---
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
+# Copyright (C) 2022 The Nordix Foundation. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
-helm_charts_git_url: https://github.com/helm/charts.git
-spinnaker_service: "spinnaker"
-spinnaker_namespace: "spinnaker"
+- hosts: jumphost
+ gather_facts: true
-# vim: set ts=2 sw=2 expandtab:
+ roles:
+ - role: install
--- /dev/null
+---
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+- name: Add minio chart repository
+ command: helm repo add minio "{{ chart_repo }}"
+ changed_when: false
+
+- name: Create minio values file
+ tempfile:
+ state: file
+ register: values_file
+
+- name: Write minio values to file
+ vars:
+ values:
+ replicas: "{{ replicas }}"
+ rootUser: "{{ root_user }}"
+ rootPassword: "{{ root_password }}"
+ users: "{{ users }}"
+ persistence:
+ size: "{{ disk_size }}"
+ resources:
+ requests:
+ memory: "{{ container_mem_req }}"
+ copy:
+ content: "{{ values | to_yaml }}"
+ dest: "{{ values_file.path }}"
+ mode: 0644
+
+- name: Install minio chart
+ shell: >
+ helm install minio minio/minio
+ --create-namespace
+ --namespace minio
+ --values "{{ values_file.path }}"
+ changed_when: false
---
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
+# Copyright (C) 2022 The Nordix Foundation. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
-gcrio_image_repository: "{{ server_fqdn }}"
-helm_charts_git_url: "{{ engine_workspace }}/offline/git/charts"
-local_repo_url: "http://{{ server_fqdn }}/charts/local"
-stable_repo_url: "http://{{ server_fqdn }}/charts/stable"
+root_user: root
+root_password: password
-# vim: set ts=2 sw=2 expandtab:
+disk_size: 5Gi
+replicas: 4
+
+chart_repo: https://charts.min.io/
+container_mem_req: 256Mi
+
+users:
+ - accessKey: spinnaker
+ secretKey: spinnaker
+ # [readonly|readwrite|writeonly|consoleAdmin|diagnostics]
+ policy: consoleAdmin
---
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
+# Copyright (C) 2022 The Nordix Foundation. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- hosts: jumphost
gather_facts: true
- become: false
roles:
- role: install
--- /dev/null
+---
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+- name: Create halyard OS user
+ user:
+ name: halyard
+ shell: /bin/bash
+
+- name: Allow 'halyard' group to have passwordless sudo
+ lineinfile:
+ dest: /etc/sudoers
+ state: present
+ regexp: '^%halyard'
+ line: '%halyard ALL=(ALL) NOPASSWD: ALL'
+ validate: 'visudo -cf %s'
+
+- name: Copy ssh config
+ copy:
+ src: "{{ user_home }}/.ssh"
+ dest: /home/halyard
+ remote_src: true
+ owner: halyard
+ group: halyard
+ mode: preserve
+
+- name: Copy kube config
+ copy:
+ src: "{{ user_home }}/.kube"
+ dest: /home/halyard
+ remote_src: true
+ owner: halyard
+ group: halyard
+ mode: preserve
--- /dev/null
+---
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+- name: Enable spinnaker k8s provider
+ command: hal config provider kubernetes enable
+ changed_when: false
+
+- name: Create spinnaker k8s provider account
+ shell: >
+ hal config provider kubernetes
+ account add {{ spinnaker_account }}
+ --context $(kubectl config current-context)
+ changed_when: false
+
+- name: Set spinnaker install version
+ shell: >
+ hal config version edit
+ --version "{{ spinnaker_version }}"
+ changed_when: false
+
+- name: Set spinnaker deployment account
+ shell: >
+ hal config deploy edit
+ --type distributed
+ --account-name {{ spinnaker_account }}
+ changed_when: false
+
+- name: Set minio storage config
+ shell: >
+ hal config storage s3 edit
+ --endpoint http://minio.minio:9000
+ --access-key-id spinnaker
+ --secret-access-key spinnaker
+ changed_when: false
+
+- name: Set external storage to minio
+ command: hal config storage edit --type s3
+ changed_when: false
+
+- name: Set minio storage path style
+ command: hal config storage s3 edit --path-style-access true
+ changed_when: false
