部署spinnaker()-其他

部署spinnaker()

直接登录官网部署，修改拉取镜像地址可以参考以下文档，

https://blog.csdn.net/qq_22917163/article/details/108623113

使用docker运行halyard容器因为采用halyard的方式部署spinnaker的过程中需要访问国外的网站拉去一些配置，所以运行halyard容器的主机能够访问到过往的网站，在一些博客中，博主们使用代理的方式。再次，因为此次实践，全部基于阿里云ACK，所以我们可以直接按量付费买一台香港的服务器来充当运行halyard的主机，部署完以后，可以将磁盘做成镜像，然后释放，节省开销，在需要更新spinnaker的时候，利用备份的镜像重新启用该halyard主机即可。

安装docker如上所述，我们在香港购买一台ECS后，配置docker运行环境。

[root@idc-hk-proxy ~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo[root@idc-hk-proxy ~]# yum install -y docker-ce-18.06.1.ce-3.el7[root@idc-hk-proxy ~]# systemctl start docker123运行halyard容器1.在物理节点上创建目录

[root@idc-hk-proxy ~]# mkdir ~/.hal[root@idc-hk-proxy ~]# chmod 777 ~/.hal122.运行halyard容器

[root@idc-hk-proxy ~]# docker run -p8084:8084 -p9000:9000 –name halyard –rm -v ~/.hal:/home/spinnaker/.hal -it gcr.io/spinnaker-marketplace/halyard:stable13.配置集群凭据，让halyard容器可以通过kubectl操作k8s集群进入容器中

[root@idc-hk-proxy ~]# docker exec -it halyard bash1创建.kube目录

mkdir ~/.kube1复制阿里云集群的凭据到 $HOME/.kube/config 目录下测试在halyard容器中是否可以访问到集群资源

bash-5.0$ kubectl get nodesNAME STATUS ROLES AGE VERSIONjenkins Ready <none> 147d v1.18.2microniu-mysql Ready <none> 154d v1.18.1microniu-srv01 Ready <none> 168d v1.18.0microniu-srv02 Ready <none> 168d v1.18.0microniu-srv03 Ready <none> 168d v1.18.0microniu-srv04 Ready <none> 120d v1.18.212345678配置docker-registry provider因为spinnaker部署的时候默认是去gcr.io上拉去相关的镜像，在国内的集群无法访问到该站点，所以我们可以在运行halyard容器的节点（香港服务器）上拉取下来所有要用到的镜像，然后打tag传到我们的私有镜像仓库，让pod启动的时候到我们制定的镜像仓库拉去相关镜像。

bash-5.0$ hal config provider docker-registry account add registry-aliyun \> –no-validate \–address registry.cn-beijing.aliyuncs.com/ \–username ‘账号’ \–password ‘密码’12345配置k8s providerbash-5.0$ hal config provider kubernetes enablebash-5.0$ CONTEXT=$(kubectl config current-context)bash-5.0$ hal config provider kubernetes account add k8s-v2-account \> –provider-version v2 \> –context $CONTEXT \> –docker-registries registry-aliyun 123456选择Spinnaker的部署环境bash-5.0$ ACCOUNT=k8s-v2-accountbash-5.0$ hal config deploy edit –type distributed –account-name $ACCOUNT12创建存储，用来保存spinnaker需要持久保存的数据在k8s集群中采用helm的方式部署minio（以下操作在可以管理集群的机器上执行）

helm fetch apphub/minio –untar –untardir .1修改value.yaml文件中的配置,按需修改persistence、ingress等部分，修改accessKey、secretKey，在安装期间创建所需bucket如下：buckets:

name: spinnakerpolicy: nonepurge: false

helm install –name minio –namespace database -f minio/values.yaml ./minio1安装完登录后界面如下

