kind: ConfigMap apiVersion: v1 metadata: name: default-config namespace: armory data: barometer.yml: | server: port: 9092 spinnaker: redis: host: ${services.redis.host} port: ${services.redis.port} clouddriver-armory.yml: | aws: defaultAssumeRole: role/${SPINNAKER_AWS_DEFAULT_ASSUME_ROLE:SpinnakerManagedProfile} accounts: - name: default-aws-account accountId: ${SPINNAKER_AWS_DEFAULT_ACCOUNT_ID:none} client: maxErrorRetry: 20 serviceLimits: cloudProviderOverrides: aws: rateLimit: 15.0 implementationLimits: AmazonAutoScaling: defaults: rateLimit: 3.0 AmazonElasticLoadBalancing: defaults: rateLimit: 5.0 security.basic.enabled: false management.security.enabled: false clouddriver-dev.yml: | # # Limit cloud provider polling as to not hit rate limits. # serviceLimits: defaults: rateLimit: 2 clouddriver.yml: | server: port: ${services.clouddriver.port:7002} address: ${services.clouddriver.host:localhost} redis: connection: ${REDIS_HOST:redis://localhost:6379} udf: # Controls whether UserDataProviders are used to populate user data of new # server groups. If false, user data is copied over from ancestor server # groups on both CopyLastAsgAtomicOperation and # ModifyAsgLaunchConfigurationOperation (only if no user data is provided # on the given request). enabled: ${services.clouddriver.aws.udf.enabled:true} udfRoot: /opt/spinnaker/config/udf defaultLegacyUdf: false default: account: env: ${providers.aws.primaryCredentials.name} aws: # AWS Credentials are passed either as environment variables or through # a standard AWS file $HOME/.aws/credentials # See providers.aws.primaryCredentials in spinnaker.yml for more # info on setting environment variables. enabled: ${providers.aws.enabled:false} defaults: iamRole: ${providers.aws.defaultIAMRole:BaseIAMRole} defaultRegions: - name: ${providers.aws.defaultRegion:us-east-1} defaultFront50Template: ${services.front50.baseUrl} defaultKeyPairTemplate: ${providers.aws.defaultKeyPairTemplate} azure: enabled: ${providers.azure.enabled:false} accounts: - name: ${providers.azure.primaryCredentials.name} clientId: ${providers.azure.primaryCredentials.clientId} appKey: ${providers.azure.primaryCredentials.appKey} tenantId: ${providers.azure.primaryCredentials.tenantId} subscriptionId: ${providers.azure.primaryCredentials.subscriptionId} google: enabled: ${providers.google.enabled:false} accounts: - name: ${providers.google.primaryCredentials.name} project: ${providers.google.primaryCredentials.project} jsonPath: ${providers.google.primaryCredentials.jsonPath} consul: enabled: ${providers.google.primaryCredentials.consul.enabled:false} cf: enabled: ${providers.cf.enabled:false} accounts: - name: ${providers.cf.primaryCredentials.name} api: ${providers.cf.primaryCredentials.api} console: ${providers.cf.primaryCredentials.console} org: ${providers.cf.defaultOrg} space: ${providers.cf.defaultSpace} username: ${providers.cf.account.name:} password: ${providers.cf.account.password:} kubernetes: enabled: ${providers.kubernetes.enabled:false} accounts: - name: ${providers.kubernetes.primaryCredentials.name} dockerRegistries: - accountName: ${providers.kubernetes.primaryCredentials.dockerRegistryAccount} openstack: enabled: ${providers.openstack.enabled:false} accounts: - name: ${providers.openstack.primaryCredentials.name} authUrl: ${providers.openstack.primaryCredentials.authUrl} username: ${providers.openstack.primaryCredentials.username} password: ${providers.openstack.primaryCredentials.password} projectName: ${providers.openstack.primaryCredentials.projectName} domainName: ${providers.openstack.primaryCredentials.domainName:Default} regions: ${providers.openstack.primaryCredentials.regions} insecure: ${providers.openstack.primaryCredentials.insecure:false} userDataFile: ${providers.openstack.primaryCredentials.userDataFile:} # The Openstack API requires that the load balancer be in an ACTIVE # state for it to create associated relationships (i.e. listeners, # pools, monitors). Each modification will cause the load balancer to # go into a PENDING state and back to ACTIVE once the change has been # made. Depending on your implementation, the timeout and polling # intervals would need to be adjusted, especially if testing out # Spinnaker with Devstack or another resource constrained enviroment lbaas: pollTimeout: 60 pollInterval: 5 dockerRegistry: enabled: ${providers.dockerRegistry.enabled:false} accounts: - name: ${providers.dockerRegistry.primaryCredentials.name} address: ${providers.dockerRegistry.primaryCredentials.address} username: ${providers.dockerRegistry.primaryCredentials.username:} passwordFile: ${providers.dockerRegistry.primaryCredentials.passwordFile} credentials: primaryAccountTypes: ${providers.aws.primaryCredentials.name}, ${providers.google.primaryCredentials.name}, ${providers.cf.primaryCredentials.name}, ${providers.azure.primaryCredentials.name} challengeDestructiveActionsEnvironments: ${providers.aws.primaryCredentials.name}, ${providers.google.primaryCredentials.name}, ${providers.cf.primaryCredentials.name}, ${providers.azure.primaryCredentials.name} spectator: applicationName: ${spring.application.name} webEndpoint: enabled: ${services.spectator.webEndpoint.enabled:false} prototypeFilter: path: ${services.spectator.webEndpoint.prototypeFilter.path:} stackdriver: