├── aws
    └── terraform
    │   ├── vars.tf
    │   ├── .gitignore
    │   ├── provider.tf
    │   ├── keypair.tf
    │   ├── vpc.tf
    │   └── iam.tf
├── artifact
    ├── .DS_Store
    └── artifact.zip
├── jenkins
    ├── 3-create-debian.sh
    ├── 1-create-user.sh
    └── 2-jenkins-install.sh
├── kubernetes
    ├── scripts
    │   ├── run-helloworld.sh
    │   ├── create-user.sh
    │   ├── enable-artifacts.sh
    │   ├── enable-k8s-on-spinnaker.sh
    │   ├── install-client.sh
    │   └── install-k8s.sh
    └── spinnaker-rbac.yml
├── scripts
    ├── 2-swapon.sh
    ├── 1-create-user.sh
    ├── 6-restart-spinnaker.sh
    ├── 5-deploy-spinnaker.sh
    ├── 3-install-halyard.sh
    └── 4-configure-oauth.sh
├── docs
    ├── jenkins.txt
    ├── hal-aws-provider.txt
    ├── jenkins_ami.txt
    ├── rosco.txt
    ├── debian-package.txt
    ├── build-amis.txt
    └── iam-roles.txt
└── vagrant
    ├── Vagrantfile
    ├── README.md
    └── install-spinnaker.sh


/aws/terraform/vars.tf:
--------------------------------------------------------------------------------
1 | variable AWS_ACCOUNT_ID {}
2 | variable AWS_PROFILE {}
3 | 


--------------------------------------------------------------------------------
/artifact/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/in4it/spinnaker-course/HEAD/artifact/.DS_Store


--------------------------------------------------------------------------------
/artifact/artifact.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/in4it/spinnaker-course/HEAD/artifact/artifact.zip


--------------------------------------------------------------------------------
/aws/terraform/.gitignore:
--------------------------------------------------------------------------------
1 | mykey*
2 | myaccount*
3 | .terraform
4 | terraform.tfstate*
5 | terraform.tfvars
6 | 


--------------------------------------------------------------------------------
/aws/terraform/provider.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 |   profile    = "${var.AWS_PROFILE}"
3 |   region     = "us-east-1"
4 | }
5 | 
6 | 


--------------------------------------------------------------------------------
/jenkins/3-create-debian.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | sudo apt-get update 
4 | sudo apt-get -y install gnupg rng-tools docker.io
5 | 


--------------------------------------------------------------------------------
/aws/terraform/keypair.tf:
--------------------------------------------------------------------------------
1 | resource "aws_key_pair" "myaccount" {
2 |   key_name   = "myaccount-key"
3 |   public_key = "${file("myaccount.pub")}"
4 | }
5 | 


--------------------------------------------------------------------------------
/kubernetes/scripts/run-helloworld.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | kubectl run helloworld --image=k8s.gcr.io/echoserver:1.4 --port=8080
3 | kubectl expose deployment helloworld --type=NodePort
4 | 
5 | 


--------------------------------------------------------------------------------
/scripts/2-swapon.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | sudo fallocate -l 8G /swapfile
4 | sudo chmod 600 /swapfile
5 | sudo mkswap /swapfile
6 | echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
7 | sudo swapon /swapfile
8 | 


--------------------------------------------------------------------------------
/jenkins/1-create-user.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | groupadd ubuntu
4 | useradd -g ubuntu -G admin -s /bin/bash -d /home/ubuntu ubuntu
5 | mkdir -p /home/ubuntu
6 | cp -r /root/.ssh /home/ubuntu/.ssh
7 | chown -R ubuntu:ubuntu /home/ubuntu
8 | echo "ubuntu	ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers
9 | 


--------------------------------------------------------------------------------
/scripts/1-create-user.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | groupadd ubuntu
4 | useradd -g ubuntu -G admin -s /bin/bash -d /home/ubuntu ubuntu
5 | mkdir -p /home/ubuntu
6 | cp -r /root/.ssh /home/ubuntu/.ssh
7 | chown -R ubuntu:ubuntu /home/ubuntu
8 | echo "ubuntu	ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers
9 | 


--------------------------------------------------------------------------------
/scripts/6-restart-spinnaker.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | sudo systemctl restart apache2
 4 | sudo systemctl restart gate
 5 | sudo systemctl restart orca
 6 | sudo systemctl restart igor
 7 | sudo systemctl restart front50
 8 | sudo systemctl restart echo
 9 | sudo systemctl restart clouddriver
10 | sudo systemctl restart rosco
11 | 


