Create a new Cloud Target account
Last updated
Last updated
ISD uses the credentials which are configured through halyard to deploy the applications into various Cloud Platforms. These credentials are known as Accounts. Once you have created the application, you need to create a cloud target account. ISD allows you to create & manage accounts for different cloud providers.
Click “Setup” and then click "Cloud Targets”. This page shows the existing configured cloud targets If you are already configured.
To create a new cloud provider account follow the instructions below:
From the application dashboard click on "Setup" and click "Cloud Targets", you get a list of all the cloud provider accounts currently available. And then click on the "+New Account" button, as shown in the figure below.
Select the cloud provider type for which you want to add the account. ISD supports the following cloud provider accounts:
Kubernetes
Azure
AWS
GCP
ECS
Refer to the figure below to add a new Kubernetes cloud target account.
Update the following details in the above screen:
Cloud Target: The Cloud Target type for which you want to add the account. Select "Kubernetes" from the Cloud Target dropdown.
Spinnaker: The spinnaker field lists the available Spinnaker instances integrated with ISD. You can select the Spinnaker instance with which you want this account to be associated. The Spinnaker that has been configured for the ISD instance, will be auto-populated in case you don't see the same click on the down arrow to select your Spinnaker.
Environment: These are the various environments you configure primarily used in ISD gates, You can add new environments as well by selecting the “Select Environment” option from the drop-down.
Account Name: This is the name that you will assign to your Kubernetes account that you are configuring, it doesn't have to be anything specific however it is recommended to have something unique.
Namespace: In the Namespace field provide the relevant name (through which we would isolate resources within a Kubernetes cluster).
Omit Namespaces(Optional): A list of namespaces this Spinnaker account cannot deploy to or cache
Upload KubeConfig File: The path to your kubeconfig file. It will be under the Spinnaker user's home directory in the typical .kube/config location. This kubeconfig file is used to access the Kubernetes cluster.
Validate(optional) : To validate the entries before saving, enable the Validate radio button. The default value is true.
Cloud Target Permissions: To restrict permissions to this account, you can select the User Groups from the dropdown and the required checkboxes. Once the permissions are configured for a User Group, the access will be restricted to all other User Groups except for Administrators. By default, all users have access to this account.
Save: To finish configuring the Kubernetes, click on "Save". ISD verifies the settings you entered. The Kubernetes cloud target is now added to ISD.
Refer to the figure below to add a new Azure cloud target account.
Update the following details on the above screen:
Cloud Target: The Cloud Target type for which you want to add the account. Select "Azure" from the Cloud Target dropdown.
Spinnaker: The spinnaker field lists the available Spinnaker instances integrated with ISD. You can select the Spinnaker instance with which you want this account to be associated. The Spinnaker that has been configured for the ISD instance, will be auto-populated in case you don't see the same click on the down arrow to select your Spinnaker.
Environment: These are the various environments you configure primarily used in ISD gates, You can add new environments as well by selecting the “Add Environment” option from the drop-down.
Account Name: This is the name that you will assign to your Azure account that you are configuring, it doesn't have to be anything specific however it is recommended to have something unique.
Subscription Id: The subscription id that your service principal is assigned to
Tenant Id: The Tenant id that your service principal is assigned to
App ID(Client ID): Application ID your service principal
App Key(Password): Password of your service principal
Default Key Vault: The name of a Key Vault that contains the user name, password, and ssh public key used to create VMs
Default Resource Group: The default resource group contains any non-specific application resources
Regions: The Azure regions this Spinnaker account will manage.
Use SSH Public Key: Whether to use SSH public key to provision the Linux VM. Enabled as default, which means using the SSH public key.
Object ID: Object id of your principal. This is only required if using Packer to bake windows images.
Packer Resource Group: Packer resource group to use if baking images with packer.
Packer Storage Account: Packer storage account to use if baking images with packer.
Validate(optional) : To validate the entries before saving, enable the Validate radio button. The default value is true.
Cloud Target Permissions: To restrict permissions to this account, you can select the User Groups from the dropdown and the required checkboxes. Once the permissions are configured for a User Group, the access will be restricted to all other User Groups except for Administrators. By default, all users have access to this account.
Save: To finish configuring the Azure, click "Save". ISD verifies the settings you entered. The Azure cloud target is now added to ISD.
