How can i integrate jenkins(which is running on-prem behind a proxy) with spinnaker running in private GKE cluster?

Question

We have one jenkins running in on-prem behind a proxy server.. we want to integrate it with spinnaker(running in GKE) using halyard but we are facing issues in connectivity(VPN is already in place between GCP VPC and on-prem) .. we are getting below error in igor service

2020-07-17 14:18:44.441  INFO 1 --- [   scheduling-1] c.n.s.igor.jenkins.client.JenkinsClient  : ---- ERROR https://jenkins_url/api/xml?tree=jobs[name,lastBuild[actions[failCount,skipCount,totalCount,urlName],duration,number,timestamp,result,building,url],jobs[name,lastBuild[actions[failCount,skipCount,totalCount,urlName],duration,number,timestamp,result,building,url],jobs[name,lastBuild[actions[failCount,skipCount,totalCount,urlName],duration,number,timestamp,result,building,url],jobs[name,lastBuild[actions[failCount,skipCount,totalCount,urlName],duration,number,timestamp,result,building,url],jobs[name,lastBuild[actions[failCount,skipCount,totalCount,urlName],duration,number,timestamp,result,building,url],jobs[name,lastBuild[actions[failCount,skipCount,totalCount,urlName],duration,number,timestamp,result,building,url],jobs[name,lastBuild[actions[failCount,skipCount,totalCount,urlName],duration,number,timestamp,result,building,url],jobs[name,lastBuild[actions[failCount,skipCount,totalCount,urlName],duration,number,timestamp,result,building,url],jobs[name,lastBuild[actions[failCount,skipCount,totalCount,urlName],duration,number,timestamp,result,building,url],jobs[name,lastBuild[actions[failCount,skipCount,totalCount,urlName],duration,number,timestamp,result,building,url]]]]]]]]]]]&exclude=/*/*/*/action[not(totalCount)]
2020-07-17 14:18:44.443  INFO 1 --- [   scheduling-1] c.n.s.igor.jenkins.client.JenkinsClient  : javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
    at java.base/sun.security.ssl.SSLSocketImpl.handleEOF(SSLSocketImpl.java:1321)
    at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1160)
    at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)

And this is our .hal/config .. we can only see this account in spinnaker but it is unable to list the jobs

ci:
    jenkins:
      enabled: true
      masters:
      - name: jenkins-master
        permissions: {}
        address: https://jenkins_url
        username: jenkins_user
        password: api_token
        csrf: true

Can anyone please help here on how to pass proxy username/password/host in igor service yaml ? Because if we do a curl we are getting proper response

curl  -x http://proxy_url:proxy_port --proxy-user user:password https://jenkins_url/api/json --user jenkins_user:api_token

Answer 1

Custom configuration in Spinnaker is done using a Service setting or Spinnaker profile.

You can add JVM environment JDK_JAVA_OPTIONS to Igor using a Service setting to configure proxies at the JVM level, so that Igor requests to your Jenkins installation go through a proxy. This would typically be:

# ~/.hal/default/service-settings/igor.yml

env:
    JDK_JAVA_OPTIONS: -Dhttp.proxyHost=host -Dhttp.proxyPort=port -Dhttp.proxyUser=user -Dhttp.proxyPassword=password

For more JVM Net properties, here's an Oracle documentation. You may also need to

hal deploy apply --service-names=igor