Last active
July 28, 2022 18:53
-
-
Save jvasallo/2474abc8443a5c907e5458f70a02258d to your computer and use it in GitHub Desktop.
Example Spinnaker Operator Config with IAP enabled
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: spinnaker.io/v1alpha2 | |
kind: SpinnakerService | |
metadata: | |
name: spinnaker | |
namespace: spinnaker | |
spec: | |
spinnakerConfig: | |
config: | |
version: 1.27.0 # the version of Spinnaker to be deployed | |
persistentStorage: | |
persistentStoreType: gcs | |
gcs: | |
bucket: some-gcp-bucketname # Change to a unique name. Spinnaker stores application and pipeline definitions here | |
project: some-gcp-projectname | |
rootFolder: front50 | |
jsonPath: front50-sa.json | |
bucketLocation: US | |
security: | |
uiSecurity: | |
overrideBaseUrl: https://spinnaker.company.com | |
apiSecurity: | |
overrideBaseUrl: https://spinnaker.company.com/api/v1 | |
corsAccessPattern: https://spinnaker.company.com | |
authn: | |
iap: | |
enabled: true | |
# Paste your IAP Signed JWT Header Audience (will look like below): | |
audience: #/projects/XX/global/backendServices/YY | |
#jwtHeader: | |
#issuerId: | |
#iapVerifyKeyUrl: | |
providers: | |
kubernetes: | |
enabled: true | |
accounts: | |
- name: stage-k8s | |
requiredGroupMembership: [] | |
providerVersion: V2 | |
permissions: {} | |
dockerRegistries: [] | |
configureImagePullSecrets: true | |
cacheThreads: 1 | |
namespaces: [] # Change if you only want to deploy to specific namespaces | |
omitNamespaces: [] | |
kinds: [] | |
omitKinds: [] | |
customResources: [] | |
cachingPolicies: [] | |
oAuthScopes: [] | |
onlySpinnakerManaged: true | |
kubeconfigFile: stage-k8s-spinnaker-service-account | |
primaryAccount: stage-k8s # Change to a desired account from the accounts array | |
features: | |
artifacts: true # Not strictly necessary for Kubernetes but will be useful in general | |
files: | |
clouddriver-sa.json: | | |
{} | |
front50-sa.json: | | |
{} | |
stage-k8s-spinnaker-service-account: | | |
apiVersion: v1 | |
clusters: | |
- cluster: | |
certificate-authority-data: some-cert-data | |
server: https://some-ip | |
name: some-cluster-name | |
contexts: | |
- context: | |
cluster: some-cluster-name | |
namespace: spinnaker | |
user: spinnaker-token-user | |
name: spinnaker | |
current-context: spinnaker | |
kind: Config | |
preferences: {} | |
users: | |
- name: spinnaker-token-user | |
user: | |
token: something | |
profiles: | |
# https://github.com/armory/spinnaker-operator/blob/master/doc/options.md | |
gate: | |
swagger.basePath: /api/v1 | |
server: | |
servlet: | |
context-path: /api/v1 | |
service-settings: | |
gate: | |
healthEndpoint: /api/v1/health | |
# spec.expose - This section defines how Spinnaker should be publicly exposed | |
expose: | |
type: service # Kubernetes LoadBalancer type (service/ingress) | |
service: | |
type: NodePort | |
overrides: | |
gate: | |
publicPort: 8084 # (Optional). Port used to expose Gate. | |
annotations: | |
cloud.google.com/backend-config: '{"default": "spin-gate-hc-config"}' | |
deck: | |
publicPort: 9000 # (Optional). Port used to expose Deck. | |
annotations: | |
cloud.google.com/backend-config: '{"default": "spin-deck-hc-config"}' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment