├── CONTRIBUTING ├── LICENSE ├── README.md ├── config.jinja ├── config.jinja.schema ├── config ├── gce-ansible.json └── spinnaker-local.yml ├── images └── spinnaker-arch.png ├── scripts ├── jenkins.sh ├── redis.sh └── spinnaker.sh └── templates ├── jenkins.jinja ├── jenkins.jinja.schema ├── network.jinja ├── redis.jinja ├── spinnaker-stack.jinja ├── spinnaker.jinja └── spinnaker.jinja.schema /CONTRIBUTING: -------------------------------------------------------------------------------- 1 | Want to contribute? Great! First, read this page (including the small print at the end). 2 | 3 | ### Before you contribute 4 | Before we can use your code, you must sign the 5 | [Google Individual Contributor License Agreement] 6 | (https://cla.developers.google.com/about/google-individual) 7 | (CLA), which you can do online. The CLA is necessary mainly because you own the 8 | copyright to your changes, even after your contribution becomes part of our 9 | codebase, so we need your permission to use and distribute your code. We also 10 | need to be sure of various other things—for instance that you'll tell us if you 11 | know that your code infringes on other people's patents. You don't have to sign 12 | the CLA until after you've submitted your code for review and a member has 13 | approved it, but you must do it before we can put your code into our codebase. 14 | Before you start working on a larger contribution, you should get in touch with 15 | us first through the issue tracker with your idea so that we can help out and 16 | possibly guide you. Coordinating up front makes it much easier to avoid 17 | frustration later on. 18 | 19 | ### Code reviews 20 | All submissions, including submissions by project members, require review. We 21 | use Github pull requests for this purpose. 22 | 23 | ### The small print 24 | Contributions made by corporations are covered by a different agreement than 25 | the one above, the 26 | [Software Grant and Corporate Contributor License Agreement] 27 | (https://cla.developers.google.com/about/google-corporate). 28 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Deployment Manager Templates for Spinnaker 2 | 3 | This repository contains Deployment Manager template for deploying [Spinnaker](http://www.spinnaker.io/). 4 | By default, this will deploy the following topology: 5 | 6 | ![](images/spinnaker-arch.png) 7 | 8 | Spinnaker will store its state in Google Cloud Storage and Redis. Jenkins 9 | is used to run scripts required during the build process or in order to trigger 10 | a pipeline. 11 | 12 | ## Deploying 13 | 14 | 1. Download the repository. 15 | 1. Create the deployment: 16 | 17 | export GOOGLE_PROJECT=$(gcloud config get-value project) 18 | export DEPLOYMENT_NAME="${USER}-test1" 19 | export JENKINS_PASSWORD=$(openssl rand -base64 15) 20 | gcloud deployment-manager deployments create --template config.jinja ${DEPLOYMENT_NAME} --properties jenkinsPassword:${JENKINS_PASSWORD} 21 | 22 | 1. Once instance provisioning is complete get the name of your Spinnaker and Jenkins instances by 23 | running: 24 | 25 | export SPINNAKER_VM=$(gcloud compute instances list --filter="name~'${DEPLOYMENT_NAME}-spinnaker.+'" --uri) 26 | export JENKINS_VM=$(gcloud compute instances list --filter="name~'${DEPLOYMENT_NAME}-jenkins.+'" --uri) 27 | 28 | 1. Creating an SSH tunnel to your Spinnaker instance as follows: 29 | 30 | gcloud compute ssh ${SPINNAKER_VM} -- -L 8081:localhost:8081 -L8080:$(basename $JENKINS_VM):8080 31 | 32 | 1. After a few minutes, you can access the Spinnaker and Jenkins UIs respectively by visiting the following web address: 33 | 34 | http://localhost:8081 35 | http://localhost:8080 36 | 37 | ## Teardown 38 | 39 | 1. Stop the front50 service then delete the GCS objects and bucket: 40 | 41 | gcloud compute ssh ${SPINNAKER_VM} -- sudo service front50 stop 42 | gsutil rm -r gs://spinnaker-${GOOGLE_PROJECT}-${DEPLOYMENT_NAME}/front50 43 | gsutil rb gs://spinnaker-${GOOGLE_PROJECT}-${DEPLOYMENT_NAME} 44 | 45 | 1. Delete the deployment by running: 46 | 47 | gcloud deployment-manager deployments delete ${DEPLOYMENT_NAME} 48 | -------------------------------------------------------------------------------- /config.jinja: -------------------------------------------------------------------------------- 1 | # Copyright 2016 Google Inc. All rights reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | resources: 16 | - type: spinnaker-stack.jinja 17 | name: spinnaker-stack 18 | properties: 19 | region: {{ properties["region"] }} 20 | zone: {{ properties["zone"] }} 21 | ipCidrRange: {{ properties["ipCidrRange"] }} 22 | spinnakerMachineType: {{ properties["spinnakerMachineType"] }} 23 | spinnakerIP: {{ properties["spinnakerIP"] }} 24 | jenkinsPassword: {{ properties["jenkinsPassword"] }} 25 | jenkinsMachineType: {{ properties["jenkinsMachineType"] }} 26 | jenkinsIP: {{ properties["jenkinsIP"] }} 27 | redisMachineType: {{ properties["redisMachineType"] }} 28 | redisIP: {{ properties["redisIP"] }} 29 | -------------------------------------------------------------------------------- /config.jinja.schema: -------------------------------------------------------------------------------- 1 | # Copyright 2016 Google Inc. All rights reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | info: 16 | title: Spinnaker 17 | author: Vic Iglesias 18 | description: Runs Spinnaker and its dependencies 19 | version: 1.0 20 | 21 | imports: 22 | - path: config.jinja 23 | - name: spinnaker-stack.jinja 24 | path: templates/spinnaker-stack.jinja 25 | - name: network.jinja 26 | path: templates/network.jinja 27 | - name: spinnaker.jinja 28 | path: templates/spinnaker.jinja 29 | - name: jenkins.jinja 30 | path: templates/jenkins.jinja 31 | - name: redis.jinja 32 | path: templates/redis.jinja 33 | - name: spinnaker.sh 34 | path: scripts/spinnaker.sh 35 | - name: spinnaker-local.yml 36 | path: config/spinnaker-local.yml 37 | - name: gce-ansible.json 38 | path: config/gce-ansible.json 39 | - name: redis.sh 40 | path: scripts/redis.sh 41 | - name: jenkins.sh 42 | path: scripts/jenkins.sh 43 | 44 | required: 45 | - jenkinsPassword 46 | 47 | properties: 48 | region: 49 | type: string 50 | description: "Google Cloud Region to deploy Spinnaker stack" 51 | default: "us-west1" 52 | zone: 53 | type: string 54 | description: "Google Cloud Zone to deploy Spinnaker stack" 55 | default: "us-west1-a" 56 | ipCidrRange: 57 | type: string 58 | description: "Subnet to place Spinnaker VMs in, must be valid CIDR" 59 | default: "10.254.0.0/24" 60 | spinnakerMachineType: 61 | type: string 62 | description: "Machine type for the VM running Spinnaker components" 63 | default: "n1-standard-4" 64 | spinnakerIP: 65 | type: string 66 | description: "Internal address for the spinnaker instance" 67 | default: "10.254.0.200" 68 | jenkinsIP: 69 | type: string 70 | description: "Internal address for the Jenkins instance" 71 | default: "10.254.0.201" 72 | jenkinsPassword: 73 | type: string 74 | description: "Default password for the Jenkins instance" 75 | jenkinsMachineType: 76 | type: string 77 | description: "Machine type for the VM running Jenkins" 78 | default: "n1-standard-1" 79 | redisIP: 80 | type: string 81 | description: "Internal address for the Redis instance" 82 | default: "10.254.0.202" 83 | redisMachineType: 84 | type: string 85 | description: "Machine type for the VM running Redis" 86 | default: "n1-highmem-2" 87 | -------------------------------------------------------------------------------- /config/gce-ansible.json: -------------------------------------------------------------------------------- 1 | { 2 | "variables": { 3 | "gce_project_id": null, 4 | "gce_account_file": "", 5 | "gce_zone": null, 6 | "gce_network": null, 7 | "gce_source_image": null, 8 | "gce_target_image": null, 9 | "gce_use_internal_ip": "false", 10 | "appversion": "", 11 | "build_host": "", 12 | "repository": "", 13 | "repository_hash": "master", 14 | "package_type": "", 15 | "packages": "", 16 | "upgrade": "", 17 | "configDir": null 18 | }, 19 | "builders": [{ 20 | "type": "googlecompute", 21 | "project_id": "{{user `gce_project_id`}}", 22 | "account_file": "{{user `gce_account_file`}}", 23 | "zone": "{{user `gce_zone`}}", 24 | "network": "{{user `gce_network`}}", 25 | "state_timeout": "15m", 26 | "ssh_username": "packerio", 27 | "ssh_pty": true, 28 | "source_image": "{{user `gce_source_image`}}", 29 | "image_name": "{{user `gce_target_image`}}", 30 | "use_internal_ip": "{{user `gce_use_internal_ip`}}", 31 | "image_description": "appversion: {{user `appversion`}}, build_host: {{user `build_host`}}, build_info_url: {{user `build_info_url`}}" 32 | }], 33 | "provisioners": [ 34 | { 35 | "type": "shell", 36 | "inline": ["sudo apt-add-repository -y ppa:ansible/ansible", 37 | "sudo apt-get update", 38 | "sudo apt-get install -y git ansible=$(apt-cache madison ansible | cut -d '|' -f2 | grep ppa | tr -d '[:space:]')", 39 | "sudo git clone {{user `repository`}} /opt/go/src/deploy", 40 | "cd /opt/go/src/deploy && sudo git checkout {{user `repository_hash`}}", 41 | "sudo ANSIBLE_HOST_KEY_CHECKING=false ansible-playbook -i 'localhost,' bake.yml"] 42 | } 43 | ] 44 | } 45 | -------------------------------------------------------------------------------- /config/spinnaker-local.yml: -------------------------------------------------------------------------------- 1 | # This file is intended to override the default configuration in the 2 | # spinnaker.yml file while providing guidance on the mostly likely 3 | # configuration parameters to be changed. 4 | # 5 | # In order for Spinnaker to discover it, it must be copied to a file named 6 | # "spinnaker-local.yml" and placed in /opt/spinnaker/config 7 | # (or when running from source code, in the $HOME/.spinnaker directory.) 8 | # 9 | # A better practice could be to create the spinnaker-local.yml file by 10 | # hand with only the particular attributes that you want to override 11 | # and use the spinnaker.yml file as your guide since it is spinnaker.yml 12 | # that we are overriding here in the first place. 13 | 14 | global: 15 | spinnaker: 16 | timezone: 'America/Los_Angeles' 17 | 18 | providers: 19 | # See http://www.spinnaker.io/v1.0/docs/target-deployment-setup 20 | # for general information about configuring spinnaker platform providers. 21 | 22 | # Each of the following providers can be enabled independent of all other 23 | # providers unless otherwise noted. 24 | # 25 | # Each provider can be enabled by setting its 'enabled' attribute to true. 26 | # As a rule of thumb, each provider defines a 'primaryCredentials' block 27 | # that configures a default account for Spinnaker to use on that platform. 28 | # If additional accounts are desired, then add those accounts to a 29 | # custom clouddriver-local.yml file and consult clouddriver.yml for more 30 | # information on what to add there. 31 | 32 | aws: 33 | # For more information on configuring Amazon Web Services (aws), see 34 | # http://www.spinnaker.io/v1.0/docs/target-deployment-setup#section-amazon-web-services-setup 35 | 36 | enabled: ${SPINNAKER_AWS_ENABLED:false} 37 | defaultRegion: ${SPINNAKER_AWS_DEFAULT_REGION:us-west-2} 38 | defaultIAMRole: BaseIAMRole 39 | primaryCredentials: 40 | name: my-aws-account 41 | # Store actual credentials in $HOME/.aws/credentials. See spinnaker.yml 42 | # for more information, including alternatives. 43 | 44 | # {{name}} will be interpolated with the aws account name (e.g. "my-aws-account-keypair"). 45 | defaultKeyPairTemplate: "{{name}}-keypair" 46 | 47 | azure: 48 | # For more information on configuring Microsoft Azure (azure), see 49 | # http://www.spinnaker.io/v1.0/docs/target-deployment-setup#section-azure-cloud-platform-setup 50 | 51 | enabled: ${SPINNAKER_AZURE_ENABLED:false} 52 | defaultRegion: ${SPINNAKER_AZURE_DEFAULT_REGION:westus} 53 | primaryCredentials: 54 | name: my-azure-account 55 | 56 | # To set Azure credentials, enter your Azure supscription values for: 57 | # clientId, appKey, tenantId, subscriptionId, and objectId. 58 | clientId: 59 | appKey: 60 | tenantId: 61 | subscriptionId: 62 | objectId: 63 | packerResourceGroup: 64 | packerStorageAccount: 65 | defaultResourceGroup: 66 | defaultKeyVault: 67 | 68 | google: 69 | # For more information on configuring Google Cloud Platform (google), see 70 | # http://www.spinnaker.io/v1.0/docs/target-deployment-setup#section-google-cloud-platform-setup 71 | 72 | enabled: ${SPINNAKER_GOOGLE_ENABLED:false} 73 | defaultRegion: ${SPINNAKER_GOOGLE_DEFAULT_REGION:us-central1} 74 | defaultZone: ${SPINNAKER_GOOGLE_DEFAULT_ZONE:us-central1-f} 75 | 76 | primaryCredentials: 77 | name: my-google-account 78 | # The project is the Google Project ID for the project to manage with 79 | # Spinnaker. 80 | # The jsonPath is a path to the JSON service credentials downloaded 81 | # from the Google Developer's Console. 82 | project: ${SPINNAKER_GOOGLE_PROJECT_ID:} 83 | jsonPath: ${SPINNAKER_GOOGLE_PROJECT_CREDENTIALS_PATH:} 84 | consul: 85 | enabled: ${SPINNAKER_GOOGLE_CONSUL_ENABLED:false} 86 | 87 | cf: 88 | # For more information on configuring Cloud Foundry (cf) support, see 89 | # http://www.spinnaker.io/v1.0/docs/target-deployment-setup#section-cloud-foundry-platform-setup 90 | 91 | enabled: false 92 | defaultOrg: spinnaker-cf-org 93 | defaultSpace: spinnaker-cf-space 94 | 95 | primaryCredentials: 96 | name: my-cf-account 97 | api: my-cf-api-uri 98 | console: my-cf-console-base-url 99 | # Either uncomment and plugin credentials here, or supply as 100 | # environment variables for maximum security. 101 | # account: 102 | # name: my-cf-username 103 | # password: my-cf-password 104 | 105 | kubernetes: 106 | # For more information on configuring Kubernetes clusters (kubernetes), see 107 | # http://www.spinnaker.io/v1.0/docs/target-deployment-setup#section-kubernetes-cluster-setup 108 | 109 | # NOTE: enabling kubernetes also requires enabling dockerRegistry. 110 | enabled: ${SPINNAKER_KUBERNETES_ENABLED:false} 111 | primaryCredentials: 112 | # These credentials use authentication information at ~/.kube/config 113 | # by default. 114 | name: my-kubernetes-account 115 | dockerRegistryAccount: ${providers.dockerRegistry.primaryCredentials.name} 116 | 117 | dockerRegistry: 118 | # For more information on configuring Docker registries, see 119 | # http://www.spinnaker.io/v1.0/docs/target-deployment-configuration#section-docker-registry 120 | 121 | # NOTE: Enabling dockerRegistry is independent of other providers. 122 | # However, for convienience, we tie docker and kubernetes together 123 | # since kubernetes (and only kubernetes) depends on this docker provider 124 | # configuration. 125 | enabled: ${SPINNAKER_KUBERNETES_ENABLED:false} 126 | 127 | primaryCredentials: 128 | name: my-docker-registry 129 | address: ${SPINNAKER_DOCKER_REGISTRY:https://index.docker.io/} 130 | repository: ${SPINNAKER_DOCKER_REPOSITORY:} 131 | username: ${SPINNAKER_DOCKER_USERNAME:} 132 | # A path to a plain text file containing the user's password 133 | passwordFile: ${SPINNAKER_DOCKER_PASSWORD_FILE:} 134 | 135 | openstack: 136 | # For more information on configuring Openstack clusters, see 137 | # http://www.spinnaker.io/v1.0/docs/target-deployment-configuration#section-openstack 138 | 139 | enabled: ${SPINNAKER_OPENSTACK_ENABLED:false} 140 | primaryCredentials: 141 | name: my-openstack-account 142 | authUrl: ${OS_AUTH_URL} 143 | username: ${OS_USERNAME} 144 | password: ${OS_PASSWORD} 145 | projectName: ${OS_PROJECT_NAME} 146 | regions: ${OS_REGION_NAME:RegionOne} 147 | 148 | appengine: 149 | enabled: ${SPINNAKER_APPENGINE_ENABLED:false} 150 | 151 | primaryCredentials: 152 | name: my-appengine-account 153 | # The project is the Google Project ID for the project to manage with 154 | # Spinnaker. 155 | project: ${SPINNAKER_APPENGINE_PROJECT_ID:} 156 | # The jsonPath is a path to the JSON service credentials downloaded 157 | # from the Google Developer's Console. 158 | jsonPath: ${SPINNAKER_APPENGINE_PROJECT_CREDENTIALS_PATH:} 159 | # The path and password to an SSH private key to be used when connecting with 160 | # a remote git repository over SSH (optional). 161 | sshPrivateKeyFilePath: ${SPINNAKER_APPENGINE_PRIVATE_KEY_FILE_PATH:} 162 | sshPrivateKeyPassphrase: ${SPINNAKER_APPENGINE_PRIVATE_KEY_PASSPHRASE:} 163 | # The username and password to be used when connecting with a remote git repository over HTTPS (optional). 164 | gitHttpsUsername: ${SPINNAKER_APPENGINE_GIT_HTTPS_USERNAME:} 165 | gitHttpsPassword: ${SPINNAKER_APPENGINE_GIT_HTTPS_PASSWORD:} 166 | # The OAuth token provided by Github to be used when connecting with a remote git repository over HTTPS (optional). 