+
+- name: Deploy spinnaker
+ command: hal deploy apply
+ changed_when: false
--- /dev/null
+---
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+- name: Install JRE
+ package:
+ name: default-jre
+ state: present
+
+- name: Download halyard install script
+ get_url:
+ url: "{{ halyard_install_sh_url }}"
+ dest: /tmp/install-halyard.sh
+ mode: 0755
+
+- name: Install halyard
+ shell: >
+ /tmp/install-halyard.sh -y
+ --user {{ halyard_user }}
+ --version {{ halyard_version }}
+ changed_when: false
---
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
+# Copyright (C) 2022 The Nordix Foundation. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
-gcrio_image_repository: "gcr.io"
-helm_charts_git_url: "https://github.com/helm/charts.git"
-local_repo_url: "http://{{ server_fqdn }}/charts/local"
-stable_repo_url: "https://charts.helm.sh/stable"
-
-# vim: set ts=2 sw=2 expandtab:
+- import_tasks: create-user.yml
+ become: true
+- import_tasks: install-pkg.yml
+ become: true
+- import_tasks: deploy-spin.yml
+ become: true
+ become_user: "{{ halyard_user }}"
+- import_tasks: poll-pods.yml
--- /dev/null
+---
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+- name: Wait for all spinnaker pods to become ready
+ k8s_facts:
+ kind: Pod
+ namespace: spinnaker
+ label_selectors:
+ - app = spin
+ field_selectors:
+ - status.phase=Running
+ register: spin_status
+ until:
+ - spin_status.resources is defined
+ - spin_status.resources
+ retries: 30
+ delay: 10
--- /dev/null
+---
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+
+halyard_user: halyard
+
+halyard_version: "1.44.1"
+
+spinnaker_version: "1.26.6"
+
+# yamllint disable-line rule:line-length
+halyard_install_sh_url: https://raw.githubusercontent.com/spinnaker/halyard/master/install/debian/InstallHalyard.sh
+
+spinnaker_account: "spin-k8s-account"
+
+user_home: "{{ lookup('env', 'HOME') if provisioner_type == 'bifrost' else '/root' }}"
+++ /dev/null
-#!/bin/bash
-
-cat << EOF
----------------------------------------------------
-Halyard Spinnaker Deployment Log
----------------------------------------------------
-$(kubectl -n spinnaker logs $(kubectl -n spinnaker get pod --no-headers -o custom-columns=':metadata.name' | grep spinnaker-install-using))
-
-
----------------------------------------------------
-Spinnaker pods in Create or ImagePullBackOff state
----------------------------------------------------
-$(kubectl get pod -n spinnaker | grep -i 'creating\|ImagePullBackOff')
-
-
----------------------------------------------------
-Spinnaker pods in Init state
----------------------------------------------------
-$(kubectl get pod -n spinnaker | grep Init | grep -v Error)
-
-
----------------------------------------------------
-Spinnaker pods in Error or CrashLoopBackOff state
----------------------------------------------------
-$(kubectl get pod -n spinnaker | grep 'Crash\|Error')
-
-
----------------------------------------------------
-Spinnaker POD Summary
----------------------------------------------------
-Creating/ImagePullBackOff : $(kubectl get pod -n spinnaker | grep -i 'creating\|ImagePullBackOff' | wc -l) pods
-Init : $(kubectl get pod -n spinnaker | grep Init | grep -v Error | wc -l) pods
-Error/CrashLoopBackOff : $(kubectl get pod -n spinnaker | grep 'Error\|Crash' | wc -l) pods
-Terminating : $(kubectl get pod -n spinnaker | grep -i terminating | wc -l) pods
-Running/Completed : $(kubectl get pod -n spinnaker | grep -i 'running\|completed' | wc -l) pods
-Total : $(kubectl get pod -n spinnaker | grep -v RESTART | wc -l) pods
----------------------------------------------------
-
-
----------------------------------------------------
-Summary of Container Images pulled for Spinnaker
----------------------------------------------------
-Number of Spinnaker containers : $(kubectl get pods -n spinnaker -o jsonpath="{..image}" | tr -s '[[:space:]]' '\n' | sort | uniq | grep '^spin.*' | wc -l)
-Number of non-Spinnaker containers : $(kubectl get pods -n spinnaker -o jsonpath="{..image}" | tr -s '[[:space:]]' '\n' | sort | uniq | grep -v 'spin' | wc -l)
-Total number of containers : $(kubectl get pods -n spinnaker -o jsonpath="{..image}" | tr -s '[[:space:]]' '\n' | sort | uniq | wc -l)
----------------------------------------------------
-EOF
+++ /dev/null
----
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-#
-- name: Load execution mode variables
- include_vars: "{{ execution_mode }}.yaml"
-
-- block:
- - name: Create directories for helm repositories
- file:
- path: "{{ item.path }}"
- state: "{{ item.state }}"
- loop:
- - {path: "{{ engine_workspace }}/offline/charts/stable", state: absent}
- - {path: "{{ engine_workspace }}/offline/charts/stable", state: directory}
- - {path: "{{ engine_workspace }}/offline/charts/local", state: absent}
- - {path: "{{ engine_workspace }}/offline/charts/local", state: directory}
-
- - name: Place index.yaml to webserver stable charts repository
- template:
- src: "index.yaml.j2"
- dest: "{{ engine_workspace }}/offline/charts/stable/index.yaml"
- force: true
-
- - name: Create local repo index (empty initially)
- command: "helm repo index {{ engine_workspace }}/offline/charts/local/"
- creates: "{{ engine_workspace }}/offline/charts/local/index.yaml"
- when: execution_mode == "offline-deployment"
-
-- name: Initialize Helm
- command: helm init --client-only --local-repo-url {{ local_repo_url }} --stable-repo-url {{ stable_repo_url }}
- register: helm_init_result
- changed_when: true
- when: helm_version is version('v3', '<')
-
-- name: Check if stable helm repo exists (helm v3+)
- command: "helm repo list"
- changed_when: true
- failed_when: false
- register: helm_repo_list_result
-
-- name: Add stable helm repo (helm v3+)
- command: "helm repo add stable {{ stable_repo_url }}"
- register: helm_repo_add_stable_result
- changed_when: true
- when: >
- helm_version is version('v3.0.0', '>=')
- and execution_mode == "online-deployment"
- and helm_repo_list_result is not search(stable_repo_url)
-
-- name: Add local helm repo (helm v3+)
- command: "helm repo add local {{ local_repo_url }}"
- register: helm_repo_add_local_result
- changed_when: true
- when: >
- helm_version is version('v3.0.0', '>=')
- and execution_mode == "offline-deployment"
- and helm_repo_list_result is not search(local_repo_url)
-
-- name: Clone Helm Charts repository
- git:
- repo: "{{ helm_charts_git_url }}"
- dest: "{{ engine_cache }}/repos/charts"
- version: "{{ charts_version }}"
- force: true
- recursive: true
- environment:
- http_proxy: "{{ lookup('env','http_proxy') }}"
- https_proxy: "{{ lookup('env','https_proxy') }}"
- no_proxy: "{{ lookup('env','no_proxy') }}"
-
-- name: Generate values.yaml
- template:
- src: "values.yaml.j2"
- dest: "{{ engine_cache }}/repos/charts/stable/spinnaker/values.yaml"
- force: true
-
-- name: Remove previous installations of Spinnaker
- command: >
- helm delete --purge "{{ spinnaker_service }}"
- changed_when: true
- ignore_errors: true
- tags: reset
-
-- name: Remove Spinnaker namespace
- command: >
- kubectl delete ns "{{ spinnaker_namespace }}"
- changed_when: true
- ignore_errors: true
- tags: reset
-
-- name: Create Spinnaker namespace
- k8s:
- state: present
- definition:
- apiVersion: v1
- kind: Namespace
- metadata:
- name: "{{ spinnaker_namespace }}"
-
-- name: Verify Spinnaker Helm charts are available to be deployed
- command: helm search spinnaker -l
- register: helm_search
- changed_when: false
-
-- name: Log Helm chart list to console
- debug:
- msg: "{{ helm_search.stdout_lines }}"
-
-- name: Inform user about Spinnaker deployment
- debug:
- msg: >
- Spinnaker deployment is about to start!
- This takes a while and nothing will be logged to console until the process is completed.
-
-- name: Fetch all helm dependencies for Spinnaker
- command: >
- helm dependency update
- {{ engine_cache }}/repos/charts/stable/spinnaker
- changed_when: true
-
-- name: Install Spinnaker using helm
- command: >
- helm install
- {% if helm_version is version('v3.0.0', '<')%} --name {% endif %}"{{ spinnaker_service }}"
- --namespace "{{ spinnaker_namespace }}"
- --timeout "900{% if helm_version is version('v3.0.0', '>=') %}s{% endif %}"
- {{ engine_cache }}/repos/charts/stable/spinnaker
- register: spinnaker_helm_log
- changed_when: true
-
-- name: Log Spinnaker helm output to console
- debug:
- msg: "{{ spinnaker_helm_log.stdout_lines }}"
-
-# wait 10 minutes for all containers to be started
-- name: Wait for all containers to be started
- shell: |
- set -o pipefail
- kubectl get po -n spinnaker | grep ContainerCreating | wc -l
- register: kube
- changed_when:
- kube.stdout == '0'
- until:
- kube.stdout == '0'
- retries: 60
- delay: 10
-
-# wait 20 minutes for all containers to be initialized
-- block:
- - name: Wait for all containers to be initialized
- shell: |
- set -o pipefail
- kubectl get po -n spinnaker | grep Init | grep -v Error | wc -l
- register: kube
- changed_when:
- kube.stdout == '0'
- until:
- kube.stdout == '0'
- retries: 120
- delay: 10
- always:
- - name: Get POD status
- command: kubectl get po -n spinnaker
- changed_when: false
- register: kube
-
- - name: Log POD status to console
- debug:
- msg: "{{ kube.stdout_lines }}"
-
- - name: Get summary of Spinnaker deployment
- script: log-spinnaker-status.sh
- register: spinnaker_status
-
- - name: Log Spinnaker status to console
- debug:
- msg: "{{ spinnaker_status.stdout_lines }}"
-
-# vim: set ts=2 sw=2 expandtab:
+++ /dev/null
-apiVersion: v1
-entries:
- spinnaker:
- - apiVersion: v1
- description: Open source, multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence.
- name: spinnaker
- version: {{ spinnaker_version }}
- appVersion: {{ spinnaker_app_version }}
- home: http://spinnaker.io/
- sources:
- - https://github.com/spinnaker
- - https://github.com/viglesiasce/images
- icon: https://pbs.twimg.com/profile_images/669205226994319362/O7OjwPrh_400x400.png
- maintainers:
- - name: viglesiasce
- email: viglesias@google.com
- - name: ezimanyi
- email: ezimanyi@google.com
- - name: dwardu89
- email: hello@dwardu.com
- - name: paulczar
- email: username.taken@gmail.com
+++ /dev/null
-halyard:
- spinnakerVersion: {{ spinnaker_app_version }}
- image:
- repository: {{ gcrio_image_repository }}/spinnaker-marketplace/halyard
- tag: {{ spinnaker_version }}
- pullSecrets: []
- # Set to false to disable persistence data volume for halyard
- persistence:
- enabled: false
- # Provide a config map with Hal commands that will be run the core config (storage)
- # The config map should contain a script in the config.sh key
- additionalScripts:
- enabled: false
- configMapName: my-halyard-config
- configMapKey: config.sh
- # If you'd rather do an inline script, set create to true and put the content in the data dict like you would a configmap
- # The content will be passed through `tpl`, so value interpolation is supported.
- create: false
- data: {}
- additionalSecrets:
- create: false
- data: {}
- ## Uncomment if you want to use a pre-created secret rather than feeding data in via helm.
- # name:
- additionalConfigMaps:
- create: false
- data: {}
- ## Uncomment if you want to use a pre-created ConfigMap rather than feeding data in via helm.
- # name:
- ## Define custom profiles for Spinnaker services. Read more for details:
- ## https://www.spinnaker.io/reference/halyard/custom/#custom-profiles
- ## The contents of the files will be passed through `tpl`, so value interpolation is supported.
- additionalProfileConfigMaps:
- data: {}
- ## if you're running spinnaker behind a reverse proxy such as a GCE ingress
- ## you may need the following profile settings for the gate profile.
- ## see https://github.com/spinnaker/spinnaker/issues/1630
- ## otherwise its harmless and will likely become default behavior in the future
- ## According to the linked github issue.
- # gate-local.yml:
- # server:
- # tomcat:
- # protocolHeader: X-Forwarded-Proto
- # remoteIpHeader: X-Forwarded-For
- # internalProxies: .*
- # httpsServerPort: X-Forwarded-Port
-
- ## Define custom settings for Spinnaker services. Read more for details:
- ## https://www.spinnaker.io/reference/halyard/custom/#custom-service-settings
- ## You can use it to add annotations for pods, override the image, etc.
