This repository has been archived by the owner on Feb 22, 2022. It is now read-only.
[stable/spinnaker] Leverage Halyard for installation #6407
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
k8s-ci-robot
added
cncf-cla: yes
k8s-ci-robot
added
the
size/XXL
lwander
reviewed
Jul 2, 2018
| command: | ||
| - bash | ||
| - -c | ||
| - "cp /opt/halyard/config/* /tmp/config && printf 'server:\n address: 0.0.0.0\n' > /tmp/config/halyard-local.yml" |
There was a problem hiding this comment.
server.address: 0.0.0.0\n might be a little cleaner
There was a problem hiding this comment.
Done! Good call.
|
Nice, I like how you remove 10 times more lines than you add! |
timstoop
approved these changes
Jul 2, 2018
|
ha! Thanks @timstoop!! Going to add one more thing to make RBAC easier... /hold |
k8s-ci-robot
added
the
do-not-merge/hold
eaceaser
reviewed
Jul 6, 2018
There was a problem hiding this comment.
https://github.com/kubernetes/charts/pull/6407/files#diff-13a5d824f78f72778667d929a7c83c4dR64
https://github.com/kubernetes/charts/pull/6407/files#diff-61d64636826856804e1519cd255d54e8R2
Unless there are some changes in store to have this chart also deploy redis for caching at some point, I think we can remove the redis values and requirement as part of this too!
And the README copy would be outdated too I think
eaceaser
reviewed
Jul 6, 2018
stable/spinnaker/values.yaml
Outdated
| @@ -71,25 +51,9 @@ deck: | |||
| # hosts: | |||
| # - domain.com | |||
|
|
|||
| gate: | |||
| allowedOriginsPattern: '^https?://(?:localhost|127.0.0.1|[^/]+\.example\.com)(?::[1-9]\d*)?/?$' | |||
|
|
|||
| # Bucket to use when storing config data in S3 compatible storage | |||
| storageBucket: spinnaker | |||
There was a problem hiding this comment.
Would it be clearer to denormalize (for lack of a better term) storageBucket into the various storage providers' config blocks? Unless it gets used somewhere that I'm not seeing it seems like it should be configured alongside the storage provider, rather than outside of it as a top level key.
added 2 commits
August 23, 2018 10:28
Make nodeport exposure idempotent
scottrigby
approved these changes
Aug 23, 2018
There was a problem hiding this comment.
Re #6407 (comment) and #6407 (comment), it seems to me the RBAC follows the best practices guidelines. rbac.create is configurable, as is serviceAccount.create. The service account names (serviceAccount.halyardName and serviceAccount.spinnakerName are also configurable, and a comment indicates that if left blank it's auto-generated from the release full name). The Spinnaker service account hard-codes default with this note:
Clouddriver does not currently allow config of its service account.
Personally I would say this looks good to merge. The MAJOR version is bumped, and it's fully up to date (a moment ago recently merged in updates from master).
@viglesiasce One request though, if there's any suggestions you have to help make https://github.com/helm/helm/blob/master/docs/chart_best_practices/rbac.md more clear, that would help #3011. Anyway thanks this looks 💯 to me
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: scottrigby, viglesiasce The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
ishabalin
pushed a commit
to NinthDecimal/charts
that referenced
this pull request
Sep 3, 2018
* Use Halyard for Spinnaker installation * Bump spinnaker version in Chart.yaml * Add whitespace in helpers * Remove dependency on Jenkins * Fix cleanup * Fix NOTES command for exec into hal * No longer need override_config_map helper * Simplify cleanup job * Remove halyard-pvc empty file * Update README * Add lwander as maintainer of Spinnaker chart * Make halyard-local config simpler * Remove type: Opaque from kubeconfig map * Mount GCS key on Halyard statefulset * Fix credentials when using kubeConfig.enabled * Allow custom config to be provided at install time. * Fix port-forward commands in README * Configure Halyard's RBAC * Use redis deployed by helm * Use Deck to route /gate requests * Fix RBAC in default configuration * Scope template helper names * Helper for resource metadata * Enable spinnakerFeatureFlags * Fix deck service name * Basic S3 support. setting access keys is optional, if they are unset, the implicit credentials from your environment will be used. * Smallish updates. * Runs the install script with bash -xe for log output. * Makes the install script somewhat idempotent in the case of chart upgrades on an existing halyard config state. * Fully qualifies serviceaccount names. * Whitespace fixes. * Enable 'jobs' feature flag by default * Fix typo in README * Follow RBAC best practices for chart * Remove trailing space * update helm dependencies Update minio and redis deps to be their current releases * support username/password for docker registry * fix variable condition for registrysecret * remove rogue sleep command from debugging * add readme info about using secret for registry passwords * fix writing the secret key to hal's config * Enable artifacts by default * Allow Halyard and Spinnaker SAs to be configurable * Use custom SA in halyard SS if passed * Default to version 1.8.4 of Spinnaker * Simplify ingress values, fix nodeports for svcs * Slight change; moving 'host' to be under Ingress resource * Updater Spinnaker to 1.8.5 * Make nodeport exposure idempotent * Add newline * Add newline * Add newline * Add newline Signed-off-by: ishabalin <[email protected]>
