/spinnakerJenkinsAzure

demo from template

Primary LanguageShell

Continuous Deployment to Kubernetes

Deploy to Azure Visualize

This template allows you to deploy and configure a DevOps pipeline from an Azure Container Registry to a Kubernetes cluster. It deploys an instance of Jenkins on a Linux Ubuntu 14.04 LTS VM and an instance of Spinnaker on the same Kubernetes cluster that your pipeline will target.

The Jenkins instance will include a basic pipeline that checks out a user-provided git repository, builds the Docker container based on the Dockerfile at the root of the repo, and pushes the image to the provisioned Azure Container Registry. The Spinnaker instance will include a basic pipeline that is triggered by any new tag in the registry and deploys the image to the provisioned Kubernetes cluster.

NOTE: The Spinnaker pipeline assumes your app is listening on port 8000. You can clone this template and modify the 'pipelinePort' variable in azuredepoy.json to target a different port.

A. Deploy

  1. Click the "Deploy to Azure" button. If you don't have an Azure subscription, you can follow instructions to signup for a free trial.
  2. Enter a valid name for the VM, as well as a user name and ssh public key that you will use to login remotely to the VM via SSH.
  3. Enter the appId and appKey for your Service Principal (used to access your ACR and by your Kubernetes cluster to dynamically manage resources). If you don't have a service principal, use the Azure CLI 2.0 to create one (see here for more details): 
    az login
az account set --subscription <Subscription ID>
az ad sp create-for-rbac --name "Spinnaker"

    NOTE: You can run az account list after you login to get a list of subscription IDs for your account.

  4. Leave the git repository as the sample app or change it to target your own app's repository. The repo must have a Dockerfile in its root.
  5. Leave the docker repository as the sample name or change it to the name you desire. A repo with this name will be created in your ACR.

C. Setup SSH port forwarding

By default the Jenkins instance is using the http protocol and listens on port 8080. Users shouldn't authenticate over unsecured protocols!

You need to setup port forwarding to view the Jenkins and Spinnaker UI on your local machine. If you do not know the full DNS name of your instance, go to the Portal and find it in the deployment outputs here: Resource Groups > {Resource Group Name} > Deployments > {Deployment Name, usually 'Microsoft.Template'} > Outputs

If you are using Windows:

Install Putty or use any bash shell for Windows (if using a bash shell, follow the instructions for Linux or Mac).

Run this command:

putty.exe -ssh -i <path to private key file> -L 8080:localhost:8080 -L 9000:localhost:9000 -L 8084:localhost:8084 -L 8001:localhost:8001 <User name>@<Public DNS name of instance you just created>

Or follow these manual steps:

  1. Launch Putty and navigate to 'Connection > SSH > Tunnels'
  2. In the Options controlling SSH port forwarding window, enter 8084 for Source port. Then enter 127.0.0.1:8084 for the Destination. Click Add.
  3. Repeat this process for port 8080, 9000 and 8001.
  4. Navigate to 'Connection > SSH > Auth' and enter your private key file for authentication. For more information on using ssh keys with Putty, see here.
  5. Click Open to establish the connection.

If you are using Linux or Mac:

Run this command:

ssh -i <path to private key file> -L 8080:localhost:8080 -L 9000:localhost:9000 -L 8084:localhost:8084 -L 8001:localhost:8001 <User name>@<Public DNS name of instance you just created>

NOTE: Port 8080 corresponds to your Jenkins instance. Port 9000 and 8084 correspond to Spinnaker's deck and gate services, respectively. Port 8001 is used to view the dashboard for your Kubernetes cluster - just run kubectl proxy on the VM before navigating to http://localhost:8001/ui on your local machine.

D. Connect to Jenkins

  1. After you have started your tunnel, navigate to http://localhost:8080/ on your local machine.
  2. Unlock the Jenkins dashboard for the first time with the initial admin password. To get this token, SSH into the VM and run sudo cat /var/lib/jenkins/secrets/initialAdminPassword
  3. Your Jenkins instance is now ready to use! You can access a read-only view by going to http://< Public DNS name of instance you just created >.
  4. Go to http://aka.ms/azjenkinsagents if you want to build/CI from this Jenkins master using Azure VM agents.

E. Connect to Spinnaker

  1. After you have started your tunnel, navigate to http://localhost:9000/ on your local machine.
  2. Navigate to 'Applications -> {Application Name} -> Pipelines' to see your pipeline. Follow steps here to create a pipeline manually.
  3. Check the Troubleshooting Guide if you have any issues.

Questions/Comments? azdevopspub@microsoft.com

Sample scripts in this quickstart are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.