Skip to content

Instantly share code, notes, and snippets.

@jasonmcintosh

jasonmcintosh/spinnaker.yml

Last active October 6, 2022 15:59
Show Gist options
  • Save jasonmcintosh/863adf660676d806e7bbb14465891ec8 to your computer and use it in GitHub Desktop.
Save jasonmcintosh/863adf660676d806e7bbb14465891ec8 to your computer and use it in GitHub Desktop.
Download ZIP
BAREBONES Armory Spinnaker yaml connected to a mysql db
Raw
spinnaker.yml
apiVersion: v1
kind: PersistentVolume
metadata:
name: mysql-pv-spinnaker
labels:
type: local
spec:
storageClassName: spinnaker
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/mnt/data/spinnaker"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-pv-spinnaker
namespace: spinnaker
spec:
storageClassName: spinnaker
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: Service
metadata:
name: mysql
namespace: spinnaker
spec:
ports:
- port: 3306
selector:
app: mysql
clusterIP: None
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
namespace: spinnaker
spec:
selector:
matchLabels:
app: mysql
strategy:
type: Recreate
template:
metadata:
labels:
app: mysql
spec:
containers:
- image: mysql:5.7
name: mysql
env:
# Use secret in real usage
- name: MYSQL_ROOT_PASSWORD
value: password
ports:
- containerPort: 3306
name: mysql
volumeMounts:
- name: mysql-storage
mountPath: /var/lib/mysql
volumes:
- name: mysql-storage
persistentVolumeClaim:
claimName: mysql-pv-spinnaker
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: spinnaker
name: spinnaker
spec:
rules:
- host: spinnaker.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: spin-deck
port:
number: 9000
- path: /api/v1/
pathType: Prefix
backend:
service:
name: spin-gate
port:
number: 8084
---
apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
name: spinnaker
namespace: spinnaker
spec:
spinnakerConfig:
config:
persistentStorage:
persistentStoreType: s3
armory:
dinghy:
enabled: false
terraform:
enabled: false
diagnostics:
uuid: jason-mcintosh-local
enabled: false
logging:
enabled: false
endpoint: https://debug.armory.io/v1/logs
features:
artifacts: true
pipelineTemplates: true
notifications:
providers:
aws:
enabled: true
kubernetes:
enabled: true
accounts:
- name: spin-local
onlySpinnakerManaged: true
serviceAccount: true
namespaces:
- spinnaker
- name: ns-demo
onlySpinnakerManaged: true
serviceAccount: true
namespaces:
- demo
security:
apiSecurity:
overrideBaseUrl: http://spinnaker.example.com:8080/api/v1
ssl:
enabled: false
authn:
enabled: true
oauth2:
enabled: true
provider: OTHER
authz:
enabled: true
groupMembership:
service: EXTERNAL
uiSecurity:
overrideBaseUrl: http://spinnaker.example.com:8080
ssl:
enabled: false
stats:
enabled: false
instanceId: disable-echo-always-recreating
telemetry:
connectionTimeoutMillis: 3000
enabled: true
endpoint: https://stats.spinnaker.io
readTimeoutMillis: 5000
timezone: America/Chicago
version: 2.28.0
profiles:
clouddriver:
credentials:
poller:
enabled: true
redis:
cache:
enabled: false
enabled: false
scheduler:
enabled: false
taskRepository:
enabled: false
sql:
cache:
enabled: true
readBatchSize: 100
writeBatchSize: 100
connectionPools:
default:
default: true
jdbcUrl: jdbc:mysql://mysql:3306/clouddriver
password: password
user: root
enabled: true
migration:
jdbcUrl: jdbc:mysql://mysql:3306/clouddriver
password: password
user: root
scheduler:
enabled: true
taskRepository:
enabled: true
unknown-agent-cleanup-agent:
enabled: true
udf:
defaultLegacyUdf: false
enabled: true
udfRoot: /opt/spinnaker/config/udf
deck:
settings-local.js: |
window.spinnakerSettings.feature.kustomizeEnabled = true;
window.spinnakerSettings.feature.artifactsRewrite = true;
window.spinnakerSettings.feature.functions = true;
window.spinnakerSettings.kubernetesAdHocInfraWritesEnabled = true;
window.spinnakerSettings.authEnabled = true;
window.spinnakerSettings.feature.terraform = true;
dinghy:
Logging:
Level: INFO
spinnaker:
extensibility:
plugins:
Armory.ObservabilityPlugin:
config.metrics:
newrelic:
apiKey: ""
echo:
resilience4j.circuitbreaker:
instances:
telemetry:
registerHealthIndicator: false
sql:
enabled: true
connectionPool:
jdbcUrl: jdbc:mysql://mysql:3306/echo
password: password
user: root
migration:
jdbcUrl: jdbc:mysql://mysql:3306/echo
password: password
user: root
front50:
spinnaker.s3.enabled: false
sql:
enabled: true
connectionPools:
default:
default: true
jdbcUrl: jdbc:mysql://mysql:3306/echo
password: password
user: root
migration:
jdbcUrl: jdbc:mysql://mysql:3306/echo
password: password
user: root
gate:
security:
basicform:
enabled: true
user:
name: admin
password: PASSWORD_REPLACE_ME
server:
servlet:
context-path: /api/v1
tomcat:
httpsServerPort: X-Forwarded-Port
internalProxies: .*
protocolHeader: X-Forwarded-Proto
remoteIpHeader: X-Forwarded-For
spinnaker:
extensibility:
deck-proxy:
enabled: true
plugins:
Armory.EvaluateArtifactsPlugin:
enabled: true
version: 0.1.1
Aws.LambdaDeploymentPlugin:
enabled: true
version: 1.0.9
plugins:
Armory.InstanceRegistration:
enabled: true
igor:
locking:
enabled: true
spinnaker:
pollingSafeguard:
itemUpperThreshold: 10000
orca:
executionRepository:
redis:
enabled: false
sql:
enabled: true
monitor:
activeExecutions:
redis: false
sql:
connectionPool:
connectionTimeout: 5000
jdbcUrl: jdbc:mysql://mysql:3306/orca
maxLifetime: 30000
maxPoolSize: 50
password: password
user: root
enabled: true
migration:
jdbcUrl: jdbc:mysql://mysql:3306/orca
password: password
user: root
spinnaker:
management:
endpoints.web:
exposure.include: health,info,aop-prometheus,refresh
default:
server:
http2:
enabled: false
tomcat:
max-http-header-size: 512KB
max-http-header-size: 512KB
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_AES_128_GCM_SHA256
tlsVersions:
- TLSv1.2
- TLSv1.3
logging:
level:
com.amazonaws.latency: WARN
com.netflix.spinnaker.clouddriver.cache: WARN
com.netflix.spinnaker.clouddriver.kubernetes.OpaDeployDescriptionValidator: DEBUG
io.armory.spinnaker.front50.validator.validator.OpenPolicyAgentValidator: INFO
ok-http-client:
connectTimeoutMs: 15000
maxRequests: 256
maxRequestsPerHost: 256
readTimeoutMs: 60000
spinnaker:
extensibility:
deck-proxy:
enabled: true
plugins:
Armory.ArmoryHeader:
enabled: true
version: 0.0.3
plugins-path: /opt/gate/deck-plugins
plugins:
Armory.EvaluateArtifactsPlugin:
enabled: true
version: 0.1.1
Armory.ObservabilityPlugin:
config.metrics:
prometheus:
enabled: true
meterRegistryConfig:
armoryRecommendedFiltersEnabled: false
enabled: true
version: 1.3.1
Aws.LambdaDeploymentPlugin:
enabled: true
extensions:
Aws.LambdaDeploymentStage:
enabled: true
version: 1.0.9
repositories:
armory-observability-plugin-releases:
url: https://raw.githubusercontent.com/armory-plugins/armory-observability-plugin-releases/master/repositories.json
awsLambdaDeploymentPluginRepo:
url: https://raw.githubusercontent.com/spinnaker-plugins/aws-lambda-deployment-plugin-spinnaker/master/plugins.json
evaluate-artifacts-releases:
url: https://raw.githubusercontent.com/armory-plugins/evaluate-artifacts-releases/master/repositories.json
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment