summaryrefslogtreecommitdiffstats
path: root/clover/spinnaker/install/quick-install-spinnaker.yml
diff options
context:
space:
mode:
Diffstat (limited to 'clover/spinnaker/install/quick-install-spinnaker.yml')
-rw-r--r--clover/spinnaker/install/quick-install-spinnaker.yml376
1 files changed, 376 insertions, 0 deletions
diff --git a/clover/spinnaker/install/quick-install-spinnaker.yml b/clover/spinnaker/install/quick-install-spinnaker.yml
new file mode 100644
index 0000000..c935453
--- /dev/null
+++ b/clover/spinnaker/install/quick-install-spinnaker.yml
@@ -0,0 +1,376 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: spinnaker
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: spinnaker-admin
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+- kind: ServiceAccount
+ name: default
+ namespace: spinnaker
+
+---
+
+apiVersion: v1
+kind: Pod
+metadata:
+ name: spin-halyard
+ namespace: spinnaker
+ labels:
+ app: spin
+ stack: halyard
+spec:
+ containers:
+ - name: halyard-daemon
+ # todo - make :stable or digest of :stable
+ image: gcr.io/spinnaker-marketplace/halyard:stable
+ imagePullPolicy: Always
+ command:
+ - /bin/sh
+ args:
+ - -c
+ # when the configmap is mounted directly at /home/spinnaker/.hal the halyard daemon
+ # isn't able to replace the contents of the mount with user modifications.
+ # so instead we mount the configmap elsewhere and copy the files into
+ # place when the container starts.
+ - "cp -R /home/spinnaker/staging/.hal /home/spinnaker/.hal && /opt/halyard/bin/halyard"
+ readinessProbe:
+ exec:
+ command:
+ - wget
+ - -q
+ - --spider
+ - http://localhost:8064/health
+ ports:
+ - containerPort: 8064
+ volumeMounts:
+ - name: halconfig
+ mountPath: /home/spinnaker/staging/.hal/config
+ subPath: config
+ - name: halconfig
+ mountPath: /home/spinnaker/staging/.hal/default/service-settings/deck.yml
+ subPath: deck.yml
+ - name: halconfig
+ mountPath: /home/spinnaker/staging/.hal/default/service-settings/gate.yml
+ subPath: gate.yml
+ - name: halconfig
+ mountPath: /home/spinnaker/staging/.hal/default/service-settings/igor.yml
+ subPath: igor.yml
+ - name: halconfig
+ mountPath: /home/spinnaker/staging/.hal/default/service-settings/fiat.yml
+ subPath: fiat.yml
+ - name: halconfig
+ mountPath: /home/spinnaker/staging/.hal/default/profiles/front50-local.yml
+ subPath: front50-local.yml
+ volumes:
+ - name: halconfig
+ configMap:
+ name: halconfig
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: spin-halyard
+ namespace: spinnaker
+spec:
+ ports:
+ - port: 8064
+ targetPort: 8064
+ protocol: TCP
+ selector:
+ app: spin
+ stack: halyard
+
+---
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: halconfig
+ namespace: spinnaker
+data:
+ igor.yml: |
+ enabled: true
+ fiat.yml: |
+ enabled: false
+ skipLifeCycleManagement: true
+ front50-local.yml: |
+ spinnaker.s3.versioning: false
+ gate.yml: |
+ host: 0.0.0.0
+ deck.yml: |
+ host: 0.0.0.0
+ env:
+ API_HOST: http://spin-gate.spinnaker:8084/
+ config: |
+ currentDeployment: default
+ deploymentConfigurations:
+ - name: default
+ version: 1.7.0
+ providers:
+ appengine:
+ enabled: false
+ accounts: []
+ aws:
+ enabled: false
+ accounts: []
+ defaultKeyPairTemplate: '{{name}}-keypair'
+ defaultRegions:
+ - name: us-west-2
+ defaults:
+ iamRole: BaseIAMRole
+ azure:
+ enabled: false
+ accounts: []
+ bakeryDefaults:
+ templateFile: azure-linux.json
+ baseImages: []
+ dcos:
+ enabled: false
+ accounts: []
+ clusters: []
+ dockerRegistry:
+ enabled: true
+ accounts:
+ - name: dockerhub
+ address: https://index.docker.io
+ repositories:
+ - opnfv/clover
+ google:
+ enabled: false
+ accounts: []
+ bakeryDefaults:
+ templateFile: gce.json
