Spinnaker 1.26.6 on Kubernetes, now thought to do with Jenkins pipeline linkage (add multiple Jenkins environment configuration) and multiple Kubernetes cluster configuration.

Automated Triggers for Spinnaker

Jenkins Trigger

Jenkins configuration – Spinnaker -nginx-demo

pipeline

Key words:

Split ('-')[0] repoName = "${JOB_NAME}" ${JOB_NAME}" imageName = "${registryServer}/${projectName}/${repoName}" //pipeline pipeline{ agent { node { label "build01"}} GenericTrigger(causeString: 'Generic Cause', genericVariables: [[defaultValue: '', key: 'branchName', regexpFilter: '', value: '$.ref']], printContributedVariables: true, printPostContent: true, regexpFilterExpression: '', regexpFilterText: '', silentResponse: true, token: 'spinnaker-nginx-demo') } stages{ stage("CheckOut"){ steps{ script{ srcUrl = "https://gitlab.xxxx.com/xxxx/spinnaker-nginx-demo.git" branchName = branchName - "refs/heads/" currentBuild.description  = "Trigger by ${branchName}" println("${branchName}") checkout([$class: 'GitSCM', branches: [[name: "${branchName}"]], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: 'gitlab-admin-user', url: "${srcUrl}"]]]) } } } stage("Push Image "){ steps{ script{ withCredentials([usernamePassword(credentialsId: 'harbor-admin-user', passwordVariable: 'password', usernameVariable: 'username')]) { sh """ sed -i -- "s/VER/${branchName}/g" app/index.html docker login -u ${username} -p ${password} ${registryServer} docker build -t ${imageName}:${branchName} . docker push ${imageName}:${branchName} docker rmi ${imageName}:${branchName} """ } } } } stage("Trigger File"){ steps { script{ sh """ echo IMAGE=${imageName}:${branchName} >trigger.properties echo ACTION=DEPLOY >> trigger.properties cat trigger.properties """  archiveArtifacts allowEmptyArchive: true, artifacts: 'trigger.properties', followSymlinks: false } } } } }Copy the code

About gitLab configuration

Copy from the warehouseGithub.com/spinnakerus…

Configuration in Spinnaker:

Create the application

Create an ABCD application that grants Yunweizu read-write and executable permissions. Devops group read permission

Create pepiline – zhangpeng

As for the webhook – stage

Personal boring made a smile robot to send construction information: enterprise wechat group chat made a smile robot as follows:

Payload (user-defined)

{" msgtype ", "text", "text" : {" content ":" line ${execution [' name ']} run, run user ${execution [' trigger '] [' user ']} "}}Copy the code

Gitlab triggers a build:

Edit any file in your Git repository Click Webhoo Edit to see the trigger status The Jenkins build tag is 68

Spinnaker builds to send notifications feels a bit slow….. It took three minutes to receive the build message

Alarm Notifications about mail

Halyard container: Qq mailbox Mr. Password

Bash - 5.0 $PWD/home/spinnaker /. Hal/default/profiles bash - 5.0 $cat echo - local. Yml mail: enabled: true the from: [email protected] spring: mail: host: smtp.qq.com username: [email protected] password: xxxxxx protocol: smtp default-encoding: utf-8 properties: mail: display: sendname: SpinnakerAdmin smtp: port: 465 auth: true starttls: enable: true required: true ssl: enable: true transport: protocol: smtp debug: trueCopy the code

Bash - 5.0 $PWD/home/spinnaker /. Hal/default/profiles bash - 5.0 $cat Settings - local. Js window.spinnakerSettings.feature.managedServiceAccounts = true; window.spinnakerSettings.notifications.email.enabled = true; $Hal deploy apply --no-validateCopy the code

Then you can receive the email notification

Webhook Tigger trigger

Create a pipeline – zhangpeng1

Curl trigger test

curl https://xxx.xxx.com/webhooks/webhook/zhangpeng1 -X POST
Copy the code

Trigger a successNote: There is no email or Wechat reminder from Stage Webhook

Git Tigger trigger

Create a pipeline zhangpeng2

Git repository file modification triggers

Webhook Stage is still the step that triggers wechat robot, now modify a file in the Master branch of gitLab warehouseNote: Zhangpeng and Zhangpeng2 pipelines should be triggered if spinnaker-nginx-Demo is used!

Trigger a success

Docker Registry Tigger trigger

Harbor is used here to trigger the harbor directly. However, there is a problem: In Kubernetes build spinnaker service. I harbor user uses Zhangpeng,but this user is not the administrator, only the manager of several projects! That’s not ok. The user should be an administrator. I’ve failed several times here because of permissions.

Create a pipeline – zhangpeng3

Upload the image to Harbor

Verification triggered successfully

Of course, you can also manually trigger a look at:You can see the triggered tag here, right? Can it be used for rollback?

The first pipeline under Kubernetes

Create a project-demo

Here you can see that my Custers Account is no longer the default. Change the name of acclounts and primaryAccount in the config file and Hal deploy apply –no-validate

Create application – spinnaker – nginx – demo

It is still the process of creating application and setting permissions!

Create pipelines – spinnaker – nginx – demo

The Manifest as follows:

apiVersion: apps/v1 kind: Deployment metadata: labels: k8s-app: nginxdemo name: nginxdemo namespace: dev spec: replicas: 1 selector: matchLabels: k8s-app: nginxdemo template: metadata: labels: k8s-app: nginxdemo name: nginxdemo namespace: dev spec: containers: - image: 'harbor.layame.com/spinnaker/spinnaker-nginx-demo:1.2.4 imagePullPolicy: Always name: nginxdemo ports: - containerPort: 80 name: web protocol: TCP imagePullSecrets: - name: harbor-xxxCopy the code

running

A normal operation should report an error like the following:The orca service reported an error. I forgot which screenshotThen: Cat Cluster1.yaml

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: spinnaker-namespaces-admin-role
rules:
- apiGroups:
  - ""
  resources:
  - namespaces
  - namespaces/status
  verbs:
  - create
  - get
  - list
  - watch
  - update
  - patch
  - delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: spinnaker-namespaces-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: spinnaker-namespaces-admin-role
subjects:
- kind: ServiceAccount
  name: default
  namespace: spinnaker
Copy the code
kubectl apply -f cluster1.yaml
Copy the code

There is no error. But the deployment was still unsuccessful! Is there a problem with my K8S Config?

CONTEXT=$(kubectl config current-context)

hal config provider kubernetes account add my-k8s-account \
    --context $CONTEXT
Copy the code

My-k8s-account configuration has a kubeconfigFile!Follow the ServiceAccount configuration of Layabox

hal deploy apply --no-validate
Copy the code

Wait for pod rebuild to complete exit Spinnaker Web Console refresh cache log in again! Open theapplicationspinnaker-nginx-demopipelinesconfigurespinnaker-nginx-demo Modify the account formy-k8s-account And save the configurationSave changes. Run the assembly line again

Ignoring the key of Harbor’s warehouse, I made a mistake and did not pull down the image! One more question. Should friends stage input Chinese after saving are garbled! Here is the halyard configuration:/home/spinnaker/.hal/default/profilesSQL related configuration in directory added **? useSSL=false&useUnicode=true&characterEncoding=utf8**I have added this configuration to all applications that have SQL related configurations! Easy first step, sort of. Follow up with more in-depth gameplay!

To sum up:

  • Habor or Docker Registry users must be administrators
  • The kubernetes key may not have the permission according to my above file. If you have namespace permission, check the clusterRole ClusterRoleBinding configuration
  • If support Chinese remember database configuration increase? useSSL=false&useUnicode=true&characterEncoding=utf8
  • User group permissions… Well, you can try all kinds of things yourself
  • Add multiple Jenkins Harbor Kubernetes cluster configurations… You can copy and modify the configuration file