Spinnaker Operator for Kubernetes
We've announced the Spinnaker Operator: a Kubernetes operator to deploy and manage Spinnaker with the tools you're used to. We're sharing configuration in this repository (code to come soon) to let the community evaluate it and provide feedback.
The Spinnaker operator:
- should be able to install any version of Spinnaker with a published BOM
- should perform preflight checks to confidently upgrade Spinnaker
More concretely, the operator:
- is configured via a
- can deploy in a single namespace or in multiple namespaces
- garbage collect configuration (secrets, deployments, ...)
- provides a validating admission webhook to validate the configuration before it is applied
We plan to support many validations such as provider (AWS, Kubernetes,...) validation, connectivity to CI. Please let us know what would make your life easier when installing Spinnaker! You can use GitHub issues for the time being.
The operator is in alpha and its CRD may change quite a bit. It is actively being developed.
- Spinnaker configuration in
secretis not supported at the moment.
The validating admission controller requires:
- Kubernetes server v1.13+
- Admission controllers enabled (
ValidatingAdmissionWebhookenabled in the kube-apiserver (should be the default)
Note: If you can't use the validation webhook, pass the
--without-admission-controller to the operator (like in
First we'll install the
$ git clone https://github.com/armory/spinnaker-operator $ cd spinnaker-operator $ kubectl apply -f deploy/crds/spinnaker_v1alpha1_spinnakerservice_crd.yaml
There are two modes for the operator:
- basic mode to install Spinnaker in a single namespace without validating admission webhook
- cluster mode works across namespaces and requires a
ClusterRoleto perform validation
The main difference between the two modes is that basic only requires a
Role (vs a
ClusterRole) and has no validating webhook.
Once installed you should see a new deployment representing the operator. The operator watches for changes to the
SpinnakerService objects. You can check on the status of the operator using
Basic install (no validating webhook)
To install the operator run:
$ kubectl apply -n <namespace> -f deploy/operator/basic
namespace is the namespace where you want the operator to live and deploy to.
To install the operator:
- Edit the namespace in
deploy/operator/cluster/role_binding.ymlto be the namespace where you want the operator to live.
$ kubectl apply -n <namespace> -f deploy/operator/cluster
Once you've installed the operator, you can install Spinnaker by making a configuration (
configMap). Check out examples in
deploy/spinnaker/examples. If you prefer to use
kustomize, we've added some kustomization in
Example 1: Installing version 1.15.1
deploy/spinnaker/examples/basic/spin-config.yaml, change the
config.persistentStorage section to point to an s3 bucket you own or use a different persistent storage.
$ kubectl -n <namespace> apply -f deploy/spinnaker/examples/basic
This configuration does not contain any connected accounts, just a persistent storage.
Example 2: Using Kustomize (TODO)
Set your own values in
$ kustomize build deploy/spinnaker/kustomize | kubectl -n <namespace> apply -f -
Or if using
kubectl version 1.14+:
$ kubectl -n <namespace> apply -f deploy/spinnaker/kustomize
You can manage your Spinnaker installations with
Listing Spinnaker instances
$ kubectl get spinnakerservice --all-namespaces NAMESPACE NAME VERSION mynamespace spinnaker 1.15.1
The short name
spinsvc is also available.
Describing Spinnaker instances
$ kubectl -n mynamespace describe spinnakerservice spinnaker
Deleting Spinnaker instances
$ kubectl -n mynamespace deleted spinnakerservice spinnaker spinnakerservice.spinnaker.io "spinnaker" deleted
Detailed information about the SpinnakerService CRD fields and how to configure Spinnaker can be found in the wiki