marekaf
pushed a commit
to marekaf/charts
that referenced
this pull request
Sep 4, 2018
* Use Halyard for Spinnaker installation * Bump spinnaker version in Chart.yaml * Add whitespace in helpers * Remove dependency on Jenkins * Fix cleanup * Fix NOTES command for exec into hal * No longer need override_config_map helper * Simplify cleanup job * Remove halyard-pvc empty file * Update README * Add lwander as maintainer of Spinnaker chart * Make halyard-local config simpler * Remove type: Opaque from kubeconfig map * Mount GCS key on Halyard statefulset * Fix credentials when using kubeConfig.enabled * Allow custom config to be provided at install time. * Fix port-forward commands in README * Configure Halyard's RBAC * Use redis deployed by helm * Use Deck to route /gate requests * Fix RBAC in default configuration * Scope template helper names * Helper for resource metadata * Enable spinnakerFeatureFlags * Fix deck service name * Basic S3 support. setting access keys is optional, if they are unset, the implicit credentials from your environment will be used. * Smallish updates. * Runs the install script with bash -xe for log output. * Makes the install script somewhat idempotent in the case of chart upgrades on an existing halyard config state. * Fully qualifies serviceaccount names. * Whitespace fixes. * Enable 'jobs' feature flag by default * Fix typo in README * Follow RBAC best practices for chart * Remove trailing space * update helm dependencies Update minio and redis deps to be their current releases * support username/password for docker registry * fix variable condition for registrysecret * remove rogue sleep command from debugging * add readme info about using secret for registry passwords * fix writing the secret key to hal's config * Enable artifacts by default * Allow Halyard and Spinnaker SAs to be configurable * Use custom SA in halyard SS if passed * Default to version 1.8.4 of Spinnaker * Simplify ingress values, fix nodeports for svcs * Slight change; moving 'host' to be under Ingress resource * Updater Spinnaker to 1.8.5 * Make nodeport exposure idempotent * Add newline * Add newline * Add newline * Add newline Signed-off-by: Marek Bartik <[email protected]> Signed-off-by: Marek Bartik <[email protected]>
aba182
pushed a commit
to aba182/charts
that referenced
this pull request
Sep 7, 2018
* Use Halyard for Spinnaker installation * Bump spinnaker version in Chart.yaml * Add whitespace in helpers * Remove dependency on Jenkins * Fix cleanup * Fix NOTES command for exec into hal * No longer need override_config_map helper * Simplify cleanup job * Remove halyard-pvc empty file * Update README * Add lwander as maintainer of Spinnaker chart * Make halyard-local config simpler * Remove type: Opaque from kubeconfig map * Mount GCS key on Halyard statefulset * Fix credentials when using kubeConfig.enabled * Allow custom config to be provided at install time. * Fix port-forward commands in README * Configure Halyard's RBAC * Use redis deployed by helm * Use Deck to route /gate requests * Fix RBAC in default configuration * Scope template helper names * Helper for resource metadata * Enable spinnakerFeatureFlags * Fix deck service name * Basic S3 support. setting access keys is optional, if they are unset, the implicit credentials from your environment will be used. * Smallish updates. * Runs the install script with bash -xe for log output. * Makes the install script somewhat idempotent in the case of chart upgrades on an existing halyard config state. * Fully qualifies serviceaccount names. * Whitespace fixes. * Enable 'jobs' feature flag by default * Fix typo in README * Follow RBAC best practices for chart * Remove trailing space * update helm dependencies Update minio and redis deps to be their current releases * support username/password for docker registry * fix variable condition for registrysecret * remove rogue sleep command from debugging * add readme info about using secret for registry passwords * fix writing the secret key to hal's config * Enable artifacts by default * Allow Halyard and Spinnaker SAs to be configurable * Use custom SA in halyard SS if passed * Default to version 1.8.4 of Spinnaker * Simplify ingress values, fix nodeports for svcs * Slight change; moving 'host' to be under Ingress resource * Updater Spinnaker to 1.8.5 * Make nodeport exposure idempotent * Add newline * Add newline * Add newline * Add newline Signed-off-by: aba182 <[email protected]>
