Configure Gate and Deck to Run on the Same Hostname
Overview
The SpinnakerTM microservice Gate serves as the API gateway for Armory and is leveraged by the Deck microservice to display various Armory data via a user interface. In order to successfully use the Deck UI, both Deck and Gate must be accessible via DNS. The standard approach to configuring access to both Deck and Gate is to set DNS routing to each service on separate hostnames or separate sub-domains of the same hostname. While this approach is typical, it increases the complexity of both DNS management and Ingress management into Kubernetes.
To simplify both DNS management and Ingress management, Armory can be configured
to serve the Gate microservice on the same hostname as the Deck UI but located
at a sub-path. We recommend configuring the Gate microservice so that it is served from the /api/v1
of the Deck UI hostname when using a single hostname for both Deck and Gate.
Prerequisites for running on the same host
- Deck is accessible at
https://spinnaker.example.com
- Gate is accessible at
https://spinnaker.example.com/api/v1
- Kubernetes Ingress and Service is used to route traffic from these paths to port 8084 on Gate and 9000 on Deck.
Note: Configuring a Kubernetes Ingress and Service is outside the scope of this document.
Configure Spinnaker
-
Set Gate’s server servlet to be aware of its context path at
/api/v1
in yourSpinnakerService
config.Add the following under the
spec.spinnakerConfig.profiles
section:gate: server: servlet: context-path: /api/v1
-
Set Gate’s health endpoint to
/api/v1/health
in yourSpinnakerService
config.Add the following under the
spec.spinnakerConfig.service-settings
section:gate: healthEndpoint: /api/v1/health
-
Update Deck’s URL in your
SpinnakerService
config.Add the following under the
spec.config.security
section:uiSecurity: overrideBaseUrl: https://spinnaker.example.com
-
Update Gate’s URL in your
SpinnakerService
config.Add the following under the
spec.config.security
section:apiSecurity: overrideBaseUrl: https://spinnaker.example.com/api/v1
-
Deploy your
SpinnakerService
config using eitherkubectl
orkustomize
command syntax
-
Set Gate’s server servlet to be aware of its context path at
/api/v1
by creating a file namedgate-local.yml
in theprofiles
directory.# Make the profiles directory if it doesn't already exist mkdir /home/spinnaker/.hal/default/profiles
# Make the gate-local.yml file in the profile directory tee /home/spinnaker/.hal/default/profiles/gate-local.yml <<-'EOF' server: servlet: context-path: /api/v1 EOF
-
Set Gate’s health endpoint to
/api/v1/health
by creating a file namedgate.yml
in theservice-settings
directory.# Make the service-settings directory if it doesn't already exist mkdir /home/spinnaker/.hal/default/service-settings
# Make the gate-local.yml file in the profile directory tee -a /home/spinnaker/.hal/default/profiles/gate-local.yml <<-'EOF' healthEndpoint: /api/v1/health EOF
-
Update Deck’s URL using Halyard command
hal config security ui edit --override-base-url https://spinnaker.example.com
-
Update Gate’s URL using Halyard command
hal config security api edit --override-base-url https://spinnaker.example.com/api/v1
-
Apply the Spinnaker Configuration changes using Halyard command
hal deploy apply
Feedback
Was this page helpful?
Thank you for letting us know!
Sorry to hear that. Please tell us how we can improve.
Last modified May 3, 2021: (e8ee72f)