+ baseImages: []
+ zone: us-central1-f
+ network: default
+ useInternalIp: false
+ kubernetes:
+ enabled: true
+ accounts:
+ - name: my-kubernetes-account
+ requiredGroupMembership: []
+ providerVersion: V2
+ dockerRegistries: []
+ configureImagePullSecrets: true
+ serviceAccount: true
+ namespaces: []
+ omitNamespaces: []
+ kinds: []
+ omitKinds: []
+ customResources: []
+ oauthScopes: []
+ oAuthScopes: []
+ primaryAccount: my-kubernetes-account
+ openstack:
+ enabled: false
+ accounts: []
+ bakeryDefaults:
+ baseImages: []
+ oraclebmcs:
+ enabled: false
+ accounts: []
+ deploymentEnvironment:
+ size: SMALL
+ type: Distributed
+ accountName: my-kubernetes-account
+ updateVersions: true
+ consul:
+ enabled: false
+ vault:
+ enabled: false
+ customSizing: {}
+ gitConfig:
+ upstreamUser: spinnaker
+ persistentStorage:
+ persistentStoreType: s3
+ azs: {}
+ gcs:
+ rootFolder: front50
+ redis: {}
+ s3:
+ bucket: spinnaker-artifacts
+ rootFolder: front50
+ endpoint: http://minio-service.spinnaker:9000
+ accessKeyId: dont-use-this
+ secretAccessKey: for-production
+ oraclebmcs: {}
+ features:
+ auth: false
+ fiat: false
+ chaos: false
+ entityTags: false
+ jobs: false
+ metricStores:
+ datadog:
+ enabled: false
+ prometheus:
+ enabled: false
+ add_source_metalabels: true
+ stackdriver:
+ enabled: false
+ period: 30
+ enabled: false
+ notifications:
+ slack:
+ enabled: false
+ timezone: America/Los_Angeles
+ ci:
+ jenkins:
+ enabled: true
+ masters: []
+ travis:
+ enabled: false
+ masters: []
+ security:
+ apiSecurity:
+ ssl:
+ enabled: false
+ overrideBaseUrl: /gate
+ uiSecurity:
+ ssl:
+ enabled: false
+ authn:
+ oauth2:
+ enabled: false
+ client: {}
+ resource: {}
+ userInfoMapping: {}
+ saml:
+ enabled: false
+ ldap:
+ enabled: false
+ x509:
+ enabled: false
+ enabled: false
+ authz:
+ groupMembership:
+ service: EXTERNAL
+ google:
+ roleProviderType: GOOGLE
+ github:
+ roleProviderType: GITHUB
+ file:
+ roleProviderType: FILE
+ enabled: false
+ artifacts:
+ gcs:
+ enabled: false
+ accounts: []
+ github:
+ enabled: false
+ accounts: []
+ http:
+ enabled: false
+ accounts: []
+ pubsub:
+ google:
+ enabled: false
+ subscriptions: []
+
+---
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: minio-pv-claim
+ namespace: spinnaker
+ labels:
+ app: minio-storage-claim
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 10Gi
+ storageClassName: standard
+
+---
+
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+ # This name uniquely identifies the Deployment
+ name: minio-deployment
+ namespace: spinnaker
+spec:
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app: minio
+ spec:
+ volumes:
+ - name: storage
+ persistentVolumeClaim:
+ claimName: minio-pv-claim
+ containers:
+ - name: minio
+ image: minio/minio
+ args:
+ - server
+ - /storage
+ env:
+ - name: MINIO_ACCESS_KEY
+ value: "dont-use-this"
+ - name: MINIO_SECRET_KEY
+ value: "for-production"
+ ports:
+ - containerPort: 9000
+ volumeMounts:
+ - name: storage
+ mountPath: /storage
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: minio-service
+ namespace: spinnaker
+spec:
+ ports:
+ - port: 9000
+ targetPort: 9000
+ protocol: TCP
+ selector:
+ app: minio
+
+---
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: hal-deploy-apply
+ namespace: spinnaker
+ labels:
+ app: job
+ stack: hal-deploy
+spec:
+ template:
+ metadata:
+ labels:
+ app: job
+ stack: hal-deploy
+ spec:
+ restartPolicy: OnFailure
+ containers:
+ - name: hal-deploy-apply
+ # todo use a custom image
+ image: gcr.io/spinnaker-marketplace/halyard:stable
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - "hal deploy apply --daemon-endpoint http://spin-halyard.spinnaker:8064"