Refer to the figure below to add a new GCP cloud target account.
Update the following details on the above screen:
Cloud Target: The Cloud Target type for which you want to add the account. Select "GCP" from the Cloud Target dropdown.
Spinnaker: The spinnaker field lists the available Spinnaker instances integrated with ISD. You can select the Spinnaker instance with which you want this account to be associated. The Spinnaker that has been configured for the ISD instance, will be auto-populated in case you don't see the same click on the down arrow to select your Spinnaker.
Environment: These are the various environments you configure primarily used in ISD gates, You can add new environments as well by selecting the “Add Environment” option from the drop-down.
Account Name: This is the name that you will assign to your GCP account that you are configuring, it doesn't have to be anything specific however it is recommended to have something unique.
Project Name: Provide any project name.
Validate(optional) : To validate the entries before saving, enable the Validate radio button. The default value is true.
Click Save.
Note: After you added the new cloud target accounts, you must click "+Sync CD Accounts" button to explicitly sync these accounts with Spinnaker. This action would also trigger the restart of halyard. To know more about Sync CD Accounts, refer here.
The user can use the AWS and ECS cloud target account as dynamic accounts by enabling the Dynamic Account option while adding the cloud target account.
If you enable the dynamic account, you can configure the External Account, which allows you to load them dynamically.
Note: After adding the AWS and ECS cloud target as dynamic accounts, you don't need to click "+Sync CD Accounts" button to restart the halyard.
Refer to the figure below to add a new AWS cloud target account.
Update the following details on the above screen:
Cloud Target: The Cloud Target type for which you want to add the account. Select "AWS" from the Cloud Target dropdown.
Dynamic Account: By enabling this, you can configure the External Account, which allows you to load them dynamically.
Spinnaker: The spinnaker field lists the available Spinnaker instances integrated with ISD. You can select the Spinnaker instance with which you want this account to be associated. The Spinnaker that has been configured for the ISD instance, will be auto-populated in case you don't see the same click on the down arrow to select your Spinnaker.
Environment: These are the various environments you configure primarily used in ISD gates, You can add new environments as well by selecting the “Add Environment” option from the drop-down.
Account Name: This is the name that you will assign to your AWS account that you are configuring, it doesn't have to be anything specific however it is recommended to have something unique.
Account Id:
Role: Halyard will configure a credentials provider that uses AWS Security Token Service to assume the specified role.
Region: Enter the AWS Regions in the text box. You can add multiple regions by clicking the plus icon.
Validate(optional) : To validate the entries before saving, enable the Validate radio button. The default value is true.
Primary Account: Click the Primary Account radio button to set the AWS account as the primary account. If this radio button is selected, additional fields appear as shown in the figure below. Fill in the additional fields with the relevant information viz., access & bakery key details.
Access Key: The default access key used to communicate with AWS
Access Key (Bakery): The default access key used for AWS bakery configuration
Secret Key: The default secret key used to communicate with AWS
Secret Key (Bakery): The default secret key used for AWS bakery configuration
Click Save.
Refer to the figure below to add a new ECS cloud target account.
Update the following details on the above screen:
Cloud Target: The Cloud Target type for which you want to add the account. Select "ECS " from the Cloud Target dropdown.
Dynamic Account: By enabling this, you can configure the External Account, which allows you to load them dynamically.
Spinnaker: The spinnaker field lists the available Spinnaker instances integrated with ISD. You can select the Spinnaker instance with which you want this account to be associated. The Spinnaker that has been configured for the ISD instance, will be auto-populated in case you don't see the same click on the down arrow to select your Spinnaker.
Environment: These are the various environments you configure primarily used in ISD gates, You can add new environments as well by selecting the “Add Environment” option from the drop-down.
Account Name: This is the name that you will assign to your ECS account that you are configuring, it doesn't have to be anything specific however it is recommended to have something unique.
AWS Account Name: Select the AWS account (Please configure AWS account before configuring ECS cluster)
Validate(optional) : To validate the entries before saving, enable the Validate radio button. The default value is true.
Cloud Target Permissions: To restrict permissions to this account, you can select the User Groups from the dropdown and the required checkboxes. Once the permissions are configured for a User Group, the access will be restricted to all other User Groups except for Administrators. By default, all users have access to this account.
Click Save.
