{"__v":25,"_id":"56f2b40468a07319009d3151","category":{"__v":3,"_id":"56ce1e6ee538330b0021ac5d","pages":["56ce1ec2f3539413004711ee","56ce1edef3539413004711f1","56ce2072e538330b0021ac62"],"project":"55c6bec1b9aa4e0d0016c2c3","version":"55c6bec1b9aa4e0d0016c2c6","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2016-02-24T21:19:42.029Z","from_sync":false,"order":1,"slug":"tools","title":"Installation"},"parentDoc":null,"project":"55c6bec1b9aa4e0d0016c2c3","user":"56e1901aa71e9e200066cdf6","version":{"__v":8,"_id":"55c6bec1b9aa4e0d0016c2c6","project":"55c6bec1b9aa4e0d0016c2c3","createdAt":"2015-08-09T02:45:21.683Z","releaseDate":"2015-08-09T02:45:21.683Z","categories":["55c6bec2b9aa4e0d0016c2c7","56c14bc5826df10d00e82230","56cceed8723ad71d00cae46c","56ccf29a431ada1f00e85aae","56ccf3c28fa8b01b00b82018","56ce1e6ee538330b0021ac5d","56f97e9a4c612020008f2eaf","5734fafd146eb82000597261"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"updates":["56f2f255a0de870e003b6d6d","5743b63be6c03d0e00355bef","57e40a76f727c417000020b7","5804339c5f34eb37008ecf37","58111d341cb1e80f00c403c1","588bc5e233b1b337002e6551","588be0873dace91b00a1b260","58950ae83191370f0060dcac","58a319fe30852819007b9e78","590a5a83ab8ea80f00c2046a"],"next":{"pages":[],"description":""},"createdAt":"2016-03-23T15:19:32.430Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":1,"body":"Spinnaker can deploy to a range of environments. If you've decided which environment to deploy to (you can pick more than one), follow the relevant setup instructions. Once this is completed, continue to the [Creating a Spinnaker Instance](doc:creating-a-spinnaker-instance) page.\n\n## Deployment Targets\n* [Amazon Web Services](doc:target-deployment-setup#section-amazon-web-services-setup)\n* [Azure](doc:target-deployment-setup#section-azure-setup)\n* [Cloud Foundry](doc:target-deployment-setup#section-cloud-foundry-platform-setup)\n* [Google Cloud Platform](doc:target-deployment-setup#section-google-cloud-platform-setup)\n* [Kubernetes](doc:target-deployment-setup#section-kubernetes-cluster-setup)\n\n### Amazon Web Services Setup\n\nIf you'd like to have Spinnaker deploy to and manage clusters on AWS, you'll need to have an AWS project set up. If you've already got one, please skip to the next step. Otherwise, please follow the\ninstructions below.\n\nKeep in mind that naming of your entities in AWS is important as Spinnaker will use them to populate available resource lists in the Spinnaker UI.\n\nSign into the [AWS console](https://console.aws.amazon.com) and let AWS pick a default region where your project resources will be allocated. In the rest of this tutorial, we'll assume that the region\nassigned is <code>us-west-2</code>. If the region selected for your project is different from this, please substitute your region everywhere <code>us-west-2</code> appears below.\n\nAlso, in the instructions below, we'll assume that your AWS account name is <code>my-aws-account</code>. Wherever you see <code>my-aws-account</code> appear below, please replace it with your AWS account name.\n\n1. Create VPC.\n  * Goto [Console](https://console.aws.amazon.com) > VPC.\n  * Click on **Start VPC Wizard**.\n  * On the **Step 1: Select a VPC Configuration** screen, make sure that **VPC with a Single Public Subnet** is highlighted and click **Select**.\n  * Name your VPC. Enter <code>defaultvpc</code> in the **VPC name** field.\n  * Enter <code>defaultvpc.internal.us-west-2</code> for **Subnet name**.\n  * Click **Create VPC**.\n\n2. Create an EC2 role.\n  * Goto [Console](https://console.aws.amazon.com) > AWS Identity & Access Management > Roles.\n  * Click **Create New Role**.\n  * Set **Role Name** to <code>BaseIAMRole</code>. Click **Next Step**.\n  * On **Select Role Type** screen, hit **Select** for **Amazon EC2**.\n  * Click **Next Step**.\n  * On **Review** screen, click **Create Role**.\n  * EC2 instances launched with Spinnaker will be associated with this role.\n\n3. Create an EC2 Key Pair for connecting to your instances.\n  * Goto [Console](https://console.aws.amazon.com) > EC2 > Key Pairs.\n  * Click **Create Key Pair**.\n  * Name the key pair <code>my-aws-account-keypair</code>. (Note: this must match your account name plus \"-keypair\")\n  * AWS will download file <code>my-aws-account-keypair.pem</code> to your computer. <code>chmod 400</code> the file.\n\n4. Create AWS credentials for Spinnaker.\n  * Goto [Console](https://console.aws.amazon.com) > AWS Identity & Access Management > Users > Create New Users. Enter a username and hit **Create**.\n  * Create an access key for the user. Click **Download Credentials**,\n    then Save the access key and secret key into\n    <code>~/.aws/credentials</code> on your machine as shown\n    [here](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files).