernetes V2 traffic will look like:

HTTP_PROXY: "proxyaddress:proxyport"
HTTPS_PROXY: "proxyaddress:proxyport"
NO_PROXY: "localhost,,*.spinnaker"

  • If you are using both the V1 and V2 version of the Kubernetes provider, you’ll need to supply both sets of proxy definitions.