enabled: ${services.stackdriver.enabled} projectName: ${services.stackdriver.projectName} credentialsPath: ${services.stackdriver.credentialsPath} stackdriver: hints: - name: controller.invocations labels: - account - region dinghy.yml: "" echo-armory.yml: | diagnostics: enabled: true id: ${ARMORY_ID:unknown} armorywebhooks: enabled: false forwarding: baseUrl: http://armory-dinghy:8081 endpoint: v1/webhooks echo-noncron.yml: | scheduler: enabled: false echo.yml: | server: port: ${services.echo.port:8089} address: ${services.echo.host:localhost} cassandra: enabled: ${services.echo.cassandra.enabled:false} embedded: ${services.cassandra.embedded:false} host: ${services.cassandra.host:localhost} spinnaker: baseUrl: ${services.deck.baseUrl} cassandra: enabled: ${services.echo.cassandra.enabled:false} inMemory: enabled: ${services.echo.inMemory.enabled:true} front50: baseUrl: ${services.front50.baseUrl:http://localhost:8080 } orca: baseUrl: ${services.orca.baseUrl:http://localhost:8083 } endpoints.health.sensitive: false slack: enabled: ${services.echo.notifications.slack.enabled:false} token: ${services.echo.notifications.slack.token} spring: mail: host: ${mail.host} mail: enabled: ${services.echo.notifications.mail.enabled:false} host: ${services.echo.notifications.mail.host} from: ${services.echo.notifications.mail.fromAddress} hipchat: enabled: ${services.echo.notifications.hipchat.enabled:false} baseUrl: ${services.echo.notifications.hipchat.url} token: ${services.echo.notifications.hipchat.token} twilio: enabled: ${services.echo.notifications.sms.enabled:false} baseUrl: ${services.echo.notifications.sms.url:https://api.twilio.com/ } account: ${services.echo.notifications.sms.account} token: ${services.echo.notifications.sms.token} from: ${services.echo.notifications.sms.from} scheduler: enabled: ${services.echo.cron.enabled:true} threadPoolSize: 20 triggeringEnabled: true pipelineConfigsPoller: enabled: true pollingIntervalMs: 30000 cron: timezone: ${services.echo.cron.timezone} spectator: applicationName: ${spring.application.name} webEndpoint: enabled: ${services.spectator.webEndpoint.enabled:false} prototypeFilter: path: ${services.spectator.webEndpoint.prototypeFilter.path:} stackdriver: enabled: ${services.stackdriver.enabled} projectName: ${services.stackdriver.projectName} credentialsPath: ${services.stackdriver.credentialsPath} webhooks: artifacts: enabled: true fetch.sh: |+ #!/bin/bash -xe CONFIG_LOCATION=${SPINNAKER_HOME:-"/opt/spinnaker"}/config CONTAINER=$1 rm -f /opt/spinnaker/config/*.yml mkdir -p ${CONFIG_LOCATION} # Setup the default configuration that comes with a distribution for filename in /opt/spinnaker/config/default/*.yml; do cp $filename ${CONFIG_LOCATION} done # User specific config if [ -d /opt/spinnaker/config/custom ]; then for filename in /opt/spinnaker/config/custom/*; do cp $filename ${CONFIG_LOCATION} done fi add_ca_certs() { # if CA exists, mount it into the default JKS store ca_cert_path="$1" jks_path="$2" alias="$3" if [[ "$(whoami)" != "root" ]]; then echo "INFO: I do not have proper permisions to add CA roots" return fi if [[ ! -f ${ca_cert_path} ]]; then echo "INFO: No CA cert found at ${ca_cert_path}" return fi keytool -importcert \ -file ${ca_cert_path} \ -keystore ${jks_path} \ -alias ${alias} \ -storepass changeit \ -noprompt } if [ `which keytool` ]; then echo "INFO: Keytool found adding certs where appropriate" add_ca_certs "${CONFIG_LOCATION}/ca.crt" "/etc/ssl/certs/java/cacerts" "custom-ca" #we'll want to add saml, oauth, authn/authz stuff here too else echo "INFO: Keytool not found, not adding any certs/private keys" fi saml_pem_path="/opt/spinnaker/config/custom/saml.pem" saml_pkcs12_path="/tmp/saml.pkcs12" saml_jks_path="${CONFIG_LOCATION}/saml.jks" # for x509 x509_ca_cert_path="/opt/spinnaker/config/custom/x509ca.crt" x509_client_cert_path="/opt/spinnaker/config/custom/x509client.crt" x509_jks_path="${CONFIG_LOCATION}/x509.jks" x509_nginx_cert_path="/opt/nginx/certs/ssl.crt" if [ "${CONTAINER}" == "gate" ]; then if [ -f ${saml_pem_path} ]; then echo "Loading ${saml_pem_path} into ${saml_jks_path}" # Convert PEM to PKCS12 with a password. openssl pkcs12 -export -out ${saml_pkcs12_path} -in ${saml_pem_path} -password pass:changeit -name saml keytool -genkey -v -keystore ${saml_jks_path} -alias saml \ -keyalg RSA -keysize 2048 -validity 10000 \ -storepass changeit -keypass changeit -dname "CN=armory" keytool -importkeystore \ -srckeystore ${saml_pkcs12_path} \ -srcstoretype PKCS12 \ -srcstorepass changeit \ -destkeystore ${saml_jks_path} \ -deststoretype JKS \ -storepass changeit \ -alias saml \ -destalias saml \ -noprompt else echo "No SAML IDP pemfile found at ${saml_pem_path}" fi if [ -f ${x509_ca_cert_path} ]; then echo "Loading ${x509_ca_cert_path} into ${x509_jks_path}" add_ca_certs ${x509_ca_cert_path} ${x509_jks_path} "ca" else echo "No x509 CA cert found at ${x509_ca_cert_path}" fi if [ -f ${x509_client_cert_path} ]; then echo "Loading ${x509_client_cert_path} into ${x509_jks_path}" add_ca_certs ${x509_client_cert_path} ${x509_jks_path} "client" else echo "No x509 Client cert found at ${x509_client_cert_path}" fi if [ -f ${x509_nginx_cert_path} ]; then echo "Creating a self-signed CA (EXPIRES IN 360 DAYS) with