May 15, 2020
When we at Redeploy develop automation solutions or build/deploy pipelines we often need to get hold of our external IP so we can add it to access rules in a firewall or ACL, so that the job/agent has access to the intended cloud service.
There are many services that provides this functionality, but hosting it yourself provides control of availability and credibility. Therefore we decided to develop our own with the goal of it being small in size and easy to host and deploy.
Enter gpip. A microservice that returns the public/external IP of the caller. It's delivered in a container image with the size of 5.84MB.
The API provides two ways to get your IP.
gpip can be hosted in a matter of ways:
Any platform that can pass on source IP, either through the use of headers Forwarded, X-Forwarded-For and X-Real-IP or some other form of manipulating the remote address of the request will do.
In this post we give examples on how to deploy the service to Kubernetes, WebApp for Containers and how to build the binary to deploy it any way you want. Azure Container Instances would have been a good fit. It does not however support forwarding of origin IP at the time of this writing.
Do make sure to have an ingress with an TLS certificate as an entry point to the service. The service relies on an ingress/reverse proxy to handle TLS.
To deploy the service into an AKS cluster (or any Kubernetes kluster) use the following definitions as guidelines. A helm chart is in the works, but for now these will have to do:
And finally an example ingress.
ingress.yaml (example using nginx-ingress)
The ingress configuration is an example, therefore be sure to setup yours with an TLS certificate.
Deploying an App Service plan and a WebApp:
Provision App Service
When the provisioning is complete the service is ready for requests at: $appName.azurewebsites.net.
gpip does not have to be run in a container. Build the binary and host the service in a way you find the most fitting.
That concludes this post and we hope you have enjoyed the read!
If you want to discuss more, connect with me on LinkedIn.