- Install Java
apt install default-jre -y && apt install default-jdk -y - Update and Upgrade
sudo apt-get update && sudo apt-get upgrade - Add user
sudo adduser halyard curl -O https://raw.githubusercontent.com/spinnaker/halyard/master/install/debian/InstallHalyard.shsudo bash InstallHalyard.sh- Check if Halyard was installed properly
hal -v
-
Download and Install Kubectl
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl chmod +x ./kubectl sudo mv ./kubectl /usr/local/bin/kubectlVerify the installation
kubectl help -
Download and Install aws-iam-authenticator
curl -o aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.13.7/2019-06-11/bin/linux/amd64/aws-iam-authenticator chmod +x ./aws-iam-authenticator mkdir -p $HOME/bin && cp ./aws-iam-authenticator $HOME/bin/aws-iam-authenticator && export PATH=$HOME/bin:$PATH echo 'export PATH=$HOME/bin:$PATH' >> ~/.bashrcVerify the installation
aws-iam-authenticator help -
Install awscli
sudo apt install python-pip awsclithen configure aws byaws configure. Don't forget to enable these policies if you use non-root aws user before continuing the step -
Install eksctl
curl --silent --location "https://github.com/weaveworks/eksctl/releases/download/0.85.0/eksctl_Linux_amd64.tar.gz" | tar xz -C /tmp sudo mv /tmp/eksctl /usr/local/binVerify the installation
eksctl help -
Create an Amazon EKS cluster for Spinnaker
eksctl create cluster --name=eks-spinnaker --tags spinnaker=test --nodes=2 --region=ap-southeast-1 --write-kubeconfig=false -
Retrieve Amazon EKS cluster kubectl contexts
aws eks update-kubeconfig --name eks-spinnaker --region ap-southeast-1 --alias eks-spinnaker -
Add and configure Kubernetes accounts
# Enable the Kubernetes provider hal config provider kubernetes enable # Set the current kubectl context to the cluster for Spinnaker kubectl config use-context eks-spinnaker # Assign the Kubernetes context to CONTEXT CONTEXT=$(kubectl config current-context) -
Create Kube namespace
kubectl create namespace spinnaker -
Create service-account.yml
-
create a service account for the Amazon EKS cluster
kubectl apply --context $CONTEXT -f service-account.yml -
Extract the secret token of the created spinnaker-service-account
TOKEN=$(kubectl get secret --context $CONTEXT \ $(kubectl get serviceaccount spinnaker-service-account \ --context $CONTEXT \ -n spinnaker \ -o jsonpath='{.secrets[0].name}') \ -n spinnaker \ -o jsonpath='{.data.token}' | base64 --decode) -
Set the user entry in kubeconfig
kubectl config set-credentials ${CONTEXT}-token-user --token $TOKEN kubectl config set-context $CONTEXT --user ${CONTEXT}-token-user -
Add eks-spinnaker cluster as a Kubernetes provider
hal config provider kubernetes account add eks-spinnaker --context $CONTEXT -
Enable artifact support
hal config features edit --artifacts true -
Configure Spinnaker to install in Kubernetes
hal config deploy edit --type distributed --account-name eks-spinnaker -
Configure Spinnaker to use AWS S3
export YOUR_ACCESS_KEY_ID=<access-key> hal config storage s3 edit --access-key-id $YOUR_ACCESS_KEY_ID \ --secret-access-key --region ap-southeast-1 -
set the storage source to S3
hal config storage edit --type s3 -
List Version
hal version list -
Configure Halyard Spinnaker Version
export VERSION=1.19.2 hal config version edit --version $VERSION -
Give Root RWX Permission to halyard group
chgrp halyard . chmod g+rwx . -
Install Spinnaker on the eks-spinnaker Amazon EKS cluster
hal deploy apply -
Verify the installation
kubectl -n spinnaker get svc -
Expose Spinnaker using Elastic Load Balancer
export NAMESPACE=spinnaker # Expose Gate and Deck kubectl -n ${NAMESPACE} expose service spin-gate --type LoadBalancer \ --port 80 --target-port 8084 --name spin-gate-public kubectl -n ${NAMESPACE} expose service spin-deck --type LoadBalancer \ --port 80 --target-port 9000 --name spin-deck-public export API_URL=$(kubectl -n $NAMESPACE get svc spin-gate-public \ -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') export UI_URL=$(kubectl -n $NAMESPACE get svc spin-deck-public \ -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') # Configure the URL for Gate hal config security api edit --override-base-url http://${API_URL} # Configure the URL for Deck hal config security ui edit --override-base-url http://${UI_URL} # Apply your changes to Spinnaker hal deploy apply -
Get the Deck URL
kubectl -n $NAMESPACE get svc spin-deck-public -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'
- Update package
sudo apt-get update -y && sudo apt-get upgrade - Install JDK
sudo apt install default-jdk -y - Get Jenkins Installation Package and Install
curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo tee /usr/share/keyrings/jenkins-keyring.asc > /dev/null echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] https://pkg.jenkins.io/debian-stable binary/ | sudo tee /etc/apt/sources.list.d/jenkins.list > /dev/null sudo apt-get update sudo apt-get install jenkins - Start Jenkins Service
sudo service jenkins start - Go to the UI
<DropletURL>:8080 - get first-time Password
cat /var/lib/jenkins/secrets/initialAdminPassword - Install Plugins
- Enable the Jenkin Master
hal config ci jenkins enable - Add Jenkins Master named my-jenkins-master
export BASEURL=<Your Jenkin's URL> export USERNAME=<Your Jenkin's username> hal config ci jenkins master add my-jenkins-master \ --address $BASEURL \ --username $USERNAME \ --password - Configure Halyard to enable the csrf flag
hal config ci jenkins master edit MASTER --csrf true - Apply changes
hal deploy apply