Configuring dynamic accounts in clouddriver for kubernetes

  • This technical blog focus on how to configure spinnaker’s new feature of dynamic account loading in Clouddriver for Kubernetes provider. This feature is introduced in 1.15.x.

  • This feature is an outcome of Spring Cloud Config integration into Clouddriver, to add support for fetching account configuration from external sources like Git and Vault. This feature also dynamically refreshes credentials for Kubernetes, while Clouddriver is still running. This feature allows users to roll out new account configurations without re-deploying Spinnaker.

Configuring git based dynamic account in clouddriver:

Step 1:  Create file named spinnakerconfig.yml with below given configuration:

spring:
  profiles:
    include: git
  cloud:
    config:
      server:
        git:
          uri: https://github.com/example/config.git

  • If Git repo is password protected use the following configuration:

spring:
  profiles:
    include: git
  cloud:
    config:
      server:
        git:
          uri: https://github.com/example/config.git
          username: username
          password: password

  • Step 2: Place above created file (spinnakerconfig.yml) under ~/.hal/default/profile folder on halyard installed machine/container

  • Step 3: Restart spinnaker using halyard command

  • For local debian spinnaker installation:

hal deploy apply 

  • For distributed spinnaker installation:

hal deploy apply –service-names=clouddriver 

Note:

Git repo should contain kubernetes account in either clouddriver-local.yml or clouddriver.yml files and this file should be placed on root folder of git repo. The accounts in clouddriver-local.yml or clouddriver.yml can be placed as example given below:

kubernetes:
  enabled: true
  accounts:
  - name: k8s-v2-acc-1
    requiredGroupMembership: []
    providerVersion: V2
    permissions: {}
    dockerRegistries: []
    configureImagePullSecrets: true
    cacheThreads: 1
    namespaces:
    - ns11
    - ns12
    - ns13
    - ns14
    - ns15
    omitNamespaces: []
    kinds: []
    omitKinds: []
    customResources: []
    cachingPolicies: []
    kubeconfigFile: /home/spinnaker/.kube/config
    checkPermissionsOnStartup: false
    oAuthScopes: []
    onlySpinnakerManaged: false

Leave a Reply

Your email address will not be published. Required fields are marked *