\n  * Click **Close**.\n  * Click on the username you entered for a more detailed screen.\n  * On the **Summary** page, click on the **Permissions** tab.\n  * Click **Attach Policy**.\n  * Click the checkbox next to **PowerUserAccess**, then click **Attach Policy**.\n  * Click on the **Inline Policies** header, then click the link to create an inline policy.\n  * Click **Select** for **Policy Generator**.\n  * Select **AWS Identity and Access Management** from the **AWS Service** pulldown.\n  * Select **PassRole** for **Actions**.\n  * Type <code>*</code> (the asterisk character) in the **Amazon Resource Name (ARN)** box.\n  * Click **Add Statement**, then **Next Step**.\n  * Click **Apply Policy**.\n\n### Azure Setup\n\nIf you would like to have Spinnaker deploy to a Kubernetes cluster on Azure, follow instructions [here](https://aka.ms/azspinkubecreate) to create an Azure Container Service cluster.\n\nOtherwise, if you would like to have Spinnaker deploy to Azure VM Scale Sets, follow the below steps to create an Azure Active Directory [Service Principal](https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-objects/) for authentication. You can create a service principal from the Azure Portal or via the command line. This tutorial demonstrates using the Azure Command-Line Interface (Azure CLI).\n\n> **Important:** Ensure you are on the latest version of the Azure CLI or at least version  0.10.2. Also make sure to keep the output values from the commands you execute. You will use these values when configuring the Azure Driver for Spinnaker.\n\n1. Install the [Azure CLI](https://azure.microsoft.com/documentation/articles/xplat-cli-install/) for the platform of your choice. After installing the Azure CLI you can run commands from a command line interface on your platform.\n\n2. Open the command prompt and type <code>azure help</code>. If the command executes, you have successfully installed the Azure CLI.\n\n3. Login to your account: <code>azure login</code>. See [here](https://azure.microsoft.com/documentation/articles/xplat-cli-connect/) for more information.\n\n4. Enter [Application Resource Manager mode](https://azure.microsoft.com/documentation/articles/azure-cli-arm-commands):\n```\nazure config mode arm\n```\n\n5. Retrieve the subscription id for use in future steps:\n```\nazure account list\n```\n\n6. Set the Azure subscription:\n```\nazure account set <Subscription ID>\n```\n\n7. Create an Azure Active Directory Application and Service Principal. See [here](https://azure.microsoft.com/documentation/articles/resource-group-create-service-principal-portal/) for more information:\n```\nazure ad sp create --name <Name of application> --password <Service Principal Password>\n```\n> **Note:** Record the object id for use in future steps, including during configuration of the Azure driver for Spinnaker. Also record the id listed under 'Service Principal Names'. This id is the AppID (also called ClientId). The password you entered will be used later for the AppKey value when configuring the Azure driver for Spinnaker.\n\n8. Give the Service Principal 'Owner' rights to the subscription:\n```\nazure role assignment create <Object Id> -o Owner -c /subscriptions/<Subscription Id>\n```\n\n9. Retrieve the tenant id for use in future steps:\n```\nazure account show\n```\n\n10. Login with the service principal to verify it works:\n```\nazure login -u <App Id> --service-principal --tenant <Tenant Id>\n```\n\n**Azure Default Resource Group**\n\nCreate a default resource group to contain any non-application specific resources that need to be created. Record it's name for use when configuring Spinnaker:\n\n```\nazure group create <Resource Group Name> <Resource Group Region>   \n```\n> **Note:** The region will be something like 'westus'.\n\n**Azure KeyVault**\n\nDeploying VMs in Azure requires specifying a default username and password, which Spinnaker will access from an Azure KeyVault at the time of deployment. The following commands will create and populate the Azure KeyVault with the appropriate \"secrets\"\n\n1. Register the KeyVault provider:\n```\n    azure provider register Microsoft.KeyVault\n```\n\n2. Create the KeyVault\n```\nazure keyvault create --vault-name <KeyVault Name> --resource-group <Resource Group Name> --location <Resource Group Region>\n```\n\n3. Add the user name to the KeyVault:\n```\nazure keyvault secret set --vault-name <KeyVault Name> --secret-name VMUsername --value <Default User Name>\n```\n\n4. Add the password to the KeyVault:\n```\nazure keyvault secret set --vault-name <KeyVault Name> --secret-name VMPassword --value <Default Password>\n```\n\n5. Give the service principal permission to access the secrets:\n```\nazure keyvault set-policy --vault-name <KeyVault Name> --spn <App Id> --perms-to-secrets '[\"get\"]' --enabled-for-deployment true\n```\n> **Note:** If you are running on Windows command prompt, you should replace the single quotes with double quotes, and escape the internal double quotes. For example: \"[\\\"get\\\"]\"\n\n### Cloud Foundry Platform Setup\n\nIf you'd like to have Spinnaker deploy to and manage applications on either Pivotal's public facing PWS or on your own Cloud Foundry setup, you'll need to have an account setup. If you've already got one, please skip to the next step. Otherwise, please follow the instructions below.\n\n1. Sign into [Pivotal Web Services](http://run.pivotal.io/) or your local instance of Cloud Foundry.\n2. In your organization, create a new space. \n  * Note your organization name and space name to use in spinnaker-local.yml settings.\n3. In the space, create a redis service and name it something like **spinnaker-redis**.\n4. Go to http://cloud.spring.io/spring-cloud-spinnaker/, and either download the version you wish, or click through to a hosted copy (which can install a public facing instance of CF like on PWS).\n5. Use the installed deploy to install Spinnaker using its directions.\n\n### Google Cloud Platform Setup\n\nIf you'd like to have Spinnaker deploy to and manage clusters on GCP, you'll need to have a GCP project set up. If you've already got one, please skip to the next step. Otherwise, please follow the\ninstructions below.\n\nSign into the [Google Developers Console](https://console.developers.google.com) and create a\nproject. Use your project name in place of <code>my-spinnaker-project</code> below.\n\n1. Enable APIs in the <code>my-spinnaker-project</code> project.\n  * Go to the API Management page.\n  * Enable the [Compute Engine](https://console.developers.google.com/apis/api/compute_component/overview?project=_) API.\n    \n\n2. Obtain service account credentials.\n  * This step is only required to manage your GCP project from Spinnaker running outside that project (e.g. Spinnaker is running on AWS or in a different GCP project).\n  * Go to the Credentials tab on the API Management page.\n  * Select the **Service account key** item from the **New credentials** menu.\n  * Select a service account, the **JSON** key type, and click **Create**.\n  * Safeguard the JSON file that your browser will download. We will later\n    copy this into your Spinnaker deployment so that it can manage your\n    GCP project.\n\n### Kubernetes Cluster Setup\n\nIf you'd like to have Spinnaker deploy to and manage applications on Kubernetes, first follow the [Kubernetes getting started](http://kubernetes.io/docs/getting-started-guides/) for setting up a cluster. For ease of setup, it's recommended to use one of the hosted solutions. \n\nOnce your cluster is running, you need to get its authentication details in your local [kubeconfig file](http://kubernetes.io/docs/user-guide/kubeconfig-file/). Most hosted providers will generate this file for you as a part of the setup process, and place it in <code>~/.kube/config</code> or <code>/srv/kubernetes/kubeconfig.json</code> on the master node. You can verify that these credentials are working by running <code>kubectl get namespaces</code>.","excerpt":"","slug":"target-deployment-setup","type":"basic","title":"Cloud Provider Setup"}

Cloud Provider Setup


Spinnaker can deploy to a range of environments. If you've decided which environment to deploy to (you can pick more than one), follow the relevant setup instructions. Once this is completed, continue to the [Creating a Spinnaker Instance](doc:creating-a-spinnaker-instance) page. ## Deployment Targets * [Amazon Web Services](doc:target-deployment-setup#section-amazon-web-services-setup) * [Azure](doc:target-deployment-setup#section-azure-setup) * [Cloud Foundry](doc:target-deployment-setup#section-cloud-foundry-platform-setup) * [Google Cloud Platform](doc:target-deployment-setup#section-google-cloud-platform-setup) * [Kubernetes](doc:target-deployment-setup#section-kubernetes-cluster-setup) ### Amazon Web Services Setup If you'd like to have Spinnaker deploy to and manage clusters on AWS, you'll need to have an AWS project set up. If you've already got one, please skip to the next step. Otherwise, please follow the instructions below. Keep in mind that naming of your entities in AWS is important as Spinnaker will use them to populate available resource lists in the Spinnaker UI. Sign into the [AWS console](https://console.aws.amazon.com) and let AWS pick a default region where your project resources will be allocated. In the rest of this tutorial, we'll assume that the region assigned is <code>us-west-2</code>. If the region selected for your project is different from this, please substitute your region everywhere <code>us-west-2</code> appears below. Also, in the instructions below, we'll assume that your AWS account name is <code>my-aws-account</code>. Wherever you see <code>my-aws-account</code> appear below, please replace it with your AWS account name. 1. Create VPC. * Goto [Console](https://console.aws.amazon.com) > VPC. * Click on **Start VPC Wizard**. * On the **Step 1: Select a VPC Configuration** screen, make sure that **VPC with a Single Public Subnet** is highlighted and click **Select**. * Name your VPC. Enter <code>defaultvpc</code> in the **VPC name** field. * Enter <code>defaultvpc.internal.us-west-2</code> for **Subnet name**. * Click **Create VPC**. 2. Create an EC2 role. * Goto [Console](https://console.aws.amazon.com) > AWS Identity & Access Management > Roles. * Click **Create New Role**. * Set **Role Name** to <code>BaseIAMRole</code>. Click **Next Step**. * On **Select Role Type** screen, hit **Select** for **Amazon EC2**. * Click **Next Step**. * On **Review** screen, click **Create Role**. * EC2 instances launched with Spinnaker will be associated with this role. 3. Create an EC2 Key Pair for connecting to your instances. * Goto [Console](https://console.aws.amazon.com) > EC2 > Key Pairs. * Click **Create Key Pair**. * Name the key pair <code>my-aws-account-keypair</code>. (Note: this must match your account name plus "-keypair") * AWS will download file <code>my-aws-account-keypair.pem</code> to your computer. <code>chmod 400</code> the file. 4. Create AWS credentials for Spinnaker. * Goto [Console](https://console.aws.amazon.com) > AWS Identity & Access Management > Users > Create New Users. Enter a username and hit **Create**. * Create an access key for the user. Click **Download Credentials**, then Save the access key and secret key into <code>~/.aws/credentials</code> on your machine as shown [here](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files). * Click **Close**. * Click on the username you entered for a more detailed screen. * On the **Summary** page, click on the **Permissions** tab. * Click **Attach Policy**. * Click the checkbox next to **PowerUserAccess**, then click **Attach Policy**. * Click on the **Inline Policies** header, then click the link to create an inline policy. * Click **Select** for **Policy Generator**. * Select **AWS Identity and Access Management** from the **AWS Service** pulldown. * Select **PassRole** for **Actions**. * Type <code>*</code> (the asterisk character) in the **Amazon Resource Name (ARN)** box. * Click **Add Statement**, then **Next Step**. * Click **Apply Policy**. ### Azure Setup If you would like to have Spinnaker deploy to a Kubernetes cluster on Azure, follow instructions [here](https://aka.ms/azspinkubecreate) to create an Azure Container Service cluster. Otherwise, if you would like to have Spinnaker deploy to Azure VM Scale Sets, follow the below steps to create an Azure Active Directory [Service Principal](https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-objects/) for authentication. You can create a service principal from the Azure Portal or via the command line. This tutorial demonstrates using the Azure Command-Line Interface (Azure CLI). > **Important:** Ensure you are on the latest version of the Azure CLI or at least version 0.10.2. Also make sure to keep the output values from the commands you execute. You will use these values when configuring the Azure Driver for Spinnaker. 1. Install the [Azure CLI](https://azure.microsoft.com/documentation/articles/xplat-cli-install/) for the platform of your choice. After installing the Azure CLI you can run commands from a command line interface on your platform. 2. Open the command prompt and type <code>azure help</code>. If the command executes, you have successfully installed the Azure CLI. 3. Login to your account: <code>azure login</code>. See [here](https://azure.microsoft.com/documentation/articles/xplat-cli-connect/) for more information. 4. Enter [Application Resource Manager mode](https://azure.microsoft.com/documentation/articles/azure-cli-arm-commands): ``` azure config mode arm ``` 5. Retrieve the subscription id for use in future steps: ``` azure account list ``` 6. Set the Azure subscription: ``` azure account set <Subscription ID> ``` 7. Create an Azure Active Directory Application and Service Principal. See [here](https://azure.microsoft.com/documentation/articles/resource-group-create-service-principal-portal/) for more information: ``` azure ad sp create --name <Name of application> --password <Service Principal Password> ``` > **Note:** Record the object id for use in future steps, including during configuration of the Azure driver for Spinnaker. Also record the id listed under 'Service Principal Names'. This id is the AppID (also called ClientId). The password you entered will be used later for the AppKey value when configuring the Azure driver for Spinnaker. 8. Give the Service Principal 'Owner' rights to the subscription: ``` azure role assignment create <Object Id> -o Owner -c /subscriptions/<Subscription Id> ``` 9. Retrieve the tenant id for use in future steps: ``` azure account show ``` 10. Login with the service principal to verify it works: ``` azure login -u <App Id> --service-principal --tenant <Tenant Id> ``` **Azure Default Resource Group** Create a default resource group to contain any non-application specific resources that need to be created. Record it's name for use when configuring Spinnaker: ``` azure group create <Resource Group Name> <Resource Group Region> ``` > **Note:** The region will be something like 'westus'. **Azure KeyVault** Deploying VMs in Azure requires specifying a default username and password, which Spinnaker will access from an Azure KeyVault at the time of deployment. The following commands will create and populate the Azure KeyVault with the appropriate "secrets" 1. Register the KeyVault provider: ``` azure provider register Microsoft.KeyVault ``` 2. Create the KeyVault ``` azure keyvault create --vault-name <KeyVault Name> --resource-group <Resource Group Name> --location <Resource Group Region> ``` 3. Add the user name to the KeyVault: ``` azure keyvault secret set --vault-name <KeyVault Name> --secret-name VMUsername --value <Default User Name> ``` 4. Add the password to the KeyVault: ``` azure keyvault secret set --vault-name <KeyVault Name> --secret-name VMPassword --value <Default Password> ``` 5. Give the service principal permission to access the secrets: ``` azure keyvault set-policy --vault-name <KeyVault Name> --spn <App Id> --perms-to-secrets '["get"]' --enabled-for-deployment true ``` > **Note:** If you are running on Windows command prompt, you should replace the single quotes with double quotes, and escape the internal double quotes. For example: "[\"get\"]" ### Cloud Foundry Platform Setup If you'd like to have Spinnaker deploy to and manage applications on either Pivotal's public facing PWS or on your own Cloud Foundry setup, you'll need to have an account setup. If you've already got one, please skip to the next step. Otherwise, please follow the instructions below. 1. Sign into [Pivotal Web Services](http://run.pivotal.io/) or your local instance of Cloud Foundry. 2. In your organization, create a new space. * Note your organization name and space name to use in spinnaker-local.yml settings. 3. In the space, create a redis service and name it something like **spinnaker-redis**. 4. Go to http://cloud.spring.io/spring-cloud-spinnaker/, and either download the version you wish, or click through to a hosted copy (which can install a public facing instance of CF like on PWS). 5. Use the installed deploy to install Spinnaker using its directions. ### Google Cloud Platform Setup If you'd like to have Spinnaker deploy to and manage clusters on GCP, you'll need to have a GCP project set up. If you've already got one, please skip to the next step. Otherwise, please follow the instructions below. Sign into the [Google Developers Console](https://console.developers.google.com) and create a project. Use your project name in place of <code>my-spinnaker-project</code> below. 1. Enable APIs in the <code>my-spinnaker-project</code> project. * Go to the API Management page. * Enable the [Compute Engine](https://console.developers.google.com/apis/api/compute_component/overview?project=_) API. 2. Obtain service account credentials. * This step is only required to manage your GCP project from Spinnaker running outside that project (e.g. Spinnaker is running on AWS or in a different GCP project). * Go to the Credentials tab on the API Management page. * Select the **Service account key** item from the **New credentials** menu. * Select a service account, the **JSON** key type, and click **Create**. * Safeguard the JSON file that your browser will download. We will later copy this into your Spinnaker deployment so that it can manage your GCP project. ### Kubernetes Cluster Setup If you'd like to have Spinnaker deploy to and manage applications on Kubernetes, first follow the [Kubernetes getting started](http://kubernetes.io/docs/getting-started-guides/) for setting up a cluster. For ease of setup, it's recommended to use one of the hosted solutions. Once your cluster is running, you need to get its authentication details in your local [kubeconfig file](http://kubernetes.io/docs/user-guide/kubeconfig-file/). Most hosted providers will generate this file for you as a part of the setup process, and place it in <code>~/.kube/config</code> or <code>/srv/kubernetes/kubeconfig.json</code> on the master node. You can verify that these credentials are working by running <code>kubectl get namespaces</code>.