Spinnaker on GCP as CD Platform

To continuously deliver an app update, you need an automated pipeline that reliably builds, tests, and updates your software. Code changes should automatically flow through the pipeline. The pipeline includes artifact creation, unit testing, functional testing, and production rollout.

In some cases, we want a code update to apply to only a subset of your users, so that it is exercised realistically before you push it to your entire user base. If one of these canary releases proves unsatisfactory, your automated procedure must be able to quickly roll back the software changes.

With GKE and Spinnaker, you can create a robust continuous delivery flow that helps to ensure your software is shipped as quickly as it is developed and validated. Although rapid iteration is your end goal, you must first ensure that each app revision passes through a series of automated validations before becoming a candidate for production rollout.

When a given change has been vetted through automation, you can also validate the app manually and conduct further pre-release testing. After your team decides the app is ready for production, one of your team members can approve it for production deployment.
The solution is to use GKE, Memorystore and Load Balacing services from GCP to work.

 

What is Spinnaker?

Spinnaker is an open source, cloud native and multi-cloud continuous delivery platform for releasing software changes with high velocity. It is fast, secure and made for all sizes of enterprises.

If you would like to learn more about Spinnaker, please visit the Spinnaker website.

What is Deck?

Deck is the Spinnaker UI. We can access Deck via port forwarding (for internal access, unsecured mostly), or publicly over the internet (secured via Identity-Aware Proxy).

 

How to deploy Spinnaker on Google Cloud?

There are two ways you can deploy it in GKE on Google Cloud.

Simple method is to use Spinnaker for GCP from GCP Marketplace. It is one click deployment, also it will create required dependencies.

Manually using Cloud Shell or GCP VM

git clone https://github.com/GoogleCloudPlatform/spinnaker-for-gcp.git
cd spinnaker-for-gcp

//create a script with your Spinnaker environment properties
./scripts/install/setup_properties.sh

//it will create Spinnaker environment properties; you can review it using the following command
cat ./scripts/install/properties

//set up a git user which is used to create a git repo for Spinnaker config
git config --global user.email "[email protected]"
git config --global user.name "$USER"

//start the Spinnaker installation script
./scripts/install/setup.sh

What will happen in the background during the Spinnaker installation?

• It will enable the required APIs, if not enabled already
• A service account is created and IAM roles assigned for Spinnaker tasks
• A Redis instance is created in Cloud Memorystore
• A Cloud Storage bucket is created
• A GKE cluster is created for Spinnaker application pipelines
• PubSub topics and subscriptions are created
• Spinnaker resources are provisioned in the GKE cluster
• A Spinnaker config git repo is configured in Cloud Source Repositories
• The Halyard management tool for configuring Spinnaker: hal is installed in Cloud Shell
• The Spinnaker tool for managing applications and pipelines as code: spin is installed in Cloud Shell

 

How to access the UI?

Once it is up and running there are two ways to connect to it.

Privately, unsecure and without authentication

//Deck, the Spinnaker user interface, opens in your browser
./scripts/manage/connect_unsecured.sh

Give Spinnaker access, over the internet

A production Spinnaker instance is a critical component of your infrastructure, so you must properly secure it. Several options are available to you for security and authentication:

• Spinnaker for Google Cloud provides tools to help secure your deployment using IAP with a SSL Certificate
• Take a look at the security documentation of Spinnaker
• Use G Suite as an identity provider for Spinnaker authentication
• Use Google Groups for Spinnaker authorization
• Configure an Identity-Aware Proxy in front of Spinnaker to further control who has access to it

You can refer to this documentation to configure Spinnaker for public access with proper authentication and authorization.

 

What’s next?

You are ready with Spinnaker as your CD platform. You just need to grant Spinnaker access to your application cluster.

./scripts/manage/add_gke_account.sh

You need to enter a few credentials like SA, project Id, etc. and you are done. Spinnaker will able to deploy in your application cluster. You can now configure Cloud Build triggers, and use Spinnaker UI to configure CD pipeline.



Leave a Reply

Your email address will not be published. Required fields are marked *

*