Integrating Cloud Foundry with Spinnaker

I previously blogged about "Installing Spinnaker on Pivotal Container Service (PKS) with NSX-T running on vSphere" and then how to invoke UI using a "kubectl port-forward".

http://theblasfrompas.blogspot.com/2019/02/installing-spinnaker-on-pivotal.html
http://theblasfrompas.blogspot.com/2019/02/exposing-spinnaker-ui-endpoint-from.html

Steps

1. Exec into hal pod using a command as follows:

$ kubectl exec --namespace default -it myspinnaker-spinnaker-halyard-0 bash

Note: You can get the POD name as follows

papicella@papicella:~$ kubectl get pods | grep halyard
myspinnaker-spinnaker-halyard-0       1/1       Running     0          6d

2. Create a file settings-local.js in the directory ~/.hal/default/profiles/

window.spinnakerSettings.providers.cloudfoundry = {
  defaults: {account: 'my-cloudfoundry-account'}
};

3. Create a file clouddriver-local.yml with contents as follows. You can add multiple accounts but in this example I am just adding one

cloudfoundry:
  enabled: true
  accounts:
    - name: PWS
      user: papicella-pas@pivotal.io
      password: yyyyyyy
      api: api.run.pivotal.io

4. If you are working with an existing installation of Spinnaker, apply your changes:

spinnaker@myspinnaker-spinnaker-halyard-0:~/.hal/default/profiles$ hal deploy apply
+ Get current deployment
  Success
+ Prep deployment
  Success
Problems in halconfig:
- WARNING There is a newer version of Halyard available (1.15.0),
  please update when possible
? Run 'sudo apt-get update && sudo apt-get install
  spinnaker-halyard -y' to upgrade

+ Preparation complete... deploying Spinnaker
+ Get current deployment
  Success
+ Apply deployment
  Success
+ Run `hal deploy connect` to connect to Spinnaker.

5. Once this is done in the UI you will see any applications in your Organisations appear in this example it's a single application called "Spring" as shown below

6. In the example below when "Creating an Application" we can select the ORGS/Spaces we wish to use as shown below

More Information

Cloud Foundry Integration
https://www.spinnaker.io/setup/install/providers/cf/

Cloud Foundry Resource Mapping
https://www.spinnaker.io/reference/providers/cf/

Spring Cloud GCP and authentication from your Spring Boot Application

When using Spring Cloud GCP you will need to authenticate at some point in order to use the GCP services. In this example below using a GCP Cloud SQL instance you really only need to do 3 things to access it externally from your Spring Boot application as follows.

1. Enable the Google Cloud SQL API which is detailed here

  https://cloud.google.com/sql/docs/mysql/admin-api/

2. Ensure that your GCP SDK can login to your Google Cloud SQL. This command will take you to a web page asking which google account you want to use

  $ gcloud auth application-default login

3. Finally some application properties in your Spring Boot application detailing the Google Cloud SQL instance name and database name as shown below.

spring.cloud.gcp.sql.instance-connection-name=fe-papicella:australia-southeast1:apples-db
spring.cloud.gcp.sql.database-name=employees

Now when you do that and your application starts up you will see a log message as follows below clearly warning you this this method of authentication can have implications at some point.

2019-02-07 09:10:26.700  WARN 2477 --- [           main] c.g.a.oauth2.DefaultCredentialsProvider  : Your application has authenticated using end user credentials from Google Cloud SDK. We recommend that most server applications use service accounts instead. If your application continues to use end user credentials from Cloud SDK, you might receive a "quota exceeded" or "API not enabled" error. For more information about service accounts, see https://cloud.google.com/docs/authentication/.

Clearly that's something we have to resolve. To do that we simply can add another Spring Boot application property pointing to a service account JSON file for us to authenticate against to remove the warning.

spring.cloud.gcp.credentials.location=file:/Users/papicella/piv-projects/GCP/fe-papicella-8077fe1126b2.json

Note: You can also use an ENV variable as follows

export GOOGLE_APPLICATION_CREDENTIALS="[PATH]"

You can get a JSON key generated from the GCP console "IAM and Admin -> Service Accounts" page

For more information on authentication visit this link https://cloud.google.com/docs/authentication/getting-started