{"__v":20,"_id":"56f2b40468a07319009d3151","category":{"__v":3,"_id":"56ce1e6ee538330b0021ac5d","pages":["56ce1ec2f3539413004711ee","56ce1edef3539413004711f1","56ce2072e538330b0021ac62"],"project":"55c6bec1b9aa4e0d0016c2c3","version":"55c6bec1b9aa4e0d0016c2c6","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2016-02-24T21:19:42.029Z","from_sync":false,"order":1,"slug":"tools","title":"Installation"},"parentDoc":null,"project":"55c6bec1b9aa4e0d0016c2c3","user":"56e1901aa71e9e200066cdf6","version":{"__v":8,"_id":"55c6bec1b9aa4e0d0016c2c6","project":"55c6bec1b9aa4e0d0016c2c3","createdAt":"2015-08-09T02:45:21.683Z","releaseDate":"2015-08-09T02:45:21.683Z","categories":["55c6bec2b9aa4e0d0016c2c7","56c14bc5826df10d00e82230","56cceed8723ad71d00cae46c","56ccf29a431ada1f00e85aae","56ccf3c28fa8b01b00b82018","56ce1e6ee538330b0021ac5d","56f97e9a4c612020008f2eaf","5734fafd146eb82000597261"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"updates":["56f2f255a0de870e003b6d6d","5743b63be6c03d0e00355bef","57e40a76f727c417000020b7","5804339c5f34eb37008ecf37","58111d341cb1e80f00c403c1"],"next":{"pages":[],"description":""},"createdAt":"2016-03-23T15:19:32.430Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":1,"body":"Spinnaker can deploy to a range of environments. If you've decided which environment to deploy to (you can pick more than one), follow the relevant setup instructions. Once this is completed, continue to the [Creating a Spinnaker Instance](doc:creating-a-spinnaker-instance) page.\n\n## Deployment Targets\n* [Amazon Web Services](doc:target-deployment-setup#section-amazon-web-services-setup)\n* [Azure](doc:target-deployment-setup#section-azure-setup)\n* [Cloud Foundry](doc:target-deployment-setup#section-cloud-foundry-platform-setup)\n* [Google Cloud Platform](doc:target-deployment-setup#section-google-cloud-platform-setup)\n* [Kubernetes](doc:target-deployment-setup#section-kubernetes-cluster-setup)\n\n### Amazon Web Services Setup\n\nIf you'd like to have Spinnaker deploy to and manage clusters on AWS, you'll need to have an AWS project set up. If you've already got one, please skip to the next step. Otherwise, please follow the\ninstructions below.\n\nKeep in mind that naming of your entities in AWS is important as Spinnaker will use them to populate available resource lists in the Spinnaker UI.\n\nSign into the [AWS console](https://console.aws.amazon.com) and let AWS pick a default region where your project resources will be allocated. In the rest of this tutorial, we'll assume that the region\nassigned is <code>us-west-2</code>. If the region selected for your project is different from this, please substitute your region everywhere <code>us-west-2</code> appears below.\n\nAlso, in the instructions below, we'll assume that your AWS account name is <code>my-aws-account</code>. Wherever you see <code>my-aws-account</code> appear below, please replace it with your AWS account name.\n\n1. Create VPC.\n  * Goto [Console](https://console.aws.amazon.com) > VPC.\n  * Click on **Start VPC Wizard**.\n  * On the **Step 1: Select a VPC Configuration** screen, make sure that **VPC with a Single Public Subnet** is highlighted and click **Select**.\n  * Name your VPC. Enter <code>defaultvpc</code> in the **VPC name** field.\n  * Enter <code>defaultvpc.internal.us-west-2</code> for **Subnet name**.\n  * Click **Create VPC**.\n\n2. Create an EC2 role.\n  * Goto [Console](https://console.aws.amazon.com) > AWS Identity & Access Management > Roles.\n  * Click **Create New Role**.\n  * Set **Role Name** to <code>BaseIAMRole</code>. Click **Next Step**.\n  * On **Select Role Type** screen, hit **Select** for **Amazon EC2**.\n  * Click **Next Step**.\n  * On **Review** screen, click **Create Role**.\n  * EC2 instances launched with Spinnaker will be associated with this role.\n\n3. Create an EC2 Key Pair for connecting to your instances.\n  * Goto [Console](https://console.aws.amazon.com) > EC2 > Key Pairs.\n  * Click **Create Key Pair**.\n  * Name the key pair <code>my-aws-account-keypair</code>. (Note: this must match your account name plus \"-keypair\")\n  * AWS will download file <code>my-aws-account-keypair.pem</code> to your computer. <code>chmod 400</code> the file.\n\n4. Create AWS credentials for Spinnaker.\n  * Goto [Console](https://console.aws.amazon.com) > AWS Identity & Access Management > Users > Create New Users. Enter a username and hit **Create**.\n  * Create an access key for the user. Click **Download Credentials**,\n    then Save the access key and secret key into\n    <code>~/.aws/credentials</code> on your machine as shown\n    [here](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files).\n  * Click **Close**.\n  * Click on the username you entered for a more detailed screen.\n  * On the **Summary** page, click on the **Permissions** tab.\n  * Click **Attach Policy**.