java keystore: ${x509_jks_path}" echo -e "\n\n\n\n\n\ny\n" | keytool -genkey -keyalg RSA -alias server -keystore keystore.jks -storepass changeit -validity 360 -keysize 2048 keytool -importkeystore \ -srckeystore keystore.jks \ -srcstorepass changeit \ -destkeystore "${x509_jks_path}" \ -storepass changeit \ -srcalias server \ -destalias server \ -noprompt else echo "No x509 nginx cert found at ${x509_nginx_cert_path}" fi fi if [ "${CONTAINER}" == "nginx" ]; then nginx_conf_path="/opt/spinnaker/config/default/nginx.conf" if [ -f ${nginx_conf_path} ]; then cp ${nginx_conf_path} /etc/nginx/nginx.conf fi fi fiat.yml: |- server: port: ${services.fiat.port:7003} address: ${services.fiat.host:localhost} redis: connection: ${services.redis.connection:redis://localhost:6379} spectator: applicationName: ${spring.application.name} webEndpoint: enabled: ${services.spectator.webEndpoint.enabled:false} prototypeFilter: path: ${services.spectator.webEndpoint.prototypeFilter.path:} stackdriver: enabled: ${services.stackdriver.enabled} projectName: ${services.stackdriver.projectName} credentialsPath: ${services.stackdriver.credentialsPath} hystrix: command: default.execution.isolation.thread.timeoutInMilliseconds: 20000 logging: level: com.netflix.spinnaker.fiat: DEBUG front50-armory.yml: | spinnaker: redis: enabled: true host: redis front50.yml: | server: port: ${services.front50.port:8080} address: ${services.front50.host:localhost} hystrix: command: default.execution.isolation.thread.timeoutInMilliseconds: 15000 cassandra: enabled: ${services.front50.cassandra.enabled:false} embedded: ${services.cassandra.embedded:false} host: ${services.cassandra.host:localhost} aws: simpleDBEnabled: ${providers.aws.simpleDBEnabled:false} defaultSimpleDBDomain: ${providers.aws.defaultSimpleDBDomain} spinnaker: cassandra: enabled: ${services.front50.cassandra.enabled:false} host: ${services.cassandra.host:localhost} port: ${services.cassandra.port:9042} cluster: ${services.cassandra.cluster:CASS_SPINNAKER} keyspace: front50 name: global redis: enabled: ${services.front50.redis.enabled:false} gcs: enabled: ${services.front50.gcs.enabled:false} bucket: ${services.front50.storage_bucket:} # See https://cloud.google.com/storage/docs/managing-buckets#manage-class-location bucketLocation: ${services.front50.bucket_location:} rootFolder: ${services.front50.rootFolder:front50} project: ${providers.google.primaryCredentials.project} jsonPath: ${providers.google.primaryCredentials.jsonPath} s3: enabled: ${services.front50.s3.enabled:false} bucket: ${services.front50.storage_bucket:} rootFolder: ${services.front50.rootFolder:front50} spectator: applicationName: ${spring.application.name} webEndpoint: enabled: ${services.spectator.webEndpoint.enabled:false} prototypeFilter: path: ${services.spectator.webEndpoint.prototypeFilter.path:} stackdriver: enabled: ${services.stackdriver.enabled} projectName: ${services.stackdriver.projectName} credentialsPath: ${services.stackdriver.credentialsPath} stackdriver: hints: - name: controller.invocations labels: - application - cause - name: aws.request.httpRequestTime labels: - status - exception - AWSErrorCode - name: aws.request.requestSigningTime labels: - exception gate-armory.yml: |+ lighthouse: baseUrl: http://${DEFAULT_DNS_NAME:lighthouse}:5000 gate.yml: | server: port: ${services.gate.port:8084} address: ${services.gate.host:localhost} # Circular references since we're already using 'services' # services: # clouddriver: # baseUrl: ${services.clouddriver.baseUrl:localhost:7002} # orca: # baseUrl: ${services.orca.baseUrl:localhost:8083} # front50: # baseUrl: ${services.front50.baseUrl:localhost:8080} # #optional services: # echo: # enabled: ${services.echo.enabled:true} # baseUrl: ${services.echo.baseUrl:8089} # flapjack: # enabled: ${services.flapjack.enabled:false} # igor: # enabled: ${services.igor.enabled:false} # baseUrl: ${services.igor.baseUrl:8088} redis: connection: ${REDIS_HOST:redis://localhost:6379} configuration: secure: true spectator: applicationName: ${spring.application.name} webEndpoint: enabled: ${services.spectator.webEndpoint.enabled:false} prototypeFilter: path: ${services.spectator.webEndpoint.prototypeFilter.path:} stackdriver: enabled: ${services.stackdriver.enabled} projectName: ${services.stackdriver.projectName} credentialsPath: ${services.stackdriver.credentialsPath} stackdriver: hints: - name: EurekaOkClient_Request labels: - cause - reason - status igor-nonpolling.yml: | jenkins: polling: enabled: false igor.yml: | server: port: ${services.igor.port:8088} address: ${services.igor.host:localhost} jenkins: enabled: ${services.jenkins.enabled:false} masters: - name: ${services.jenkins.defaultMaster.name} address: ${services.jenkins.defaultMaster.baseUrl} username: ${services.jenkins.defaultMaster.username} password: ${services.jenkins.defaultMaster.password} csrf: ${services.jenkins.defaultMaster.csrf:false} travis: enabled: ${services.travis.enabled:false} masters: - name: ${services.travis.defaultMaster.name} baseUrl: ${services.travis.defaultMaster.baseUrl} address: ${services.travis.defaultMaster.address} githubToken: ${services.travis.defaultMaster.githubToken} dockerRegistry: enabled: ${providers.dockerRegistry.enabled:false} redis: connection: ${REDIS_HOST:redis://localhost:6379} # Igor depends on Clouddriver and Echo. These are normally configured # in spinnaker[-local].yml (if present), otherwise, uncomment this. # services: # clouddriver: # baseUrl: ${services.clouddriver.baseUrl} # echo: # baseUrl: ${services.echo.baseUrl} spectator: applicationName: ${spring.application.name} webEndpoint: enabled: ${services.spectator.webEndpoint.enabled:false} prototypeFilter: path: ${services.spectator.webEndpoint.prototypeFilter.path:} stackdriver: enabled: ${services.stackdriver.enabled} projectName: ${services.stackdriver.projectName} credentialsPath: ${services.stackdriver.credentialsPath} stackdriver: hints: - name: controller.invocations labels: - master kayenta-armory.yml: | kayenta: aws: enabled: ${ARMORYSPINNAKER_S3_ENABLED:false} accounts: - name: aws-s3-storage bucket: ${ARMORYSPINNAKER_CONF_STORE_BUCKET} rootFolder: kayenta supportedTypes: - OBJECT_STORE - CONFIGURATION_STORE s3: enabled: ${ARMORYSPINNAKER_S3_ENABLED:false} google: enabled: ${ARMORYSPINNAKER_GCS_ENABLED:false} accounts: - name: cloud-armory # project: myproject # jsonPath: /opt/spinnaker/credentials/gcp.json bucket: ${ARMORYSPINNAKER_CONF_STORE_BUCKET} rootFolder: kayenta-prod supportedTypes: - METRICS_STORE - OBJECT_STORE - CONFIGURATION_STORE gcs: enabled: ${ARMORYSPINNAKER_GCS_ENABLED:false} kayenta.yml: |2 server: port: 8090 kayenta: atlas: enabled: false # stageTimeoutMinutes: 3 # maxBackoffPeriodSeconds: 30 # accounts: # - name: # endpoint: # baseUrl: http://localhost:7101 # namespace: # supportedTypes: # - METRICS_STORE google: enabled: false # accounts: # - name: # project: # jsonPath: # bucket: # rootFolder: kayenta # supportedTypes: # - METRICS_STORE # - OBJECT_STORE # - CONFIGURATION_STORE aws: enabled: false # accounts: # - name: # bucket: # rootFolder: kayenta # supportedTypes: # - OBJECT_STORE # - CONFIGURATION_STORE datadog: enabled: false # accounts: # - name: my-datadog-account # apiKey: xxxx # applicationKey: xxxx # supportedTypes: # - METRICS_STORE # endpoint.baseUrl: https://app.datadoghq.com prometheus: enabled: false # accounts: # - name: my-prometheus-account # endpoint: # baseUrl: http://localhost:9090 # supportedTypes: # - METRICS_STORE gcs: enabled: false s3: enabled: false stackdriver: enabled: false memory: enabled: false configbin: enabled: false keiko: queue: redis: queueName: kayenta.keiko.queue deadLetterQueueName: kayenta.keiko.queue.deadLetters redis: connection: ${REDIS_HOST:redis://localhost:6379} spectator: applicationName: ${spring.application.name} webEndpoint: enabled: true swagger: enabled: true title: Kayenta API description: contact: patterns: - /admin.* - /canary.* - /canaryConfig.* - /canaryJudgeResult.* - /credentials.* - /fetch.* - /health - /judges.* - /metadata.* - /metricSetList.* - /metricSetPairList.* - /pipeline.* security.basic.enabled: false management.security.enabled: false nginx.conf: | user nginx; worker_processes 1; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/*.conf; } stream { upstream gate_api { server armory-gate:8085; } server { listen 8085; proxy_pass gate_api; } } nginx.http.conf: | gzip on; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon; server { listen 80; listen [::]:80; location / { proxy_pass http://armory-deck/; } location /api/ { proxy_pass http://armory-gate:8084/; } location /slack/ { proxy_pass http://armory-platform:10000/; } rewrite ^/login(.*)$ /api/login$1 last; rewrite ^/auth(.*)$ /api/auth$1 last; } nginx.https.conf: | gzip on; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon; server { listen 80; listen [::]:80; return 301 https://$host$request_uri; } server { listen 443 ssl; listen [::]:443 ssl; ssl on; ssl_certificate /opt/nginx/certs/ssl.crt; ssl_certificate_key /opt/nginx/certs/ssl.key; location / { proxy_pass http://armory-deck/; } location /api/ { proxy_pass http://armory-gate:8084/; proxy_set_header Host $host; proxy_set_header X-Real-IP $proxy_protocol_addr; proxy_set_header X-Forwarded-For $proxy_protocol_addr; proxy_set_header X-Forwarded-Proto $scheme; } location /slack/ { proxy_pass http://armory-platform:10000/; } rewrite ^/login(.*)$ /api/login$1 last; rewrite ^/auth(.*)$ /api/auth$1 last; } orca-armory.yml: | mine: baseUrl: http://${services.barometer.host}:${services.barometer.port} pipelineTemplate: enabled: ${features.pipelineTemplates.enabled:false} jinja: enabled: true kayenta: enabled: ${services.kayenta.enabled:false} baseUrl: ${services.kayenta.baseUrl} jira: enabled: ${features.jira.enabled:false} # Fill in your basic auth: Base64("user:pass") basicAuth: "Basic ${features.jira.basicAuthToken}" # ex. https://myjira.atlassian.net/rest/api/2/issue/ url: ${features.jira.createIssueUrl} webhook: preconfigured: - label: Enforce Pipeline Policy description: Checks pipeline configuration against policy requirements type: enforcePipelinePolicy enabled: ${features.certifiedPipelines.enabled:false} url: "http://lighthouse:5000/v1/pipelines/${execution.application}/${execution.pipelineConfigId}?check_policy=yes" headers: Accept: - application/json method: GET waitForCompletion: true statusUrlResolution: getMethod statusJsonPath: $.status successStatuses: pass canceledStatuses: terminalStatuses: TERMINAL - label: "Jira: Create Issue" description: Enter a Jira ticket when this pipeline runs type: createJiraIssue enabled: ${jira.enabled} url: ${jira.url} customHeaders: "Content-Type": application/json Authorization: ${jira.basicAuth} method: POST parameters: - name: summary label: Issue Summary description: A short summary of your issue. - name: description label: Issue Description description: A longer description of your issue. - name: projectKey label: Project key description: The key of your JIRA project. - name: type label: Issue Type description: The type of your issue, e.g. "Task", "Story", etc. payload: | { "fields" : { "description": "${parameterValues['description']}", "issuetype": { "name": "${parameterValues['type']}" }, "project": { "key": "${parameterValues['projectKey']}" }, "summary": "${parameterValues['summary']}" } } waitForCompletion: false - label: "Jira: Update Issue" description: Update a previously created Jira Issue type: updateJiraIssue enabled: ${jira.enabled} url: "${execution.stages.?[type == 'createJiraIssue'][0]['context']['buildInfo']['self']}" customHeaders: "Content-Type": application/json Authorization: ${jira.basicAuth} method: PUT parameters: - name: summary label: Issue Summary description: A short summary of your issue. - name: description label: Issue Description description: A longer description of your issue. payload: | { "fields" : { "description": "${parameterValues['description']}", "summary": "${parameterValues['summary']}" } } waitForCompletion: false - label: "Jira: Transition Issue" description: Change state of existing Jira Issue type: transitionJiraIssue enabled: ${jira.enabled} url: "${execution.stages.?[type == 'createJiraIssue'][0]['context']['buildInfo']['self']}/transitions" customHeaders: "Content-Type": application/json Authorization: ${jira.basicAuth} method: POST parameters: - name: newStateID label: New State ID description: The ID of the state you want to transition the issue to. payload: | { "transition" : { "id" : "${parameterValues['newStateID']}" } } waitForCompletion: false - label: "Jira: Add Comment" description: Add a comment to an existing Jira Issue type: commentJiraIssue enabled: ${jira.enabled} url: "${execution.stages.?[type == 'createJiraIssue'][0]['context']['buildInfo']['self']}/comment" customHeaders: "Content-Type": application/json Authorization: ${jira.basicAuth} method: POST parameters: - name: body label: Comment body description: The text body of the component. payload: | { "body" : "${parameterValues['body']}" } waitForCompletion: false orca.yml: | server: port: ${services.orca.port:8083} address: ${services.orca.host:localhost} oort: baseUrl: ${services.oort.baseUrl:localhost:7002} front50: baseUrl: ${services.front50.baseUrl:localhost:8080} mort: baseUrl: ${services.mort.baseUrl:localhost:7002} kato: baseUrl: ${services.kato.baseUrl:localhost:7002} bakery: baseUrl: ${services.bakery.baseUrl:localhost:8087} extractBuildDetails: ${services.bakery.extractBuildDetails:true} allowMissingPackageInstallation: ${services.bakery.allowMissingPackageInstallation:true} echo: enabled: ${services.echo.enabled:false} baseUrl: ${services.echo.baseUrl:8089} igor: baseUrl: ${services.igor.baseUrl:8088} flex: baseUrl: http://not-a-host default: bake: account: ${providers.aws.primaryCredentials.name} securityGroups: vpc: securityGroups: redis: connection: ${REDIS_HOST:redis://localhost:6379} tasks: executionWindow: timezone: ${services.orca.timezone} spectator: applicationName: ${spring.application.name} webEndpoint: enabled: ${services.spectator.webEndpoint.enabled:false} prototypeFilter: path: ${services.spectator.webEndpoint.prototypeFilter.path:} stackdriver: enabled: ${services.stackdriver.enabled} projectName: ${services.stackdriver.projectName} credentialsPath: ${services.stackdriver.credentialsPath} stackdriver: hints: - name: controller.invocations labels: - application rosco-armory.yml: | redis: timeout: 50000 rosco: jobs: local: timeoutMinutes: 60 rosco.yml: | server: port: ${services.rosco.port:8087} address: ${services.rosco.host:localhost} redis: connection: ${REDIS_HOST:redis://localhost:6379} aws: enabled: ${providers.aws.enabled:false} docker: enabled: ${services.docker.enabled:false} bakeryDefaults: targetRepository: ${services.docker.targetRepository} google: enabled: ${providers.google.enabled:false} accounts: - name: ${providers.google.primaryCredentials.name} project: ${providers.google.primaryCredentials.project} jsonPath: ${providers.google.primaryCredentials.jsonPath} gce: bakeryDefaults: zone: ${providers.google.defaultZone} rosco: configDir: ${services.rosco.configDir} jobs: local: timeoutMinutes: 30 spectator: applicationName: ${spring.application.name} webEndpoint: enabled: ${services.spectator.webEndpoint.enabled:false} prototypeFilter: path: ${services.spectator.webEndpoint.prototypeFilter.path:} stackdriver: enabled: ${services.stackdriver.enabled} projectName: ${services.stackdriver.projectName} credentialsPath: ${services.stackdriver.credentialsPath} stackdriver: hints: - name: bakes labels: - success spinnaker-armory.yml: | armory: architecture: 'k8s' features: artifacts: enabled: true # features are should be turned on in {ENV}.env. ex: prod.env pipelineTemplates: enabled: ${PIPELINE_TEMPLATES_ENABLED:false} infrastructureStages: enabled: ${INFRA_ENABLED:false} certifiedPipelines: enabled: ${CERTIFIED_PIPELINES_ENABLED:false} configuratorEnabled: enabled: true configuratorWizard: enabled: true configuratorCerts: enabled: true loadtestStage: enabled: ${LOADTEST_ENABLED:false} jira: # These settings are for the Jira Stages (webhook-based): enabled: ${JIRA_ENABLED:false} # Should be the basic Authorization header value token, the Base64 # encoded version of "username:password". basicAuthToken: ${JIRA_BASIC_AUTH} # Should be the "create issue" endpoint, for example: # https://armory.atlassian.net/rest/api/2/issue/ url: ${JIRA_URL} # These setings are for Echo's Jira integration login: ${JIRA_LOGIN} password: ${JIRA_PASSWORD} slaEnabled: enabled: ${SLA_ENABLED:false} chaosMonkey: enabled: ${CHAOS_ENABLED:false} armoryPlatform: enabled: ${PLATFORM_ENABLED:false} uiEnabled: ${PLATFORM_UI_ENABLED:false} services: default: host: ${DEFAULT_DNS_NAME:localhost} clouddriver: host: ${DEFAULT_DNS_NAME:armory-clouddriver} entityTags: enabled: false configurator: baseUrl: http://${CONFIGURATOR_HOST:armory-configurator}:8069 echo: host: ${DEFAULT_DNS_NAME:armory-echo} deck: gateUrl: ${API_HOST:service.default.host} baseUrl: ${DECK_HOST:armory-deck} dinghy: enabled: ${DINGHY_ENABLED:false} host: ${DEFAULT_DNS_NAME:armory-dinghy} baseUrl: ${services.default.protocol}://${services.dinghy.host}:${services.dinghy.port} port: 8081 front50: host: ${DEFAULT_DNS_NAME:armory-front50} cassandra: enabled: false redis: enabled: true gcs: enabled: ${ARMORYSPINNAKER_GCS_ENABLED:false} s3: enabled: ${ARMORYSPINNAKER_S3_ENABLED:false} storage_bucket: ${ARMORYSPINNAKER_CONF_STORE_BUCKET} rootFolder: ${ARMORYSPINNAKER_CONF_STORE_PREFIX:front50} gate: host: ${DEFAULT_DNS_NAME:armory-gate} igor: host: ${DEFAULT_DNS_NAME:armory-igor} kayenta: enabled: true host: ${DEFAULT_DNS_NAME:armory-kayenta} canaryConfigStore: true port: 8090 baseUrl: ${services.default.protocol}://${services.kayenta.host}:${services.kayenta.port} metricsStore: ${METRICS_STORE:stackdriver} metricsAccountName: ${METRICS_ACCOUNT_NAME} storageAccountName: ${STORAGE_ACCOUNT_NAME} atlasWebComponentsUrl: ${ATLAS_COMPONENTS_URL:} lighthouse: host: ${DEFAULT_DNS_NAME:armory-lighthouse} port: 5000 baseUrl: ${services.default.protocol}://${services.lighthouse.host}:${services.lighthouse.port} orca: host: ${DEFAULT_DNS_NAME:armory-orca} platform: enabled: ${PLATFORM_ENABLED:false} host: ${DEFAULT_DNS_NAME:armory-platform} baseUrl: ${services.default.protocol}://${services.platform.host}:${services.platform.port} port: 5001 rosco: host: ${DEFAULT_DNS_NAME:armory-rosco} enabled: true configDir: /opt/spinnaker/config/packer bakery: allowMissingPackageInstallation: true barometer: enabled: ${BAROMETER_ENABLED:false} host: ${DEFAULT_DNS_NAME:armory-barometer} baseUrl: ${services.default.protocol}://${services.barometer.host}:${services.barometer.port} port: 9092 newRelicEnabled: ${NEW_RELIC_ENABLED:false} redis: # If you are using a remote redis server, you can set the host here. # If the remote server is on a different port or url, you can add # a "port" or "baseUrl" field here instead. host: redis port: 6379 connection: ${REDIS_HOST:redis://localhost:6379} fiat: enabled: ${FIAT_ENABLED:false} host: ${DEFAULT_DNS_NAME:armory-fiat} port: 7003 baseUrl: ${services.default.protocol}://${services.fiat.host}:${services.fiat.port} providers: aws: enabled: ${SPINNAKER_AWS_ENABLED:true} defaultRegion: ${SPINNAKER_AWS_DEFAULT_REGION:us-west-2} defaultIAMRole: ${SPINNAKER_AWS_DEFAULT_IAM_ROLE:SpinnakerInstanceProfile} defaultAssumeRole: ${SPINNAKER_AWS_DEFAULT_ASSUME_ROLE:SpinnakerManagedProfile} primaryCredentials: name: ${SPINNAKER_AWS_DEFAULT_ACCOUNT:default-aws-account} # The actual credentials are set using a standard AWS client library mechanism # http://docs.aws.amazon.com/AWSSdkDocsJava/latest/DeveloperGuide/credentials.html # Typically this is a $HOME/.aws/credentials file (remember, a standard # spinnaker installation runs as user "spinnaker" whose $HOME is # /home/spinnaker). The primaryCredentials.name will identify which profile # to use (for .aws/credentials). kubernetes: proxy: localhost:8001 apiPrefix: api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard/# spinnaker.yml: |2 # This file is intended to serve as a master configuration for a Spinnaker # deployment. Customizations to the deployment should be made in another file # named "spinnaker-local.yml". The distribution has a prototype called # "default-spinnaker-local.yml" which calls out the subset of attributes of # general interest. It can be copied into a "spinnaker-local.yml" to start # with. The prototype does not change any of the default values here, it just # surfaces the more critical attributes. global: spinnaker: timezone: 'America/Los_Angeles' architecture: ${PLATFORM_ARCHITECTURE} services: default: # These defaults can be modified to change all the spinnaker subsystems # (clouddriver, gate, etc) at once, but not external systems (jenkins, etc). # Individual systems can still be overridden using their own section entry # directly under 'services'. host: localhost protocol: http clouddriver: host: ${services.default.host} port: 7002 baseUrl: ${services.default.protocol}://${services.clouddriver.host}:${services.clouddriver.port} aws: udf: # Controls whether UserDataProviders are used to populate user data of # new server groups. If false, user data is copied over from ancestor # server groups on both CopyLastAsgAtomicOperation and # ModifyAsgLaunchConfigurationOperation (only if no user data is # provided on the given request). enabled: true echo: enabled: true host: ${services.default.host} port: 8089 baseUrl: ${services.default.protocol}://${services.echo.host}:${services.echo.port} # Persistence mechanism to use cassandra: enabled: false inMemory: enabled: true cron: # Allow pipeline triggers to run periodically via cron expressions. enabled: true timezone: ${global.spinnaker.timezone} notifications: # The following blocks can enable Spinnaker to send notifications # using the corresponding mechanism. # See http://www.spinnaker.io/docs/notifications-and-events-guide # for more information. mail: enabled: false host: # the smtp host fromAddress: # the address for which emails are sent from hipchat: enabled: false url: # the hipchat server to connect to token: # the hipchat auth token botName: # the username of the bot sms: enabled: false account: # twilio account id token: # twilio auth token from: # phone number by which sms messages are sent slack: # See https://api.slack.com/bot-users for details about using bots # and how to create your own bot user. enabled: false token: # the API token for the bot botName: # the username of the bot deck: # Frontend configuration. # If you are proxying Spinnaker behind a single host, you may want to # override these values. Remember to run `reconfigure_spinnaker.sh` after. host: ${services.default.host} port: 9000 baseUrl: ${services.default.protocol}://${services.deck.host}:${services.deck.port} gateUrl: ${API_HOST:services.gate.baseUrl} bakeryUrl: ${services.bakery.baseUrl} timezone: ${global.spinnaker.timezone} auth: enabled: ${AUTH_ENABLED:false} fiat: enabled: false host: ${services.default.host} port: 7003 baseUrl: ${services.default.protocol}://${services.fiat.host}:${services.fiat.port} front50: host: ${services.default.host} port: 8080 baseUrl: ${services.default.protocol}://${services.front50.host}:${services.front50.port} # To use a cloud storage bucket on Amazon S3 or Google Cloud Storage instead # of cassandra, set the storage_bucket, disable cassandra, and enable one of # the service providers. storage_bucket: ${SPINNAKER_DEFAULT_STORAGE_BUCKET:} # (GCS Only) Location for bucket. bucket_location: bucket_root: front50 cassandra: enabled: false redis: enabled: false gcs: enabled: false s3: enabled: false gate: host: ${services.default.host} port: 8084 baseUrl: ${services.default.protocol}://${services.gate.host}:${services.gate.port} igor: # If you are integrating Jenkins then you must also enable Spinnaker's # "igor" subsystem. enabled: false host: ${services.default.host} port: 8088 baseUrl: ${services.default.protocol}://${services.igor.host}:${services.igor.port} kato: host: ${services.clouddriver.host} port: ${services.clouddriver.port} baseUrl: ${services.clouddriver.baseUrl} mort: host: ${services.clouddriver.host} port: ${services.clouddriver.port} baseUrl: ${services.clouddriver.baseUrl} orca: host: ${services.default.host} port: 8083 baseUrl: ${services.default.protocol}://${services.orca.host}:${services.orca.port} timezone: ${global.spinnaker.timezone} enabled: true oort: host: ${services.clouddriver.host} port: ${services.clouddriver.port} baseUrl: ${services.clouddriver.baseUrl} rosco: host: ${services.default.host} port: 8087 baseUrl: ${services.default.protocol}://${services.rosco.host}:${services.rosco.port} # You need to provide the fully-qualified path to the directory containing # the packer templates. # They typically live in rosco's config/packer directory. configDir: /opt/rosco/config/packer bakery: host: ${services.rosco.host} port: ${services.rosco.port} baseUrl: ${services.rosco.baseUrl} extractBuildDetails: true allowMissingPackageInstallation: false docker: # This target repository is used by the bakery to publish baked docker images. # Do not include http://. targetRepository: # Optional, but expected in spinnaker-local.yml if specified. jenkins: # If you are integrating Jenkins, set its location here using the baseUrl # field and provide the username/password credentials. # You must also enable the "igor" service listed separately. # The "name" entry is used for the display name when selecting # this server. # # If you have multiple jenkins servers, you will need to list # them in an igor-local.yml. See jenkins.masters in config/igor.yml. # # Note that jenkins is not installed with Spinnaker so you must obtain this # on your own if you are interested. enabled: ${services.igor.enabled:false} defaultMaster: name: Jenkins baseUrl: # Expected in spinnaker-local.yml username: # Expected in spinnaker-local.yml password: # Expected in spinnaker-local.yml redis: host: redis port: 6379 connection: ${REDIS_HOST:redis://localhost:6379} cassandra: # cassandra.enabled is no longer used # cassandra is enabled or disabled on a per-service basis # where the alternative persistence mechanism for that service # can be enabled. host: ${services.default.host} port: 9042 embedded: false cluster: CASS_SPINNAKER travis: # If you are integrating Travis, set