配置存储信息在hal pod中继续执行以下步骤：

bash-5.0$ mkdir -p ~/.hal/default/profilesbash-5.0$ echo “spinnaker.s3.versioning: false” >> ~/.hal/default/profiles/front50-local.ymlbash-5.0$ hal config storage edit –type s3bash-5.0$ ENDPOINT=http://minio.database:9000 //minio的svcbash-5.0$ MINIO_ACCESS_KEY=ACCESS_KEY //上边部署minio的ACCESS_KEYbash-5.0$ MINIO_SECRET_KEY=SECRET_KEY //上边部署minio的SECRET_KEYbash-5.0$ echo $MINIO_SECRET_KEY | hal config storage s3 edit –endpoint $ENDPOINT \> –path-style-access true \> –bucket spinnaker \> –root-folder spinnaker \> –access-key-id $MINIO_ACCESS_KEY \> –secret-access-key123456789101112部署spinnaker列出并选择一个版本 注意：此处会从Google Cloud上获取一个versions.yml文件，这就是为什么要在香港服务器上运行halyard容器的原因

bash-5.0$ hal version list //列出可用版本bash-5.0$ hal config version edit –version 1.22.1 //指定要部署的版本bash-5.0$ hal version bom 1.22.1 //获得所选版本spinnaker各组件的版本输出：+ Get BOM for 1.22.1 Successversion: 1.22.1timestamp: ‘2020-08-31 13:56:09’services: echo: version: 2.14.0-20200817170018 commit: 62127327e4fef43a0516e8b9a134314eb18c1d6d clouddriver: version: 6.11.0-20200818115831 commit: 618921b0d0f8f9f1aed30e16a8f44abff6348acd deck: version: 3.3.0-20200818132306 commit: dab7ae79387031b55f87f0b5051d7e2d29227b68 fiat: version: 1.13.0-20200817170018 commit: 0057cc6ddc5c1a5c82a25805da041d6ae28e7dcd front50: version: 0.25.1-20200831095512 commit: efaea57fa2ef04fb5e23ed75cfdf41baa89fa6d4 gate: version: 1.18.1-20200825122721 commit: 72c2cefbcd18392814e04f98099ce711772b1669 igor: version: 1.12.0-20200817200018 commit: f5b738fedddce00b6151776c6044f97e235af60d kayenta: version: 0.17.0-20200817170018 commit: ed5ba538f40a992b903eeb2957d45541b3c2f4d1 orca: version: 2.16.0-20200817170018 commit: 05050949193e4121a7f93142d6b2857038a14f1b rosco: version: 0.21.1-20200827112228 commit: 0623c464a72cd8aa2cccc02a85fd19a80f10a62e defaultArtifact: {} monitoring-third-party: version: 0.18.1-20200818110019 commit: 94826ddef6ce457a077987ebb5a52d2dcaede573 monitoring-daemon: version: 0.18.1-20200818110019 commit: 94826ddef6ce457a077987ebb5a52d2dcaede573dependencies: redis: version: 2:2.8.4-2 consul: version: 0.7.5 vault: version: 0.7.0artifactSources: debianRepository: https://dl.bintray.com/spinnaker-releases/debians dockerRegistry: gcr.io/spinnaker-marketplace googleImageProject: marketplace-spinnaker-release gitPrefix: https://github.com/spinnaker12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758根据输出里边的各组件的版本从google拉取镜像，打tag重新push到你的私有仓库例如：

docker pull gcr.io/spinnaker-marketplace/echo:2.14.0-20200817170018 docker tag gcr.io/spinnaker-marketplace/echo:2.14.0-20200817170018 registry.cn-beijing.aliyuncs.com/niu-idc/echo:2.14.0-20200817170018 docker push registry.cn-beijing.aliyuncs.com/niu-idc/echo:2.14.0-20200817170018123注意，依赖redis

docker pull gcr.io/kubernetes-spinnaker/redis-cluster:v2docker tag gcr.io/kubernetes-spinnaker/redis-cluster:v2 registry.cn-beijing.aliyuncs.com/niu-idc/redis-cluster:v2docker push registry.cn-beijing.aliyuncs.com/niu-idc/redis-cluster:v2123在.hal的目录下找到对应的目录,修改artifactId、overrideBaseUrl、imagePullSecret