\n  * Click the checkbox next to **PowerUserAccess**, then click **Attach Policy**.\n  * Click on the **Inline Policies** header, then click the link to create an inline policy.\n  * Click **Select** for **Policy Generator**.\n  * Select **AWS Identity and Access Management** from the **AWS Service** pulldown.\n  * Select **PassRole** for **Actions**.\n  * Type <code>*</code> (the asterisk character) in the **Amazon Resource Name (ARN)** box.\n  * Click **Add Statement**, then **Next Step**.\n  * Click **Apply Policy**.\n\n### Azure Setup\n\nIf you would like to have Spinnaker deploy to Azure virtual machines, you will need to create an Azure Active Directory [service principal](https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-objects/) for authentication. You can create a service principal from the Azure Portal or via the command line. This tutorial demonstrates using the Azure Command-Line Interface (Azure CLI). **Important:**  Ensure you are on the latest version of the Azure CLI or at least version  0.10.2.\n\n**Important:** Keep the output values from the commands you execute.  You will use the values when configuring the Azure Driver for Spinnaker.\n\n1.  Install the [Azure CLI](https://azure.microsoft.com/en-us/documentation/articles/xplat-cli-install/) for the platform of your choice. After installing the Azure CLI you can run commands from a command line interface on your platform.\n\n2.  Open the command prompt and type **azure help.** If the command executes, you have successfully installed the Azure CLI.\n\n3.  Type **azure login**. The command outputs a code and URL such as <https://aka.ms/devicelogin>. Follow the instructions on the screen to log in. You should see a successful login. See [connect to Azure subscription from CLI](https://azure.microsoft.com/en-us/documentation/articles/xplat-cli-connect/) for more information.\n\n4.  Type **azure config mode arm** to enter [Application Resource Manager mode](https://azure.microsoft.com/en-us/documentation/articles/azure-cli-arm-commands).\n\n5.  Type **azure account list** to obtain the Azure subscription ID. Copy the subscription ID for future steps.\n\n6.  Type **azure account set &lt;enter subscription ID with no angle brackets&gt;** to set the Azure subscription.\n\n7. In the following command replace the uris with your own that identify your application.  Type **azure ad sp create --name \"spinnaker\" --password EnterPasswordHere**\n\n\t[See here for more information on the step above](https://azure.microsoft.com/en-us/documentation/articles/resource-group-create-service-principal-portal/)\n\n8.  The command above creates an application and service principal.  The command outputs data for  AppID (also called ClientId) and ObjectId. Copy and keep this data for future steps.  **Note:**  The ClientId value will be listed under the service principal name. The password you entered above will be used later for the AppKey value when configuring the Azure driver for Spinnaker.\n\n9. Type **azure role assignment create &lt;insert Object Id from step above with no angle brackets&gt;** **-o Owner -c /subscriptions/&lt;insert subscription ID from step 5 with no angle brackets here&gt;**\n\n10. Type **azure account show.** Copy the Tenant ID for use on future steps.\n\n11. Verify the service principal login by typing **azure login -u \"&lt;insert app id from step 8 without the angle brackets here&gt;\" --service-principal --tenant \"&lt;insert the tenant id without brackets from step 10 here&gt;\"**\n\n#### Azure Default Resource Group\n\nCreate a default resource group for use to contain any non-application specific resources that need to be created:     \n  + **azure group create 'NameOfResourceGroup' 'ARegion'**   \n\n  Record the name of this resource group for use when configuring Spinnaker\n\n#### Azure KeyVault\n\nDeploying VMs in Azure requires specifying a default username and password, which Spinnaker will access from an Azure KeyVault at the time of deployment.\n\nThe following commands will create and populate the Azure KeyVault with the appropriate \"secrets\"\n\n1. Register the KeyVault provider:  \n  **azure provider register Microsoft.KeyVault** \n\n2. Create the KeyVault:   \n  **azure keyvault create --vault-name 'NameOfKeyVault' --resource-group '&lt;insert name of resource group from step 1 without angle brackets&gt;' --location 'RegionFromStep1'**\n\n3. Add the secrets to the KeyVault:   \n  *User Name:*  \n  **azure keyvault secret set --vault-name '&lt;insert name of key vault from step 3 without angle brackets&gt;' --secret-name 'VMUsername' --value 'ADefaultUserName'** \n\n  *Password:*    \n  **azure keyvault secret set --vault-name '&lt;insert name of key vault from step 3 without angle brackets&gt;' --secret-name 'VMPassword' --value 'ADefaultPassword'** \n\n4. Grant permission to access the secrets to the service principal:    \n  **azure keyvault set-policy --vault-name '&lt;insert name of key vault from step 3 without angle brackets&gt;' --spn '&lt;insert service principal name from Azure Setup step 7 without angle brackets&gt;' --perms-to-secrets '[\"get\"]' --enabled-for-deployment true --enabled-for-template-deployment true** \n\n### Cloud Foundry Platform Setup\n\nIf you'd like to have Spinnaker deploy to and manage applications on either Pivotal's public facing PWS or on your own Cloud Foundry setup, you'll need to have an account setup. If you've already got one, please skip to the next step. Otherwise, please follow the instructions below.\n\n1. Sign into [Pivotal Web Services](http://run.pivotal.io/) or your local instance of Cloud Foundry.\n2. In your organization, create a new space. \n  * Note your organization name and space name to use in spinnaker-local.yml settings.\n3. In the space, create a redis service and name it something like **spinnaker-redis**.\n4. Follow the direction to build and deploy the Cloud Foundry Spinnaker Deployer at https://github.com/spring-cloud/spring-cloud-spinnaker\n5. Use the installed deploy to install Spinnaker using its directions.\n\n### Google Cloud Platform Setup\n\nIf you'd like to have Spinnaker deploy to and manage clusters on GCP, you'll need to have a GCP project set up. If you've already got one, please skip to the next step. Otherwise, please follow the\ninstructions below.\n\nSign into the [Google Developers Console](https://console.developers.google.com) and create a\nproject. Use your project name in place of <code>my-spinnaker-project</code> below.\n\n1. Enable APIs in the <code>my-spinnaker-project</code> project.\n  * Go to the API Management page.\n  * Enable the [Compute Engine](https://console.developers.google.com/apis/api/compute_component/overview?project=_) API.\n    \n\n2. Obtain service account credentials.\n  * This step is only required to manage your GCP project from Spinnaker running outside that project (e.g. Spinnaker is running on AWS or in a different GCP project).\n  * Go to the Credentials tab on the API Management page.\n  * Select the **Service account key** item from the **New credentials** menu.\n  * Select a service account, the **JSON** key type, and click **Create**.\n  * Safeguard the JSON file that your browser will download. We will later\n    copy this into your Spinnaker deployment so that it can manage your\n    GCP project.\n\n### Kubernetes Cluster Setup\n\nIf you'd like to have Spinnaker deploy to and manage applications on Kubernetes, first follow the [Kubernetes getting started](http://kubernetes.io/docs/getting-started-guides/) for setting up a cluster. For ease of setup, it's recommended to use one of the hosted solutions. \n\nOnce your cluster is running, you need to get its authentication details in your local [kubeconfig file](http://kubernetes.io/docs/user-guide/kubeconfig-file/). Most hosted providers will generate this file for you as a part of the setup process, and place it in <code>~/.kube/config</code> or <code>/srv/kubernetes/kubeconfig.json</code> on the master node. You can verify that these credentials are working by running <code>kubectl get namespaces</code>.","excerpt":"","slug":"target-deployment-setup","type":"basic","title":"Cloud Provider Setup"}

Cloud Provider Setup


Spinnaker can deploy to a range of environments. If you've decided which environment to deploy to (you can pick more than one), follow the relevant setup instructions. Once this is completed, continue to the [Creating a Spinnaker Instance](doc:creating-a-spinnaker-instance) page. ## Deployment Targets * [Amazon Web Services](doc:target-deployment-setup#section-amazon-web-services-setup) * [Azure](doc:target-deployment-setup#section-azure-setup) * [Cloud Foundry](doc:target-deployment-setup#section-cloud-foundry-platform-setup) * [Google Cloud Platform](doc:target-deployment-setup#section-google-cloud-platform-setup) * [Kubernetes](doc:target-deployment-setup#section-kubernetes-cluster-setup) ### Amazon Web Services Setup If you'd like to have Spinnaker deploy to and manage clusters on AWS, you'll need to have an AWS project set up. If you've already got one, please skip to the next step. Otherwise, please follow the instructions below. Keep in mind that naming of your entities in AWS is important as Spinnaker will use them to populate available resource lists in the Spinnaker UI. Sign into the [AWS console](https://console.aws.amazon.com) and let AWS pick a default region where your project resources will be allocated. In the rest of this tutorial, we'll assume that the region assigned is <code>us-west-2</code>. If the region selected for your project is different from this, please substitute your region everywhere <code>us-west-2</code> appears below. Also, in the instructions below, we'll assume that your AWS account name is <code>my-aws-account</code>. Wherever you see <code>my-aws-account</code> appear below, please replace it with your AWS account name. 1. Create VPC. * Goto [Console](https://console.aws.amazon.com) > VPC. * Click on **Start VPC Wizard**. * On the **Step 1: Select a VPC Configuration** screen, make sure that **VPC with a Single Public Subnet** is highlighted and click **Select**. * Name your VPC. Enter <code>defaultvpc</code> in the **VPC name** field. * Enter <code>defaultvpc.internal.us-west-2</code> for **Subnet name**. * Click **Create VPC**. 