spinnaker / spinnaker.github.io Goto Github PK
View Code? Open in Web Editor NEWspinnaker documentation site
License: MIT License
spinnaker documentation site
License: MIT License
Page: /setup/storage/s3/
Feedback:
# REGION=us-east-1
# echo $ACCESS_KEY | hal config storage s3 edit \
> --access-key-id $YOUR_SECRET_KEY_ID \
> --secret-access-key \
> --region $REGION
+ Get current deployment
Success
+ Get persistent store
Success
Generated bucket name: spin-dbfa68ce-5ad1-4643-aa59-1d59be46a6ca
- Edit persistent store
Failure
Problems in Global:
! ERROR Unexpected exception: java.lang.RuntimeException: Failed to
invoke validate() on "S3Validator" for node "S3PersistentStore
- Failed to edit persistent store "s3".
I've tried with different access keys, creating the bucket ahead of time. Neither seemed to make a difference.
Page: /setup/features/notifications/
Feedback:
Could the slack setup be updated to use halyard? It's much simpler and safer:
hal config notification slack enable
hal config notification slack edit --bot-name $SPINNAKER_BOT --token $TOKEN_FROM_SLACK
when i go to Deploy, I get the following error. I use the agent to network. How can i solve the problem?
star@ubuntu:~$ hal version list
Get released versions
Failure
Problems in Global:
! ERROR Could not load "versions.yml" from config bucket:
Connection refused (Connection refused).
Failed to load available Spinnaker versions.
Hi I am getting a warning while trying to add an account while configuring spinnaker . Could you please help me resolve this.
Problems in default.provider.aws.my-aws-account:
Page: /setup/security/authorization/google-groups/
Feedback:
The doc says to run:
hal config security roles provider google edit
--admin-username $ADMIN
--credentials-path $CREDENTIALS
--domain $DOMAIN
But the correct command is:
hal config security authz google edit
--admin-username $ADMIN
--credential-path $CREDENTIALS
--domain $DOMAIN
Page: /guides/tutorials/codelabs/appengine-source-to-prod/
Feedback: The codelab is very helpful in showcasing awesome functionality. I had 2 issues though.
hal config version edit --version 0.3.0
caused the hal deploy apply
step to not work. I believe I used version 1.0.1 to get it to work. There were other messages that said version 0.3.0 was not supportedgithub webhook
. I copy & pasted the network settings and double checked the IP Addresses, but github said it couldn't talk with the server. I'm not sure if it was GCP networking issues, or even where to begin debugging at which step the failure was.Page: /setup/ci/
Feedback: Travis and Jenkins links appear broken, redirect to root page. Looks like this may be a lack of trailing slash since the sidebar links are working.
Navigate to any page without the trailing /, such as https://www.spinnaker.io/setup/storage, and the redirect to the page with the slash will be over HTTP.
Hey guys!
Fantastic work on the project. I just followed the Spinnaker quick start on AWS (https://s3.amazonaws.com/quickstart-reference/spinnaker/latest/doc/spinnaker-on-the-aws-cloud.pdf) and after cloud formation finished I began surfing through the Spinnaker UI. After some unexpected behavior in the UI, I decided to look over the spinnaker logs and I found the error SpinnakerUser is not authorized to perform: iam:ListServerCertificates
. I manually gave permission to the user in the AWS IAM and the spinnaker behavior got corrected.
/var/log/spinnaker/clouddriver/clouddriver.log
2017-08-30 22:37:28.507 WARN 46014 --- [ecutionAction-4] c.n.s.c.cache.LoggingInstrumentation : com.netflix.spinnaker.clouddriver.aws.provider.AwsInfrastructureProvider:default/us-west-2/AmazonCertificateCachingAgent completed
com.amazonaws.services.identitymanagement.model.AmazonIdentityManagementException: User: arn:aws:iam::317085423413:user/Spinnaker-SpinnakerUser-5Z0ZXXV7BRKH is not authorized to perform: iam:ListServerCertificates on resource: arn:aws:iam::317085423413:server-certificate/ (Service: AmazonIdentityManagement; Status Code: 403; Error Code: AccessDenied; Request ID: cd8faada-8dd3-11e7-a132-ad6c0570cad9)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1587) ~[aws-java-sdk-core-1.11.173.jar:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1257) ~[aws-java-sdk-core-1.11.173.jar:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1029) ~[aws-java-sdk-core-1.11.173.jar:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:741) ~[aws-java-sdk-core-1.11.173.jar:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:715) ~[aws-java-sdk-core-1.11.173.jar:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:697) ~[aws-java-sdk-core-1.11.173.jar:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:665) ~[aws-java-sdk-core-1.11.173.jar:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:647) ~[aws-java-sdk-core-1.11.173.jar:na]
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:511) ~[aws-java-sdk-core-1.11.173.jar:na]
at com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient.doInvoke(AmazonIdentityManagementClient.java:8275) ~[aws-java-sdk-iam-1.11.173.jar:na]
at com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient.invoke(AmazonIdentityManagementClient.java:8251) ~[aws-java-sdk-iam-1.11.173.jar:na]
at com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient.executeListServerCertificates(AmazonIdentityManagementClient.java:6023) ~[aws-java-sdk-iam-1.11.173.jar:na]
at com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient.listServerCertificates(AmazonIdentityManagementClient.java:5999) ~[aws-java-sdk-iam-1.11.173.jar:na]
at com.amazonaws.services.identitymanagement.AmazonIdentityManagement$listServerCertificates.call(Unknown Source) ~[na:na]
at com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonCertificateCachingAgent.loadData(AmazonCertificateCachingAgent.groovy:86) ~[clouddriver-aws-1.674.2.jar:1.674.2]
at com.netflix.spinnaker.cats.agent.CachingAgent$CacheExecution.executeAgentWithoutStore(CachingAgent.java:66) ~[cats-core-1.674.2.jar:1.674.2]
at com.netflix.spinnaker.cats.agent.CachingAgent$CacheExecution.executeAgent(CachingAgent.java:59) ~[cats-core-1.674.2.jar:1.674.2]
at com.netflix.spinnaker.cats.redis.cluster.ClusteredAgentScheduler$AgentExecutionAction.execute(ClusteredAgentScheduler.java:205) ~[cats-redis-1.674.2.jar:1.674.2]
at com.netflix.spinnaker.cats.redis.cluster.ClusteredAgentScheduler$AgentJob.run(ClusteredAgentScheduler.java:179) ~[cats-redis-1.674.2.jar:1.674.2]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) ~[na:1.8.0_141]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) ~[na:1.8.0_141]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_141]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_141]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_141]
ref: https://www.spinnaker.io/setup/install/storage/
clicking any of the following links:
will go to https://www.spinnaker.io/setup/storage/`{{ item abbreviation }}`
which will then immediately redirect you to https://www.spinnaker.io/
clicking link will take you to respective page on configuring storage.
Page: /setup/providers/
Feedback:
Page: /guides/tutorials/codelabs/hello-deployment/
Feedback:
The jenkins configuration in the yml that worked for me was:
jenkins:
enabled: true
masters:
-
address: "https://spinnaker.cloudbees.com/"
name: cloudbees
password: f5e182594586b86687319aa5780ebcc5
username: spinnakeruser
as mentioned in the page https://github.com/spinnaker/igor, and not the mentioned here.
In order to make it work I had to disable the "Prevent Cross Site Request Forgery exploits" option in jenkins security configuration.
It all worked configuring the igor yml directly, not using halyard command as it creates a non working config.
Page: /community/
Feedback: Hello,
I am interested in making additional changes, i.e: creating additional stages on Spinnaker. Could you point me to how to setup and go about the implementation?
I found this guide: https://www.spinnaker.io/guides/developer/new-stage/
but it seems incomplete as well.
Thanks.
This page was explicitly excluded from our html checker because it had so many errors. The root cause needs to be fixed (kork & gate).
Authorization doc has a screenshot that still refers to Group Membership, which has been updated to Permissions.
Page: /guides/tutorials/codelabs/appengine-source-to-prod/
Feedback:Hello, I'm trying spinnaker with appengine and following https://www.spinnaker.io/guides/tutorials/codelabs/appengine-source-to-prod/> However I'm stuck at executing the following command: hal config provider appengine account add my-appengine-account --project $GCP-PROJECT-ID
It errors as follows. Has anyone come across this issue?
$hal config provider appengine account add my-appengine-account --project $GCP-PROJECT-ID
Page: /setup/monitoring/datadog/
Feedback:
Throw me a frickin' bone here.
https://www.spinnaker.io/guides/tutorials/codelabs/gce-source-to-prod/
Particularly step (1). The screenshot does not match the dialog shown by Spinnaker - in particular there is a required "Account" field which I don't know how to populate and is not mentioned in the codelab.
