this repo:

Description. Deploy an Issue Generator application using any trigger type or start by clicking on manual execution, builds a image using gradle, creates a DockerFile in DockerHub, deploys that Docker image onto Kubernetes cluster, and generates a Load Balancer that exposes the application so a browser can open it.

repo for the application being deployed:

DockerHub repo: or your own container repo

Here's what the application we deploy in this pipeline looks like when you're pipeline works:

Alt text

The landing page for the Issue Generator Demo app for Xilinx

Link to my instance of Spinnaker pipeline:

stage 0: Configuration
stage 1: build #aka gradle build stage
stage 2: dockerstage
stage 3: Deploy [ sic ]
stage 4: load #run a baseline load and a canary load against the application
stage 5: check the Issue Generator application via external IP. MANIFESTS WE PROVIDE


Note: Some prerequisites may be optional depending on the tooling you use.

Versions and administration

  1. Spinnaker 1.2x.y deployed on Kubernetes 1.16x, access to spinnaker ui.

  2. Access to kubectl command line. In a local Kubernetes cluster this might be on your kubernetes master node. In GCP this is through the gcloud SDK installed locally so you can access via a local terminal or via the GCP console in the split pane terminal window.

Secrets, tokens and Tool integrations, oh my!

  1. If using and triggering from Github, a github secret, a github webhook, a github developer token and a Halyard (hal) configuration of this relationship between Github and Spinnaker has to be created inside the Spinnaker halyard pod.

  2. A Kaniko secret needs to be created if using Kaniko to do the Dockerfile image build.


  1. DockerHub public repo or your own Enterprise Docker registry/repository or a cloud container hub service.

  2. Jenkins instance and jenkins credentials added to Spinnaker configuration using hal again in the halyard pod.
    NOTE: hal config ci jenkins master edit my-jenkins-master --csrf true #fixed the 403 permission error in load stage.

  3. If a stage in your pipeline gets triggered by Artifactory, another hal configuration needs to be done.

Storage Needs

  1. A persistent volume claim in this pipeline. Two possibilities, One if that can be provisioned by manifest to dynamically be used by Docker volume mounts in the dockerstage--stage 2 (mode can be ReadWriteOnly), or one for providing an NFS share that can be used by multiple pods (mode has to be ReadWriteMany). In either case we use Kubernetes StorageClass to avoid having to manually create the underlying Persistant Volume in the cluster.

  2. Elasticsearch,prometheus and kibana are also available.

Manifests are at the end of this README.

PREREQUISITE INSTRUCTIONS: how to change the Halyard configuration

  1. exec into the halyard pod
  • Note: hal files are stored in a couple of places under /home/spinnaker/.hal, for instance the github token file can just go in the .hal directory just mentioned, and the orca-local.yml file goes in /home/spinnaker/.hal/default/profiles directory.
  1. command to get into halyard pod: kubectl -n exec -it <nameOfTheHalyardPod> -- /bin/bash
    Example: kubectl -n robin exec -it oes32-spinnaker-halyard-0 -- /bin/bash


STAGE 0: Configuration

Note: saves time to find the lastest commit ID in the Github repo and enter it under parameters section. Otherwise each time you execute the pipeline you have to enter it manually.

NOTE: There are places in the manifests that need to have values changed
For Instance:

  • the environment name that you have Spinnaker deployed to, Kubernetes defaults to default but you might have specified an environment when you deployed spinnaker.
  • the selector app: value declaration in the yaml files. for instance the replicaset manifest and the associated service manifest need to have matching selector key: values. example: selector: app: kubecanary

STAGE 1: build #aka gradle build stage

STAGE 2: dockerstage

STAGE 3: Deploy [ sic ]

STAGE: 4 load JENKINS Configure Jenkins for the load stage:
Note: I added this to the halyard jenkins configuration:
hal config ci jenkins master edit my-jenkins-master --csrf true
This fixed the 403 error in the LOAD stage.

STAGE 5: check the Issue Generator application via external IP.

Configure Autopilot App - HelloWorld, create app diff from Spinnaker Service - template we create that references it. So autopilot can do verification, it’s a monitor. Datasource, prometheus` Configure configmaps


Name of the persistent volume claim created in the cluster needs to match that in the configure stage manifest. ??

Spinnaker configuration: via halyard kubectl -n spin get pods | grep halyard-0

kubectl -n spin cp orca-local.yml :/home/spinnaker/default/profiles

Copy orca-local.yml to the /home/spinnaker/default/profiles directory in halyard pod.

kubectl exec -it bash hal deploy apply

Configure orca-local for docker stage.

kubectl get pods -w Run hal deploy apply inside halyard pod. Wait for the pod to restart.

Create Application and Pipeline:

Use default namespace of default kubernetes account for this example.

Step 0. To create necessary config maps, secrets,and pvc, please edit the username and password fields in the secret before applying.

kubectl apply -f build-cm-pvc-secret.yml ( sent separately as attachment)

Step 1. Go to , click on Create Application button. The following pop up appears…

Step 2. Fill in the name of the application, email address and choose kubernetes as the cloud provider. Click on Create.

Step 3. Click on the Pipelines tab, and click on the create button to create a new pipeline.

Step 4. The following pop up appears

Fill in the name of the pipeline. Click on Create.

Step 5. Click on drop down, Pipeline Actions, and choose Edit as json option as shown.

Step 6. Replace parameters in the pipeline json sent to you, according to the doc editing json. Replace multiclouddemo ( in four places) with the name given to the application created above Replace with your clone of this repo Replace with the url for your autopilot. Replace OpsMxUser with a user that has permissions to run autopilot.

Step 7. Replace the json in the pop-up window with the pipeline json edited in the previous step..

Ste 8. Click on Update Pipeline button. Then click on Save Changes button (bottom right).

Step 9. From the pipeline tab, click on Start Manual Execution to start the pipeline.

Step 10. Click on each stage to find the progress and status.

EFK Installation:

Autopilot Configuration: Create Elastic Datasource: Add Application: Add log template:

MISC My Notes

Setup prerequisites

Open ITerm2 window gcloud alpha cloud-shell ssh gcloud config set project robin-opsmx-oes kubectl get pods -n robin gcloud auth login

  • copy link, paste it into browser, get code and paste in ITerm2 window helm repo add stable helm install -n nfs nfs-server stable/nfs-server-provisioner --set persistence.enabled=true,persistence.size=10Gi

kubectl apply -f - <<EOF apiVersion: v1 kind: PersistentVolume metadata: name: robin-pv-volume labels: type: local spec: storageClassName: nfs capacity: storage: 4Gi accessModes: - ReadWriteMany hostPath: path: "/mnt/data" EOF

helm repo add stable helm repo list NAME URL opsmx stable helm install -n nfs nfs-server stable/nfs-server-provisioner --set persistence.enabled=true,persistence.size=1Gi

helm install -n robin github-stable/nfs-server-provisioner --set persistence.enabled=true,persistence.size=1Gi

helm repo add github-stable

helm repo update Hang tight while we grab the latest from your chart repositories... ...Successfully got an update from the "opsmx" chart repository ...Successfully got an update from the "stable" chart repository ...Successfully got an update from the "github-stable" chart repository

helm install -n robin github-stable/nfs-server-provisioner --set persistence.enabled=true,persistence.size=1Gi --generate-name WARNING: This chart is deprecated NAME: nfs-server-provisioner-1605564922 LAST DEPLOYED: Mon Nov 16 22:15:26 2020 NAMESPACE: robin STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: The NFS Provisioner service has now been installed.

A storage class named 'nfs' has now been created and is available to provision dynamic volumes.

You can use this storageclass by creating a PersistentVolumeClaim with the correct storageClassName attribute. For example:

kind: PersistentVolumeClaim
apiVersion: v1
  name: test-dynamic-volume-claim
  storageClassName: "nfs"
    - ReadWriteMany
      storage: 100Mi

changing namespace to your cluster namespace (e.g. from robin to your Spinnaker namespace)

hal config ci jenkins enable echo $APIKEY | hal config ci jenkins master add my-jenkins-master --address $BASEURL --username $USERNAME --password # api key will be read from STDIN to avoid appearing

in your .bash_history

hal config ci jenkins enable


echo $APIKEY | hal config ci jenkins master add my-jenkins-master --address --username opsmxspin --password

hal config ci jenkins master get my-jenkins-master

kubectl apply -f - <<EOF

kind: PersistentVolumeClaim
apiVersion: v1
  name: robin-pvc-claim
  namespace: robin
  storageClassName: "nfs"
    - ReadWriteMany
      storage: 100Mi


k get pvc -n robin
NAME                                      STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
robin-pvc-claim                           Bound    pvc-455bb4ba-74f4-4166-ac01-3395753df55f   100Mi      RWX            nfs            12s

the latest commit OpsMx/issue-generator d94f5f48ffb37dd3a54f001a65550e11618658a9

kubectl delete pods --grace-period=0 --force kubectl delete -n robin pods gradle-issugen-3fe7c07feb66fa35-x62f5 --grace-period=0 --force etc

Name of the persistent volume claim created in the cluster needs to match that in the configure stage manifest.

cut from Analytics pipeline config manifest bottom

  • configMap: defaultMode: 420 name: issugen-gradle-script name: initscript

robin_hood@cloudshell:~ (robin-opsmx-oes)$ k logs -n robin -f gradle-issugen-3fdec7fce9f46c66-4nqrm

change values in orca.yml CREATE KANIKO SECRET echo -n robinhoodhooe:r007007R | base64 create config.json with object block locally

{ "auths": { "": { "auth": "cm9iaW5ob29kaG9vZTpyMDA3MDA3Ug==" } }

kubectl -n robin create secret generic kaniko --from-file=config.json=config.json

k get secret -n robin -o yaml kaniko

k -n robin cp orca-local.yml oes32-spinnaker-halyard-0:/home/spinnaker/.hal/default/profiles/

create a dockerjob-claim

apiVersion: v1 kind: PersistentVolumeClaim metadata:   name: dockerjob-claim spec:   accessModes:   - ReadWriteOnce   resources:     requests:       storage: 3Gi   storageClassName: default   volumeMode: Filesystem

d94f5f48ffb37dd3a54f001a65550e11618658a9 d94f5f48ffb37dd3a54f001a65550e11618658a9

k -n robin get endpoints

service and replicaset is connected by selector app=kubecanary

Our Autopilot app


  • service
  • datasource
  • log template
  • Also available is Elasticsearch and kibana


We are working on creating a setup pipeline, but we also provided these yamls in this repo.

SETUP LIST gradle pvc yaml gradle configmap with init script gitsecret.yml kaniko pvc yml kaniko secret baseline.yml #Deploy stage manifest baseline service canary service

HALYARD LIST orca-local.yml jenkins setup github setup


