{"id":1957,"date":"2022-01-31T06:45:59","date_gmt":"2022-01-31T06:45:59","guid":{"rendered":"https:\/\/blog.samarthya.me\/wps\/?p=1957"},"modified":"2022-02-05T15:48:06","modified_gmt":"2022-02-05T15:48:06","slug":"spinnaker","status":"publish","type":"post","link":"https:\/\/blog.samarthya.me\/wps\/2022\/01\/31\/spinnaker\/","title":{"rendered":"Spinnaker: Install &#038; Configure"},"content":{"rendered":"\n<p><code>Spinnaker<\/code> is an <code>open-source<\/code> <strong><em><span style=\"text-decoration: underline;\">continuous delivery<\/span><\/em><\/strong> platform which provides two core set of features<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Application Management<\/li><li>Application deployment<\/li><\/ol>\n\n\n\n<div class=\"wp-block-image is-style-default\"><figure class=\"aligncenter size-large is-resized\"><img fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/spinnaker.io\/docs\/concepts\/clusters.png\" alt=\"\" width=\"651\" height=\"528\"\/><figcaption><a href=\"https:\/\/spinnaker.io\/docs\/concepts\/#application\">Applications<\/a>&nbsp;,&nbsp;<a href=\"https:\/\/spinnaker.io\/docs\/concepts\/#cluster\">clusters<\/a>&nbsp;, and&nbsp;<a href=\"https:\/\/spinnaker.io\/docs\/concepts\/#server-group\">server groups<\/a>&nbsp;are the key concepts Spinnaker uses to describe your services.&nbsp;<\/figcaption><\/figure><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"key-concepts\">Key Concepts<\/h2>\n\n\n\n<p class=\"has-white-color has-vivid-cyan-blue-background-color has-text-color has-background\">Some of the key concepts in the spinnaker universe are covered as under<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"halyard\">Halyard<\/h3>\n\n\n\n<p><a href=\"https:\/\/spinnaker.io\/docs\/reference\/halyard\/\">Halyard<\/a> is a tool for configuring, installing, and updating Spinnaker. This is one tool that you will utilize while setting up the Spinnaker itself for providers, configuration etc.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"halconfig\">Halconfig<\/h3>\n\n\n\n<p>The Halconfig is the source of all configuration for your Deployment of Spinnaker.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"deployments\">Deployments<a href=\"https:\/\/spinnaker.io\/docs\/reference\/halyard\/#deployments\"><\/a><\/h3>\n\n\n\n<p>A Deployment within Halyard is a single, isolated, deployed\/installed &amp; configured Spinnaker. The deployments are referenced by name, and the default name for your first Deployment is&nbsp;<code>\"default\"<\/code>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"artifacts\">Artifacts<a href=\"https:\/\/spinnaker.io\/docs\/reference\/halyard\/#artifacts\"><\/a><\/h3>\n\n\n\n<p>Artifacts are unconfigured, versioned, prebuilt deployables consumed by Halyard.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"services\">Services<a href=\"https:\/\/spinnaker.io\/docs\/reference\/halyard\/#services\"><\/a><\/h3>\n\n\n\n<p>Services are the combination of an Artifact, with a set of Profiles that apply to that Artifact.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"profiles\">Profiles<a href=\"https:\/\/spinnaker.io\/docs\/reference\/halyard\/#profiles\"><\/a><\/h3>\n\n\n\n<p>Profiles are configuration files applied to Artifacts to make them run in some desired fashion.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"application\">Application<\/h3>\n\n\n\n<p>A <code>Spinnaker<\/code> application represents a service that you are going to deploy (typically a <code>microservice<\/code>). It includes<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>The pipeline that process the service through to deployment in production<\/li><li>The infra on which the service runs<\/li><li>Canary configs<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-pullquote has-white-color has-text-color has-background\" style=\"background:linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 50%)\"><blockquote><p>An application&nbsp;<em>represents<\/em>&nbsp;the service which you are going to deploy using Spinnaker, all configuration for that service, and all the infrastructure on which it will run.