I was able to continue by instead launching a click-to-deploy Spinnaker instance.
Page: /guides/
Feedback: no content on page.
Page: /setup/providers/aws/
Feedback:
The ${ACCOUNT_NAME} is confusing, I've spent 45 minutes figuring out how and which account name, 2 things are missing (2 notes).
${ACCOUNT_ID} however is relevant to AWS.
Cheers
In the Hello Deployment tutorial, the instructions in Enable Jenkins API say to select
But the screen shot has...
Page: /setup/install/providers/
Feedback: Please can you add Openshift V3 support? It's managed Kubernetes, so potentially a fair amount of re-use of existing native Kubernetes and Google Compute Engine integrations I would hope?
Page: /community/releases/versions/1-0-0-changelog
Feedback:
On the google blog post I read "Starting with 1.0, all new Spinnaker releases are individually versioned and follow semantic versioning" looking at the repos i'm assuming they will all still be versioned independently.
Is there documentation somewhere that links the semver to the micro-services versions? I looked around in the haylard source but I couldn't seem to find it there.
After the UI changes. Not able to find the installation steps.
Page: /setup/security/authorization/ldap/
Feedback:
Which file does this go in? I am guessing fiat-local.yml?
Page: /guides/tutorials/codelabs/gcp-kubernetes-source-to-prod/
Feedback: The section under https://www.spinnaker.io/guides/tutorials/codelabs/gcp-kubernetes-source-to-prod/#create-a-spinnaker-application you are asked to "Click in the Accounts field and choose “my-kubernetes-account”.", but this field does not exsit, the screen I see on this section is as follows:
Page: /guides/tutorials/codelabs/gcp-kubernetes-source-to-prod/
Feedback:
The link to delete the deployment is blocked by a Google corp SSO page (I'm guessing it's the URL to the internal container engine provisioning tool): https://pantheon.corp.google.com/deployments/details/spinnaker-cd-codelab
Page: /setup/install/halyard/
Feedback:
THis is broken docker image : docker pull gcr.io/spinnaker-marketplace/halyard:stable
I tried installed and failed at hal deploy apply - saying its not OS - Ubuntu 14.04
Page: /guides/user/pipeline-expressions/
Feedback:
In the document, it's used as a java example that:
${ new java.text.SimpleDateFormat('mm-dd-yyyy').format(new java.util.Date()) }
Actually it should be ${ new java.text.SimpleDateFormat('MM-dd-yyyy').format(new java.util.Date()) }, cuz upper case 'M' denotes MONTH, but 'm' denotes MINUTE.
Page: /setup/quickstart/halyard-gke-public/
Unable to complete halyard-gke-public setup:
If you’re greeted with the following login screen on localhost:9000 you’re all set!
Yay! made it here.
Make sure you can successfully login before continuing, however.
Uh, that didn't work. Now what?
{
"error": "Unauthorized",
"message": "Authentication Failed: User's info does not have all required fields.",
"status": 401,
"timestamp": 1506985726074
}
I'm trying to get my spinnaker interface authenticated using this tutorial:
https://www.spinnaker.io/setup/quickstart/halyard-gke-public/
Prior to the tutorial, spinnaker was confirmed up and running on http://localhost:9000
. After editing/applying/enabling the google security, I try the login and successfully am challenged with a google login screen. Upon completing the challenge and I am redirected as expected to http://localhost:8084/login
, though I receive the following error:
{
"error": "Unauthorized",
"message": "Authentication Failed: User's info does not have all required fields.",
"status": 401,
"timestamp": 1506985726074
}
Here is a log of my setup steps:
kross@halyard:~$ hal config security authn oauth2 edit --provider google \
> --client-id $CLIENT_ID \
> --client-secret $CLIENT_SECRET \
> --user-info-requirements hd=$DOMAIN
+ Get current deployment
Success
+ Get authentication settings
Success
+ Edit oauth2 authentication settings
Success
Problems in default.security:
- WARNING Your UI or API domain does not have override base URLs
set even though your Spinnaker deployment is a Distributed deployment on a
remote cloud provider. As a result, you will need to open SSH tunnels against
that deployment to access Spinnaker.
? We recommend that you instead configure an authentication
mechanism (OAuth2, SAML2, or x509) to make it easier to access Spinnaker
securely, and then register the intended Domain and IP addresses that your
publicly facing services will be using.
