+++ /dev/null
-halyard:
- spinnakerVersion: {{ spinnaker_app_version }}
- image:
- repository: {{ gcrio_image_repository }}/spinnaker-marketplace/halyard
- tag: {{ spinnaker_version }}
- pullSecrets: []
- # Set to false to disable persistence data volume for halyard
- persistence:
- enabled: false
- # Provide a config map with Hal commands that will be run the core config (storage)
- # The config map should contain a script in the config.sh key
- additionalScripts:
- enabled: false
- configMapName: my-halyard-config
- configMapKey: config.sh
- # If you'd rather do an inline script, set create to true and put the content in the data dict like you would a configmap
- # The content will be passed through `tpl`, so value interpolation is supported.
- create: false
- data: {}
- additionalSecrets:
- create: false
- data: {}
- ## Uncomment if you want to use a pre-created secret rather than feeding data in via helm.
- # name:
- additionalConfigMaps:
- create: false
- data: {}
- ## Uncomment if you want to use a pre-created ConfigMap rather than feeding data in via helm.
- # name:
- ## Define custom profiles for Spinnaker services. Read more for details:
- ## https://www.spinnaker.io/reference/halyard/custom/#custom-profiles
- ## The contents of the files will be passed through `tpl`, so value interpolation is supported.
- additionalProfileConfigMaps:
- data: {}
- ## if you're running spinnaker behind a reverse proxy such as a GCE ingress
- ## you may need the following profile settings for the gate profile.
- ## see https://github.com/spinnaker/spinnaker/issues/1630
- ## otherwise its harmless and will likely become default behavior in the future
- ## According to the linked github issue.
- # gate-local.yml:
- # server:
- # tomcat:
- # protocolHeader: X-Forwarded-Proto
- # remoteIpHeader: X-Forwarded-For
- # internalProxies: .*
- # httpsServerPort: X-Forwarded-Port
-
- ## Define custom settings for Spinnaker services. Read more for details:
- ## https://www.spinnaker.io/reference/halyard/custom/#custom-service-settings
- ## You can use it to add annotations for pods, override the image, etc.
- additionalServiceSettings: {}
- # deck.yml:
- # artifactId: gcr.io/spinnaker-marketplace/deck:2.9.0-20190412012808
- # kubernetes:
- # podAnnotations:
- # iam.amazonaws.com/role: <role_arn>
- # clouddriver.yml:
- # kubernetes:
- # podAnnotations:
- # iam.amazonaws.com/role: <role_arn>
-
- ## Populate to provide a custom local BOM for Halyard to use for deployment. Read more for details:
- ## https://www.spinnaker.io/guides/operator/custom-boms/#boms-and-configuration-on-your-filesystem
- bom: ~
- # artifactSources:
- # debianRepository: https://dl.bintray.com/spinnaker-releases/debians
- # dockerRegistry: gcr.io/spinnaker-marketplace
- # gitPrefix: https://github.com/spinnaker
- # googleImageProject: marketplace-spinnaker-release
- # services:
- # clouddriver:
- # commit: 031bcec52d6c3eb447095df4251b9d7516ed74f5
- # version: 6.3.0-20190904130744
- # deck:
- # commit: b0aac478e13a7f9642d4d39479f649dd2ef52a5a
- # version: 2.12.0-20190916141821
- # ...
- # timestamp: '2019-09-16 18:18:44'
- # version: 1.16.1
-
- ## Define local configuration for Spinnaker services.
- ## The contents of these files would be copies of the configuration normally retrieved from
- ## `gs://halconfig/<service-name>`, but instead need to be available locally on the halyard pod to facilitate
- ## offline installation. This would typically be used along with a custom `bom:` with the `local:` prefix on a
- ## service version.
- ## Read more for details:
- ## https://www.spinnaker.io/guides/operator/custom-boms/#boms-and-configuration-on-your-filesystem
- ## The key for each entry must be the name of the service and a file name separated by the '_' character.
- serviceConfigs: {}
- # clouddriver_clouddriver-ro.yml: |-
- # ...
- # clouddriver_clouddriver-rw.yml: |-
- # ...
- # clouddriver_clouddriver.yml: |-
- # ...
- # deck_settings.json: |-
- # ...
- # echo_echo.yml: |-
- # ...
-
- ## Uncomment if you want to add extra commands to the init script
- ## run by the init container before halyard is started.
- ## The content will be passed through `tpl`, so value interpolation is supported.
- # additionalInitScript: |-
-
- ## Uncomment if you want to add annotations on halyard and install-using-hal pods
- # annotations:
- # iam.amazonaws.com/role: <role_arn>
-
- ## Uncomment the following resources definitions to control the cpu and memory
- # resources allocated for the halyard pod
- resources: {}
- # requests:
- # memory: "1Gi"
- # cpu: "100m"
- # limits:
- # memory: "2Gi"
- # cpu: "200m"
-
- ## Uncomment if you want to set environment variables on the Halyard pod.
