-
Notifications
You must be signed in to change notification settings - Fork 71
SpinnakerService CRD
Kevin Woo edited this page Oct 29, 2019
·
28 revisions
Table of Contents
The following example shows the general structure of a manifest file for SpinnakerService:
apiVersion: spinnaker.io/v1alpha2
kind: SpinnakerService
metadata:
name: spinnaker
spec:
# spec.spinnakerConfig - This section is how to specify configuration spinnaker
spinnakerConfig:
# spec.spinnakerConfig.config - This section contains the contents of a deployment found in a halconfig .deploymentConfigurations[0]
config:
version: 1.15.1 # the version of Spinnaker to be deployed
persistentStorage:
persistentStoreType: s3
s3:
bucket: mybucket
rootFolder: front50
# spec.spinnakerConfig.profiles - This section contains the YAML of each service's profile
profiles:
clouddriver: {} # is the contents of ~/.hal/default/profiles/clouddriver.yml
# deck has a special key "settings-local.js" for the contents of settings-local.js
deck:
# settings-local.js - contents of ~/.hal/default/profiles/settings-local.js
# Use the | YAML symbol to indicate a block-style multiline string
settings-local.js: |
window.spinnakerSettings.feature.kustomizeEnabled = true;
window.spinnakerSettings.feature.artifactsRewrite = true;
echo: {} # is the contents of ~/.hal/default/profiles/echo.yml
fiat: {} # is the contents of ~/.hal/default/profiles/fiat.yml
front50: {} # is the contents of ~/.hal/default/profiles/front50.yml
gate: {} # is the contents of ~/.hal/default/profiles/gate.yml
igor: {} # is the contents of ~/.hal/default/profiles/igor.yml
kayenta: {} # is the contents of ~/.hal/default/profiles/kayenta.yml
orca: {} # is the contents of ~/.hal/default/profiles/orca.yml
rosco: {} # is the contents of ~/.hal/default/profiles/rosco.yml
# spec.spinnakerConfig.service-settings - This section contains the YAML of the service's service-setting
# see https://www.spinnaker.io/reference/halyard/custom/#tweakable-service-settings for available settings
service-settings:
clouddriver: {}
deck: {}
echo: {}
fiat: {}
front50: {}
gate: {}
igor: {}
kayenta: {}
orca: {}
rosco: {}
# spec.spinnakerConfig.files - This section allows you to include any other raw string files not handle above.
# The KEY is the filepath and filename of where it should be placed
# - Files here will be placed into ~/.hal/default/ on halyard
# - __ is used in place of / for the path separator
# The VALUE is the contents of the file.
# - Use the | YAML symbol to indicate a block-style multiline string
# - We currently only support string files
# - NOTE: Kubernetes has a manifest size limitation of 1MB
files:
# profiles__rosco__packer__example-packer-config.json: |
# {
# "packerSetting": "someValue"
# }
# profiles__rosco__packer__my_custom_script.sh: |
# #!/bin/bash -e
# echo "hello world!"
# spec.expose - This section defines how Spinnaker should be publicly exposed
expose:
type: service # Kubernetes LoadBalancer type (service/ingress), note: only "service" is supported for now
service:
type: LoadBalancer
# annotations to be set on Kubernetes LoadBalancer type
# they will only apply to spin-gate, spin-gate-x509, or spin-deck
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
# uncomment the line below to provide an AWS SSL certificate to terminate SSL at the LoadBalancer
#service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:9999999:certificate/abc-123-abc
# provide an override to the exposing KubernetesService
overrides:
# Provided below is the example config for the Gate-X509 configuration
# deck:
# annotations:
# service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:9999999:certificate/abc-123-abc
# service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
# gate:
# annotations:
# service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:9999999:certificate/abc-123-abc
# service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https # X509 requires https from LoadBalancer -> Gate
# gate-x509:
# annotations:
# service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
# service.beta.kubernetes.io/aws-load-balancer-ssl-cert: null
# publicPort: 443This section really only contains the key spinnakerConfig.
There’s two keys that we can configure:
-
config -
expose
Contents of a deployment found in a halconfig .deploymentConfigurations[0].
|
📝
|
A notable key is .spec.spinnakerConfig.config.version.
|
given the following:
~/.hal/config filecurrentDeployment: default
deploymentConfigurations:
- name: default
version: 1.15.1
persistentStorage:
persistentStoreType: s3
s3:
bucket: mybucket
rootFolder: front50We’ll need to indent it twice (4 spaces) because we’re putting it in .spec.spinnakerConfig.
Here’s the example of what it looks like:
version: 1.15.1
persistentStorage:
persistentStoreType: s3
s3:
bucket: mybucket
rootFolder: front50This section contains the YAML of each service’s profile.
|
📝
|
All services will be parsed as YAML except Deck, in which there’s a nested key settings-local.js.
|
This section contains configuration for exposing Spinnaker.
How Spinnaker will be exposed.
Only service is currently supported for using Kubernetes services.
Service Configuration
Matches a valid kubernetes service type (i.e. LoadBalancer, NodePort, ClusterIP).
|
❗
|
LoadBalancer is the only supported type currently.
|
apiVersion: spinnaker.io/v1alpha1
kind: SpinnakerService
metadata:
name: spinnaker
spec:
spinnakerConfig:
configMap:
name: spinconfig-v001apiVersion: spinnaker.io/v1alpha1
kind: SpinnakerService
metadata:
name: spinnaker
spec:
spinnakerConfig:
configMap:
name: spinconfig-v001
expose:
type: service
service:
type: LoadBalancer
annotations:
"service.beta.kubernetes.io/aws-load-balancer-backend-protocol": "http"
"service.beta.kubernetes.io/aws-load-balancer-ssl-ports": "80,443"
"service.beta.kubernetes.io/aws-load-balancer-ssl-cert": "arn:aws:acm:us-west-2:xxxxxxxxxxxx:certificate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"Above manifest file will generate these two services:
spin-deck
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: 80,443
service.beta.kubernetes.io/aws-load-balancer-ssl-cert": arn:aws:acm:us-west-2:xxxxxxxxxxxx:certificate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
labels:
app: spin
cluster: spin-deck
name: spin-deck
spec:
ports:
- name: deck-tcp
nodePort: xxxxx
port: 9000
protocol: TCP
targetPort: 9000
selector:
app: spin
cluster: spin-deck
sessionAffinity: None
type: LoadBalancerspin-gate
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: 80,443
service.beta.kubernetes.io/aws-load-balancer-ssl-cert": arn:aws:acm:us-west-2:xxxxxxxxxxxx:certificate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
labels:
app: spin
cluster: spin-gate
name: spin-gate
spec:
ports:
- name: gate-tcp
nodePort: xxxxx
port: 8084
protocol: TCP
targetPort: 8084
selector:
app: spin
cluster: spin-gate
sessionAffinity: None
type: LoadBalancerapiVersion: spinnaker.io/v1alpha1
kind: SpinnakerService
metadata:
name: spinnaker
spec:
spinnakerConfig:
configMap:
name: spinconfig-v001
expose:
type: service
service:
type: LoadBalancer
annotations:
"service.beta.kubernetes.io/aws-load-balancer-backend-protocol": "http"
"service.beta.kubernetes.io/aws-load-balancer-ssl-ports": "80,443"
"service.beta.kubernetes.io/aws-load-balancer-ssl-cert": "arn:aws:acm:us-west-2:xxxxxxxxxxxx:certificate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
overrides:
gate:
type: NodePortAbove manifest file will generate these two services:
spin-deck
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: 80,443
service.beta.kubernetes.io/aws-load-balancer-ssl-cert": arn:aws:acm:us-west-2:xxxxxxxxxxxx:certificate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
labels:
app: spin
cluster: spin-deck
name: spin-deck
spec:
ports:
- name: deck-tcp
nodePort: xxxxx
port: 9000
protocol: TCP
targetPort: 9000
selector:
app: spin
cluster: spin-deck
sessionAffinity: None
type: LoadBalancerspin-gate
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: 80,443
service.beta.kubernetes.io/aws-load-balancer-ssl-cert": arn:aws:acm:us-west-2:xxxxxxxxxxxx:certificate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
labels:
app: spin
cluster: spin-gate
name: spin-gate
spec:
ports:
- name: gate-tcp
nodePort: xxxxx
port: 8084
protocol: TCP
targetPort: 8084
selector:
app: spin
cluster: spin-gate
sessionAffinity: None
type: NodePortapiVersion: spinnaker.io/v1alpha1
kind: SpinnakerService
metadata:
name: spinnaker
spec:
spinnakerConfig:
configMap:
name: spinconfig-v001
expose:
type: service
service:
type: LoadBalancer
annotations:
"service.beta.kubernetes.io/aws-load-balancer-backend-protocol": "http"
"service.beta.kubernetes.io/aws-load-balancer-ssl-ports": "80,443"
"service.beta.kubernetes.io/aws-load-balancer-ssl-cert": "arn:aws:acm:us-west-2:xxxxxxxxxxxx:certificate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
overrides:
gate:
annotations:
"service.beta.kubernetes.io/aws-load-balancer-internal": "true"Above manifest file will generate these two services:
spin-deck
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: 80,443
service.beta.kubernetes.io/aws-load-balancer-ssl-cert": arn:aws:acm:us-west-2:xxxxxxxxxxxx:certificate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
labels:
app: spin
cluster: spin-deck
name: spin-deck
spec:
ports:
- name: deck-tcp
nodePort: xxxxx
port: 9000
protocol: TCP
targetPort: 9000
selector:
app: spin
cluster: spin-deck
sessionAffinity: None
type: LoadBalancerspin-gate
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: 80,443
service.beta.kubernetes.io/aws-load-balancer-ssl-cert": arn:aws:acm:us-west-2:xxxxxxxxxxxx:certificate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
service.beta.kubernetes.io/aws-load-balancer-internal: true
labels:
app: spin
cluster: spin-gate
name: spin-gate
spec:
ports:
- name: gate-tcp
nodePort: xxxxx
port: 8084
protocol: TCP
targetPort: 8084
selector:
app: spin
cluster: spin-gate
sessionAffinity: None
type: Loadbalancer
expose:
type: service
service:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
overrides:
# Provided below is the example config for the Gate-X509 configuration
deck:
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:9999999:certificate/abc-123-abc
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
gate:
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:9999999:certificate/abc-123-abc
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https # X509 requires https from LoadBalancer -> Gate
gate-x509:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: null
publicPort: 443