Spinnaker Artifact Setup with Plastic SCM
This is the last of the three articles on deploying Spinnaker onto the Tencent Cloud Kubernetes cluster.
In the last article, we walked through how to set up SSO and SSL for Spinnaker into Tencent Kubernetes cluster on the Tencent Cloud platform.This article continues on how to set up an artifact container so your Spinnaker pipeline can take the advantage of Spinnaker artifact and have a single source of truth. The reason for NOT using some version management tool directly as an artifact source is because some tools don’t support shallow clone while Spinnaker can’t modify the depth of git clone easily. So we decide to host a separate Nginx container as the source of HTTP artifact, and this container synchronizes with Plastic SCM when there is a change on the source file.
Overall Architecture of Artifact System
To build a connection between Spinnaker pipelines and Plastic SCM, you need to prepare a docker image that can spin up a Nginx container to host the content from Plastic SCM and a manifest for the container. You can follow the guidance below to set it up.
Before we start, please follow our previous two articles, Spinnaker Installation and Spinnaker Security — SSO and SSL Setup, to understand how you can set up Spinnaker on Tencent Cloud. Also, make sure you can access the source code used in our articles. Please remember NOT to apply the change in place if you are creating a Spinnaker for a new environment. You should copy out the configuration to your specific working environment. The default folder in this article is for the dev environment.
Prepare the Docker Image
We will first work on having the Docker Image ready before we deploy it to the Kubernetes cluster. In this section, we use the Nginx image as the base of our artifact image with basic authentication enabled and copy all the files into the image and upload it to our Docker repository.
Configure the Dockerfile and Artifact
a) Create a folder inside your workspace where you plan to contain the image and all the artifacts. Here we use /DevOps/spinnaker/docker-image-http-artifact as an example.
mkdir docker-image-http-artifact && cd docker-image-http-artifactb) Have all the artifacts ready and put them under the folder you just created.
c) Create a basic authentication for Nginx. Here we will use `htpasswd`.
htpasswd -c auth <username>d) Create a file called nginx.conf and configure it as the following. Remember to include all the paths of the artifact.
events {
}
http {
server {
listen 80;
location /k8-spin-manifest/ {
root /usr/share/nginx/html;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/auth;
}
location /k8-app-manifest/ {
root /usr/share/nginx/html;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/auth;
}
}
}e) Create a dockerfile and configure it.
FROM nginx:latest
RUN mkdir -p /usr/share/nginx/html/k8-spin-manifest
COPY nginx.conf /etc/nginx/nginx.conf
COPY auth /etc/nginx/auth
COPY k8-spin-manifest/ /usr/share/nginx/html/k8-spin-manifest/
COPY k8-app-manifest/ /usr/share/nginx/html/k8-app-manifest/Create HTTP Artifact Container in K8S Cluster
When your `dockerfile` is ready, now it’s time to provision a container that uses this image. Here we use Terraform to control the deployment of the container.
Configure Terraform files for Artifact Container
Go to folder path-to-spinnaker/k8-http-artifact and copy out related Terraform configuration files to create a new artifact container. Change the configuration accordingly based on your deployment. Typically, you would need to change the k8s service `subnetid` for artifact in your main.tf.
Build and Upload the Image and Create the Container
You can finish the build, upload, and create process simply by copying out the bash script which is in ${path-to-spinnaker}/docker-image-http-artifact/update_artifact_container.sh. The docker image uploaded always has the tag `latest`. Meanwhile, it builds an image with the tag of current timestamp and uploads it to the TCR for the purpose of versioning.
In the last, the script applies the Terraform configuration. Please don’t forget to change the env variables accordingly. The bash script also updates Terraform configuration itself. If it is your first time executing this script, you need to have the TF configuration ready first.
(Optional) Configure the DNS for Artifact service
If you want to use the domain name instead of the IP address to access artifact, you can set up a DNS record for it. Just simply go to your DNS provider, and add an A record to point the domain name to your artifact service IP address.
Check Point
Before we jump to the last step, let’s check if you can access the artifact from your browser.
Open a new window, and put the url of your artifact. The browser will first authenticate your identity. After signing in, you should see exactly the same content as what you stored on your source code.
Enable HTTP Artifact on Spinnaker
The last thing you need to do is to enable the HTTP artifact feature of Spinnaker. You need to go to your Halyard server to configure it.
a) Enable the HTTP artifact provider.
hal config artifact http enableb) Add your artifact account.
hal config artifact http account add my-http-account \
--username <your-user-name> \
--passwordc) Apply the changes.
hal deploy applyFinal Check Point
Now you should be able to use your versioning tool as the Single Source of Truth, and use Spinnaker to pull the artifact from it. To verify this setup, you need to go to one of your pipelines and modify the source of the artifact.
a) Here is an example of configuring an HTTP artifact for a Run Job stage. What you need to do is select Artifact on Manifest Source and put in the Account and URL information of your artifact. Don’t forget to save after you apply the changes.
b) Execute the pipeline and see if the result is the same as what you expected. You should see the pipeline being successfully executed and returning the same result when you don’t use the artifact.
At this point, you have everything ready to go for your Spinnaker artifact.
Author: Minze Tao
Minze Tao is a Solution Architect and Product Operation Engineer at Tencent America. He has profound experiences with Tencent Cloud products and architecture. He has dedicated his latest effort in supporting Tencent Cloud’s gaming customers on multi-cloud architecture.