- additionalServiceSettings: {}
- # deck.yml:
- # artifactId: gcr.io/spinnaker-marketplace/deck:2.9.0-20190412012808
- # kubernetes:
- # podAnnotations:
- # iam.amazonaws.com/role: <role_arn>
- # clouddriver.yml:
- # kubernetes:
- # podAnnotations:
- # iam.amazonaws.com/role: <role_arn>
-
- ## Populate to provide a custom local BOM for Halyard to use for deployment. Read more for details:
- ## https://www.spinnaker.io/guides/operator/custom-boms/#boms-and-configuration-on-your-filesystem
- bom: ~
- # artifactSources:
- # debianRepository: https://dl.bintray.com/spinnaker-releases/debians
- # dockerRegistry: gcr.io/spinnaker-marketplace
- # gitPrefix: https://github.com/spinnaker
- # googleImageProject: marketplace-spinnaker-release
- # services:
- # clouddriver:
- # commit: 031bcec52d6c3eb447095df4251b9d7516ed74f5
- # version: 6.3.0-20190904130744
- # deck:
- # commit: b0aac478e13a7f9642d4d39479f649dd2ef52a5a
- # version: 2.12.0-20190916141821
- # ...
- # timestamp: '2019-09-16 18:18:44'
- # version: 1.16.1
-
- ## Define local configuration for Spinnaker services.
- ## The contents of these files would be copies of the configuration normally retrieved from
- ## `gs://halconfig/<service-name>`, but instead need to be available locally on the halyard pod to facilitate
- ## offline installation. This would typically be used along with a custom `bom:` with the `local:` prefix on a
- ## service version.
- ## Read more for details:
- ## https://www.spinnaker.io/guides/operator/custom-boms/#boms-and-configuration-on-your-filesystem
- ## The key for each entry must be the name of the service and a file name separated by the '_' character.
- serviceConfigs: {}
- # clouddriver_clouddriver-ro.yml: |-
- # ...
- # clouddriver_clouddriver-rw.yml: |-
- # ...
- # clouddriver_clouddriver.yml: |-
- # ...
- # deck_settings.json: |-
- # ...
- # echo_echo.yml: |-
- # ...
-
- ## Uncomment if you want to add extra commands to the init script
- ## run by the init container before halyard is started.
- ## The content will be passed through `tpl`, so value interpolation is supported.
- # additionalInitScript: |-
-
- ## Uncomment if you want to add annotations on halyard and install-using-hal pods
- # annotations:
- # iam.amazonaws.com/role: <role_arn>
-
- ## Uncomment the following resources definitions to control the cpu and memory
- # resources allocated for the halyard pod
- resources: {}
- # requests:
- # memory: "1Gi"
- # cpu: "100m"
- # limits:
- # memory: "2Gi"
- # cpu: "200m"
-
- ## Uncomment if you want to set environment variables on the Halyard pod.
- # env:
- # - name: JAVA_OPTS
- # value: -Dhttp.proxyHost=proxy.example.com
- customCerts:
- ## Enable to override the default cacerts with your own one
- enabled: false
- secretName: custom-cacerts
-
-# Define which registries and repositories you want available in your
-# Spinnaker pipeline definitions
-# For more info visit:
-# https://www.spinnaker.io/setup/providers/docker-registry/
-
-# Configure your Docker registries here
-dockerRegistries:
-- name: dockerhub
- address: index.docker.io
- repositories:
- - library/alpine
- - library/ubuntu
- - library/centos
- - library/nginx
-# - name: gcr
-# address: https://gcr.io
-# username: _json_key
-# password: '<INSERT YOUR SERVICE ACCOUNT JSON HERE>'
-# email: 1234@5678.com
-
-# If you don't want to put your passwords into a values file
-# you can use a pre-created secret instead of putting passwords
-# (specify secret name in below `dockerRegistryAccountSecret`)
-# per account above with data in the format:
-# <name>: <password>
-
-# dockerRegistryAccountSecret: myregistry-secrets
-
-kubeConfig:
- # Use this when you want to register arbitrary clusters with Spinnaker
- # Upload your ~/kube/.config to a secret
- enabled: false
- secretName: my-kubeconfig
- secretKey: config
- # Use this when you want to configure halyard to reference a kubeconfig from s3
- # This allows you to keep your kubeconfig in an encrypted s3 bucket
- # For more info visit:
- # https://www.spinnaker.io/reference/halyard/secrets/s3-secrets/#secrets-in-s3
- # encryptedKubeconfig: encrypted:s3!r:us-west-2!b:mybucket!f:mykubeconfig
- # List of contexts from the kubeconfig to make available to Spinnaker
- contexts:
- - default
- deploymentContext: default
- omittedNameSpaces:
- - kube-system
- - kube-public
- onlySpinnakerManaged:
- enabled: false
-
- # When false, clouddriver will skip the permission checks for all kubernetes kinds at startup.
- # This can save a great deal of time during clouddriver startup when you have many kubernetes
- # accounts configured. This disables the log messages at startup about missing permissions.
- checkPermissionsOnStartup: true
-
- # A list of resource kinds this Spinnaker account can deploy to and will cache.
- # When no kinds are configured, this defaults to ‘all kinds'.
- # kinds:
- # -
-
- # A list of resource kinds this Spinnaker account cannot deploy to or cache.
- # This can only be set when –kinds is empty or not set.
- # omittedKinds:
- # -
-
-# Change this if youd like to expose Spinnaker outside the cluster
-ingress:
- enabled: false
- # host: spinnaker.example.org
- # annotations:
- # ingress.kubernetes.io/ssl-redirect: 'true'
- # kubernetes.io/ingress.class: nginx
- # kubernetes.io/tls-acme: "true"
- # tls:
- # - secretName: -tls
- # hosts:
- # - domain.com
-
-ingressGate:
- enabled: false
- # host: gate.spinnaker.example.org
- # annotations:
- # ingress.kubernetes.io/ssl-redirect: 'true'
- # kubernetes.io/ingress.class: nginx
- # kubernetes.io/tls-acme: "true"
- # tls:
- # - secretName: -tls
- # hosts:
- # - domain.com
-
-# spinnakerFeatureFlags is a list of Spinnaker feature flags to enable
-# Ref: https://www.spinnaker.io/reference/halyard/commands/#hal-config-features-edit
-# spinnakerFeatureFlags:
-# - artifacts
-# - pipeline-templates
-spinnakerFeatureFlags:
- - artifacts
- - jobs
-
-# Node labels for pod assignment
-# Ref: https://kubernetes.io/docs/user-guide/node-selection/
-# nodeSelector to provide to each of the Spinnaker components
-nodeSelector: {}
-
-# Redis password to use for the in-cluster redis service
-# Enable redis to use in-cluster redis
-redis:
- enabled: true
- # External Redis option will be enabled if in-cluster redis is disabled
- external:
- host: "<EXTERNAL-REDIS-HOST-NAME>"
- port: 6379
- # password: ""
- password: password
- nodeSelector: {}
- cluster:
- enabled: false
-# Uncomment if you don't want to create a PVC for redis
- master:
- persistence:
- enabled: false
-
-# Minio access/secret keys for the in-cluster S3 usage
-# Minio is not exposed publically
-minio:
- enabled: true
- imageTag: RELEASE.2019-02-13T19-48-27Z
- serviceType: ClusterIP
- accessKey: spinnakeradmin
- secretKey: spinnakeradmin
- bucket: "spinnaker"
- nodeSelector: {}
-# Uncomment if you don't want to create a PVC for minio
- persistence:
- enabled: false
-
-# Google Cloud Storage
-gcs:
- enabled: false
- project: my-project-name
- bucket: "<GCS-BUCKET-NAME>"
- ## if jsonKey is set, will create a secret containing it
- jsonKey: '<INSERT CLOUD STORAGE JSON HERE>'
- ## override the name of the secret to use for jsonKey, if `jsonKey`
- ## is empty, it will not create a secret assuming you are creating one
- ## external to the chart. the key for that secret should be `key.json`.
- secretName:
-
-# AWS Simple Storage Service
-s3:
- enabled: false
- bucket: "<S3-BUCKET-NAME>"
- # rootFolder: "front50"
- # region: "us-east-1"
- # endpoint: ""
- # accessKey: ""
- # secretKey: ""
- # assumeRole: "<role to assume>"
-
-# Azure Storage Account
-azs:
- enabled: false
-# storageAccountName: ""
-# accessKey: ""
-# containerName: "spinnaker"
-
-rbac:
- # Specifies whether RBAC resources should be created
- create: true
-
-serviceAccount:
- # Specifies whether a ServiceAccount should be created
- create: true
- # The name of the ServiceAccounts to use.
- # If left blank it is auto-generated from the fullname of the release
- halyardName:
- spinnakerName:
-securityContext:
- # Specifies permissions to write for user/group
- runAsUser: 1000
- fsGroup: 1000
import_playbook: "../apps/prometheus/kubespray/playbooks/install.yml"
tags: postinstall
+- name: Install Minio
+ import_playbook: "../apps/minio/install.yml"
+ tags: postinstall
+
- name: Install Spinnaker
- import_playbook: "../apps/spinnaker/kubespray/playbooks/install.yml"
+ import_playbook: "../apps/spinnaker-halyard/install.yml"
tags: postinstall
# vim: set ts=2 sw=2 expandtab:
Code Review / infra / stack / kubernetes.git / commitdiff