cd service-settings/mkdir service-settings//创建如下文件，文件内容如下ls .hal/default/service-settingsclouddriver.yml deck.yml echo.yml fiat.yml front50.yml gate.yml igor.yml kayenta.yml orca.yml redis.yml rosco.ymlcat *artifactId: registry.cn-beijing.aliyuncs.com/niu-idc/clouddriver:4.3.5-20190307172446kubernetes: imagePullSecrets: – registry-aliyun

artifactId: registry.cn-beijing.aliyuncs.com/niu-idc/deck:2.7.5-20190308182538kubernetes: imagePullSecrets: – registry-aliyunoverrideBaseUrl: http://spin.spinnaker.com

artifactId: registry.cn-beijing.aliyuncs.com/niu-idc/echo:2.3.1-20190214121429kubernetes: imagePullSecrets: – registry-aliyun

artifactId: registry.cn-beijing.aliyuncs.com/niu-idc/iat:1.3.2-20190128153726kubernetes: imagePullSecrets: – registry-aliyun

artifactId: registry.cn-beijing.aliyuncs.com/niu-idc/front50:0.15.2-20190222161456kubernetes: imagePullSecrets: – registry-aliyun

artifactId: registry.cn-beijing.aliyuncs.com/niu-idc/gate:1.5.2-20190301030607kubernetes: imagePullSecrets: – registry-aliyunoverrideBaseUrl: http://gate.spinnaker.com

artifactId: registry.cn-beijing.aliyuncs.com/niu-idc/igor:1.1.1-20190213190226kubernetes: imagePullSecrets: – registry-aliyun

artifactId: registry.cn-beijing.aliyuncs.com/niu-idc/kayenta:0.6.1-20190221030610kubernetes: imagePullSecrets: – registry-aliyun

artifactId: registry.cn-beijing.aliyuncs.com/niu-idc/orca:2.4.0-20190308182538kubernetes: imagePullSecrets: – registry-aliyun

artifactId: registry.cn-beijing.aliyuncs.com/niu-idc/redis-cluster:v2kubernetes: imagePullSecrets: – registry-aliyun

artifactId: registry.cn-beijing.aliyuncs.com/niu-idc/rosco:0.9.0-20190123170846kubernetes: imagePullSecrets: – registry-aliyun1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162根据自己实际情况修改overrideBaseUrl、镜像、镜像拉取secret

bash-5.0$ hal deploy apply //部署到指定的k8s中1等待一段时间，等所有的pod起来

~ kubectl get pods -n spinnaker NAME READY STATUS RESTARTS AGEspin-clouddriver-658d4b9f7c-mqpdz 1/1 Running 0 23hspin-deck-5dd8b7b9cf-vccg6 1/1 Running 0 30hspin-echo-67f9bb8f97-96g9g 1/1 Running 0 23hspin-front50-6f4898b5d-zhcc5 1/1 Running 0 30hspin-gate-9646b7884-wfrf6 1/1 Running 0 30hspin-igor-d875459bb-q6bsd 1/1 Running 0 23hspin-orca-5dbc6b6954-j4klc 1/1 Running 0 30hspin-redis-5476486cbc-llcjr 1/1 Running 0 30hspin-rosco-f66847bb4-b2fr7 1/1 Running 0 30h1234567891011部署deck和gate的ingress

cat spin-ingress.yaml—apiVersion: extensions/v1beta1kind: Ingressmetadata: name: deck-ingress namespace: spinnaker annotations: kubernetes.io/ingress.class: “nginx”spec: rules: – host: spinnaker.test.com http: paths: – path: / backend: serviceName: spin-deck servicePort: 9000—apiVersion: extensions/v1beta1kind: Ingressmetadata: name: gate-ingress namespace: spinnaker annotations: kubernetes.io/ingress.class: “nginx”spec: rules: – host: gate.test.com http: paths: – path: / backend: serviceName: spin-gate servicePort: 80841234567891011121314151617181920212223242526272829303132333435！！！注意将host改为你自己的访问域名————————————————版权声明：本文为CSDN博主「浅抒流年」的原创文章，遵循CC 4.0 BY-SA版权协议，转载请附上原文出处链接及本声明。原文链接：https://blog.csdn.net/qq_22917163/article/details/108623113

直接登录官网部署，修改拉取镜像地址可以参考以下文档，

https://blog.csdn.net/qq_22917163/article/details/108623113

使用docker运行halyard容器因为采用halyard的方式部署spinnaker的过程中需要访问国外的网站拉去一些配置，所以运行halyard容器的主机能够访问到过往的网站，在一些博客中，博主们使用代理的方式。再次，因为此次实践，全部基于阿里云ACK，所以我们可以直接按量付费买一台香港的服务器来充当运行halyard的主机，部署完以后，可以将磁盘做成镜像，然后释放，节省开销，在需要更新spinnaker的时候，利用备份的镜像重新启用该halyard主机即可。

安装docker如上所述，我们在香港购买一台ECS后，配置docker运行环境。

[root@idc-hk-proxy ~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo[root@idc-hk-proxy ~]# yum install -y docker-ce-18.06.1.ce-3.el7[root@idc-hk-proxy ~]# systemctl start docker123运行halyard容器1.在物理节点上创建目录

[root@idc-hk-proxy ~]# mkdir ~/.hal[root@idc-hk-proxy ~]# chmod 777 ~/.hal122.运行halyard容器

[root@idc-hk-proxy ~]# docker run -p8084:8084 -p9000:9000 –name halyard –rm -v ~/.hal:/home/spinnaker/.hal -it gcr.io/spinnaker-marketplace/halyard:stable13.配置集群凭据，让halyard容器可以通过kubectl操作k8s集群进入容器中

[root@idc-hk-proxy ~]# docker exec -it halyard bash1创建.kube目录

mkdir ~/.kube1复制阿里云集群的凭据到 $HOME/.kube/config 目录下测试在halyard容器中是否可以访问到集群资源

bash-5.0$ kubectl get nodesNAME STATUS ROLES AGE VERSIONjenkins Ready <none> 147d v1.18.2microniu-mysql Ready <none> 154d v1.18.1microniu-srv01 Ready <none> 168d v1.18.0microniu-srv02 Ready <none> 168d v1.18.0microniu-srv03 Ready <none> 168d v1.18.0microniu-srv04 Ready <none> 120d v1.18.212345678配置docker-registry provider因为spinnaker部署的时候默认是去gcr.io上拉去相关的镜像，在国内的集群无法访问到该站点，所以我们可以在运行halyard容器的节点（香港服务器）上拉取下来所有要用到的镜像，然后打tag传到我们的私有镜像仓库，让pod启动的时候到我们制定的镜像仓库拉去相关镜像。

bash-5.0$ hal config provider docker-registry account add registry-aliyun \> –no-validate \–address registry.cn-beijing.aliyuncs.com/ \–username ‘账号’ \–password ‘密码’12345配置k8s providerbash-5.0$ hal config provider kubernetes enablebash-5.0$ CONTEXT=$(kubectl config current-context)bash-5.0$ hal config provider kubernetes account add k8s-v2-account \> –provider-version v2 \> –context $CONTEXT \> –docker-registries registry-aliyun 123456选择Spinnaker的部署环境bash-5.0$ ACCOUNT=k8s-v2-accountbash-5.0$ hal config deploy edit –type distributed –account-name $ACCOUNT12创建存储，用来保存spinnaker需要持久保存的数据在k8s集群中采用helm的方式部署minio（以下操作在可以管理集群的机器上执行）

helm fetch apphub/minio –untar –untardir .1修改value.yaml文件中的配置,按需修改persistence、ingress等部分，修改accessKey、secretKey，在安装期间创建所需bucket如下：buckets:

name: spinnakerpolicy: nonepurge: false

helm install –name minio –namespace database -f minio/values.yaml ./minio1安装完登录后界面如下

配置存储信息在hal pod中继续执行以下步骤：

bash-5.0$ mkdir -p ~/.hal/default/profilesbash-5.0$ echo “spinnaker.s3.versioning: false” >> ~/.hal/default/profiles/front50-local.ymlbash-5.0$ hal config storage edit –type s3bash-5.0$ ENDPOINT=http://minio.database:9000 //minio的svcbash-5.0$ MINIO_ACCESS_KEY=ACCESS_KEY //上边部署minio的ACCESS_KEYbash-5.0$ MINIO_SECRET_KEY=SECRET_KEY //上边部署minio的SECRET_KEYbash-5.0$ echo $MINIO_SECRET_KEY | hal config storage s3 edit –endpoint $ENDPOINT \> –path-style-access true \> –bucket spinnaker \> –root-folder spinnaker \> –access-key-id $MINIO_ACCESS_KEY \> –secret-access-key123456789101112部署spinnaker列出并选择一个版本 注意：此处会从Google Cloud上获取一个versions.yml文件，这就是为什么要在香港服务器上运行halyard容器的原因

bash-5.0$ hal version list //列出可用版本bash-5.0$ hal config version edit –version 1.22.1 //指定要部署的版本bash-5.0$ hal version bom 1.22.1 //获得所选版本spinnaker各组件的版本输出：+ Get BOM for 1.22.1 Successversion: 1.22.1timestamp: ‘2020-08-31 13:56:09’services: echo: version: 2.14.0-20200817170018 commit: 62127327e4fef43a0516e8b9a134314eb18c1d6d clouddriver: version: 6.11.0-20200818115831 commit: 618921b0d0f8f9f1aed30e16a8f44abff6348acd deck: version: 3.3.0-20200818132306 commit: dab7ae79387031b55f87f0b5051d7e2d29227b68 fiat: version: 1.13.0-20200817170018 commit: 0057cc6ddc5c1a5c82a25805da041d6ae28e7dcd front50: version: 0.25.1-20200831095512 commit: efaea57fa2ef04fb5e23ed75cfdf41baa89fa6d4 gate: version: 1.18.1-20200825122721 commit: 72c2cefbcd18392814e04f98099ce711772b1669 igor: version: 1.12.0-20200817200018 commit: f5b738fedddce00b6151776c6044f97e235af60d kayenta: version: 0.17.0-20200817170018 commit: ed5ba538f40a992b903eeb2957d45541b3c2f4d1 orca: version: 2.16.0-20200817170018 commit: 05050949193e4121a7f93142d6b2857038a14f1b rosco: version: 0.21.1-20200827112228 commit: 0623c464a72cd8aa2cccc02a85fd19a80f10a62e defaultArtifact: {} monitoring-third-party: version: 0.18.1-20200818110019 commit: 94826ddef6ce457a077987ebb5a52d2dcaede573 monitoring-daemon: version: 0.18.1-20200818110019 commit: 94826ddef6ce457a077987ebb5a52d2dcaede573dependencies: redis: version: 2:2.8.4-2 consul: version: 0.7.5 vault: version: 0.7.0artifactSources: debianRepository: https://dl.bintray.com/spinnaker-releases/debians dockerRegistry: gcr.io/spinnaker-marketplace googleImageProject: marketplace-spinnaker-release gitPrefix: https://github.com/spinnaker12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758根据输出里边的各组件的版本从google拉取镜像，打tag重新push到你的私有仓库例如：

docker pull gcr.io/spinnaker-marketplace/echo:2.14.0-20200817170018 docker tag gcr.io/spinnaker-marketplace/echo:2.14.0-20200817170018 registry.cn-beijing.aliyuncs.com/niu-idc/echo:2.14.0-20200817170018 docker push registry.cn-beijing.aliyuncs.com/niu-idc/echo:2.14.0-20200817170018123注意，依赖redis

docker pull gcr.io/kubernetes-spinnaker/redis-cluster:v2docker tag gcr.io/kubernetes-spinnaker/redis-cluster:v2 registry.cn-beijing.aliyuncs.com/niu-idc/redis-cluster:v2docker push registry.cn-beijing.aliyuncs.com/niu-idc/redis-cluster:v2123在.hal的目录下找到对应的目录,修改artifactId、overrideBaseUrl、imagePullSecret

cd service-settings/mkdir service-settings//创建如下文件，文件内容如下ls .hal/default/service-settingsclouddriver.yml deck.yml echo.yml fiat.yml front50.yml gate.yml igor.yml kayenta.yml orca.yml redis.yml rosco.ymlcat *artifactId: registry.cn-beijing.aliyuncs.com/niu-idc/clouddriver:4.3.5-20190307172446kubernetes: imagePullSecrets: – registry-aliyun

artifactId: registry.cn-beijing.aliyuncs.com/niu-idc/deck:2.7.5-20190308182538kubernetes: imagePullSecrets: – registry-aliyunoverrideBaseUrl: http://spin.spinnaker.com

artifactId: registry.cn-beijing.aliyuncs.com/niu-idc/echo:2.3.1-20190214121429kubernetes: imagePullSecrets: – registry-aliyun

artifactId: registry.cn-beijing.aliyuncs.com/niu-idc/iat:1.3.2-20190128153726kubernetes: imagePullSecrets: – registry-aliyun

artifactId: registry.cn-beijing.aliyuncs.com/niu-idc/front50:0.15.2-20190222161456kubernetes: imagePullSecrets: – registry-aliyun

artifactId: registry.cn-beijing.aliyuncs.com/niu-idc/gate:1.5.2-20190301030607kubernetes: imagePullSecrets: – registry-aliyunoverrideBaseUrl: http://gate.spinnaker.com

artifactId: registry.cn-beijing.aliyuncs.com/niu-idc/igor:1.1.1-20190213190226kubernetes: imagePullSecrets: – registry-aliyun

artifactId: registry.cn-beijing.aliyuncs.com/niu-idc/kayenta:0.6.1-20190221030610kubernetes: imagePullSecrets: – registry-aliyun

artifactId: registry.cn-beijing.aliyuncs.com/niu-idc/orca:2.4.0-20190308182538kubernetes: imagePullSecrets: – registry-aliyun

artifactId: registry.cn-beijing.aliyuncs.com/niu-idc/redis-cluster:v2kubernetes: imagePullSecrets: – registry-aliyun

artifactId: registry.cn-beijing.aliyuncs.com/niu-idc/rosco:0.9.0-20190123170846kubernetes: imagePullSecrets: – registry-aliyun1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162根据自己实际情况修改overrideBaseUrl、镜像、镜像拉取secret

bash-5.0$ hal deploy apply //部署到指定的k8s中1等待一段时间，等所有的pod起来

~ kubectl get pods -n spinnaker NAME READY STATUS RESTARTS AGEspin-clouddriver-658d4b9f7c-mqpdz 1/1 Running 0 23hspin-deck-5dd8b7b9cf-vccg6 1/1 Running 0 30hspin-echo-67f9bb8f97-96g9g 1/1 Running 0 23hspin-front50-6f4898b5d-zhcc5 1/1 Running 0 30hspin-gate-9646b7884-wfrf6 1/1 Running 0 30hspin-igor-d875459bb-q6bsd 1/1 Running 0 23hspin-orca-5dbc6b6954-j4klc 1/1 Running 0 30hspin-redis-5476486cbc-llcjr 1/1 Running 0 30hspin-rosco-f66847bb4-b2fr7 1/1 Running 0 30h1234567891011部署deck和gate的ingress

cat spin-ingress.yaml—apiVersion: extensions/v1beta1kind: Ingressmetadata: name: deck-ingress namespace: spinnaker annotations: kubernetes.io/ingress.class: “nginx”spec: rules: – host: spinnaker.test.com http: paths: – path: / backend: serviceName: spin-deck servicePort: 9000—apiVersion: extensions/v1beta1kind: Ingressmetadata: name: gate-ingress namespace: spinnaker annotations: kubernetes.io/ingress.class: “nginx”spec: rules: – host: gate.test.com http: paths: – path: / backend: serviceName: spin-gate servicePort: 80841234567891011121314151617181920212223242526272829303132333435！！！注意将host改为你自己的访问域名————————————————版权声明：本文为CSDN博主「浅抒流年」的原创文章，遵循CC 4.0 BY-SA版权协议，转载请附上原文出处链接及本声明。原文链接：https://blog.csdn.net/qq_22917163/article/details/108623113