167 | # See https://help.github.com/articles/creating-an-access-token-for-command-line-use for more information. 168 | githubOAuthAccessToken: ${SPINNAKER_APPENGINE_GITHUB_OAUTH_ACCESS_TOKEN:} 169 | 170 | services: 171 | default: 172 | # These defaults can be modified to change all the spinnaker subsystems 173 | # (clouddriver, gate, etc) at once, but not external systems (jenkins, etc). 174 | # Individual systems can still be overridden using their own section entry 175 | # directly under 'services'. 176 | protocol: http # Assume all spinnaker subsystems are using http 177 | host: localhost # Assume all spinnaker subsystems are on localhost 178 | primaryAccountName: ${providers.google.primaryCredentials.name} 179 | 180 | redis: 181 | # If you are using a remote redis server, you can set the host here. 182 | # If the remote server is on a different port or url, you can add 183 | # a "port" or "baseUrl" field here instead. 184 | host: ${SPINNAKER_REDIS_HOST:localhost} 185 | 186 | cassandra: 187 | # If you are using a remote cassandra server, you can set the host here. 188 | # If the remote server is on a different port or url, you can add 189 | # a "port" or "baseUrl" field here instead. You may also need to set 190 | # the cluster name. See the main spinnaker.yml file for more attributes. 191 | host: localhost 192 | 193 | docker: 194 | # This target repository is used by the bakery to publish baked docker images. 195 | # Do not include http://. 196 | targetRepository: # Optional, but expected in spinnaker-local.yml if specified. 197 | 198 | jenkins: 199 | # If you are integrating Jenkins, set its location here using the baseUrl 200 | # field and provide the username/password credentials. 201 | # You must also enable the "igor" service listed separately. 202 | # 203 | # If you have multiple jenkins servers, you will need to list 204 | # them in an igor-local.yml. See jenkins.masters in config/igor.yml. 205 | # 206 | # Note that jenkins is not installed with Spinnaker so you must obtain this 207 | # on your own if you are interested. 208 | enabled: ${services.igor.enabled:false} 209 | defaultMaster: 210 | name: Jenkins # The display name for this server 211 | baseUrl: ${SPINNAKER_JENKINS_BASEURL:} 212 | username: ${SPINNAKER_JENKINS_USER:} 213 | password: ${SPINNAKER_JENKINS_PASSWORD:} 214 | 215 | travis: 216 | # If you are integrating Travis, set its location here using the baseUrl 217 | # and adress fields and provide the githubToken for authentication. 218 | # You must also enable the "igor" service listed separately. 219 | # 220 | # If you have multiple travis servers, you will need to list 221 | # them in an igor-local.yml. See travis.masters in config/igor.yml. 222 | # 223 | # Note that travis is not installed with Spinnaker so you must obtain this 224 | # on your own if you are interested. 225 | enabled: false 226 | defaultMaster: 227 | name: ci # The display name for this server. Gets prefixed with "travis-" 228 | baseUrl: https://travis-ci.com 229 | address: https://api.travis-ci.org 230 | githubToken: # GitHub scopes currently required by Travis is required. 231 | 232 | 233 | spectator: 234 | webEndpoint: 235 | enabled: true 236 | 237 | stackdriver: 238 | enabled: false 239 | 240 | clouddriver: 241 | aws: 242 | udf: 243 | # Controls whether UserDataProviders are used to populate user data of 244 | # new server groups. If false, user data is copied over from ancestor 245 | # server groups on both CopyLastAsgAtomicOperation and 246 | # ModifyAsgLaunchConfigurationOperation (only if no user data is 247 | # provided on the given request). 248 | enabled: true 249 | 250 | igor: 251 | # If you are integrating Jenkins then you must also enable Spinnaker's 252 | # "igor" subsystem. 253 | enabled: ${SPINNAKER_JENKINS_ENABLED:false} 254 | 255 | deck: 256 | # Frontend configuration. 257 | # If you are proxying Spinnaker behind a single host, you may want to 258 | # override these values. Remember to run `reconfigure_spinnaker.sh` after. 259 | #baseUrl: http://spinnaker.mydomain.com 260 | port: 8081 261 | gateUrl: /gate 262 | #bakeryUrl: ${services.deck.baseUrl}/rosco 263 | auth: 264 | enabled: false 265 | 266 | rosco: 267 | # You need to provide the fully-qualified path to the directory containing 268 | # the packer templates. 269 | # They typically live in rosco's config/packer directory. 270 | configDir: /opt/rosco/config/packer 271 | 272 | bakery: 273 | allowMissingPackageInstallation: true 274 | 275 | fiat: 276 | enabled: false 277 | 278 | front50: 279 | cassandra: 280 | enabled: false 281 | redis: 282 | enabled: false 283 | 284 | # To use a cloud storage bucket on Amazon S3 or Google Cloud Storage instead 285 | # of cassandra, set the storage_bucket, disable cassandra, and enable one of 286 | # the service providers. 287 | storage_bucket: ${SPINNAKER_DEFAULT_STORAGE_BUCKET:} 288 | gcs: 289 | enabled: true 290 | s3: 291 | enabled: false 292 | 293 | # To use an Azure storage account instead of Cassandra: 294 | # Disable Cassandra above, enable azs, and set the storage account name and key 295 | azs: 296 | enabled: false 297 | storageAccountName: 298 | storageAccountKey: 299 | storageContainerName: front50 300 | 301 | echo: 302 | # Persistence mechanism to use 303 | cassandra: 304 | enabled: false 305 | inMemory: 306 | enabled: true 307 | 308 | cron: 309 | # Allow pipeline triggers to run periodically via cron expressions. 310 | enabled: true 311 | 312 | notifications: 313 | # The following blocks can enable Spinnaker to send notifications 314 | # using the corresponding mechanism. 315 | # See http://www.spinnaker.io/docs/notifications-and-events-guide 316 | # for more information. 317 | mail: 318 | enabled: false 319 | host: # the smtp host 320 | fromAddress: #the address for which emails are sent from 321 | hipchat: 322 | enabled: false 323 | url: # the hipchat server to connect to 324 | token: #the hipchat auth token 325 | botName: # the username of the bot 326 | sms: 327 | enabled: false 328 | account: # twilio account id 329 | token: # twilio auth token 330 | from: # phone number by which sms messages are sent 331 | slack: 332 | # See https://api.slack.com/bot-users for details about using bots 333 | # and how to create your own bot user. 334 | enabled: false 335 | token: # the API token for the bot 336 | botName: # the username of the bot 337 | -------------------------------------------------------------------------------- /images/spinnaker-arch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/spinnaker-deploymentmanager/868671c7f804644ebe5b0f1d3e1ff06509c2ccbe/images/spinnaker-arch.png -------------------------------------------------------------------------------- /scripts/jenkins.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -xe 2 | # Copyright 2016 Google Inc. All rights reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | metadata_value() { 17 | curl --retry 5 -sfH "Metadata-Flavor: Google" \ 18 | "http://metadata/computeMetadata/v1/$1" 19 | } 20 | export DEBIAN_FRONTEND=noninteractive 21 | export DEBCONF_NONINTERACTIVE_SEEN=true 22 | JENKINS_PASSWORD=`metadata_value "instance/attributes/jenkinsPassword"` 23 | 24 | # Install logging and monitoring agent 25 | curl -sSO https://dl.google.com/cloudagents/install-logging-agent.sh 26 | bash install-logging-agent.sh 27 | curl -sSO https://repo.stackdriver.com/stack-install.sh 28 | bash stack-install.sh --write-gcm 29 | 30 | 31 | JENKINS_VERSION=1.658 32 | JENKINS_DEB=jenkins_${JENKINS_VERSION}_all.deb 33 | apt-get update 34 | apt-get install -y wget default-jre-headless iptables-persistent daemon nginx 35 | wget https://storage.googleapis.com/solutions-public-assets/jenkins-cd/${JENKINS_DEB} 36 | dpkg -i ${JENKINS_DEB} 37 | 38 | usermod -a -G shadow jenkins 39 | printf "${JENKINS_PASSWORD}\n${JENKINS_PASSWORD}\n" | passwd jenkins 40 | cat > /var/lib/jenkins/config.xml < 42 | 43 | 44 | 1.658 45 | 2 46 | NORMAL 47 | true 48 | 49 | 50 | sshd 51 | 52 | false 53 | 54 | \${ITEM_ROOTDIR}/workspace 55 | \${ITEM_ROOTDIR}/builds 56 | 57 | 58 | 59 | 60 | 61 | 5 62 | 0 63 | 64 | 65 | 66 | All 67 | false 68 | false 69 | 70 | 71 | 72 | All 73 | -1 74 | 75 | 76 | 77 | true 78 | 79 | EOF 80 | 81 | # Install initial plugins 82 | JENKINS_PLUGIN_DIR=/var/lib/jenkins/plugins 83 | mkdir -p ${JENKINS_PLUGIN_DIR} 84 | PLUGINS="structs/1.6/structs.hpi workflow-step-api/1.14.2/workflow-step-api.hpi workflow-scm-step/1.14.2/workflow-scm-step.hpi git-client/2.4.1/git-client.hpi scm-api/2.1.1/scm-api.hpi git/3.2.0/git.hpi google-source-plugin/0.3/google-source-plugin.hpi google-metadata-plugin/0.2/google-metadata-plugin.hpi oauth-credentials/0.3/oauth-credentials.hpi google-oauth-plugin/0.4/google-oauth-plugin.hpi" 85 | JENKINS_PLUGIN_URL="http://updates.jenkins-ci.org/download/plugins" 86 | for p in ${PLUGINS}; do 87 | curl --retry 3 --retry-delay 5 -sSL -f ${JENKINS_PLUGIN_URL}/${p} -o ${JENKINS_PLUGIN_DIR}/$(basename ${p}) 88 | done 89 | chown -R jenkins:jenkins ${JENKINS_PLUGIN_DIR} 90 | 91 | # Create spinnaker job 92 | mkdir -p /var/lib/jenkins/jobs/runSpinnakerScript 93 | cat > /var/lib/jenkins/jobs/runSpinnakerScript/config.xml < 95 | 96 | 97 | 98 | false 99 | 100 | 101 | 102 | 10 103 | 500 104 | -1 105 | -1 106 | 107 | 108 | 109 | 110 | 111 | TASK_ID 112 | Unique Task Id generated by Spinnaker 113 | 0 114 | 115 | 116 | SCRIPT_PATH 117 | Path to the folder hosting the scripts 118 | . 119 | 120 | 121 | COMMAND 122 | Executable script and parameters 123 | 124 | 125 | 126 | IMAGE_ID 127 | The image ID for this region based on the AMI Spinnaker is deploying 128 | 129 | 130 | 131 | ENV_PARAM 132 | Environment Spinnaker is running against 133 | 134 | 135 | 136 | REPO_URL 137 | git repository url. 138 | 139 | 140 | 141 | REPO_BRANCH 142 | git repository branch. 143 | master 144 | 145 | 146 | 147 | 148 | 149 | 2 150 | 151 | 152 | apidaemon 153 | \$REPO_URL 154 | 155 | 156 | 157 | 158 | \$REPO_BRANCH 159 | 160 | 161 | false 162 | 163 | 164 | 165 | 166 | 167 | true 168 | false 169 | false 170 | false 171 | 172 | true 173 | 174 | 175 | \${COMMAND} 176 | 177 | 178 | 179 | 180 | *.properties, *.json, *.yml 181 | true 182 | false 183 | false 184 | true 185 | true 186 | 187 | 188 | 189 | 190 | EOF 191 | chown -R jenkins:jenkins /var/lib/jenkins/jobs/ 192 | service jenkins restart 193 | 194 | rm /etc/nginx/sites-enabled/default 195 | cat > /etc/nginx/sites-available/jenkins < /etc/apt/sources.list.d/spinnaker.list 46 | echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.list 47 | curl -s -f "https://packages.cloud.google.com/apt/doc/apt-key.gpg" | apt-key add - 48 | curl -s -f "https://bintray.com/user/downloadSubjectPublicKey?username=spinnaker" | apt-key add - 49 | add-apt-repository -y ppa:openjdk-r/ppa 50 | apt-get update 51 | apt-get install -y openjdk-8-jdk unzip \ 52 | spinnaker-clouddriver=${CLOUDDRIVER_VERSION} \ 53 | spinnaker-deck=${DECK_VERSION} \ 54 | spinnaker-echo=${ECHO_VERSION} \ 55 | spinnaker-front50=${FRONT50_VERSION} \ 56 | spinnaker-gate=${GATE_VERSION} \ 57 | spinnaker-igor=${IGOR_VERSION} \ 58 | spinnaker-orca=${ORCA_VERSION} \ 59 | spinnaker-rosco=${ROSCO_VERSION} \ 60 | spinnaker=${SPINNAKER_VERSION} \ 61 | kubectl 62 | 63 | # Configure Web Server for Gate 64 | echo "Listen 0.0.0.0:8081" >> /etc/apache2/ports.conf 65 | sed -i \ 66 | -e 's#VirtualHost 127.0.0.1:9000#VirtualHost 0.0.0.0:8081#g' \ 67 | -e '$i\\n \n Header set Content-Type "application/json; charset=utf-8" \n ' \ 68 | /etc/apache2/sites-available/spinnaker.conf 69 | 70 | # Configure web server proxy for Jenkins 71 | echo "Listen 0.0.0.0:8082" >> /etc/apache2/ports.conf 72 | cat > /etc/apache2/sites-available/jenkins.conf < 74 | ProxyPass "/" "http://${JENKINS_IP}:8080/" retry=0 75 | ProxyPassReverse "/" "http://${JENKINS_IP}:8080/" 76 | 77 | EOF 78 | ln -sf /etc/apache2/sites-available/jenkins.conf /etc/apache2/sites-enabled/jenkins.conf 79 | 80 | a2enmod headers 81 | service apache2 restart 82 | 83 | # Install Packer 84 | mkdir -p /tmp/packer 85 | pushd /tmp/packer 86 | curl -s -L -O https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_linux_amd64.zip 87 | unzip -u -o -q packer_${PACKER_VERSION}_linux_amd64.zip -d /usr/bin 88 | popd 89 | rm -rf /tmp/packer 90 | cat > /etc/default/spinnaker <> /opt/spinnaker/config/orca.yml < /opt/rosco/config/packer/gce-ansible.json 113 | 114 | metadata_value "instance/attributes/spinnakerLocal" > /opt/spinnaker/config/spinnaker-local.yml 115 | 116 | /opt/spinnaker/bin/reconfigure_spinnaker.sh 117 | /opt/spinnaker/install/change_cassandra.sh --echo=inMemory --front50=gcs --change_defaults=true --change_local=false 118 | start spinnaker 119 | service clouddriver restart 120 | service rosco restart 121 | service orca restart 122 | service igor restart 123 | -------------------------------------------------------------------------------- /templates/jenkins.jinja: -------------------------------------------------------------------------------- 1 | # Copyright 2016 Google Inc. All rights reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | resources: 16 | - name: {{ env["deployment"] }}-jenkins-hc 17 | type: compute.v1.httpHealthCheck 18 | properties: 19 | checkIntervalSec: 30 20 | port: 80 21 | requestPath: /login 22 | - name: {{ env["deployment"] }}-jenkins-ig 23 | type: compute.beta.instanceGroupManager 24 | properties: 25 | baseInstanceName: {{ env["deployment"] }}-jenkins 26 | instanceTemplate: $(ref.{{ env["deployment"] }}-jenkins-template.selfLink) 27 | targetSize: 1 28 | zone: {{ properties["zone"] }} 29 | autoHealingPolicies: 30 | - healthCheck: $(ref.{{ env["deployment"] }}-jenkins-hc.selfLink) 31 | initialDelaySec: 300 32 | - name: {{ env["deployment"] }}-jenkins-template 33 | type: compute.v1.instanceTemplate 34 | properties: 35 | zone: {{ properties["zone"] }} 36 | properties: 37 | serviceAccounts: 38 | - email: default 39 | scopes: 40 | - https://www.googleapis.com/auth/cloud.useraccounts.readonly 41 | - https://www.googleapis.com/auth/devstorage.read_only 42 | - https://www.googleapis.com/auth/logging.write 43 | - https://www.googleapis.com/auth/monitoring.write 44 | machineType: {{ properties["jenkinsMachineType"] }} 45 | tags: 46 | items: 47 | - jenkins-vm 48 | - allow-ssh 49 | networkInterfaces: 50 | - network: $(ref.{{ env["deployment"] }}-spinnaker-network.selfLink) 51 | subnetwork: $(ref.{{ env["deployment"] }}-spinnaker-subnetwork.selfLink) 52 | accessConfigs: 53 | - name: External NAT 54 | type: ONE_TO_ONE_NAT 55 | networkIP: {{ properties["jenkinsIP"] }} 56 | disks: 57 | - autoDelete: true 58 | boot: true 59 | deviceName: jenkins-vm-tmpl-boot-disk 60 | initializeParams: 61 | diskSizeGb: 10 62 | diskType: pd-standard 63 | sourceImage: projects/ubuntu-os-cloud/global/images/family/ubuntu-1604-lts 64 | type: PERSISTENT 65 | metadata: 66 | items: 67 | - key: jenkinsPassword 68 | value: {{ properties["jenkinsPassword"] }} 69 | - key: startup-script 70 | value: | 71 | {{ imports['jenkins.sh']| indent(15) }} 72 | -------------------------------------------------------------------------------- /templates/jenkins.jinja.schema: -------------------------------------------------------------------------------- 1 | # Copyright 2016 Google Inc. All rights reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | info: 16 | title: Jenkins 17 | author: Vic Iglesias 18 | description: Runs Jenkins 19 | version: 1.0 20 | 21 | imports: 22 | - path: jenkins.jinja 23 | 24 | required: 25 | - jenkinsPassword 26 | - jenkinsMachineType 27 | - jenkinsIP 28 | 29 | properties: 30 | jenkinsPassword: 31 | type: string 32 | description: "Default password for the Jenkins instance" 33 | -------------------------------------------------------------------------------- /templates/network.jinja: -------------------------------------------------------------------------------- 1 | # Copyright 2016 Google Inc. All rights reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | resources: 16 | - type: compute.v1.network 17 | name: {{ env["deployment"] }}-spinnaker-network 18 | properties: 19 | name: spinnaker-network 20 | autoCreateSubnetworks: false 21 | - type: compute.v1.subnetwork 22 | name: {{ env["deployment"] }}-spinnaker-subnetwork 23 | properties: 24 | name: {{ env["deployment"] }}-spinnaker-subnetwork 25 | network: $(ref.{{ env["deployment"] }}-spinnaker-network.selfLink) 26 | ipCidrRange: {{ properties["ipCidrRange"] }} 27 | region: {{ properties["region"] }} 28 | - type: compute.v1.firewall 29 | name: spinnaker-vm-ssh-fw 30 | properties: 31 | name: spinnaker-vm-ssh 32 | network: $(ref.{{ env["deployment"] }}-spinnaker-network.selfLink) 33 | allowed: 34 | - IPProtocol: tcp 35 | ports: ["22"] 36 | targetTags: 37 | - allow-ssh 38 | - type: compute.v1.firewall 39 | name: redis-fw 40 | properties: 41 | name: redis-vm 42 | network: $(ref.{{ env["deployment"] }}-spinnaker-network.selfLink) 43 | allowed: 44 | - IPProtocol: tcp 45 | ports: ["6379"] 46 | sourceTags: 47 | - spinnaker-vm 48 | targetTags: 49 | - redis-vm 50 | - type: compute.v1.firewall 51 | name: jenkins-fw 52 | properties: 53 | name: jenkins-vm-from-spinnaker 54 | network: $(ref.{{ env["deployment"] }}-spinnaker-network.selfLink) 55 | allowed: 56 | - IPProtocol: tcp 57 | ports: ["80","8080"] 58 | sourceTags: 59 | - spinnaker-vm 60 | targetTags: 61 | - jenkins-vm 62 | - type: compute.v1.firewall 63 | name: jenkins-hc 64 | properties: 65 | name: jenkins-vm-hc 66 | network: $(ref.{{ env["deployment"] }}-spinnaker-network.selfLink) 67 | allowed: 68 | - IPProtocol: tcp 69 | ports: ["80"] 70 | sourceRanges: 71 | - "130.211.0.0/22" 72 | targetTags: 73 | - jenkins-vm 74 | - type: compute.v1.firewall 75 | name: spinanker-hc 76 | properties: 77 | name: spinanker-vm-hc 78 | network: $(ref.{{ env["deployment"] }}-spinnaker-network.selfLink) 79 | allowed: 80 | - IPProtocol: tcp 81 | ports: ["8081"] 82 | sourceRanges: 83 | - "130.211.0.0/22" 84 | targetTags: 85 | - spinnaker-vm 86 | - type: compute.v1.globalForwardingRule 87 | name: {{ env["deployment"] }}-spinnaker-api-lb 88 | properties: 89 | IPProtocol: TCP 90 | portRange: 80 91 | target: $(ref.{{ env["deployment"] }}-spinnaker-api-targetproxy.selfLink) 92 | - type: compute.v1.targetHttpProxy 93 | name: {{ env["deployment"] }}-spinnaker-api-targetproxy 94 | properties: 95 | urlMap: $(ref.{{ env["deployment"] }}-spinnaker-api.selfLink) 96 | - type: compute.v1.urlMap 97 | name: {{ env["deployment"] }}-spinnaker-api 98 | properties: 99 | defaultService: $(ref.null-backend.selfLink) 100 | hostRules: 101 | - hosts: ["*"] 102 | pathMatcher: pathmap 103 | pathMatchers: 104 | - name: pathmap 105 | defaultService: $(ref.null-backend.selfLink) 106 | pathRules: 107 | - paths: ["/gate/webhooks/git/github", "/gate/webhooks/git/github/*"] 108 | service: $(ref.{{ env["deployment"] }}-spinnaker-api-backend.selfLink) 109 | - type: compute.v1.backendService 110 | name: null-backend 111 | properties: 112 | backends: [] 113 | healthChecks: [ $(ref.{{ env["deployment"] }}-spinnaker-hc.selfLink) ] 114 | - type: compute.v1.backendService 115 | name: {{ env["deployment"] }}-spinnaker-api-backend 116 | properties: 117 | port: 8081 118 | portName: "api" 119 | backends: 120 | - name: spinnaker-api 121 | group: $(ref.{{ env["deployment"] }}-spinnaker-ig.instanceGroup) 122 | healthChecks: [ $(ref.{{ env["deployment"] }}-spinnaker-hc.selfLink) ] -------------------------------------------------------------------------------- /templates/redis.jinja: -------------------------------------------------------------------------------- 1 | # Copyright 2016 Google Inc. All rights reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | resources: 16 | - name: {{ env["deployment"] }}-redis-ig 17 | type: compute.v1.instanceGroupManager 18 | properties: 19 | baseInstanceName: {{ env["deployment"] }}-redis 20 | instanceTemplate: $(ref.{{ env["deployment"] }}-redis-template.selfLink) 21 | targetSize: 1 22 | zone: {{ properties["zone"] }} 23 | - name: {{ env["deployment"] }}-redis-template 24 | type: compute.v1.instanceTemplate 25 | properties: 26 | zone: {{ properties["zone"] }} 27 | properties: 28 | serviceAccounts: 29 | - email: default 30 | scopes: 31 | - https://www.googleapis.com/auth/logging.write 32 | - https://www.googleapis.com/auth/monitoring.write 33 | machineType: {{ properties["machineType"] }} 34 | tags: 35 | items: 36 | - redis-vm 37 | - allow-ssh 38 | networkInterfaces: 39 | - network: $(ref.{{ env["deployment"] }}-spinnaker-network.selfLink) 40 | subnetwork: $(ref.{{ env["deployment"] }}-spinnaker-subnetwork.selfLink) 41 | accessConfigs: 42 | - name: External NAT 43 | type: ONE_TO_ONE_NAT 44 | networkIP: {{ properties["redisIP"] }} 45 | disks: 46 | - deviceName: boot 47 | type: PERSISTENT 48 | boot: true 49 | autoDelete: true 50 | initializeParams: 51 | sourceImage: projects/ubuntu-os-cloud/global/images/family/ubuntu-1404-lts 52 | metadata: 53 | items: 54 | - key: startup-script 55 | value: | 56 | {{ imports['redis.sh']|indent(15) }} 57 | -------------------------------------------------------------------------------- /templates/spinnaker-stack.jinja: -------------------------------------------------------------------------------- 1 | # Copyright 2016 Google Inc. All rights reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | resources: 16 | - type: network.jinja 17 | name: spinnaker-network 18 | properties: 19 | region: {{ properties['region'] }} 20 | ipCidrRange: {{ properties['ipCidrRange'] }} 21 | - name: spinnaker 22 | type: spinnaker.jinja 23 | properties: 24 | region: {{ properties['region'] }} 25 | zone: {{ properties['zone'] }} 26 | machineType: {{ properties['spinnakerMachineType'] }} 27 | spinnakerIP: {{ properties['spinnakerIP'] }} 28 | jenkinsPassword: {{ properties['jenkinsPassword'] }} 29 | jenkinsIP: {{ properties['jenkinsIP'] }} 30 | redisIP: {{ properties['redisIP'] }} 31 | metadata: 32 | dependsOn: 33 | - spinnaker-network 34 | - redis 35 | - jenkins 36 | - name: redis 37 | type: redis.jinja 38 | properties: 39 | region: {{ properties['region'] }} 40 | zone: {{ properties['zone'] }} 41 | machineType: {{ properties['redisMachineType'] }} 42 | redisIP: {{ properties['redisIP'] }} 43 | metadata: 44 | dependsOn: 45 | - spinnaker-network 46 | - name: jenkins 47 | type: jenkins.jinja 48 | properties: 49 | region: {{ properties['region'] }} 50 | zone: {{ properties['zone'] }} 51 | jenkinsMachineType: {{ properties['jenkinsMachineType'] }} 52 | jenkinsPassword: {{ properties['jenkinsPassword'] }} 53 | jenkinsIP: {{ properties['jenkinsIP'] }} 54 | metadata: 55 | dependsOn: 56 | - spinnaker-network 57 | -------------------------------------------------------------------------------- /templates/spinnaker.jinja: -------------------------------------------------------------------------------- 1 | # Copyright 2016 Google Inc. All rights reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | resources: 16 | - name: {{ env["deployment"] }}-spinnaker-hc 17 | type: compute.v1.httpHealthCheck 18 | properties: 19 | port: 8081 20 | - name: {{ env["deployment"] }}-spinnaker-ig 21 | type: compute.beta.instanceGroupManager 22 | properties: 23 | baseInstanceName: {{ env["deployment"] }}-spinnaker 24 | instanceTemplate: $(ref.{{ env["deployment"] }}-spinnaker-template.selfLink) 25 | targetSize: 1 26 | zone: {{ properties["zone"] }} 27 | autoHealingPolicies: 28 | - healthCheck: $(ref.{{ env["deployment"] }}-spinnaker-hc.selfLink) 29 | initialDelaySec: 600 30 | - name: spinnaker-{{ env["project"] }}-{{ env["deployment"] }} 31 | type: storage.v1.bucket 32 | properties: 33 | name: spinnaker-{{ env["project"] }}-{{ env["deployment"] }} 34 | - name: {{ env["deployment"] }}-spinnaker-template 35 | type: compute.v1.instanceTemplate 36 | properties: 37 | zone: {{ properties["zone"] }} 38 | properties: 39 | serviceAccounts: 40 | - email: default 41 | scopes: 42 | - https://www.googleapis.com/auth/compute 43 | - https://www.googleapis.com/auth/logging.write 44 | - https://www.googleapis.com/auth/monitoring.write 45 | - https://www.googleapis.com/auth/devstorage.full_control 46 | tags: 47 | items: 48 | - spinnaker-vm 49 | - allow-ssh 50 | machineType: {{ properties["machineType"] }} 51 | networkInterfaces: 52 | - network: $(ref.{{ env["deployment"] }}-spinnaker-network.selfLink) 53 | subnetwork: $(ref.{{ env["deployment"] }}-spinnaker-subnetwork.selfLink) 54 | networkIP: {{ properties["spinnakerIP"] }} 55 | accessConfigs: 56 | - name: External NAT 57 | type: ONE_TO_ONE_NAT 58 | disks: 59 | - deviceName: boot 60 | type: PERSISTENT 61 | boot: true 62 | autoDelete: true 63 | diskType: pd-ssd 64 | diskSizeGb: 256 65 | initializeParams: 66 | sourceImage: projects/ubuntu-os-cloud/global/images/family/ubuntu-1404-lts 67 | metadata: 68 | items: 69 | - key: deployment 70 | value: {{ env["deployment"] }} 71 | - key: region 72 | value: {{ properties["region"] }} 73 | - key: zone 74 | value: {{ properties["zone"] }} 75 | - key: jenkinsIP 76 | value: {{ properties["jenkinsIP"] }} 77 | - key: jenkinsPassword 78 | value: {{ properties["jenkinsPassword"] }} 79 | - key: redisIP 80 | value: {{ properties["redisIP"] }} 81 | - key: packerVersion 82 | value: {{ properties["packerVersion"] }} 83 | - key: clouddriverVersion 84 | value: {{ properties["clouddriverVersion"] }} 85 | - key: deckVersion 86 | value: {{ properties["deckVersion"] }} 87 | - key: echoVersion 88 | value: {{ properties["echoVersion"] }} 89 | - key: front50Version 90 | value: {{ properties["front50Version"] }} 91 | - key: gateVersion 92 | value: {{ properties["gateVersion"] }} 93 | - key: igorVersion 94 | value: {{ properties["igorVersion"] }} 95 | - key: orcaVersion 96 | value: {{ properties["orcaVersion"] }} 97 | - key: roscoVersion 98 | value: {{ properties["roscoVersion"] }} 99 | - key: spinnakerVersion 100 | value: {{ properties["spinnakerVersion"] }} 101 | - key: spinnakerLocal 102 | value: | 103 | {{ imports['spinnaker-local.yml']| indent(15) }} 104 | - key: gceAnsible 105 | value: | 106 | {{ imports['gce-ansible.json']| indent(15) }} 107 | - key: startup-script 108 | value: | 109 | {{ imports['spinnaker.sh']| indent(15) }} 110 | -------------------------------------------------------------------------------- /templates/spinnaker.jinja.schema: -------------------------------------------------------------------------------- 1 | # Copyright 2016 Google Inc. All rights reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | info: 16 | title: Spinnaker 17 | author: Dan Isla 18 | description: Runs Spinnaker 19 | version: 1.0 20 | 21 | imports: 22 | - path: spinnaker.jinja 23 | 24 | properties: 25 | # Checking for new versions of spinnaker components: 26 | # apt-cache madison spinnaker-COMPONENT | cut -d '|' -f2 |sort --version-sort | tail -1 27 | packerVersion: 28 | type: string 29 | description: "Version of packer" 30 | default: "1.1.3" 31 | clouddriverVersion: 32 | type: string 33 | description: "Version of clouddriver" 34 | default: "1.748.1" 35 | deckVersion: 36 | type: string 37 | description: "Version of deck" 38 | default: "2.1160.0" 39 | echoVersion: 40 | type: string 41 | description: "Version of echo" 42 | default: "1.153.0" 43 | front50Version: 44 | type: string 45 | description: "Version of front50" 46 | default: "1.99.0" 47 | gateVersion: 48 | type: string 49 | description: "Version of gate" 50 | default: "4.9.2" 51 | igorVersion: 52 | type: string 53 | description: "Version of igor" 54 | default: "1.83.1" 55 | orcaVersion: 56 | type: string 57 | description: "Version of orca" 58 | default: "5.3.1" 59 | roscoVersion: 60 | type: string 61 | description: "Version of rosco" 62 | default: "0.99.0" 63 | spinnakerVersion: 64 | type: string 65 | description: "Version of spinnaker" 66 | default: "0.82.0" 67 | --------------------------------------------------------------------------------