--------------------------------------------------------------------------------
/jenkins/2-jenkins-install.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | sudo apt-get update
4 | sudo apt-get -y install openjdk-8-jdk
5 | wget -q -O - https://jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add -
6 | sudo sh -c 'echo deb http://pkg.jenkins-ci.org/debian binary/ > /etc/apt/sources.list.d/jenkins.list'
7 | sudo apt-get update
8 | sudo apt-get -y install jenkins git
9 | sudo service jenkins start


--------------------------------------------------------------------------------
/docs/jenkins.txt:
--------------------------------------------------------------------------------
1 | hal config ci jenkins enable
2 | hal config ci jenkins master add my-jenkins-master --address http://<digitaloceanip>:8080 --username $USERNAME --password
3 | 
4 | hal config ci jenkins master add my-jenkins-master --address http://167.99.194.152:8080 --username jorn --password
5 | hal config ci jenkins master edit MASTER --csrf true
6 | 
7 | vi /opt/spinnaker/config/spinnaker-local.yml
8 | igor:
9 |     enabled: true


--------------------------------------------------------------------------------
/kubernetes/scripts/create-user.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | groupadd ubuntu
 3 | useradd -g ubuntu -G admin -s /bin/bash -d /home/ubuntu ubuntu
 4 | mkdir -p /home/ubuntu
 5 | cp -r /root/.ssh /home/ubuntu/.ssh
 6 | chown -R ubuntu:ubuntu /home/ubuntu
 7 | echo "ubuntu ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers
 8 | 
 9 | # create .kube/config
10 | mkdir -p ~ubuntu/.kube
11 | cp -i /etc/kubernetes/admin.conf ~ubuntu/.kube/config
12 | chown ubuntu:ubuntu ~ubuntu/.kube/config
13 | 


--------------------------------------------------------------------------------
/vagrant/Vagrantfile:
--------------------------------------------------------------------------------
 1 | Vagrant.configure("2") do |config|
 2 |   config.vm.box = "ubuntu/bionic64"
 3 |   config.vm.network "private_network", ip: "192.168.56.10"
 4 |   config.vm.provider "virtualbox" do |vb|
 5 |     vb.memory = "8056"
 6 |     vb.cpus = 4
 7 |     config.vm.provider :virtualbox do |vb|
 8 |         vb.name = "spinnaker"
 9 |     end
10 |   end
11 |   config.vm.provision "shell", path: "install-spinnaker.sh"
12 |   config.disksize.size = "30GB"
13 | end
14 | 


--------------------------------------------------------------------------------
/kubernetes/scripts/enable-artifacts.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | TOKEN_FILE=~/github-token
 3 | ARTIFACT_ACCOUNT_NAME=my-github-artifact-account
 4 | 
 5 | if [ ! -e "$TOKEN_FILE" ] ; then
 6 |   echo "token file does not exist"
 7 |   exit 1
 8 | fi
 9 | 
10 | hal config features edit --artifacts true
11 | hal config artifact github enable
12 | hal config artifact github account add $ARTIFACT_ACCOUNT_NAME \
13 |     --token-file $TOKEN_FILE
14 | 
15 | # webhook address: http://ip:8084/webhooks/git/github
16 | 


--------------------------------------------------------------------------------
/aws/terraform/vpc.tf:
--------------------------------------------------------------------------------
 1 | module "vpc" {
 2 |   source = "terraform-aws-modules/vpc/aws"
 3 | 
 4 |   name = "spinnaker"
 5 |   cidr = "10.0.0.0/16"
 6 | 
 7 |   azs             = ["us-east-1a", "us-east-1b", "us-east-1c"]
 8 |   private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
 9 |   public_subnets  = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
10 | 
11 |   enable_nat_gateway = false
12 |   enable_vpn_gateway = false
13 | 
14 |   tags = {
15 |     Terraform = "true"
16 |     Environment = "Spinnaker"
17 |   }
18 | }
19 | 


--------------------------------------------------------------------------------
/docs/hal-aws-provider.txt:
--------------------------------------------------------------------------------
 1 | s3
 2 | ----------
 3 | hal config storage s3 edit --access-key-id $YOUR_SECRET_KEY_ID --secret-access-key
 4 | hal config storage edit --type s3
 5 | 
 6 | AWS Provider
 7 | ------------
 8 | hal config provider aws edit --access-key-id $YOUR_SECRET_KEY_ID --secret-access-key
 9 | hal config provider aws account add $AWS_ACCOUNT_NAME --account-id ${ACCOUNT_ID} --assume-role role/spinnakerManaged
10 | hal config provider aws account edit $AWS_ACCOUNT_NAME --regions us-east-1
11 | hal config provider aws enable
12 | 


--------------------------------------------------------------------------------
/kubernetes/scripts/enable-k8s-on-spinnaker.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # download kubectl
 4 | curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
 5 | chmod +x kubectl
 6 | sudo mv kubectl /usr/local/bin
 7 | 
 8 | # enable kubernetes
 9 | hal config provider kubernetes enable
10 | 
11 | hal config provider kubernetes account add my-k8s-v2-account \
12 |     --provider-version v2 \
13 |     --context $(kubectl config current-context)
14 | 
15 | 


--------------------------------------------------------------------------------
/scripts/5-deploy-spinnaker.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # install dependencies
 4 | sudo apt update
 5 | sudo apt-get -y install redis-server
 6 | sudo systemctl enable redis-server
 7 | sudo systemctl start redis-server
 8 | 
 9 | echo 'spinnaker.s3:
10 |   versioning: false
11 | ' | sudo tee -a /home/spinnaker/.hal/default/profiles/front50-local.yml
12 | 
13 | # env flag that need to be set:
14 | SPINNAKER_VERSION=1.28.1
15 | 
16 | set -e
17 | 
18 | if [ -z "${SPINNAKER_VERSION}" ] ; then
19 |   echo "SPINNAKER_VERSION not set"
20 |   exit
21 | fi
22 | 
23 | sudo hal config version edit --version $SPINNAKER_VERSION
24 | sudo hal deploy apply
25 | 


--------------------------------------------------------------------------------
/docs/jenkins_ami.txt:
--------------------------------------------------------------------------------
 1 |  {
 2 |  "builders": [{
 3 |     "type": "amazon-ebs",
 4 |     "access_key": "{{user `aws_access_key`}}",
 5 |     "secret_key": "{{user `aws_secret_key`}}",
 6 |     "region": "us-east-1",
 7 |     "source_ami_filter": {
 8 |       "filters": {
 9 |       "virtualization-type": "hvm",
10 |       "name": "ubuntu/images/*ubuntu-xenial-16.04-amd64-server-*",
11 |       "root-device-type": "ebs"
12 |       },
13 |       "owners": ["099720109477"],
14 |       "most_recent": true
15 |     },
16 |     "instance_type": "t2.micro",
17 |     "ssh_username": "ubuntu",
18 |     "ami_name": "packer-example {{timestamp}}"
19 |   }],
20 | 
21 |   "post-processors": [
22 |     {
23 |       "type": "manifest",
24 |       "output": "manifest.json",
25 |       "strip_path": true
26 |     }
27 |   ]
28 | }
29 | 


--------------------------------------------------------------------------------
/kubernetes/scripts/install-client.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | echo "installing docker"
 3 | apt-get update
 4 | apt-get install -y \
 5 |     apt-transport-https \
 6 |     ca-certificates \
 7 |     curl \
 8 |     software-properties-common
 9 | curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
10 | add-apt-repository \
11 |    "deb https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") \
12 |    $(lsb_release -cs) \
13 |    stable"
14 | apt-get update && apt-get install -y docker-ce=$(apt-cache madison docker-ce | grep 17.03 | head -1 | awk '{print $3}')
15 | 
16 | echo "installing kubernetes"
17 | apt-get update && apt-get install -y apt-transport-https
18 | curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
19 | cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
20 | deb http://apt.kubernetes.io/ kubernetes-xenial main
21 | EOF
22 | apt-get update
23 | apt-get install -y kubelet kubeadm kubectl
24 | 


--------------------------------------------------------------------------------
/docs/rosco.txt:
--------------------------------------------------------------------------------
 1 | cp /opt/rosco/config/rosco.yml ~/.hal/default/profiles
 2 | 
 3 | ----------------  
 4 | 
 5 |   configDir: /opt/rosco/config/packer/
 6 | 
 7 | ----------------
 8 | 
 9 | debianRepository: https://s3.amazonaws.com/spinnaker-debian-repo-jorn/ xenial main
10 | 
11 | ----------------
12 | 
13 |   enabled: true
14 | 
15 | ----------------
16 | 
17 |     - baseImage:
18 |         id: ubuntu xenial
19 |         shortDescription: v16.04
20 |         detailedDescription: Ubuntu Xenial 16.04 LTS
21 |         packageType: deb
22 |         # You can specify the templateFile used for this baseImage.
23 |         # If not specified, the default templateFile will be used.
24 |         templateFile: aws-ebs.json
25 |       virtualizationSettings:
26 |       - region: us-east-1
27 |         virtualizationType: hvm
28 |         instanceType: t2.micro
29 |         sourceAmi: ami-43a15f3e
30 |         sshUserName: ubuntu
31 |         spotPrice: 0
32 |         spotPriceAutoProduct: Linux/UNIX (Amazon VPC)
33 | 


--------------------------------------------------------------------------------
/scripts/3-install-halyard.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | sudo add-apt-repository ppa:openjdk-r/ppa -y
 6 | 
 7 | sudo apt-get update
 8 | sudo apt-get -y install jq openjdk-11-jdk
 9 | 
10 | curl -O https://raw.githubusercontent.com/spinnaker/halyard/master/install/debian/InstallHalyard.sh
11 | sudo bash InstallHalyard.sh
12 | sudo mkdir -p /home/spinnaker
13 | sudo chown spinnaker:spinnaker /home/spinnaker
14 | curl -fsSL get.docker.com -o get-docker.sh
15 | sh get-docker.sh
16 | sudo usermod -aG docker ubuntu
17 | sudo docker run -p 127.0.0.1:9090:9000 -d --name minio1 -v /mnt/data:/data -v /mnt/config:/root/.minio minio/minio server /data
18 | 
19 | sudo apt-get -y install jq apt-transport-https
20 | 
21 | MINIO_SECRET_KEY="minioadmin"
22 | MINIO_ACCESS_KEY="minioadmin"
23 | 
24 | echo $MINIO_SECRET_KEY | hal config storage s3 edit --endpoint http://127.0.0.1:9090 \
25 |     --access-key-id $MINIO_ACCESS_KEY \
26 |     --secret-access-key
27 | 
28 | hal config storage edit --type s3
29 | 
30 | 


--------------------------------------------------------------------------------
/vagrant/README.md:
--------------------------------------------------------------------------------
 1 | Start as usual
 2 | 
 3 | ```
 4 | Host $ vagrant plugin install vagrant-disksize
 5 | Host $ vagrant up
 6 | ```
 7 | 
 8 | Then, you would need to do a ssh tunnel in your host: `nano $HOME/.ssh/config`
 9 | 
10 | ```
11 | # Configure as the output say in: vagrant ssh-config
12 | 
13 | Host spinnaker-start
14 |   HostName localhost
15 |   User vagrant
16 |   Port 2222
17 |   UserKnownHostsFile /dev/null
18 |   StrictHostKeyChecking no
19 |   PasswordAuthentication no
20 |   ## Put your own identity file
21 |   IdentityFile C:/Users/caroman/Desktop/spinnaker-course/vagrant/.vagrant/machines/default/virtualbox/private_key
22 |   IdentitiesOnly yes
23 |   LogLevel FATAL
24 |   ControlMaster yes
25 |   ControlPath ~/.ssh/spinnaker-tunnel.ctl
26 |   RequestTTY no
27 |   LocalForward 9000 localhost:9000
28 |   LocalForward 8084 localhost:8084
29 |   LocalForward 8087 localhost:8087
30 | ```
31 | 
32 | After that: `ssh spinnaker-start`
33 | 
34 | 
35 | And then open you browser in `127.0.0.1:9000
36 | `
37 | 


--------------------------------------------------------------------------------
/kubernetes/spinnaker-rbac.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: rbac.authorization.k8s.io/v1
 2 | kind: ClusterRole
 3 | metadata:
 4 |  name: spinnaker-role
 5 | rules:
 6 | - apiGroups: [""]
 7 |   resources: ["configmaps", "namespaces", "pods", "secrets", "services"]
 8 |   verbs: ["*"]
 9 | - apiGroups: [""]
10 |   resources: ["pods/log"]
11 |   verbs: ["list", "get"]
12 | - apiGroups: ["apps"]
13 |   resources: ["controllerrevisions", "deployments", "statefulsets"]
14 |   verbs: ["*"]
15 | - apiGroups: ["extensions", "app"]
16 |   resources: ["daemonsets", "deployments", "ingresses", "networkpolicies", "replicasets"]
17 |   verbs: ["*"]
18 | ---
19 | apiVersion: rbac.authorization.k8s.io/v1
20 | kind: ClusterRoleBinding
21 | metadata:
22 |  name: spinnaker-role-binding
23 | roleRef:
24 |  apiGroup: rbac.authorization.k8s.io
25 |  kind: ClusterRole
26 |  name: spinnaker-role
27 | subjects:
28 | - namespace: default
29 |   kind: ServiceAccount
30 |   name: spinnaker-service-account
31 | ---
32 | apiVersion: v1
33 | kind: ServiceAccount
34 | metadata:
35 |  name: spinnaker-service-account
36 |  namespace: default
37 | 


--------------------------------------------------------------------------------
/scripts/4-configure-oauth.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # env flags that need to be set:
 4 | CLIENT_ID=myClientId
 5 | CLIENT_SECRET=myClientSecret
 6 | PROVIDER=google|github|azure
 7 | REDIRECT_URI=http://ip:8084/login
 8 | 
 9 | set -e
10 | 
11 | if [ -z "${CLIENT_ID}" ] ; then
12 |   echo "CLIENT_ID not set"
13 |   exit
14 | fi
15 | if [ -z "${CLIENT_SECRET}" ] ; then
16 |   echo "CLIENT_SECRET not set"
17 |   exit
18 | fi
19 | if [ -z "${PROVIDER}" ] ; then
20 |   echo "PROVIDER not set"
21 |   exit
22 | fi
23 | if [ -z "${REDIRECT_URI}" ] ; then
24 |   echo "REDIRECT_URI not set"
25 |   exit
26 | fi
27 | 
28 | MY_IP=`curl -s ifconfig.co`
29 | 
30 | hal config security authn oauth2 edit \
31 |   --client-id $CLIENT_ID \
32 |   --client-secret $CLIENT_SECRET \
33 |   --provider $PROVIDER
34 | hal config security authn oauth2 enable
35 | 
36 | hal config security authn oauth2 edit --pre-established-redirect-uri $REDIRECT_URI
37 | 
38 | hal config security ui edit \
39 |     --override-base-url http://${MY_IP}:9000
40 | 
41 | hal config security api edit \
42 |     --override-base-url http://${MY_IP}:8084
43 | 


--------------------------------------------------------------------------------
/docs/debian-package.txt:
--------------------------------------------------------------------------------
 1 | 
 2 | aptly repo create -distribution=xenial -component=main release
 3 | 
 4 |   "S3PublishEndpoints": {
 5 |     "spinnaker-debian-repo-{yourName}": {
 6 |       "region": "us-east-1",
 7 |       "bucket": "spinnaker-debian-repo-{yourName}",
 8 |       "acl": "public-read",
 9 |       "awsAccessKeyID": "{yourAcessKeyID}",
10 |       "awsSecretAccessKey": "{yourAcessKey}"
11 |     }
12 |   },
13 | 
14 | aptly publish repo release s3:spinnaker-debian-repo: -skip-signing
15 | 
16 | 
17 | sudo docker build -t builddep -f Dockerfile.builddep .
18 | 
19 | Jenkins job:
20 | Step 1:
21 | -------
22 | echo "#!/bin/bash
23 | cd /root; apt-get install -y npm ;git-buildpackage --git-ignore-new --git-ignore-branch; cp ../*.deb ." > install.sh
24 | sudo docker run -v "$PWD":/root builddep bash /root/install.sh
25 | 
26 | Step 2:
27 | -------
28 | aptly repo add -force-replace release *.deb
29 | 
30 | Step 3:
31 | ------- 
32 | aptly publish repo -skip-signing=true release s3:spinnaker-debian-repo-{yourName}: || true
33 | 
34 | Step 4:
35 | -------
36 | aptly publish update -force-overwrite -skip-signing=true xenial s3:spinnaker-debian-repo-{yourName}:  
37 | 


--------------------------------------------------------------------------------
/kubernetes/scripts/install-k8s.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | echo "installing docker"
 3 | apt-get update
 4 | apt-get install -y \
 5 |     apt-transport-https \
 6 |     ca-certificates \
 7 |     curl \
 8 |     software-properties-common
 9 | curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
10 | add-apt-repository \
11 |    "deb https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") \
12 |    $(lsb_release -cs) \
13 |    stable"
14 | apt-get update && apt-get install -y docker-ce=$(apt-cache madison docker-ce | grep 17.03 | head -1 | awk '{print $3}')
15 | 
16 | echo "installing kubernetes"
17 | apt-get update && apt-get install -y apt-transport-https
18 | curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
19 | cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
20 | deb http://apt.kubernetes.io/ kubernetes-xenial main
21 | EOF
22 | apt-get update
23 | apt-get install -y kubelet kubeadm kubectl
24 | 
25 | echo "deploying kubernetes (with flannel)..."
26 | sysctl net.bridge.bridge-nf-call-iptables=1
27 | kubeadm init --pod-network-cidr=10.244.0.0/16
28 | export KUBECONFIG=/etc/kubernetes/admin.conf
29 | kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.9.1/Documentation/kube-flannel.yml
30 | 


--------------------------------------------------------------------------------
/docs/build-amis.txt:
--------------------------------------------------------------------------------
 1 | Packer Additional parameters
 2 | ---------------------------- 
 3 | -machine-readable -var aws_access_key=your_aws_access_key -var "aws_secret_key=your_aws_secret_key"
 4 | 
 5 | Packer Template Text
 6 | --------------------
 7 |  {
 8 |  "builders": [{
 9 |     "type": "amazon-ebs",
10 |     "access_key": "{{user `aws_access_key`}}",
11 |     "secret_key": "{{user `aws_secret_key`}}",
12 |     "region": "us-east-1",
13 |     "source_ami_filter": {
14 |       "filters": {
15 |       "virtualization-type": "hvm",
16 |       "name": "ubuntu/images/*ubuntu-xenial-16.04-amd64-server-*",
17 |       "root-device-type": "ebs"
18 |       },
19 |       "owners": ["099720109477"],
20 |       "most_recent": true
21 |     },
22 |     "instance_type": "t2.micro",
23 |     "ssh_username": "ubuntu",
24 |     "ami_name": "packer-example {{timestamp}}"
25 |   }],
26 | 
27 |   "provisioners": [{
28 |     "type": "shell",
29 |     "inline": [
30 |       "sudo apt-get update",
31 |       "sudo apt-get install -y nginx"
32 |     ]
33 |   }],
34 | 
35 |   "post-processors": [
36 |     {
37 |       "type": "manifest",
38 |       "output": "manifest.json",
39 |       "strip_path": true
40 |     }
41 |   ]
42 | }
43 | 
44 | 
45 | Spinnaker deploy edit json
46 | --------------------------
47 |       "amiName": "${ #stage( 'Jenkins' )['context']['builds'][ #stage( 'Jenkins' )['context']['builds'].size() -1 ]['artifact_id'].split(':')[1] }",
48 | 


--------------------------------------------------------------------------------
/docs/iam-roles.txt:
--------------------------------------------------------------------------------
 1 | IAM ROLES:
 2 | ----------
 3 | Role:
 4 | BaseIAMRole
 5 | 
 6 | Policy:
 7 | no role
 8 | 
 9 | --------------------------------------------------------------------------------
10 | 
11 | Policyname:
12 | SpinnakerAssumeRolePolicy
13 | 
14 | Policy:
15 | {
16 |     "Version": "2012-10-17",
17 |     "Statement": [{
18 |         "Action": "sts:AssumeRole",
19 |         "Resource": [
20 |             "arn:aws:iam::${MANAGING_ACCOUNT_ID}:role/spinnakerManaged",
21 |             "arn:aws:iam::${MANAGED_ACCOUNT_ID}:role/spinnakerManaged"
22 |         ],
23 |         "Effect": "Allow"
24 |     }]
25 | }
26 | 
27 | --------------------------------------------------------------------------------
28 | 
29 | Policyname:
30 | SpinnakerPassRole
31 | Policy:
32 | {
33 |     "Version": "2012-10-17",
34 |     "Statement": [{
35 |         "Effect": "Allow",
36 |         "Action": [ "ec2:*" ],
37 |         "Resource": "*"
38 |     },
39 |     {
40 |         "Effect": "Allow",
41 |         "Action": "iam:PassRole",
42 |         "Resource": "arn:aws:iam::${MANAGING_ACCOUNT_ID}:role/BaseIAMRole"
43 |     }]
44 | }
45 | 
46 | --------------------------------------------------------------------------------
47 | 
48 | Policyname:
49 | spinnakerManaged
50 | Policy:
51 | {
52 |     "Version": "2012-10-17",
53 |     "Statement": [{
54 |         "Sid": "1",
55 |         "Effect": "Allow",
56 |         "Principal": {
57 |             "AWS": "${AUTH_ARN}"
58 |         },
59 |     "Action": "sts:AssumeRole"
60 |     }]
61 | }


--------------------------------------------------------------------------------
/vagrant/install-spinnaker.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | export DEBIAN_FRONTEND=noninteractive
 4 | export LANGUAGE=en_US.UTF-8
 5 | export LANG=en_US.UTF-8
 6 | export LC_ALL=en_US.UTF-8
 7 | locale-gen en_US.UTF-8
 8 | dpkg-reconfigure locales
 9 | 
10 | sudo fallocate -l 4G /swapfile
11 | sudo chmod 600 /swapfile
12 | sudo mkswap /swapfile
13 | echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
14 | sudo swapon /swapfile
15 | 
16 | sudo add-apt-repository ppa:openjdk-r/ppa -y
17 | 
18 | sudo apt-get update
19 | sudo apt-get -y install jq openjdk-11-jdk
20 | 
21 | SPINNAKER_VERSION=1.28.1
22 | curl -Os https://raw.githubusercontent.com/spinnaker/halyard/master/install/debian/InstallHalyard.sh
23 | sudo bash InstallHalyard.sh
24 | curl -fsSL get.docker.com -o get-docker.sh
25 | sh get-docker.sh
26 | sudo usermod -aG docker spinnaker
27 | sudo docker run -p 127.0.0.1:9090:9000 -d --name minio1 -v /mnt/data:/data -v /mnt/config:/root/.minio minio/minio:RELEASE.2018-07-31T02-11-47Z server /data
28 | 
29 | mkdir /home/spinnaker
30 | chown spinnaker:spinnaker /home/spinnaker
31 | 
32 | MINIO_SECRET_KEY=`echo $(sudo docker exec minio1 cat /root/.minio/config.json) |jq -r '.credential.secretKey'`
33 | MINIO_ACCESS_KEY=`echo $(sudo docker exec minio1 cat /root/.minio/config.json) |jq -r '.credential.accessKey'`
34 | echo $MINIO_SECRET_KEY | hal config storage s3 edit --endpoint http://127.0.0.1:9090 \
35 |     --access-key-id $MINIO_ACCESS_KEY \
36 |     --secret-access-key
37 | 
38 | hal config storage edit --type s3
39 | 
40 | # env flag that need to be set:
41 | 
42 | 
43 | set -e
44 | 
45 | if [ -z "${SPINNAKER_VERSION}" ] ; then
46 |   echo "SPINNAKER_VERSION not set"
47 |   exit
48 | fi
49 | 
50 | sudo hal config version edit --version $SPINNAKER_VERSION
51 | sudo hal deploy apply
52 | sudo echo "host: 0.0.0.0" |sudo tee \
53 |     /home/spinnaker/.hal/default/service-settings/gate.yml \
54 |     /home/spinnaker/.hal/default/service-settings/deck.yml
55 | sudo hal config security api edit --cors-access-pattern "http://192.168.56.10:9000"
56 | sudo hal config security ui edit --override-base-url http://192.168.56.10:9000
57 | sudo hal config security api edit --override-base-url http://192.168.56.10:8084
58 | sudo hal deploy apply
59 | sudo systemctl daemon-reload
60 | sudo hal deploy connect
61 | sudo systemctl enable redis-server.service
62 | sudo systemctl start redis-server.service
63 | printf " -------------------------------------------------------------- \n|     Starting spinnaker, this can take several minutes        |\n --------------------------------------------------------------"
64 | sleep 300 #needed to be sure everyting is started correctly 
65 | printf " -------------------------------------------------------------- \n|     Connect here to spinnaker: http://192.168.56.10:9000/    |\n --------------------------------------------------------------"
66 | 


--------------------------------------------------------------------------------
/aws/terraform/iam.tf:
--------------------------------------------------------------------------------
  1 | # Spinnaker managing user
  2 | resource "aws_iam_user" "spinnaker" {
  3 |   name = "spinnaker"
  4 |   path = "/"
  5 | }
  6 | 
  7 | resource "aws_iam_access_key" "spinnaker" {
  8 |   user = "${aws_iam_user.spinnaker.name}"
  9 | }
 10 | 
 11 | resource "aws_iam_user_policy" "spinnaker" {
 12 |   name = "spinnaker"
 13 |   user = "${aws_iam_user.spinnaker.name}"
 14 | 
 15 |   policy = <<EOF
 16 | {
 17 |     "Version": "2012-10-17",
 18 |     "Statement": [{
 19 |         "Action": "sts:AssumeRole",
 20 |         "Resource": [
 21 |             "arn:aws:iam::${var.AWS_ACCOUNT_ID}:role/spinnaker-managed"
 22 |         ],
 23 |         "Effect": "Allow"
 24 |     }]
 25 | }
 26 | EOF
 27 | }
 28 | 
 29 | # Spinnaker managed role
 30 | resource "aws_iam_role" "spinnaker-managed" {
 31 |   name = "spinnaker-managed"
 32 | 
 33 |   assume_role_policy = <<EOF
 34 | {
 35 |   "Version": "2012-10-17",
 36 |   "Statement": [
 37 |     {
 38 |       "Action": "sts:AssumeRole",
 39 |       "Principal": {
 40 |         "AWS": "${aws_iam_user.spinnaker.arn}"
 41 |       },
 42 |       "Effect": "Allow",
 43 |       "Sid": ""
 44 |     }
 45 |   ]
 46 | }
 47 | EOF
 48 | }
 49 | resource "aws_iam_role_policy" "spinnaker-managed" {
 50 |   name = "spinnaker-managed"
 51 |   role = "${aws_iam_role.spinnaker-managed.id}"
 52 | 
 53 |   policy = <<EOF
 54 | {
 55 |     "Version": "2012-10-17",
 56 |     "Statement": [{
 57 |         "Effect": "Allow",
 58 |         "Action": [ "ec2:*" ],
 59 |         "Resource": "*"
 60 |     },
 61 |     {
 62 |         "Effect": "Allow",
 63 |         "Action": "iam:PassRole",
 64 |         "Resource": "arn:aws:iam::${var.AWS_ACCOUNT_ID}:role/BaseIAMRole"
 65 |     }]
 66 | }
 67 | EOF
 68 | }
 69 | 
 70 | resource "aws_iam_role_policy" "spinnaker-managed-poweruser" {
 71 |   name = "poweruser"
 72 |   role = "${aws_iam_role.spinnaker-managed.id}"
 73 | 
 74 |   policy = <<EOF
 75 | {
 76 |     "Version": "2012-10-17",
 77 |     "Statement": [
 78 |         {
 79 |             "Effect": "Allow",
 80 |             "NotAction": [
 81 |                 "iam:*",
 82 |                 "organizations:*"
 83 |             ],
 84 |             "Resource": "*"
 85 |         },
 86 |         {
 87 |             "Effect": "Allow",
 88 |             "Action": [
 89 |                 "iam:CreateServiceLinkedRole",
 90 |                 "iam:DeleteServiceLinkedRole",
 91 |                 "iam:ListRoles",
 92 |                 "organizations:DescribeOrganization"
 93 |             ],
 94 |             "Resource": "*"
 95 |         }
 96 |     ]
 97 | }
 98 | EOF
 99 | }
100 | 
101 | # base ec2 iam role
102 | resource "aws_iam_role" "base-iam-role" {
103 |   name = "BaseIAMRole"
104 | 
105 |   assume_role_policy = <<EOF
106 | {
107 |   "Version": "2012-10-17",
108 |   "Statement": [
109 |     {
110 |       "Action": "sts:AssumeRole",
111 |       "Principal": {
112 |         "Service": "ec2.amazonaws.com"
113 |       },
114 |       "Effect": "Allow",
115 |       "Sid": ""
116 |     }
117 |   ]
118 | }
119 | EOF
120 | }
121 | resource "aws_iam_instance_profile" "base-iam-role" {
122 |   name  = "BaseIAMRole"
123 |   role = "${aws_iam_role.base-iam-role.name}"
124 | }
125 | 
126 | 
127 | 


--------------------------------------------------------------------------------