Adding Multiple provider in Spinnaker


#1

My spinnaker setup is deployed on GCE. I wish to add AWS as a provider in my clouddriver account. What is the feasible way to do this?

As per the command

hal config provider aws account add

what are we supposed to pass in “assume-role” what is the correct policy that goes into that role? Because am not using AWS as Managing account instead am using GCP.

Any kind of guidance is appreciated.


#2

From the Spinnaker/Halyard perspective, adding a provider is the same whether it’s the managed or managing account. --assume-role is an AWS-specific thing, and this might help you.


#3

I tried the same approach right now, this how my clouddriver config looks like

spectator:
  applicationName: ${spring.application.name}
  webEndpoint:
    enabled: false

appengine:
  enabled: false
  accounts: []
aws:
  enabled: true
  accounts:
  - name: aws-sandbox
    requiredGroupMembership: []
    providerVersion: V1
    permissions: {}
    accountId: '11111111111'
    regions: []
    assumeRole: role/spinnakerRole
    primaryAccount: aws-sandbox
    bakeryDefaults:
      baseImages: []
    accessKeyId: xxxxxxXXXXX
    secretAccessKey: YYYYYYYYYYyyyyyyyyyyyyyyy
    defaultKeyPairTemplate: '{{name}}-keypair'
    defaultRegions:
    - name: us-west-2
    defaults:
      iamRole: BaseIAMRole
ecs:
  enabled: false
  accounts: []
azure:
  enabled: false
  accounts: []
  bakeryDefaults:
    templateFile: azure-linux.json
    baseImages: []
dcos:
  enabled: false
  accounts: []
  clusters: []
dockerRegistry:
  enabled: false
  accounts: []
google:
  enabled: true
  accounts:
  - name: cloudcover-sandbox
    requiredGroupMembership: []
    providerVersion: V1
    permissions: {}
    project: gcp-sandbox
    jsonPath: /home/halyard/.hal/default/staging/dependencies/1941137454-spinnaker-halyard-cc.json
    alphaListed: false
    imageProjects: []
    consul:
      enabled: false
      agentEndpoint: localhost
      agentPort: 8500
      datacenters: []
  primaryAccount: gcp-sandbox
  bakeryDefaults:
    templateFile: gce.json
    baseImages: []
    zone: us-central1-f
    network: default
    useInternalIp: false
kubernetes:
  enabled: false
  accounts: []
openstack:
  enabled: false
  accounts: []
  bakeryDefaults:
    baseImages: []
oracle:
  enabled: false
  accounts: []
  bakeryDefaults:
    templateFile: oci.json
    baseImages: []

artifacts:
  bitbucket:
    enabled: false
    accounts: []
  gcs:
    enabled: false
    accounts: []
  oracle:
    enabled: false
    accounts: []
  github:
    enabled: false
    accounts: []
  gitlab:
    enabled: false
    accounts: []
  http:
    enabled: false
    accounts: []
  helm:
    enabled: false
    accounts: []
  s3:
    enabled: false
    accounts: []
  templates: []

# halconfig

server:
  port: ${services.clouddriver.port:7002}
  address: ${services.clouddriver.host:localhost}

redis:
  connection: ${services.redis.baseUrl:redis://localhost:6379}

caching:
  redis:
    hashingEnabled: true

right now my clouddriver(running on GCE) is crashing with these errors

Jan 24 04:32:11 cc-spinnaker clouddriver[31976]: 2019-01-24 04:32:11.664  WARN 31976 --- [           main] com.amazonaws.util.EC2MetadataUtils      : Unable to retrieve the requested metadata.
Jan 24 04:32:11 cc-spinnaker clouddriver[31976]: 2019-01-24 04:32:11.667  WARN 31976 --- [           main] com.amazonaws.util.EC2MetadataUtils      : Unable to retrieve the requested metadata.
Jan 24 04:32:11 cc-spinnaker clouddriver[31976]: 2019-01-24 04:32:11.986  WARN 31976 --- [           main] ationConfigEmbeddedWebApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'instanceTypeController': Unsatisfied dependency expressed through field 'instanceTypeProviders'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'amazonInstanceTypeProvider' defined in URL [jar:file:/opt/clouddriver/lib/clouddriver-aws-3.4.2-20180828182842.jar!/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonInstanceTypeProvider.class]: Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'cacheView' defined in com.netflix.spinnaker.clouddriver.cache.CacheConfig: Unsatisfied dependency expressed through method 'cacheView' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'catsModule' defined in com.netflix.spinnaker.clouddriver.cache.CacheConfig: Unsatisfied dependency expressed through method 'catsModule' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'netflixAmazonCredentials' defined in class path resource [com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [java.util.List]: Factory method 'netflixAmazonCredentials' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'synchronizeAmazonAccounts' defined in class path resource [com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.class]: Bean instantiation via factory me
Jan 24 04:32:11 cc-spinnaker clouddriver[31976]: thod failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [java.util.List]: Factory method 'synchronizeAmazonAccounts' threw exception; nested exception is com.amazonaws.SdkClientException: Unable to load AWS credentials from any provider in the chain: [EnvironmentVariableCredentialsProvider: Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY)), SystemPropertiesCredentialsProvider: Unable to load AWS credentials from Java system properties (aws.accessKeyId and aws.secretKey), com.amazonaws.auth.profile.ProfileCredentialsProvider@1464019a: profile file cannot be null, com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper@4339a2e5: The requested metadata is not found at http://169.254.169.254/latest/meta-data/iam/security-credentials/]
Jan 24 04:32:12 cc-spinnaker clouddriver[31976]: 2019-01-24 04:32:12.001  INFO 31976 --- [           main] o.apache.catalina.core.StandardService   : Stopping service [Tomcat]

@ddorbin any idea how can i fix this? I have already exported the AWS KEYS as env variable


#4

Unfortunately, I have no experience setting up AWS as a provider.
You might try @tekmon and/or @emburns on Slack. (Not sure what their usernames are here in the forum.)