0

I want to automate pipeline triggers by using fiat service account. So I follow the Spinnaker doc: https://www.spinnaker.io/setup/security/authorization/service-accounts/ Then i have trouble to run the curl command. Where should I run it? I tried to run in local machine which is installed halyard and fiat pod in Kubernetes. However, I got cannot resolve http://front50.url:8080.

Shuai Liu
  • 1
  • 1

3 Answers3

0

Create Role for spinnaker with role name spinnaker-role you can edit role as per you need 

 apiVersion: rbac.authorization.k8s.io/v1
    kind: Role
    metadata:
     name: spinnaker-role
     namespace: default
    rules:
    - apiGroups: [""]
      resources: ["namespaces", "configmaps", "events", "replicationcontrollers", "serviceaccounts", "pods/logs"]
      verbs: ["get", "list"]
    - apiGroups: [""]
      resources: ["pods", "services", "secrets"]
      verbs: ["*"]
    - apiGroups: ["autoscaling"]
      resources: ["horizontalpodautoscalers"]
      verbs: ["list", "get"]
    - apiGroups: [“apps”]
      resources: [“controllerrevisions”, "statefulsets"]
      verbs: [“list”]
    - apiGroups: ["extensions", "app"]
      resources: ["deployments", "replicasets", "ingresses"]
      verbs: ["*"]

Service account for spinnaker 

apiVersion: v1
kind: ServiceAccount
metadata:
 name: spinnaker-service-account
 namespace: default

Main part role binding 

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
 name: spinnaker-role-binding
 namespace: default
roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: Role
 name: spinnaker-role
subjects:
- namespace: default
 kind: ServiceAccount
 name: spinnaker-service-account

You can edit it as per your need changing statefulset adding deployments

Harsh Manvar
  • 27,020
  • 6
  • 48
  • 102
  • Thanks for answering. I think this is not similar as kubernetes service account creation. The thing is this is for Spinnaker authorization. The last step for authorization is pipeline trigger. One method is using fiat service account to do that. However, when I follow Spinnaker document, I don't know where should I run the command. And I already created the spinnaker fiat service account in IAM. – Shuai Liu Apr 12 '19 at 17:11
0

This url is just an example and won't work. You need to access it using the service that exposes front50. If you installed using Halyard, probably the service is exposed as spin-front50:8080

I ran it in halyard and used the URL

(I know its really long time after your question :), I just happened to see this and it's better late than never.)

Ravi B
  • 1,574
  • 2
  • 14
  • 31
Bhavith
  • 21
  • 3
0

You have to port-forward into the pod, and curl your localhost with the port created for that pod, during port-forwarding.

Josbrafe
  • 31
  • 2