+ Successfully edited oauth2 method.
kross@halyard:~$ hal config security authn oauth2 enable
+ Get current deployment
Success
+ Edit oauth2 authentication settings
Success
Problems in default.security:
- WARNING Your UI or API domain does not have override base URLs
set even though your Spinnaker deployment is a Distributed deployment on a
remote cloud provider. As a result, you will need to open SSH tunnels against
that deployment to access Spinnaker.
? We recommend that you instead configure an authentication
mechanism (OAuth2, SAML2, or x509) to make it easier to access Spinnaker
securely, and then register the intended Domain and IP addresses that your
publicly facing services will be using.
+ Successfully enabled oauth2
kross@halyard:~$ hal deploy apply
+ Get current deployment
Success
+ Apply deployment
Success
+ Deploy spin-clouddriver
Success
+ Deploy spin-front50
Success
+ Deploy spin-orca
Success
+ Deploy spin-deck
Success
+ Deploy spin-echo
Success
+ Deploy spin-gate
Success
+ Deploy spin-igor
Success
+ Deploy spin-rosco
Success
Problems in default.security:
- WARNING Your UI or API domain does not have override base URLs
set even though your Spinnaker deployment is a Distributed deployment on a
remote cloud provider. As a result, you will need to open SSH tunnels against
that deployment to access Spinnaker.
? We recommend that you instead configure an authentication
mechanism (OAuth2, SAML2, or x509) to make it easier to access Spinnaker
securely, and then register the intended Domain and IP addresses that your
publicly facing services will be using.
I'm not quite sure what to do with this. It seems I am authentic, yet for some reason the required user fields are not allowed in the interaction.
I have reviewed spinnaker's authentication setup as well and repeatedly made a few changes and tested with a fresh incognito browser, yet no change.
Since the google
provider is a packaged OAuth 2 provider with spinnaker, I'm confused as to what further configuration would be necessary, as I am not "bringing my own provider".
Where can I start looking next? Any references/pointers to documentation?
Page: /setup/providers/kubernetes/
Feedback:
The docs here don't produce a working config; trying to create an account on a 1.6 cluster, I get this error:
! ERROR Unable to communicate with your Kubernetes cluster: Failure
executing: GET at: https://<ip>/api/v1/namespaces. Message: Forbidden!
User <context> doesn't have permission. User
"system:anonymous" cannot list namespaces at the cluster scope.: "No policy
matched.\nUnknown user \"system:anonymous\""..
I can do kubectl get ns
and there's a sensible-looking .kube/config
file, so it looks like this issue: kubernetes/kubernetes#39722
I'm not clear at this point what the fix should be; it looks like Spinnaker isn't playing well with the new https://kubernetes.io//docs/admin/authorization/rbac/#service-account-permissions. Any suggestions for how to fix?
Page: /setup/install/deploy/
Feedback: There is no straight forward answer written how to access the GUI for Spinnaker. I might be not in right direction, if so can any help how to access ?
https://www.spinnaker.io/guides/tutorials/codelabs/appengine-source-to-prod/#deploy-to-app-engine currently has screenshot which includes specifying Account. Since the update where we no longer display this field if only one account is configured, we should update this screenshot accordingly.
Page: /setup/install/
Feedback: Hello, do we have more guides on how to develop new stages on spinnaker?
I have a project on GCP, and im not being able to do the codelabs, because we are using custom networks, and not the default, im getting the following entry on the log for the bake stage:
==> googlecompute: Checking image does not exist...
==> googlecompute: Creating temporary SSH key for instance...
==> googlecompute: Using image: ubuntu-1404-trusty-v20170818
==> googlecompute: Creating instance...
googlecompute: Loading zone: us-central1-a
googlecompute: Loading machine type: n1-standard-1
googlecompute: Loading network: my-custom-network
==> googlecompute: Error creating instance: a subnetwork must be specified
Build 'googlecompute' errored: Error creating instance: a subnetwork must be specified
==> Some builds didn't complete successfully and had errors:
--> googlecompute: Error creating instance: a subnetwork must be specified
==> Builds finished but no artifacts were created.
https://www.spinnaker.io/setup/security/authorization/#applications still has old style Group Memberships, rather than the updated Permissions with read/write.
Page: /setup/storage/s3/
Feedback:
Remove the "--region" parameter/flag/argument for a successful bucket creation.
Page: /reference/providers/
Feedback:
Several provider links don't go anywhere (AppEngine, AWS) and some pages are blank (and probably should be unlinked until a page is implemented (Orcale, OpenStack)
Page: /guides/tutorials/codelabs/bake-and-deploy-pipeline/
Feedback: I do not see the Accounts field as described in the above page. I followed the spinnaker installation here- https://www.spinnaker.io/guides/tutorials/codelabs/appengine-source-to-prod/
It would be nice to have a docker-compose configuration which starts the halyard containers out of the box with the required volume mounts.
It could have a different flavor for a kubernetes-based setup which needs additional mountpoints.
Page: /community/faqs/
Feedback: After I deploy the Spinnaker ,create the Pipeline,but when I add stage ,I found there is no stage type to be selected, would you help on it ? thanks
Page: /setup/providers/azure/
Feedback: I followed the Azure setup page under https://www.spinnaker.io/setup/providers/azure/. I am able to successfully execute setup commands till vault creation. I am not able to add an account. What is the requirement for this.
Page: /setup/security/authentication/saml/
Feedback:
When running Gate behind a load balancer that terminates SSL, you need to also specify the following settings, otherwise Gate redirects to an http
url after successful auth.
server:
tomcat:
protocolHeader: X-Forwarded-Proto
remoteIpHeader: X-Forwarded-For
internalProxies: .*
From ttomsu on spin-auth
slack channel:
I need to move the comment from the OAuth page to the network arch page
Page: /setup/install/deploy/
Feedback:
should be "sudo hal deploy apply" instead "hal deploy apply""
Page: /guides/tutorials/codelabs/kubernetes-source-to-prod/
Feedback:
Great tutorial thanks.
I have a problem that updated code only makes it to the dev server group. When I update code, the deployment pipeline is successful all through to prod, but the prod deployment simply re-deploys the first tag defined.
In my example below, the first deployment is v18
Following the instructions, in the deploy to dev stage, for container we select "Tag resolved at runtime", v18 is deployed and in the first run, v18 is deployed to prod. Now I update the code to v19, and this is deployed to dev. However, v18 is re-deployed to prod.
When setting up the deploy to prod stage, the "tag resolved at runtime" option is not available and we select a tag (v18). It is this tag that is always deployed. In the Deploy stage, surely we should be deploying the result of the Find Image from Cluster stage, the result of which does correctly identify the last deployed tag (v19).
It seems there is a stage or something missing as it seems the tutorial will always deploy the same tag to prod, as that is what is defined. What am I missing here?
This is my first post so let me know what further information/screenshots are required. I have followed the tutorial fully, kubernetes pod dev info shows v19 and correctly increments (v20, v21 etc), the prod pods all show v18 for deployments
Page: /setup/storage/redis/
Feedback:Hello,When i setup storage(--type redis), i got one error. The error is as following:
Unexpected exception: java.lang.RuntimeException: Failed to
invoke validate() on "DeploymentConfigurationValidator" for node
"DeploymentConfiguration
I hava tried to update the Halyard, but it don't work. How can i solve this problem? Thank you.
Page: /guides/tutorials/codelabs/bake-and-deploy-pipeline/ (https://www.spinnaker.io/guides/tutorials/codelabs/bake-and-deploy-pipeline/#create-a-spinnaker-application)
Feedback: While following the Bake and Deploy Pipeline tutorial, I encountered a few mismatches between what was being presented in the document and what I was really being presented in the Spinnaker UI:
Create a load balancer
This section does not seem to take into account the newly released Amazon Application Load Balancer.
While trying to create an Application Load Balancer I got an error, which I could not bypass:
At least two subnets in two different Availability Zones must be specified
However, I don't yet know how to setup the subnets for the LB. Guidance here is highly appreciated.
However, I don't seem to be able to select "external" as it doesn't appear in the drop box.
I think there is a disconnect in the document regarding the redis-server and the Load Balancer. Will the redis-server expose a web interface on port 80? What are the Load Balancer port configuration in order to make it work with the redis-server?
On the Pipeline config, in the Configure Deployment Cluster window.
It says in the document: If running on AWS, select defaultvpc under VPC Subnet.
. However, I only have an internal
VPC. Probably just the same deal, but worth updating the document to increase confidence :).
Select the Medium: m3 size, then click Next.
m3
there.Appreciate the help and keep up the good work! This is gold.
Page: /setup/quickstart/halyard-gke-public/
Feedback:
For creating the client ID, the authorized redirect URLs need to match with the FQDN being set up further below.
The "navigate to.." instructions at the bottom shouldn't specify port 9000, since we're using port 80.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.