Spinnaker Accounts CRD
Experimental
The information below is written for an experimental feature. Reach out to Armory if you are interested in using this! Your feedback will help shape the development of this feature.Do not use this experimental feature in a production instance of Armory Enterprise.
SpinnakerAcount
Custom Resource Definition overview
The Operator comes with a SpinnakerAccount
Custom Resource for managing Kubernetes accounts that you want to use with Spinnaker. This SpinnakerAccount
resource enables defining and managing Kubernetes accounts outside of Spinnaker’s manifest file. You create a separate manifest for each Kubernetes account and kubectl apply
each manifest. kubectl
delegates to the Operator, which then processes the manifest into the requisite configuration and adds the account to Armory Enterprise or Spinnaker.
For example, you have a pipeline that provisions a Kubernetes
cluster with Terraform. If you want that new cluster to be available, you can
create a SpinnakerAccount
of type Kubernetes
in Spinnaker’s namespace.
Format
apiVersion: spinnaker.io/v1alpha2
kind: SpinnakerAccount
metadata:
name: account-inline
spec:
type: <Account type>
enabled: true
permissions: {} # List of permissions - see below
settings: {} # Settings see below
metadata.name
This is the name of the SpinnakerAccount
. It needs to be unique across all accounts - not just type of account as in Spinnaker.
spec.type
Account type. See below for current support:
Account type | Status | Notes |
---|---|---|
Kubernetes |
alpha | Only the Spinnaker Kubernetes V2 provider is supported |
spec.enabled
Determines if the account is enabled. If not enabled, SpinnakerService
doesn’t use it.
spec.permissions
Map of authorizations similar to most accounts in Spinnaker.
spec:
permissions:
READ: ['role1', 'role2']
WRITE: ['role1', 'role3']
spec.settings
Map of settings that are supported by Halyard. For instance:
spec:
type: Kubernetes
settings:
cacheThreads: 2
omitKinds:
- podPreset
spec.kubernetes
Auth options for Kubernetes account type. Pick only one of the options below:
spec.kubernetes.kubeconfigFile
References a file loaded either out of band to Clouddriver or (more likely) stored in a secret.
spec.kubernetes.kubeconfigSecret
Reference to a Kubernetes secret in the same namespace that contains the kubeconfig file:
spec:
type: Kubernetes
kubernetes:
kubeconfigSecret:
name: my-secret
key: account1-kubeconfig
spec.kubernetes.kubeconfig
You can also inline the kubeconfig file if it does not contain secrets:
spec:
type: Kubernetes
kubernetes:
kubeconfig:
apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority-data: LS0t...
server: https://mycluster.url
name: my-cluster
contexts:
- context:
cluster: my-cluster
user: my-user
name: my-context
current-context: my-context
preferences: {}
users:
- name: my-user
user:
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
args:
- token
- -i
- my-eks-cluster
command: aws-iam-authenticator
Help resources
- Armory Operator and Armory Enterprise: contact Armory Support or use the Spinnaker Slack
#armory
channel. - Spinnaker Operator and Spinnaker: Spinnaker Slack
#kubernetes-operator
channel.
Feedback
Was this page helpful?
Thank you for letting us know!
Sorry to hear that. Please tell us how we can improve.
Last modified April 16, 2021: (3f9b597)