On-Premises Broker
Last updated
Last updated
To analyze your on-prem code and container repositories, Heeler requires deploying its on-prem Broker. Deploy the Broker using the Heeler-provided container image and configure it to enable access to your on-prem repositories and connect to the Heeler platform.
Aside from deploying the broker, set up is a two-step process:
Obtain the unique Heeler application credentials for your broker
Configure the Broker to connect to the Heeler platform
To obtain the necessary Heeler application credentials, navigate to Settings and Brokers. Once there, click Add Broker and you will see a modal like below:
At this time, the Heeler Broker supports on-prem analysis of GitLab code repositories and JFrog Artifactory container images.
Assign the Broker a name
Add the repositories under Connections
Click Save
Once saved, the modal will display the Heeler application credentials your Broker will use to communicate with Heeler. The credentials are labeled Key and ID as in the modal below with ID mapping to BROKER_KEY_ID and Key mapping to BROKER_SECRET_KEY:
Save the credentials securely for future use. If lost, you'll have to Generate New credentials and update your Broker configuration accordingly.
Click Done to view the Broker Models listing with your newly added broker. Note that its status will remain Healthy only after connecting with Heeler and starting processing. Once connected and active, broker metrics can be accessed via a dropdown.
Heeler provides an image for you to deploy a Broker on-premise. The image is located at:
You can deploy the image in multiple ways. The Broker has been verified on AWS using ECS and under an ASG. The key requirements are:
The Broker must have a routable URL available to your Gitlab repository. Gitlab will use the URL to send commit notifications to the Broker via webhooks.
The Broker should be able to scale in response to workload. When scaled up, the Broker instances run independently. They pull jobs from Heeler, perform their jobs in isolation, and push their work product when complete. Typical jobs include harvesting data, analyzing a commit, or backfilling data.
Each Broker instance should have a minimum of 4Gb of memory.
The remaining instructions assume you are using ECS to deploy your broker.
Store Broker secrets, i.e., BROKER_KEY_ID and BROKER_SECRET_KEY
AWS allows for ECS env variables to come from AWS Secrets without exposing sensitive values in plain text. We highly recommend storing the BROKER_SECRET_KEY and BROKER_KEY_ID using AWS Secrets and using the ARN of each secret as an environment variable.
If you use AWS Secrets to store these values, then update the ECS task definition with the following:
If you do not use AWS Secrets to store these values, then you will need to provide them as environment variables.
Define Environment Variables
The Broker instances rely upon some environment variables as part of their configuration. These variables can be defined as follows:
Command argument
The Broker instance must be activated via a the command argument:broker. The broker binary is under a specific folder /app/broker. To configure correctly, use:
Once the Broker is operational, return to the Broker Models page in Heeler, where you should see your new Broker with updated status.