<\/p><cite>from the official documentation<\/cite><\/blockquote><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"cluster\">Cluster<\/h3>\n\n\n\n<p>Clusters are logical groupings for <code>Server Groups<\/code><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"server-group\">Server Group<\/h3>\n\n\n\n<p>Identifies the deployable artifact and basic configuration settings such as number of instances, auto scaling policies, metadata, etc.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"load-balancer\">Load balancer<\/h3>\n\n\n\n<p>A&nbsp;<em>Load Balancer<\/em>&nbsp;is associated with an ingress protocol and port range.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"pipeline\">Pipeline<\/h3>\n\n\n\n<p>It is the key deployment management construct in <code>spinnaker<\/code>. It consists of sequence of actions known as <code>stages<\/code>. One can pass arguments from stage to stage along the pipeline. <\/p>\n\n\n\n<p>You can start a pipeline manually, or you can configure it to be automatically triggered by an event, such as a Jenkins job completing, a new Docker image appearing in your registry, a CRON schedule, or a stage in another pipeline<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/spinnaker.io\/docs\/concepts\/pipelines.png\" alt=\"\"\/><figcaption>Sample Pipeline<\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"stage\">Stage<\/h3>\n\n\n\n<p>A&nbsp;<em>Stage<\/em>&nbsp;in <code>Spinnaker<\/code> is a collection of <strong>sequential Tasks<\/strong> and composed Stages that describe a higher-level action the Pipeline will perform either linearly or in parallel. <\/p>\n\n\n\n<figure class=\"wp-block-pullquote has-border-color has-pale-pink-border-color has-black-color has-pale-pink-background-color has-text-color has-background\"><blockquote><p>The work done by a pipeline can be divided into smaller, customizable blocks called stages.<\/p><cite>Spinnaker<\/cite><\/blockquote><\/figure>\n\n\n\n<div class=\"wp-block-image is-style-default\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"1024\" height=\"133\" src=\"https:\/\/blog.samarthya.me\/wps\/wp-content\/uploads\/2022\/02\/Screenshot-2022-02-04-at-10.25.14-PM-1024x133.png\" alt=\"\" class=\"wp-image-2028\" srcset=\"https:\/\/blog.samarthya.me\/wps\/wp-content\/uploads\/2022\/02\/Screenshot-2022-02-04-at-10.25.14-PM-1024x133.png 1024w, https:\/\/blog.samarthya.me\/wps\/wp-content\/uploads\/2022\/02\/Screenshot-2022-02-04-at-10.25.14-PM-300x39.png 300w, https:\/\/blog.samarthya.me\/wps\/wp-content\/uploads\/2022\/02\/Screenshot-2022-02-04-at-10.25.14-PM-1536x200.png 1536w, https:\/\/blog.samarthya.me\/wps\/wp-content\/uploads\/2022\/02\/Screenshot-2022-02-04-at-10.25.14-PM-2048x266.png 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption>Example Pipeline: With two stages (Helm &amp; Deploy)<\/figcaption><\/figure><\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"task\">Task<\/h3>\n\n\n\n<p>An automatic function to perform.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" src=\"https:\/\/spinnaker.io\/docs\/concepts\/deployment-strategies.png\" alt=\"\"\/><figcaption>Deployment Strategies<\/figcaption><\/figure><\/div>\n\n\n\n<h2 class=\"has-text-align-right wp-block-heading\" id=\"installation-spinnaker\"><span style=\"text-decoration: underline;\">Installation: <code>spinnaker<\/code><\/span><\/h2>\n\n\n\n<p>If you follow the official documentation you can follow the steps below<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"step-1-make-the-local-directory\">Step 1: Make the local directory<\/h3>\n\n\n\n<p>This directory will contain persistent configuration for the docker instance<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir ~\/.hal<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-pullquote has-border-color has-pale-pink-border-color has-white-color has-text-color has-background\" style=\"background:linear-gradient(29deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%)\"><blockquote><p>Make sure DOCKER CE is installed<\/p><cite>Official documentation<\/cite><\/blockquote><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"dry-run\">Dry Run<\/h3>\n\n\n\n<p>Run the docker in console mode<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker run -p 8084:8084 -p 9000:9000 \\\n&gt;     --name halyard --rm \\\n&gt;     -v ~\/.hal:\/home\/spinnaker\/.hal \\\n&gt;     -it \\\n&gt;     us-docker.pkg.dev\/spinnaker-community\/docker\/halyard:stable<\/code><\/pre>\n\n\n\n<p>On your machine the output might differ, but on my machine it shows output like below<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Unable to find image 'us-docker.pkg.dev\/spinnaker-community\/docker\/halyard:stable' locally\nstable: Pulling from spinnaker-community\/docker\/halyard\nddad3d7c1e96: Pull complete \nb339b23b94dc: Pull complete \nbb8983c8f410: Pull complete \ned37ba1fd206: Pull complete \n94b0a1cd90d7: Pull complete \n90b860836694: Pull complete \n2bccfaf2a897: Pull complete \naeb9ec2e705a: Pull complete \nDigest: sha256:51bab15c373271f41db44bd5e9392e53183ab5238497339d3b36c065c0bb4039\nStatus: Downloaded newer image for us-docker.pkg.dev\/spinnaker-community\/docker\/halyard:stable\nWARNING: An illegal reflective access operation has occurred\nWARNING: Illegal reflective access by org.codehaus.groovy.reflection.CachedClass (file:\/opt\/halyard\/lib\/groovy-2.5.11.jar) to method java.lang.Object.finalize()\nWARNING: Please consider reporting this to the maintainers of org.codehaus.groovy.reflection.CachedClass\nWARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations\nWARNING: All illegal access operations will be denied in a future release\n _           _                     _\n| |__   __ _| |_   _  __ _ _ __ __| |\n| '_ \\ \/ _` | | | | |\/ _` | '__\/ _` |\n| | | | (_| | | |_| | (_| | | | (_| |\n|_| |_|\\__,_|_|\\__, |\\__,_|_|  \\__,_|\n               |___\/\n\n2022-01-31 06:50:16.696  INFO 1 --- &#91;           main] com.netflix.spinnaker.halyard.Main       : The following profiles are active: composite,test,local\n2022-01-31 06:50:17.604  INFO 1 --- &#91;           main] o.s.c.a.ConfigurationClassParser         : Properties location &#91;file:\/opt\/spinnaker\/hal.properties] not resolvable: \/opt\/spinnaker\/hal.properties (No such file or directory)\n2022-01-31 06:50:18.766  INFO 1 --- &#91;           main] i.g.r.utils.RxJava2OnClasspathCondition  : RxJava2 related Aspect extensions are not activated, because RxJava2 is not on the classpath.\n2022-01-31 06:50:18.768  INFO 1 --- &#91;           main] i.g.r.utils.ReactorOnClasspathCondition  : Reactor related Aspect extensions are not activated because Reactor is not on the classpath.\n2022-01-31 06:50:18.790  INFO 1 --- &#91;           main] i.g.r.utils.RxJava2OnClasspathCondition  : RxJava2 related Aspect extensions are not activated, because RxJava2 is not on the classpath.\n2022-01-31 06:50:18.791  INFO 1 --- &#91;           main] i.g.r.utils.ReactorOnClasspathCondition  : Reactor related Aspect extensions are not activated because Reactor is not on the classpath.\n2022-01-31 06:50:18.824  INFO 1 --- &#91;           main] i.g.r.utils.RxJava2OnClasspathCondition  : RxJava2 related Aspect extensions are not activated, because RxJava2 is not on the classpath.\n2022-01-31 06:50:18.825  INFO 1 --- &#91;           main] i.g.r.utils.ReactorOnClasspathCondition  : Reactor related Aspect extensions are not activated because Reactor is not on the classpath.\n2022-01-31 06:50:18.849  INFO 1 --- &#91;           main] i.g.r.utils.RxJava2OnClasspathCondition  : RxJava2 related Aspect extensions are not activated, because RxJava2 is not on the classpath.\n2022-01-31 06:50:18.850  INFO 1 --- &#91;           main] i.g.r.utils.ReactorOnClasspathCondition  : Reactor related Aspect extensions are not activated because Reactor is not on the classpath.\n2022-01-31 06:50:18.872  INFO 1 --- &#91;           main] i.g.r.utils.RxJava2OnClasspathCondition  : RxJava2 related Aspect extensions are not activated, because RxJava2 is not on the classpath.\n2022-01-31 06:50:18.873  INFO 1 --- &#91;           main] i.g.r.utils.ReactorOnClasspathCondition  : Reactor related Aspect extensions are not activated because Reactor is not on the classpath.\n2022-01-31 06:50:19.928  INFO 1 --- &#91;           main] o.s.cloud.context.scope.GenericScope     : BeanFactory id=de0afe5b-913c-336b-9983-da4375d1e45e\n2022-01-31 06:50:20.402  INFO 1 --- &#91;           main] trationDelegate$BeanPostProcessorChecker : Bean 's3SecretEngine' of type &#91;com.netflix.spinnaker.kork.secrets.engines.S3SecretEngine] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)\n2022-01-31 06:50:20.406  INFO 1 --- &#91;           main] trationDelegate$BeanPostProcessorChecker : Bean 'secretsManagerSecretEngine' of type &#91;com.netflix.spinnaker.kork.secrets.engines.SecretsManagerSecretEngine] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)\n2022-01-31 06:50:20.407  INFO 1 --- &#91;           main] trationDelegate$BeanPostProcessorChecker : Bean 'gcsSecretEngine' of type &#91;com.netflix.spinnaker.kork.secrets.engines.GcsSecretEngine] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)\n2022-01-31 06:50:20.407  INFO 1 --- &#91;           main] trationDelegate$BeanPostProcessorChecker : Bean 'noopSecretEngine' of type &#91;com.netflix.spinnaker.kork.secrets.engines.NoopSecretEngine] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)\n2022-01-31 06:50:20.411  INFO 1 --- &#91;           main] trationDelegate$BeanPostProcessorChecker : Bean 'secretEngineRegistry' of type &#91;com.netflix.spinnaker.kork.secrets.SecretEngineRegistry] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)\n2022-01-31 06:50:20.412  INFO 1 --- &#91;           main] trationDelegate$BeanPostProcessorChecker : Bean 'secretManager' of type &#91;com.netflix.spinnaker.kork.secrets.SecretManager] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)\n2022-01-31 06:50:21.591  INFO 1 --- &#91;           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 8064 (http)\n2022-01-31 06:50:21.615  INFO 1 --- &#91;           main] o.apache.catalina.core.StandardService   : Starting service &#91;Tomcat]\n2022-01-31 06:50:21.616  INFO 1 --- &#91;           main] org.apache.catalina.core.StandardEngine  : Starting Servlet engine: &#91;Apache Tomcat\/9.0.31]\n2022-01-31 06:50:21.964  INFO 1 --- &#91;           main] o.a.c.c.C.&#91;Tomcat].&#91;localhost].&#91;\/]       : Initializing Spring embedded WebApplicationContext\n2022-01-31 06:50:21.964  INFO 1 --- &#91;           main] o.s.web.context.ContextLoader            : Root WebApplicationContext: initialization completed in 5248 ms\n2022-01-31 06:50:23.929  INFO 1 --- &#91;           main] c.g.a.oauth2.ComputeEngineCredentials    : Failed to detect whether we are running on Google Compute Engine.\n2022-01-31 06:50:25.048  INFO 1 --- &#91;           main] f.a.AutowiredAnnotationBeanPostProcessor : Autowired annotation should only be used on methods with parameters: public java.util.List com.netflix.spinnaker.halyard.deploy.spinnaker.v1.service.distributed.google.GoogleConsulServerService.getScopes()\n2022-01-31 06:50:26.179  WARN 1 --- &#91;           main] uration$JodaDateTimeJacksonConfiguration : Auto-configuration of Jackson's Joda-Time integration is deprecated in favor of using java.time (JSR-310).\n2022-01-31 06:50:26.270  INFO 1 --- &#91;           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'applicationTaskExecutor'\n2022-01-31 06:50:28.093  INFO 1 --- &#91;           main] .s.s.UserDetailsServiceAutoConfiguration : \n\nUsing generated security password: da34490b-87a2-4cbe-9688-db7dfec3f1ce\n\n2022-01-31 06:50:28.364  INFO 1 --- &#91;           main] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest$EndpointRequestMatcher@702a2c6e, &#91;org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@214ef199, org.springframework.security.web.context.SecurityContextPersistenceFilter@165e3835, org.springframework.security.web.header.HeaderWriterFilter@682f9202, org.springframework.security.web.csrf.CsrfFilter@2f9b24ae, org.springframework.security.web.authentication.logout.LogoutFilter@5fca8642, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@1d0544b3, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@6b3decaa, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@63d478a7, org.springframework.security.web.session.SessionManagementFilter@2453e3ce, org.springframework.security.web.access.ExceptionTranslationFilter@6f3059ad, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@54f3fd30]\n2022-01-31 06:50:28.370  INFO 1 --- &#91;           main] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: any request, &#91;org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@f5b079f, org.springframework.security.web.context.SecurityContextPersistenceFilter@2c127caf, org.springframework.security.web.header.HeaderWriterFilter@5d7b3a93, org.springframework.security.web.authentication.logout.LogoutFilter@77e03d01, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@6c238208, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@680882bd, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@cfdd1c4, org.springframework.security.web.session.SessionManagementFilter@26b01384, org.springframework.security.web.access.ExceptionTranslationFilter@47e0e23f, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@48c2391]\n2022-01-31 06:50:28.427  WARN 1 --- &#91;           main] .b.a.g.t.GroovyTemplateAutoConfiguration : Cannot find template location: classpath:\/templates\/ (please add some templates, check your Groovy configuration, or set spring.groovy.template.check-template-location=false)\n2022-01-31 06:50:28.952  INFO 1 --- &#91;           main] o.s.b.a.e.web.EndpointLinksResolver      : Exposing 6 endpoint(s) beneath base path ''\n2022-01-31 06:50:29.132  WARN 1 --- &#91;           main] c.n.s.k.d.NoDiscoveryStatusPublisher     : No service discovery client is available, assuming application is UP\n2022-01-31 06:50:29.134  INFO 1 --- &#91;           main] c.n.s.k.d.DiscoveryStatusListener        : Instance status has changed to UP in service discovery\n2022-01-31 06:50:29.172  INFO 1 --- &#91;           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8064 (http) with context path ''\n2022-01-31 06:50:29.178  INFO 1 --- &#91;           main] com.netflix.spinnaker.halyard.Main       : Started Main in 15.719 seconds (JVM running for 16.719)<\/code><\/pre>\n\n\n\n<p>Press <code>Ctrl + c<\/code> to break to console and since we had used <code>--rm<\/code> the residue would be cleaned. and now run it in detached mode<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker run -p 8084:8084 -p 9000:9000  --name halyard --rm  -v ~\/.hal:\/home\/spinnaker\/.hal  -d   us-docker.pkg.dev\/spinnaker-community\/docker\/halyard:stable<\/code><\/pre>\n\n\n\n<p class=\"has-white-color has-vivid-cyan-blue-background-color has-text-color has-background\">To use a local <code>.\/kube\/config<\/code> file you can copy that to the folder <code>~\/.hal<\/code> and mount it before you run the pod.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker run -p 8084:8084 -p 9000:900 --name halyard --rm -v ~\/.hal\/config:\/home\/spinnaker\/.kube\/config -d us-docker.pkg.dev\/spinnaker-community\/docker\/halyard:stable<\/code><\/pre>\n\n\n\n<p>You can validate by attaching the terminal to the container and running <code>kubectl get nodes<\/code> to check if it can show the output.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker exec -it halyard bash<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>&gt; kubectl get nodes\nThe connection to the server localhost:8080 was refused - did you specify the right host or port?<\/code><\/pre>\n\n\n\n<p>If you see the error as above that means the kubernetes configuration has issues. Check the logs &amp; permission of the file before you proceed further.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"time-to-choose-the-provider-k8s\">Time to choose the provider: (<code>k8s<\/code>)<\/h2>\n\n\n\n<p>In my case it is a local <a rel=\"noreferrer noopener\" href=\"https:\/\/spinnaker.io\/docs\/setup\/install\/providers\/kubernetes-v2\/\" target=\"_blank\">K8S cluster<\/a><\/p>\n\n\n\n<p>Kubernetes provider has 2 key requirements<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>The&nbsp;<code>kubeconfig<\/code>&nbsp;file allows Spinnaker to authenticate against your cluster and to have read\/write access to any resources you expect it to manage.<\/li><li>Spinnaker relies on&nbsp;<code>kubectl<\/code>&nbsp;to manage all API access.<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-a-service-account\">Create a <code>Service Account<\/code><\/h3>\n\n\n\n<p>When you access the cluster (for example, using&nbsp;<code>kubectl<\/code>), you are authenticated by the <code>apiserver<\/code> as a particular <code>User Account<\/code> (usually&nbsp;<code>admin<\/code>). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account.<\/p>\n\n\n\n<figure class=\"wp-block-pullquote has-white-color has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background has-text-color has-background\"><blockquote><p>A service account provides an identity for processes that run in a Pod.<\/p><cite>Service Account<\/cite><\/blockquote><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>export CONTEXT=$(kubectl config current-context)<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>echo $CONTEXT\nkubernetes-admin@kubernetes<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl apply --context $CONTEXT -f https:\/\/spinnaker.io\/downloads\/kubernetes\/service-account.yml<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>export TOKEN=$(kubectl get secret --context $CONTEXT \\\n&gt;    $(kubectl get serviceaccount spinnaker-service-account \\\n&gt;        --context $CONTEXT \\\n&gt;        -n spinnaker \\\n&gt;        -o jsonpath='{.secrets&#91;0].name}') \\\n&gt;    -n spinnaker \\\n&gt;    -o jsonpath='{.data.token}' | base64 --decode)\n\n\nroot@master&gt;echo $TOKEN\neyJhbGciOiJSUzI1NiIsImtpZCI6IkNYTkNTTzR6TldMMFlITG5xV3U3VU5DTG5VLUkwTk9VclVrLXJGdGpiQUkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJzcGlubmFrZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoic3Bpbm5ha2VyLXNlcnZpY2UtYWNjb3VudC10b2tlbi1xZG40OCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJzcmljZS1hY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMTViZThmMGUtYWMyOC00ZjlkLThmZjQtMjlhZTcXItc2VydmljZS1hY2NvdW50In0.qWIGZ_tqlar0h4DCX-DAnVUnFPuNIQzoxMNkuND5lQRZuvCQjTkeKX8GAljN25RwfemDwrJNkHqnDgcP4EQ08Wn4LGLD_2c3Ykd7y1a9gJ4OoL4hj5ETFQzlnTCBFoiL5jZdnH-bCq8AzWeInj62D2XWM--dfqhoHul3Fc7U7fBqekoOVkz2zmjUzPmhRTNvnNFDJtZpb8A0ZSqP6MBxIO3eBTIe22PEvTLuV7fQ<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>&gt;kubectl config set-credentials ${CONTEXT}-token-user --token $TOKEN\nUser \"kubernetes-admin@kubernetes-token-user\" set.\n\n&gt;kubectl config set-context $CONTEXT --user ${CONTEXT}-token-user\nContext \"kubernetes-admin@kubernetes\" modified.<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"accounts\">Accounts<\/h3>\n\n\n\n<p>A Spinnaker&nbsp;<a href=\"https:\/\/spinnaker.io\/docs\/concepts\/concepts-providers\/#accounts\">Account<\/a>&nbsp;maps to a credential that can authenticate against your Kubernetes Cluster.<\/p>\n\n\n\n<figure class=\"wp-block-pullquote has-white-color has-vivid-cyan-blue-background-color has-text-color has-background\"><blockquote><p>Spinnaker\u2019s Kubernetes provider fully supports Kubernetes-native, manifest-based deployments and is the recommended provider for deploying to Kubernetes with Spinnaker.<\/p><cite>Official documentation<\/cite><\/blockquote><\/figure>\n\n\n\n<p>Adding account<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>hal config provider kubernetes enable<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>hal config provider kubernetes account add my-k8s --provider-version v2 --context $(kubectl config current-context)<\/code><\/pre>\n\n\n\n<p>You can view the account added by doing a listing<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>bash-5.0$ hal config provider kubernetes account list\n+ Get current deployment\n  Success\n+ Get the kubernetes provider\n  Success\n+ Accounts for kubernetes:\n  - my-k8s\n  - my-k8s-account<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"ingress\">Ingress<\/h3>\n\n\n\n<p>I will expose the deck &amp; gate over ingress so had to first publish an ingress<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apiVersion: networking.k8s.io\/v1\nkind: Ingress\nmetadata:\n  annotations:\n    haproxy.org\/cors-allow-origin: \"*.devops.com\"\n    haproxy.org\/ingress.class: haproxy\n    cert-manager.io\/issuer: \"spinnaker-selfsigned\"\n    cert-manager.io\/common-name: \"devops.com\"\n  name: spinnaker-ingress\n  namespace: spinnaker\nspec:\n  ingressClassName: haproxy\n  rules:\n  - host: ui.devops.com\n    http:\n      paths:\n      - backend:\n          service:\n            name: spin-deck\n            port:\n              number: 9000\n        path: \/\n        pathType: Prefix\n  - host: api.devops.com\n    http:\n      paths:\n      - backend:\n          service:\n            name: spin-gate\n            port:\n              number: 8084\n        path: \/\n        pathType: Prefix\n  tls:\n  - hosts:\n    - ui.devops.com\n    - api.devops.com\n    secretName: devops.com<\/code><\/pre>\n\n\n\n<p>Looking at the deployed ingress<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>k get ing -n spinnaker\nNAME                CLASS     HOSTS                          ADDRESS         PORTS     AGE\nspinnaker-ingress   haproxy   ui.devops.com,api.devops.com   10.98.117.100   80, 443   20m<\/code><\/pre>\n\n\n\n<p>Since there will be two domains interacting let&#8217;s enable the <code>CORS<\/code><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>hal config security api edit  --cors-access-pattern=https:\/\/ui.devops.com<\/code><\/pre>\n\n\n\n<p>Configure the base URL&#8217;s<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>hal config security ui edit --override-base-url=https:\/\/ui.devops.com\nhal config security api edit --override-base-url=https:\/\/api.devops.com<\/code><\/pre>\n\n\n\n<p>Do the <code>apply<\/code><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>+ Get current deployment\n  Success\n+ Prep deployment\n  Success\nValidation in default.features:\n- WARNING Field Features.artifacts not supported for Spinnaker\n  version 1.26.6: Artifacts are now enabled by default.\n? You no longer need this.\n\nValidation in default.stats:\n- INFO Stats are currently ENABLED. Usage statistics are being\n  collected. Thank you! These stats inform improvements to the product, and that\n  helps the community. To disable, run `hal config stats disable`. To learn more\n  about what and how stats data is used, please see\n  https:&#47;&#47;www.spinnaker.io\/community\/stats.\n\n+ Preparation complete... deploying Spinnaker\n+ Get current deployment\n  Success\n+ Apply deployment\n  Success\n+ Deploy spin-redis\n  Success\n+ Deploy spin-clouddriver\n  Success\n+ Deploy spin-front50\n  Success\n+ Deploy spin-orca\n  Success\n+ Deploy spin-deck\n  Success\n+ Deploy spin-echo\n  Success\n+ Deploy spin-gate\n  Success\n+ Deploy spin-rosco\n  Success\n+ Run `hal deploy connect` to connect to Spinnaker.<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large is-style-default\"><img decoding=\"async\" width=\"1024\" height=\"492\" src=\"https:\/\/blog.samarthya.me\/wps\/wp-content\/uploads\/2022\/02\/Screenshot-2022-02-01-at-3.08.11-PM-1024x492.png\" alt=\"\" class=\"wp-image-1976\" srcset=\"https:\/\/blog.samarthya.me\/wps\/wp-content\/uploads\/2022\/02\/Screenshot-2022-02-01-at-3.08.11-PM-1024x492.png 1024w, https:\/\/blog.samarthya.me\/wps\/wp-content\/uploads\/2022\/02\/Screenshot-2022-02-01-at-3.08.11-PM-300x144.png 300w, https:\/\/blog.samarthya.me\/wps\/wp-content\/uploads\/2022\/02\/Screenshot-2022-02-01-at-3.08.11-PM-1536x738.png 1536w, https:\/\/blog.samarthya.me\/wps\/wp-content\/uploads\/2022\/02\/Screenshot-2022-02-01-at-3.08.11-PM-2048x984.png 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption>the landing page<\/figcaption><\/figure>\n\n\n\n<p>Play around with adding a new application (Which I will cover in subsequent blog)<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"899\" src=\"https:\/\/blog.samarthya.me\/wps\/wp-content\/uploads\/2022\/02\/Screenshot-2022-02-01-at-3.23.40-PM-1024x899.png\" alt=\"\" class=\"wp-image-1982\" srcset=\"https:\/\/blog.samarthya.me\/wps\/wp-content\/uploads\/2022\/02\/Screenshot-2022-02-01-at-3.23.40-PM-1024x899.png 1024w, https:\/\/blog.samarthya.me\/wps\/wp-content\/uploads\/2022\/02\/Screenshot-2022-02-01-at-3.23.40-PM-300x263.png 300w, https:\/\/blog.samarthya.me\/wps\/wp-content\/uploads\/2022\/02\/Screenshot-2022-02-01-at-3.23.40-PM.png 1144w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n\n<p>Configuring the docker-registry for the <code>spinnaker-hellow<\/code> information is covered in this <a rel=\"noreferrer noopener\" href=\"https:\/\/blog.samarthya.me\/wps\/2022\/02\/04\/spinnaker-docker-registry\/\" target=\"_blank\">blog<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"hal-config-artifact-h\"><code>hal config artifact -h<\/code><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>bash-5.0$ hal config artifact -h\nARTIFACT\n\n  Configure, validate, and view the specified artifact provider.\n\nUSAGE\n\n  hal config artifact &#91;parameters] &#91;subcommands]\n\nGLOBAL PARAMETERS\n\n  --daemon-endpoint\n    If supplied, connect to the daemon at this address.\n\n  --options\n    Get options for the specified field name.\n\n  -a, --alpha\n    Enable alpha halyard features.\n\n  -c, --color\n    Enable terminal color output.\n\n  -d, --debug\n    Show detailed network traffic with halyard daemon.\n\n  -h, --help=false\n    Display help text about this command.\n\n  -l, --log\n    Set the log level of the CLI.\n\n  -o, --output\n    Format the CLIs output.\n\n  -q, --quiet\n    Show no task information or messages. When set, ANSI formatting will be\n    disabled, and all prompts will be accepted.\n\nSUBCOMMANDS\n\n  bitbucket\n    Manage and view Spinnaker configuration for the bitbucket provider\n\n  gcs\n    Manage and view Spinnaker configuration for the gcs provider\n\n  github\n    Manage and view Spinnaker configuration for the github provider\n\n  gitlab\n    Manage and view Spinnaker configuration for the gitlab provider\n\n  gitrepo\n    Manage and view Spinnaker configuration for the gitrepo provider\n\n  helm\n    Manage and view Spinnaker configuration for the helm provider\n\n  http\n    Manage and view Spinnaker configuration for the http provider\n\n  maven\n    Manage and view Spinnaker configuration for the maven provider\n\n  oracle\n    Manage and view Spinnaker configuration for the oracle provider\n\n  s3\n    Manage and view Spinnaker configuration for the s3 provider\n\n  templates\n    Show Spinnaker's configured artifact templates.<\/code><\/pre>\n\n\n\n<p>Next step is configuring artifacts, read more <a href=\"https:\/\/spinnaker.io\/docs\/reference\/halyard\/commands\/#hal-config-artifact\" target=\"_blank\" rel=\"noreferrer noopener\">here<\/a>.<\/p>\n\n\n\n<p class=\"has-white-color has-vivid-cyan-blue-background-color has-text-color has-background\">Artifacts are remote, deployable resources that Spinnaker can reference.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"example\">Example<\/h2>\n\n\n\n<p>In my deployment I have configured helm account as under<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>> hal config artifact helm account list\n+ Get current deployment\n  Success\n+ Get the helm provider\n  Success\n+ Artifact accounts for helm:\n  - dev-helm-ac<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"help\">Help<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li><a rel=\"noreferrer noopener\" href=\"https:\/\/spinnaker.io\/docs\/concepts\/\" target=\"_blank\">Concepts<\/a><\/li><li><a href=\"https:\/\/spinnaker.io\/docs\/guides\/user\/applications\/\">Applications<\/a><\/li><li><a rel=\"noreferrer noopener\" href=\"https:\/\/spinnaker.io\/docs\/reference\/halyard\/commands\/#table-of-contents\" target=\"_blank\">HAL reference<\/a><\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Spinnaker is an open-source continuous delivery platform which provides two core set of features Application Management Application deployment Key Concepts Some of the key concepts in the spinnaker universe are covered as under Halyard Halyard is a tool for configuring, installing, and updating Spinnaker. This is one tool that you will utilize while setting up [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"image","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[34],"tags":[228,227],"class_list":["post-1957","post","type-post","status-publish","format-image","hentry","category-technical","tag-cd","tag-spinnaker","post_format-post-format-image"],"_links":{"self":[{"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/posts\/1957","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/comments?post=1957"}],"version-history":[{"count":0,"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/posts\/1957\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/media?parent=1957"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/categories?post=1957"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/tags?post=1957"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}