its location here using the baseUrl # and adress fields and provide the githubToken for authentication. # You must also enable the "igor" service listed separately. # # If you have multiple travis servers, you will need to list # them in an igor-local.yml. See travis.masters in config/igor.yml. # # Note that travis is not installed with Spinnaker so you must obtain this # on your own if you are interested. enabled: false defaultMaster: name: ci # The display name for this server. Gets prefixed with "travis-" baseUrl: https://travis-ci.com address: https://api.travis-ci.org githubToken: # GitHub scopes currently required by Travis is required. spectator: webEndpoint: enabled: false stackdriver: enabled: ${SPINNAKER_STACKDRIVER_ENABLED:false} projectName: ${SPINNAKER_STACKDRIVER_PROJECT_NAME:${providers.google.primaryCredentials.project}} credentialsPath: ${SPINNAKER_STACKDRIVER_CREDENTIALS_PATH:${providers.google.primaryCredentials.jsonPath}} providers: aws: # For more information on configuring Amazon Web Services (aws), see # http://www.spinnaker.io/v1.0/docs/target-deployment-setup#section-amazon-web-services-setup enabled: ${SPINNAKER_AWS_ENABLED:false} simpleDBEnabled: false defaultRegion: ${SPINNAKER_AWS_DEFAULT_REGION:us-west-2} defaultIAMRole: BaseIAMRole defaultSimpleDBDomain: CLOUD_APPLICATIONS primaryCredentials: name: default # The actual credentials are set using a standard AWS client library mechanism # http://docs.aws.amazon.com/AWSSdkDocsJava/latest/DeveloperGuide/credentials.html # Typically this is a $HOME/.aws/credentials file (remember, a standard # spinnaker installation runs as user "spinnaker" whose $HOME is # /home/spinnaker). The primaryCredentials.name will identify which profile # to use (for .aws/credentials). # will be interpolated with the aws account name (e.g. "my-aws-account-keypair"). defaultKeyPairTemplate: "{{name}}-keypair" google: # For more information on configuring Google Cloud Platform (google), see # http://www.spinnaker.io/v1.0/docs/target-deployment-setup#section-google-cloud-platform-setup enabled: ${SPINNAKER_GOOGLE_ENABLED:false} defaultRegion: ${SPINNAKER_GOOGLE_DEFAULT_REGION:us-central1} defaultZone: ${SPINNAKER_GOOGLE_DEFAULT_ZONE:us-central1-f} primaryCredentials: name: my-account-name # The project is the Google Project ID for the project to manage with # Spinnaker. The jsonPath is a path to the JSON service credentials # downloaded from the Google Developer's Console. project: ${SPINNAKER_GOOGLE_PROJECT_ID:} jsonPath: ${SPINNAKER_GOOGLE_PROJECT_CREDENTIALS_PATH:} consul: enabled: ${SPINNAKER_GOOGLE_CONSUL_ENABLED:false} cf: # For more information on configuring Cloud Foundry (cf) support, see # http://www.spinnaker.io/v1.0/docs/target-deployment-setup#section-cloud-foundry-platform-setup enabled: false defaultOrg: spinnaker-cf-org defaultSpace: spinnaker-cf-space primaryCredentials: name: my-cf-account api: my-cf-api-uri console: my-cf-console-base-url # You must also supply cf.account.username and cf.account.password through env properties azure: # For more information on configuring Microsoft Azure (azure), see # http://www.spinnaker.io/v1.0/docs/target-deployment-setup#section-azure-cloud-platform-setup enabled: ${SPINNAKER_AZURE_ENABLED:false} defaultRegion: ${SPINNAKER_AZURE_DEFAULT_REGION:westus} primaryCredentials: name: my-azure-account # To set Azure credentials, enter your Azure supscription values for: # clientId, appKey, tenantId, and subscriptionId. clientId: appKey: tenantId: subscriptionId: titan: # If you want to deploy some services to titan, # set enabled and provide primary credentials for deploying. # Enabling titan is independent of other providers. enabled: false defaultRegion: us-east-1 primaryCredentials: name: my-titan-account kubernetes: # For more information on configuring Kubernetes clusters (kubernetes), see # http://www.spinnaker.io/v1.0/docs/target-deployment-setup#section-kubernetes-cluster-setup # NOTE: enabling kubernetes also requires enabling dockerRegistry. enabled: ${SPINNAKER_KUBERNETES_ENABLED:false} primaryCredentials: name: my-kubernetes-account namespace: default dockerRegistryAccount: ${providers.dockerRegistry.primaryCredentials.name} dockerRegistry: # If you want to use a container based provider, you need to configure and # enable this provider to cache images. enabled: ${SPINNAKER_KUBERNETES_ENABLED:false} primaryCredentials: name: my-docker-registry-account address: ${SPINNAKER_DOCKER_REGISTRY:https://index.docker.io/ } repository: ${SPINNAKER_DOCKER_REPOSITORY:} username: ${SPINNAKER_DOCKER_USERNAME:} # A path to a plain text file containing the user's password passwordFile: ${SPINNAKER_DOCKER_PASSWORD_FILE:} openstack: # This default configuration uses the same environment variable names set in # the OpenStack RC file. See # http://docs.openstack.org/user-guide/common/cli-set-environment-variables-using-openstack-rc.html # for details on the OpenStack RC file. enabled: false defaultRegion: ${SPINNAKER_OPENSTACK_DEFAULT_REGION:RegionOne} primaryCredentials: name: my-openstack-account authUrl: ${OS_AUTH_URL} username: ${OS_USERNAME} password: ${OS_PASSWORD} projectName: ${OS_PROJECT_NAME} domainName: ${OS_USER_DOMAIN_NAME:Default} regions: ${OS_REGION_NAME:RegionOne} insecure: false