Deploying Spinnaker on GKE with Traefik Ingress

Sail away!

Last week I was asked to create a Spinnaker pipeline deployed on a GKE cluster. Even though Google offers a great tutorial, I found that it didn’t cover the part of actually sharing the Spinnaker setup beyond a port forward to localhost.

The scope of this article covers the part from forwarding a pod port to localhost and to adding Traefik load balancer, setting up ingresses to expose Spinnaker to the outside, all while maintaining Spinnaker’s own access to its API.

Note: hint about Spinnaker api setup came from here.

Note: each step is linked to a file in a GitHub repo. Ingress specifications would need a domain that will be used to point to the appropriate ingress and served by the appropriate service. You will need to setup a DNS record pointing to the GKE cluster.

Follow on the tutorial, setting up Spinnaker using helm.

This will get you a working cluster, setup with ClusterIP services. This won’t do you any good with GKE though, but you can get a taste of the UI by forwarding the port as suggested.

Setup Traefik

You will need:

  • role bindings
  • configMap to hold initial configuration
  • a DaemonSet to control the pods and a service to expose it as a loadbalancer (daemonset is preferred to deployment as it can ensure the presence of one pod per node, whereas for deployments you need some nifty affinity settings to get that)
  • a service/ingress pair to expose the Traefik UI

Setup Consul

Consul is a versatile KV store, I tend to use it to hold Traefik configuration, as well as other configuration. I am planning to learn to use it as a service discovery system as well, it tends to beat Kubernetes’ very own. You will need:

  • volume claim for permanent storage
  • deployment/service pair (part of the above file as well)
  • ingress/service pair to expose its own UI
  • You will need to execute ‘traefik storeconfig — configfile=/config/traefik.toml’ against one of the Traefik pods to move the config into Consul (linked Kubernetes one-time job should do the trick)

Spinnaker overrides

This is the interesting part. Since the default helm chart uses ClusterIP, we need to override some services to turn them to NodePort. By “some” I mean exactly two, “spin-deck” and “spin-gate”. You will need:

  • new service definition for “spin-gate” (which is the API)
  • new service definition for “spin-deck” + an ingress