aba182
pushed a commit
to aba182/charts
that referenced
this pull request
Sep 7, 2018
* Use Halyard for Spinnaker installation * Bump spinnaker version in Chart.yaml * Add whitespace in helpers * Remove dependency on Jenkins * Fix cleanup * Fix NOTES command for exec into hal * No longer need override_config_map helper * Simplify cleanup job * Remove halyard-pvc empty file * Update README * Add lwander as maintainer of Spinnaker chart * Make halyard-local config simpler * Remove type: Opaque from kubeconfig map * Mount GCS key on Halyard statefulset * Fix credentials when using kubeConfig.enabled * Allow custom config to be provided at install time. * Fix port-forward commands in README * Configure Halyard's RBAC * Use redis deployed by helm * Use Deck to route /gate requests * Fix RBAC in default configuration * Scope template helper names * Helper for resource metadata * Enable spinnakerFeatureFlags * Fix deck service name * Basic S3 support. setting access keys is optional, if they are unset, the implicit credentials from your environment will be used. * Smallish updates. * Runs the install script with bash -xe for log output. * Makes the install script somewhat idempotent in the case of chart upgrades on an existing halyard config state. * Fully qualifies serviceaccount names. * Whitespace fixes. * Enable 'jobs' feature flag by default * Fix typo in README * Follow RBAC best practices for chart * Remove trailing space * update helm dependencies Update minio and redis deps to be their current releases * support username/password for docker registry * fix variable condition for registrysecret * remove rogue sleep command from debugging * add readme info about using secret for registry passwords * fix writing the secret key to hal's config * Enable artifacts by default * Allow Halyard and Spinnaker SAs to be configurable * Use custom SA in halyard SS if passed * Default to version 1.8.4 of Spinnaker * Simplify ingress values, fix nodeports for svcs * Slight change; moving 'host' to be under Ingress resource * Updater Spinnaker to 1.8.5 * Make nodeport exposure idempotent * Add newline * Add newline * Add newline * Add newline Signed-off-by: aba182 <[email protected]>
Jnig
pushed a commit
to Jnig/charts
that referenced
this pull request
Nov 13, 2018
* Use Halyard for Spinnaker installation * Bump spinnaker version in Chart.yaml * Add whitespace in helpers * Remove dependency on Jenkins * Fix cleanup * Fix NOTES command for exec into hal * No longer need override_config_map helper * Simplify cleanup job * Remove halyard-pvc empty file * Update README * Add lwander as maintainer of Spinnaker chart * Make halyard-local config simpler * Remove type: Opaque from kubeconfig map * Mount GCS key on Halyard statefulset * Fix credentials when using kubeConfig.enabled * Allow custom config to be provided at install time. * Fix port-forward commands in README * Configure Halyard's RBAC * Use redis deployed by helm * Use Deck to route /gate requests * Fix RBAC in default configuration * Scope template helper names * Helper for resource metadata * Enable spinnakerFeatureFlags * Fix deck service name * Basic S3 support. setting access keys is optional, if they are unset, the implicit credentials from your environment will be used. * Smallish updates. * Runs the install script with bash -xe for log output. * Makes the install script somewhat idempotent in the case of chart upgrades on an existing halyard config state. * Fully qualifies serviceaccount names. * Whitespace fixes. * Enable 'jobs' feature flag by default * Fix typo in README * Follow RBAC best practices for chart * Remove trailing space * update helm dependencies Update minio and redis deps to be their current releases * support username/password for docker registry * fix variable condition for registrysecret * remove rogue sleep command from debugging * add readme info about using secret for registry passwords * fix writing the secret key to hal's config * Enable artifacts by default * Allow Halyard and Spinnaker SAs to be configurable * Use custom SA in halyard SS if passed * Default to version 1.8.4 of Spinnaker * Simplify ingress values, fix nodeports for svcs * Slight change; moving 'host' to be under Ingress resource * Updater Spinnaker to 1.8.5 * Make nodeport exposure idempotent * Add newline * Add newline * Add newline * Add newline Signed-off-by: Jakob Niggel <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull requests removes most of the installation logic from the chart and instead leverages Halyard, the Spinnaker project's tool for creating, configuring, and managing Spinnaker deployments.
Benefits: