Overview

  • OpsMx now provides a reference deployment guide that provide step-by-step instructions for deploying Spinnaker, which is a continuous deployment tool from Netflix Open Source Software, on the Amazon Web Services (AWS) Cloud.
  • In this document we will explore on how to setup EC2 as a cloud provider with Spinnaker.
    • In AWS, an EC2 is used to launch as many VM’s as we need, to configure security and networking, and to manage storage.
    • In Spinnaker, AWS plays almost the same role when user configures AWS as a Cloud Provider.
    • There are two methods to configure AWS as Cloud Driver,
      1. By using AWS Console
      2. By using AWS CLI
  • In this document we will explore the integration process using AWS Console

Steps to Setup EC2 with Spinnaker

  • Steps to create Managing Account
    • Navigate to Console > CloudFormation and select your preferred region.
    • Click here to Download the template locally.
    • Search for ‘SpinnakerInstanceProfileArn’ and comment out the line.
    • (Optional). Add additional managed account as shown on line 158 in the SpinnakerAssumeRolePolicy section of the downloaded template file.
    • Execute the below to create the CloudFormation Stack
      1. Create Stack > Upload a template to Amazon S3 > Browse to template you downloaded in Step-2 above > Next
      2. Enter Stack Name as ‘spinnaker-managing-infrastructure-setup’ and follow the prompts on screen to create the stack
    • Once the stack is select the stack you created in Step-3 > Outputs and note the values(AccessKeyId, Secret, ManagingAccountID & AuthArn). These values are mandatory for subsequent configurations.
  • Steps to Create Managed Account.
    • Navigate to Console > CloudFormation and select your preferred region.
    • Click here to Download the template locally.
    • Creating the CloudFormation Stack
      1. Create Stack > Upload a template to Amazon S3 > Browse to template you downloaded in Step-2 above > Next
      2. Enter Stack Name as ‘spinnaker-managed-infrastructure-setup’ and follow the prompts on screen to create the stack
      3. Enter AuthArn and ManagingAccountId as the value noted above and follow the prompts on screen to create the stack
  • Steps to Create IAM Role for EC2
    • Navigate to Console > IAM > Roles
    • Click on Create New Role, select EC2 and name it as per requirement(eg. ec2-instance)
    • Search for the below policies
      • AmazonEC2FullAccess
      • spinnakerAssumeRolePolicy
      • baseiampolicy
      • AutoScalingFullAccess
      • PowerUserAccess
    • Click on Review and Submit to Create.
    • Now Edit the newly created role and click on TrustRelationships and add the below JSON entry

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}

Steps to configure AWS EC2 using AWS CLI

  • Managing Account creation using
  • Execute the below command to use AccessKey and Secret to run Spinnaker

curl https://d3079gxvs8ayeg.cloudfront.net/templates/managing.yaml 

echo "Optionally add Managing account to the file downloaded as shown on line 158 in the SpinnakerAssumeRolePolicy section of the downloaded file."
aws cloudformation deploy --stack-name spinnaker-managing-infrastructure-setup --template-file managing.yaml \ --parameter-overrides UseAccessKeyForAuthentication=true --capabilities CAPABILITY_NAMED_IAM --region us-west-2

  • Execute the below command to use InstanceProfile run Spinnaker

curl https://d3079gxvs8ayeg.cloudfront.net/templates/managing.yaml

echo "Optionally add Managing account to the file downloaded as shown on line 158 in the SpinnakerAssumeRolePolicy section of the downloaded file."
aws cloudformation deploy --stack-name spinnaker-managing-infrastructure-setup --template-file managing.yaml \
--parameter-overrides UseAccessKeyForAuthentication=false --capabilities CAPABILITY_NAMED_IAM --region us-west-2

  • Managed Account Creation
    • Note: These steps need to be carried out for the managing account as well.

curl https://d3079gxvs8ayeg.cloudfront.net/templates/managed.yaml

aws cloudformation deploy --stack-name spinnaker-managed-infrastructure-setup --template-file managed.yaml \
--parameter-overrides AuthArn=FROM_ABOVE ManagingAccountId=FROM_ABOVE --capabilities CAPABILITY_NAMED_IAM --region us-west-2

Configure Halyard with AccessKeys

  • These steps need to be executed only if you selected UseAccessKeyForAuthentication as true in Option-1 or Option-2 above

hal config provider aws edit --access-key-id ${ACCESS_KEY_ID} \
--secret-access-key # do not supply the key here, you will be prompted

Configure Halyard to add AWS account

  • Execute the below command to add AWS EC2 Account

$AWS_ACCOUNT_NAME={name for AWS account in Spinnaker, e.g. my-aws-account}
hal config provider aws account add $AWS_ACCOUNT_NAME \
--account-id ${ACCOUNT_ID} \
--assume-role role/spinnakerManaged

  • Execute the below command to Enable AWS

hal config provider aws enable