try.spinnaker.io

try.spinnaker.io is a hosted playground version of Spinnaker aimed for new users to test out its UI and core features.

Features

IaC via Terraform to host try.spinnaker.io on AWS using an EKS cluster
Deployment of Spinnaker via Armory's OOS Spinnaker Operator
Kubernetes deployment via Spinnaker
AWS Load Balancer Controller to expose deployments
User authentication via Google OAuth 2.0
Private ECR registry
Block all public images via portieris
Script to deploy default pipelines
- Auto resource cleanup
- Deploy demo web app
- Deploy using highlander strategy
Authz rules via a Spinnaker plugin, adds default role 'public' to all users
~~Metrics~~(wip)

Requirements

awscli
- Create access key
- Input keys here aws configure
Route53 hosted zone
Terraform
kubectl (v1.20.0), new verisons break kustomize script for Spinnaker operator
- curl -LO "https://dl.k8s.io/v1.20.0/bin/linux/amd64/kubectl"
Google OAuth 2.0 Client ID

Configuration

Terraform

Edit the values region, route53_zone, and domain_name in terraform/variables.tf. Note: domain_name must be a subdomain of route53_zone, i.e. if route53_zone = spinnaker.io then domain_name = try.spinnaker.io.

Spinnaker Operator

Files are inside the spinnaker-kustomize-patches folder.

File Name	Description
kustomization.yml	Main kustomize file.
spinnakerservice.yml	Contains configuration for Spinnaker. Update `spec.spinnakerConfig.config.version` to the version of OOS Spinnaker you wish to deploy. Update the value of `https://try.gsoc.armory.io` in `spec.spinnakerConfig.config.*.apiSecurity.overrideBaseUrl` to your DNS name.
security/patch-file-authz.yml	Update `users.username` to the admin email you will login with Google OAuth in `spec.spinnakerConfig.files.rolemappings.yml`
security/patch-google.yml	Update `spec.spinnakerConfig.config.security.authn.client.clientId` to your Google OAuth 2.0 Client ID. Create a file called `spinnaker-kustomize-patches/secrets/secrets.env` and add your Secret ID to the file in in this format `oauth-client-secret=fakepassword123`
accounts/docker/patch-ecr.yml	Update `spec.spinnakerConfig.providers.dockerRegistry.accounts.address` to the address of your ECR registry.

Deploy Infrastructure + Code

Run these commands in the terraform folder.

terraform init
terraform plan
terraform apply

Inject Default Pipelines

Install spin, a cli tool for Spinnnaker.
Copy the file scripts/oauth to ~/.spin/oauth
Modify Gate.Endpoint, ClientId, and ClientSecret
Run script via bash scripts/spin.sh

Teardown Infrastructure

When you are all done then run:

terraform destroy

You may need to go into AWS Web Console to delete dangling load balancers or VPC in the case that Terraform doesn't delete it.

Directory Structure

.
├── scripts # Contains helper scripts
│   ├── ecr.sh # Mirrors latest verison of nginx to ECR
│   ├── install-pipelines.sh # Uses spin cli to install pipelines
│   ├── oauth # Sample outh config for spin, used for install-pipelines.sh
│   ├── pipelines # Directory containing pipelines to install
│   └── portieris.sh # Downloads latest portieris release
├── spinnaker-kustomize-patches # Patches for Spinnaker Operator 
│   ├── accounts
│   │   ├── docker
│   │   │   └── patch-ecr.yml # Add private ECR registry
│   │   ├── kubernetes
│   │   │   ├── patch-kube.yml # Add K8S cluster for Spinnaker to deploy to
│   │   │   └── spin-sa.yml # K8S service account for Spinnaker 
│   │   └── s3
│   │       └── patch-s3.yml # Setup persistent storage for Spinnaker 
│   ├── deploy.sh # Deploy Spinnaker via Operator. You can redeploy via `SPIN_FLAVOR=oss ./deploy.sh`
│   ├── kustomization.yml -> recipes/kustomization-try.yml # Softlink to main kustomization file, contains various patches 
│   ├── plugins
│   │   └── patch-default-role-plugin.yml # Install github.com/ko28/defaultRolePlugin
│   ├── secrets
│   │   └── secrets.env # Local file to store oauth-client-secret
│   ├── security
│   │   ├── patch-fiat-create-app-roles.yml # Define what roles can access specific apps
│   │   └── patch-file-authz.yml # Define fiat roles (admin) for specific users 
│   └── spinnakerservice.yml # Main spinnaker config file, define version and endpoint
└── terraform # IaC via Terraform
    ├── main.tf
    ├── outputs.tf
    ├── policy # Directory containing IAM and portieris policies 
    ├── variables.tf
    └── versions.tf

isabella232 / try.spinnaker.io Goto Github PK

try.spinnaker.io's Introduction

try.spinnaker.io

Features

Requirements

Configuration

Terraform

Spinnaker Operator

Deploy Infrastructure + Code

Inject Default Pipelines

Teardown Infrastructure

Directory Structure

try.spinnaker.io's People

Contributors

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

Jobs