2. Create an EC2 role. * Goto [Console](https://console.aws.amazon.com) > AWS Identity & Access Management > Roles. * Click **Create New Role**. * Set **Role Name** to <code>BaseIAMRole</code>. Click **Next Step**. * On **Select Role Type** screen, hit **Select** for **Amazon EC2**. * Click **Next Step**. * On **Review** screen, click **Create Role**. * EC2 instances launched with Spinnaker will be associated with this role. 3. Create an EC2 Key Pair for connecting to your instances. * Goto [Console](https://console.aws.amazon.com) > EC2 > Key Pairs. * Click **Create Key Pair**. * Name the key pair <code>my-aws-account-keypair</code>. (Note: this must match your account name plus "-keypair") * AWS will download file <code>my-aws-account-keypair.pem</code> to your computer. <code>chmod 400</code> the file. 4. Create AWS credentials for Spinnaker. * Goto [Console](https://console.aws.amazon.com) > AWS Identity & Access Management > Users > Create New Users. Enter a username and hit **Create**. * Create an access key for the user. Click **Download Credentials**, then Save the access key and secret key into <code>~/.aws/credentials</code> on your machine as shown [here](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files). * Click **Close**. * Click on the username you entered for a more detailed screen. * On the **Summary** page, click on the **Permissions** tab. * Click **Attach Policy**. * Click the checkbox next to **PowerUserAccess**, then click **Attach Policy**. * Click on the **Inline Policies** header, then click the link to create an inline policy. * Click **Select** for **Policy Generator**. * Select **AWS Identity and Access Management** from the **AWS Service** pulldown. * Select **PassRole** for **Actions**. * Type <code>*</code> (the asterisk character) in the **Amazon Resource Name (ARN)** box. * Click **Add Statement**, then **Next Step**. * Click **Apply Policy**. ### Azure Setup If you would like to have Spinnaker deploy to Azure virtual machines, you will need to create an Azure Active Directory [service principal](https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-objects/) for authentication. You can create a service principal from the Azure Portal or via the command line. This tutorial demonstrates using the Azure Command-Line Interface (Azure CLI). **Important:** Ensure you are on the latest version of the Azure CLI or at least version 0.10.2. **Important:** Keep the output values from the commands you execute. You will use the values when configuring the Azure Driver for Spinnaker. 1. Install the [Azure CLI](https://azure.microsoft.com/en-us/documentation/articles/xplat-cli-install/) for the platform of your choice. After installing the Azure CLI you can run commands from a command line interface on your platform. 2. Open the command prompt and type **azure help.** If the command executes, you have successfully installed the Azure CLI. 3. Type **azure login**. The command outputs a code and URL such as <https://aka.ms/devicelogin>. Follow the instructions on the screen to log in. You should see a successful login. See [connect to Azure subscription from CLI](https://azure.microsoft.com/en-us/documentation/articles/xplat-cli-connect/) for more information. 4. Type **azure config mode arm** to enter [Application Resource Manager mode](https://azure.microsoft.com/en-us/documentation/articles/azure-cli-arm-commands). 5. Type **azure account list** to obtain the Azure subscription ID. Copy the subscription ID for future steps. 6. Type **azure account set &lt;enter subscription ID with no angle brackets&gt;** to set the Azure subscription. 7. In the following command replace the uris with your own that identify your application. Type **azure ad sp create --name "spinnaker" --password EnterPasswordHere** [See here for more information on the step above](https://azure.microsoft.com/en-us/documentation/articles/resource-group-create-service-principal-portal/) 8. The command above creates an application and service principal. The command outputs data for AppID (also called ClientId) and ObjectId. Copy and keep this data for future steps. **Note:** The ClientId value will be listed under the service principal name. The password you entered above will be used later for the AppKey value when configuring the Azure driver for Spinnaker. 9. Type **azure role assignment create &lt;insert Object Id from step above with no angle brackets&gt;** **-o Owner -c /subscriptions/&lt;insert subscription ID from step 5 with no angle brackets here&gt;** 10. Type **azure account show.** Copy the Tenant ID for use on future steps. 11. Verify the service principal login by typing **azure login -u "&lt;insert app id from step 8 without the angle brackets here&gt;" --service-principal --tenant "&lt;insert the tenant id without brackets from step 10 here&gt;"** #### Azure Default Resource Group Create a default resource group for use to contain any non-application specific resources that need to be created: + **azure group create 'NameOfResourceGroup' 'ARegion'** Record the name of this resource group for use when configuring Spinnaker #### Azure KeyVault Deploying VMs in Azure requires specifying a default username and password, which Spinnaker will access from an Azure KeyVault at the time of deployment. The following commands will create and populate the Azure KeyVault with the appropriate "secrets" 1. Register the KeyVault provider: **azure provider register Microsoft.KeyVault** 2. Create the KeyVault: **azure keyvault create --vault-name 'NameOfKeyVault' --resource-group '&lt;insert name of resource group from step 1 without angle brackets&gt;' --location 'RegionFromStep1'** 3. Add the secrets to the KeyVault: *User Name:* **azure keyvault secret set --vault-name '&lt;insert name of key vault from step 3 without angle brackets&gt;' --secret-name 'VMUsername' --value 'ADefaultUserName'** *Password:* **azure keyvault secret set --vault-name '&lt;insert name of key vault from step 3 without angle brackets&gt;' --secret-name 'VMPassword' --value 'ADefaultPassword'** 4. Grant permission to access the secrets to the service principal: **azure keyvault set-policy --vault-name '&lt;insert name of key vault from step 3 without angle brackets&gt;' --spn '&lt;insert service principal name from Azure Setup step 7 without angle brackets&gt;' --perms-to-secrets '["get"]' --enabled-for-deployment true --enabled-for-template-deployment true** ### Cloud Foundry Platform Setup If you'd like to have Spinnaker deploy to and manage applications on either Pivotal's public facing PWS or on your own Cloud Foundry setup, you'll need to have an account setup. If you've already got one, please skip to the next step. Otherwise, please follow the instructions below. 1. Sign into [Pivotal Web Services](http://run.pivotal.io/) or your local instance of Cloud Foundry. 2. In your organization, create a new space. * Note your organization name and space name to use in spinnaker-local.yml settings. 3. In the space, create a redis service and name it something like **spinnaker-redis**. 4. Follow the direction to build and deploy the Cloud Foundry Spinnaker Deployer at https://github.com/spring-cloud/spring-cloud-spinnaker 5. Use the installed deploy to install Spinnaker using its directions. ### Google Cloud Platform Setup If you'd like to have Spinnaker deploy to and manage clusters on GCP, you'll need to have a GCP project set up. If you've already got one, please skip to the next step. Otherwise, please follow the instructions below. Sign into the [Google Developers Console](https://console.developers.google.com) and create a project. Use your project name in place of <code>my-spinnaker-project</code> below. 1. Enable APIs in the <code>my-spinnaker-project</code> project. * Go to the API Management page. * Enable the [Compute Engine](https://console.developers.google.com/apis/api/compute_component/overview?project=_) API. 2. Obtain service account credentials. * This step is only required to manage your GCP project from Spinnaker running outside that project (e.g. Spinnaker is running on AWS or in a different GCP project). * Go to the Credentials tab on the API Management page. * Select the **Service account key** item from the **New credentials** menu. * Select a service account, the **JSON** key type, and click **Create**. * Safeguard the JSON file that your browser will download. We will later copy this into your Spinnaker deployment so that it can manage your GCP project. ### Kubernetes Cluster Setup If you'd like to have Spinnaker deploy to and manage applications on Kubernetes, first follow the [Kubernetes getting started](http://kubernetes.io/docs/getting-started-guides/) for setting up a cluster. For ease of setup, it's recommended to use one of the hosted solutions. Once your cluster is running, you need to get its authentication details in your local [kubeconfig file](http://kubernetes.io/docs/user-guide/kubeconfig-file/). Most hosted providers will generate this file for you as a part of the setup process, and place it in <code>~/.kube/config</code> or <code>/srv/kubernetes/kubeconfig.json</code> on the master node. You can verify that these credentials are working by running <code>kubectl get namespaces</code>.