- # env:
- # - name: JAVA_OPTS
- # value: -Dhttp.proxyHost=proxy.example.com
- customCerts:
- ## Enable to override the default cacerts with your own one
- enabled: false
- secretName: custom-cacerts
-
-# Define which registries and repositories you want available in your
-# Spinnaker pipeline definitions
-# For more info visit:
-# https://www.spinnaker.io/setup/providers/docker-registry/
-
-# Configure your Docker registries here
-dockerRegistries:
-- name: dockerhub
- address: index.docker.io
- repositories:
- - library/alpine
- - library/ubuntu
- - library/centos
- - library/nginx
-# - name: gcr
-# address: https://gcr.io
-# username: _json_key
-# password: '<INSERT YOUR SERVICE ACCOUNT JSON HERE>'
-# email: 1234@5678.com
-
-# If you don't want to put your passwords into a values file
-# you can use a pre-created secret instead of putting passwords
-# (specify secret name in below `dockerRegistryAccountSecret`)
-# per account above with data in the format:
-# <name>: <password>
-
-# dockerRegistryAccountSecret: myregistry-secrets
-
-kubeConfig:
- # Use this when you want to register arbitrary clusters with Spinnaker
- # Upload your ~/kube/.config to a secret
- enabled: false
- secretName: my-kubeconfig
- secretKey: config
- # Use this when you want to configure halyard to reference a kubeconfig from s3
- # This allows you to keep your kubeconfig in an encrypted s3 bucket
- # For more info visit:
- # https://www.spinnaker.io/reference/halyard/secrets/s3-secrets/#secrets-in-s3
- # encryptedKubeconfig: encrypted:s3!r:us-west-2!b:mybucket!f:mykubeconfig
- # List of contexts from the kubeconfig to make available to Spinnaker
- contexts:
- - default
- deploymentContext: default
- omittedNameSpaces:
- - kube-system
- - kube-public
- onlySpinnakerManaged:
- enabled: false
-
- # When false, clouddriver will skip the permission checks for all kubernetes kinds at startup.
- # This can save a great deal of time during clouddriver startup when you have many kubernetes
- # accounts configured. This disables the log messages at startup about missing permissions.
- checkPermissionsOnStartup: true
-
- # A list of resource kinds this Spinnaker account can deploy to and will cache.
- # When no kinds are configured, this defaults to ‘all kinds'.
- # kinds:
- # -
-
- # A list of resource kinds this Spinnaker account cannot deploy to or cache.
- # This can only be set when –kinds is empty or not set.
- # omittedKinds:
- # -
-
-# Change this if youd like to expose Spinnaker outside the cluster
-ingress:
- enabled: false
- # host: spinnaker.example.org
- # annotations:
- # ingress.kubernetes.io/ssl-redirect: 'true'
- # kubernetes.io/ingress.class: nginx
- # kubernetes.io/tls-acme: "true"
- # tls:
- # - secretName: -tls
- # hosts:
- # - domain.com
-
-ingressGate:
- enabled: false
- # host: gate.spinnaker.example.org
- # annotations:
- # ingress.kubernetes.io/ssl-redirect: 'true'
- # kubernetes.io/ingress.class: nginx
- # kubernetes.io/tls-acme: "true"
- # tls:
- # - secretName: -tls
- # hosts:
- # - domain.com
-
-# spinnakerFeatureFlags is a list of Spinnaker feature flags to enable
-# Ref: https://www.spinnaker.io/reference/halyard/commands/#hal-config-features-edit
-# spinnakerFeatureFlags:
-# - artifacts
-# - pipeline-templates
-spinnakerFeatureFlags:
- - artifacts
- - jobs
-
-# Node labels for pod assignment
-# Ref: https://kubernetes.io/docs/user-guide/node-selection/
-# nodeSelector to provide to each of the Spinnaker components
-nodeSelector: {}
-
-# Redis password to use for the in-cluster redis service
-# Enable redis to use in-cluster redis
-redis:
- enabled: true
- # External Redis option will be enabled if in-cluster redis is disabled
- external:
- host: "<EXTERNAL-REDIS-HOST-NAME>"
- port: 6379
- # password: ""
- password: password
- nodeSelector: {}
- cluster:
- enabled: false
-# Uncomment if you don't want to create a PVC for redis
- master:
- persistence:
- enabled: false
-
-# Minio access/secret keys for the in-cluster S3 usage
-# Minio is not exposed publically
-minio:
- enabled: true
- imageTag: RELEASE.2019-02-13T19-48-27Z
- serviceType: ClusterIP
- accessKey: spinnakeradmin
- secretKey: spinnakeradmin
- bucket: "spinnaker"
- nodeSelector: {}
-# Uncomment if you don't want to create a PVC for minio
- persistence:
- enabled: false
-
-# Google Cloud Storage
-gcs:
- enabled: false
- project: my-project-name
- bucket: "<GCS-BUCKET-NAME>"
- ## if jsonKey is set, will create a secret containing it
- jsonKey: '<INSERT CLOUD STORAGE JSON HERE>'
- ## override the name of the secret to use for jsonKey, if `jsonKey`
- ## is empty, it will not create a secret assuming you are creating one
- ## external to the chart. the key for that secret should be `key.json`.
- secretName:
-
-# AWS Simple Storage Service
-s3:
- enabled: false
- bucket: "<S3-BUCKET-NAME>"
- # rootFolder: "front50"
- # region: "us-east-1"
- # endpoint: ""
- # accessKey: ""
- # secretKey: ""
- # assumeRole: "<role to assume>"
-
-# Azure Storage Account
-azs:
- enabled: false
-# storageAccountName: ""
-# accessKey: ""
-# containerName: "spinnaker"
-
-rbac:
- # Specifies whether RBAC resources should be created
- create: true
-
-serviceAccount:
- # Specifies whether a ServiceAccount should be created
- create: true
- # The name of the ServiceAccounts to use.
- # If left blank it is auto-generated from the fullname of the release
- halyardName:
- spinnakerName:
-securityContext:
- # Specifies permissions to write for user/group
- runAsUser: 1000
- fsGroup: 1000
Code Review / infra / stack / kubernetes.git / blobdiff