search

helm / charts

⚠️(OBSOLETE) Curated applications for Kubernetes
Apache License 2.0
15.49k stars 16.82k forks source link

[stable/spinnaker] unable to install airgapped 1.16.6 #19600

Closed musabmasood closed 4 years ago

musabmasood commented 4 years ago

Following the instructions I tried to install 1.16.6 and failed.

I pulled the original BOM for 1.16.6 as well as all service configurations. I inserted the BOM and the service configuration contents into the original values.yaml file. Now it looks like this:

halyard:
  spinnakerVersion: 1.16.6
  image:
    repository: gcr.io/spinnaker-marketplace/halyard
    tag: 1.23.2
    pullSecrets: []
  # Set to false to disable persistence data volume for halyard
  persistence:
    enabled: true
  # Provide a config map with Hal commands that will be run the core config (storage)
  # The config map should contain a script in the config.sh key
  additionalScripts:
    enabled: false
    configMapName: my-halyard-config
    configMapKey: config.sh
    # If you'd rather do an inline script, set create to true and put the content in the data dict like you would a configmap
    # The content will be passed through `tpl`, so value interpolation is supported.
    create: false
    data: {}
  additionalSecrets:
    create: false
    data: {}
    ## Uncomment if you want to use a pre-created secret rather than feeding data in via helm.
    # name:
  additionalConfigMaps:
    create: false
    data: {}
    ## Uncomment if you want to use a pre-created ConfigMap rather than feeding data in via helm.
    # name:
  ## Define custom profiles for Spinnaker services. Read more for details:
  ## https://www.spinnaker.io/reference/halyard/custom/#custom-profiles
  ## The contents of the files will be passed through `tpl`, so value interpolation is supported.
  additionalProfileConfigMaps:
    data: {}
      ## if you're running spinnaker behind a reverse proxy such as a GCE ingress
      ## you may need the following profile settings for the gate profile.
      ## see https://github.com/spinnaker/spinnaker/issues/1630
      ## otherwise its harmless and will likely become default behavior in the future
      ## According to the linked github issue.
      # gate-local.yml:
      #   server:
      #     tomcat:
      #       protocolHeader: X-Forwarded-Proto
      #       remoteIpHeader: X-Forwarded-For
      #       internalProxies: .*
      #       httpsServerPort: X-Forwarded-Port

  ## Define custom settings for Spinnaker services. Read more for details:
  ## https://www.spinnaker.io/reference/halyard/custom/#custom-service-settings
  ## You can use it to add annotations for pods, override the image, etc.
  additionalServiceSettings: {}
    # deck.yml:
    #   artifactId: gcr.io/spinnaker-marketplace/deck:2.9.0-20190412012808
    #   kubernetes:
    #     podAnnotations:
    #       iam.amazonaws.com/role: <role_arn>
    # clouddriver.yml:
    #   kubernetes:
    #     podAnnotations:
    #       iam.amazonaws.com/role: <role_arn>

  ## Populate to provide a custom local BOM for Halyard to use for deployment. Read more for details:
  ## https://www.spinnaker.io/guides/operator/custom-boms/#boms-and-configuration-on-your-filesystem
  bom:
    artifactSources:
      debianRepository: https://dl.bintray.com/spinnaker-releases/debians
      dockerRegistry: docker.registry:5000/gcr.io/spinnaker-marketplace
      gitPrefix: https://github.com/spinnaker
      googleImageProject: marketplace-spinnaker-release
    dependencies:
      consul:
        version: 0.7.5
      redis:
        version: 2:2.8.4-2
      vault:
        version: 0.7.0
    services:
      clouddriver:
        commit: e0c12ea1f260970a3bd70a6b4a8bfe19968576db
        version: local:6.3.4-20191203075316 # prefixed
      deck:
        commit: 96332ba2f79573952c34d0a3fc5d7fde58d8e5e2
        version: local:2.12.4-20191030075317 # prefixed
      defaultArtifact: {}
      echo:
        commit: 55a1580af2b0b476ec5ed7fb59be67fda8dcb959
        version: local:2.8.2-20191004075315 # prefixed
      fiat:
        commit: e92cfbcac018d9dcfa03869224f7106bf2a11315
        version: local:1.7.0-20190904130744 # prefixed
      front50:
        commit: abc5c168e3619ac084d4130eef7313cbdcfc3f61
        version: local:0.19.0-20190904130744 # prefixed
      gate:
        commit: 2cdf6f9046836c6def5ff2d809d00797e6c41c9a
        version: local:1.12.1-20190928075315 # prefixed
      igor:
        commit: 5e6c31e963e1434bd8d4b1b4d431d8c9d2889229
        version: local:1.6.1-20191024075315 # prefixed
      kayenta:
        commit: 8aa41e6e723e8d37831f5d4fe0bd5aa24ede5872
        version: local:0.11.0-20190830172818 # prefixed
      monitoring-daemon:
        commit: f626bb6c6df46402bfdac64b33955685ec5ca2ac
        version: local:0.15.1-20191008075316 # prefixed
      orca:
        commit: e750cf724141e963d819dfdd084e778493ddc770
        version: local:2.10.3-20191111125755 # prefixed
      rosco:
        commit: 9712828135574a497490f2b22e411c0e70a189a1
        version: local:0.14.2-20191203092431 # prefixed
    timestamp: '2019-12-03 14:24:56'
    version: 1.16.6

  #   artifactSources:
  #     debianRepository: https://dl.bintray.com/spinnaker-releases/debians
  #     dockerRegistry: gcr.io/spinnaker-marketplace
  #     gitPrefix: https://github.com/spinnaker
  #     googleImageProject: marketplace-spinnaker-release
  #   services:
  #     clouddriver:
  #       commit: 031bcec52d6c3eb447095df4251b9d7516ed74f5
  #       version: 6.3.0-20190904130744
  #     deck:
  #       commit: b0aac478e13a7f9642d4d39479f649dd2ef52a5a
  #       version: 2.12.0-20190916141821
  #     ...
  #   timestamp: '2019-09-16 18:18:44'
  #   version: 1.16.1

  ## Define local configuration for Spinnaker services.
  ## The contents of these files would be copies of the configuration normally retrieved from
  ## `gs://halconfig/<service-name>`, but instead need to be available locally on the halyard pod to facilitate
  ## offline installation. This would typically be used along with a custom `bom:` with the `local:` prefix on a
  ## service version.
  ## Read more for details:
  ## https://www.spinnaker.io/guides/operator/custom-boms/#boms-and-configuration-on-your-filesystem
  ## The key for each entry must be the name of the service and a file name separated by the '_' character.
  serviceConfigs:

    clouddriver_clouddriver-bootstrap.yml: |-
      # halconfig

      server:
        port: ${services.clouddriverBootstrap.port:7002}
        address: ${services.clouddriverBootstrap.host:localhost}

      redis:
        connection: ${services.redisBootstrap.baseUrl:redis://localhost:6379}

      caching:
        redis:
          hashingEnabled: true

    clouddriver_clouddriver-caching.yml: |-
      # halconfig

      server:
        port: ${services.clouddriverCaching.port:7002}
        address: ${services.clouddriverCaching.host:localhost}

      caching:
        redis:
          hashingEnabled: true
        writeEnabled: true

    clouddriver_clouddriver-ro-deck.yml: |-
      # halconfig

      server:
        port: ${services.clouddriverRoDeck.port:7002}
        address: ${services.clouddriverRoDeck.host:localhost}

      caching:
        redis:
          hashingEnabled: false
        writeEnabled: false

    clouddriver_clouddriver-ro.yml: |-
      # halconfig

      server:
        port: ${services.clouddriverRo.port:7002}
        address: ${services.clouddriverRo.host:localhost}

      caching:
        redis:
          hashingEnabled: false
        writeEnabled: false

    clouddriver_clouddriver-rw.yml: |-
      # halconfig

      server:
        port: ${services.clouddriverRw.port:7002}
        address: ${services.clouddriverRw.host:localhost}

      caching:
        redis:
          hashingEnabled: false
        writeEnabled: false

    clouddriver_clouddriver.yml: |-
      # halconfig

      admin.tasks.shutdownWaitSeconds: 600 # 10 minutes

      server:
        port: ${services.clouddriver.port:7002}
        address: ${services.clouddriver.host:localhost}

      redis:
        connection: ${services.redis.baseUrl:redis://localhost:6379}

      caching:
        redis:
          hashingEnabled: true

    deck_settings.js: |-
      'use strict';

      var gateHost = '{%gate.baseUrl%}';
      var artifactsEnabled = '{%features.artifacts%}' === 'true';
      var artifactsRewriteEnabled = '{%features.artifactsRewrite%}' === 'true';
      var atlasWebComponentsUrl = '{%canary.atlasWebComponentsUrl%}';
      var authEnabled = '{%features.auth%}' === 'true';
      var authEndpoint = gateHost + '/auth/user';
      var bakeryDetailUrl = gateHost + '/bakery/logs/{{context.region}}/{{context.status.resourceId}}';
      var canaryFeatureDisabled = '{%canary.featureEnabled%}' !== 'true';
      var canaryStagesEnabled = '{%canary.stages%}' === 'true';
      var changelogGistId = '{%changelog.gist.id%}';
      var changelogGistName = '{%changelog.gist.name%}';
      var chaosEnabled = '{%features.chaos%}' === 'true';
      var defaultCanaryJudge = '{%canary.defaultJudge%}';
      var defaultMetricsStore = '{%canary.defaultMetricsStore%}';
      var defaultMetricsAccountName = '{%canary.defaultMetricsAccount%}';
      var defaultStorageAccountName = '{%canary.defaultStorageAccount%}';
      var displayTimestampsInUserLocalTime = '{%features.displayTimestampsInUserLocalTime%}' === 'true';
      var entityTagsEnabled = false;
      var fiatEnabled = '{%features.fiat%}' === 'true';
      var gceStatefulMigsEnabled = '{%features.gceStatefulMigsEnabled%}' === 'true';
      var gremlinEnabled = '{%features.gremlin%}' === 'true';
      var iapRefresherEnabled = '{%features.iapRefresherEnabled%}' === 'true';
      var infrastructureStagesEnabled = '{%features.infrastructureStages%}' === 'true';
      var managedPipelineTemplatesV2UIEnabled = '{%features.managedPipelineTemplatesV2UI%}' === 'true';
      var jobsEnabled = '{%features.jobs%}' === 'true';
      var maxPipelineAgeDays = '{%maxPipelineAgeDays%}';
      var mineCanaryEnabled = '{%features.mineCanary%}' === 'true';
      var notificationsEnabled = '{%notifications.enabled%}' === 'true';
      var onDemandClusterThreshold = '{%onDemandClusterThreshold%}';
      var pipelineTemplatesEnabled = '{%features.pipelineTemplates%}' === 'true';
      var reduxLoggerEnabled = '{%canary.reduxLogger%}' === 'true';
      var showAllConfigsEnabled = '{%canary.showAllCanaryConfigs%}' === 'true';
      var slack = {
        botName: '{%notifications.slack.botName%}',
        enabled: '{%notifications.slack.enabled%}' === 'true',
      };
      var sms = {
        enabled: '{%notifications.twilio.enabled%}' === 'true',
      };
      var githubStatus = {
        enabled: '{%notifications.github-status.enabled%}' === 'true',
      };
      var templatesEnabled = '{%canary.templatesEnabled%}' === 'true';
      var travisEnabled = '{%features.travis%}' === 'true';
      var timezone = '{%timezone%}';
      var version = '{%version%}';
      var werckerEnabled = '{%features.wercker%}' === 'true';

      // Cloud Providers
      var appengine = {
        defaults: {
          account: '{%appengine.default.account%}',
          editLoadBalancerStageEnabled: '{%appengine.enabled%}' === 'true',
        },
      };
      var aws = {
        defaults: {
          account: '{%aws.default.account%}',
          iamRole: 'BaseIAMRole',
          region: '{%aws.default.region%}',
        },
        defaultSecurityGroups: [],
        loadBalancers: {
          // if true, VPC load balancers will be created as internal load balancers if the selected subnet has a purpose
          // tag that starts with "internal"
          inferInternalFlagFromSubnet: false,
        },
        useAmiBlockDeviceMappings: false,
      };
      var azure = {
        defaults: {
          account: '{%azure.default.account%}',
          region: '{%azure.default.region%}',
        },
      };
      var cloudfoundry = {
        defaults: {
          account: '{%cloudfoundry.default.account%}',
        },
      };
      var dcos = {
        defaults: {
          account: '{%dcos.default.account%}',
        },
      };
      var ecs = {
        defaults: {
          account: '{%ecs.default.account%}',
        },
      };
      var gce = {
        defaults: {
          account: '{%google.default.account%}',
          region: '{%google.default.region%}',
          zone: '{%google.default.zone%}',
        },
        associatePublicIpAddress: true,
      };
      var kubernetes = {
        defaults: {
          account: '{%kubernetes.default.account%}',
          instanceLinkTemplate: '{{host}}/api/v1/proxy/namespaces/{{namespace}}/pods/{{name}}',
          internalDNSNameTemplate: '{{name}}.{{namespace}}.svc.cluster.local',
          namespace: '{%kubernetes.default.namespace%}',
          proxy: '{%kubernetes.default.proxy%}',
        },
      };
      var oracle = {
        defaults: {
          account: '{%oracle.default.account%}',
          region: '{%oracle.default.region%}',
        },
      };

      window.spinnakerSettings = {
        authEnabled: authEnabled,
        authEndpoint: authEndpoint,
        authTtl: 600000,
        bakeryDetailUrl: bakeryDetailUrl,
        canary: {
          atlasWebComponentsUrl: atlasWebComponentsUrl,
          defaultJudge: defaultCanaryJudge,
          featureDisabled: canaryFeatureDisabled,
          reduxLogger: reduxLoggerEnabled,
          metricsAccountName: defaultMetricsAccountName,
          metricStore: defaultMetricsStore,
          showAllConfigs: showAllConfigsEnabled,
          stagesEnabled: canaryStagesEnabled,
          storageAccountName: defaultStorageAccountName,
          templatesEnabled: templatesEnabled,
        },
        changelog: {
          fileName: changelogGistName,
          gistId: changelogGistId,
        },
        checkForUpdates: false,
        defaultCategory: 'serverGroup',
        defaultInstancePort: 80,
        defaultProviders: [
          'appengine',
          'aws',
          'azure',
          'cloudfoundry',
          'dcos',
          'ecs',
          'gce',
          'kubernetes',
          'oracle',
          'titus',
        ],
        defaultTimeZone: timezone, // see http://momentjs.com/timezone/docs/#/data-utilities/
        feature: {
          artifacts: artifactsEnabled,
          artifactsRewrite: artifactsRewriteEnabled,
          canary: mineCanaryEnabled,
          chaosMonkey: chaosEnabled,
          displayTimestampsInUserLocalTime: displayTimestampsInUserLocalTime,
          entityTags: entityTagsEnabled,
          fiatEnabled: fiatEnabled,
          gceStatefulMigsEnabled: gceStatefulMigsEnabled,
          gremlinEnabled: gremlinEnabled,
          iapRefresherEnabled: iapRefresherEnabled,
          infrastructureStages: infrastructureStagesEnabled,
          jobs: jobsEnabled,
          managedPipelineTemplatesV2UI: managedPipelineTemplatesV2UIEnabled,
          notifications: notificationsEnabled,
          pagerDuty: false,
          pipelines: true,
          pipelineTemplates: pipelineTemplatesEnabled,
          roscoMode: true,
          snapshots: false,
          travis: travisEnabled,
          versionedProviders: true,
          wercker: werckerEnabled,
        },
        gateUrl: gateHost,
        gitSources: ['bitbucket', 'gitlab', 'github', 'stash'],
        maxPipelineAgeDays: maxPipelineAgeDays,
        newApplicationDefaults: {
          chaosMonkey: false,
        },
        notifications: {
          bearychat: {
            enabled: true,
          },
          email: {
            enabled: true,
          },
          githubStatus: githubStatus,
          googlechat: {
            enabled: true,
          },
          pubsub: {
            enabled: true,
          },
          slack: slack,
          sms: sms,
        },
        onDemandClusterThreshold: onDemandClusterThreshold,
        pagerDuty: {
          required: false,
        },
        pollSchedule: 30000,
        providers: {
          appengine: appengine,
          aws: aws,
          azure: azure,
          cloudfoundry: cloudfoundry,
          dcos: dcos,
          ecs: ecs,
          gce: gce,
          kubernetes: kubernetes,
          oracle: oracle,
          titus: {
            defaults: {
              account: 'titustestvpc',
              iamProfile: '{{application}}InstanceProfile',
              region: 'us-east-1',
            },
          },
        },
        pubsubProviders: ['google'], // TODO(joonlim): Add amazon once it is confirmed that amazon pub/sub works.
        triggerTypes: [
          'artifactory',
          'concourse',
          'cron',
          'docker',
          'git',
          'jenkins',
          'pipeline',
          'pubsub',
          'travis',
          'webhook',
          'wercker',
        ],
        version: version,
      };

    echo_echo-scheduler.yml: |-
      # halconfig

      server:
        port: ${services.echoScheduler.port:8089}
        address: ${services.echoScheduler.host:localhost}

      scheduler:
        enabled: true
        threadPoolSize: 20
        triggeringEnabled: true
        pipelineConfigsPoller:
          enabled: true
          pollingIntervalMs: 30000
        cron:
          timezone: ${global.spinnaker.timezone:America/Los_Angeles}

      redis:
        connection: ${services.redis.baseUrl:redis://localhost:6379}

    echo_echo-worker.yml: |-
      # halconfig

      server:
        port: ${services.echoWorker.port:8089}
        address: ${services.echoWorker.host:localhost}

      scheduler:
        enabled: false

    echo_echo.yml: |-
      # halconfig

      server:
        port: ${services.echo.port:8089}
        address: ${services.echo.host:localhost}

      spinnaker:
        baseUrl: ${services.deck.baseUrl}
        inMemory:
           enabled: true

      front50:
        enabled: ${services.front50.enabled:false}
        baseUrl: ${services.front50.baseUrl:http://localhost:8080}

      igor:
        enabled: ${services.igor.enabled:false}
        baseUrl: ${services.igor.baseUrl:http://localhost:8088}

      orca:
        enabled: ${services.orca.enabled:false}
        baseUrl: ${services.orca.baseUrl:http://localhost:8083}

      endpoints.health.sensitive: false

      scheduler:
        enabled: ${services.echo.cron.enabled:true}
        threadPoolSize: 20
        triggeringEnabled: true
        pipelineConfigsPoller:
          enabled: true
          pollingIntervalMs: 30000
        cron:
          timezone: ${global.spinnaker.timezone:America/Los_Angeles}

      redis:
        connection: ${services.redis.baseUrl:redis://localhost:6379}
        enabled: ${services.redis.enabled:false}

    fiat_fiat.yml: |-
      # halconfig

      server:
        port: ${services.fiat.port:7003}
        address: ${services.fiat.host:localhost}

      redis:
        connection: ${services.redis.baseUrl:redis://localhost:6379}

    front50_front50.yml: |-
      server:
        port: ${services.front50.port:8080}
        address: ${services.front50.host:localhost}

      cassandra:
        enabled: false

      hystrix:
        command:
          default.execution.isolation.thread.timeoutInMilliseconds: 15000
        threadpool:
          DefaultNotificationDAO:
            coreSize: 25
            maxQueueSize: 100
          DefaultPipelineDAO:
            coreSize: 25
            maxQueueSize: 100

    gate_gate.yml: |-
      # halconfig

      redis:
        connection: ${services.redis.baseUrl:redis://localhost:6379}

    igor_igor.yml: |-
      server:
        port: ${services.igor.port:8088}
        address: ${services.igor.host:localhost}

      redis:
        connection: ${services.redis.baseUrl:redis://localhost:6379}

    kayenta_kayenta.yml: |-
      # halconfig

      redis:
        connection: ${services.redis.baseUrl:redis://localhost:6379}

    monitoring-daemon_spinnaker-monitoring.yml: |-
      # halconfig 

    orca_orca-bootstrap.yml: |-
      # halconfig

      server:
        port: ${services.orcaBootstrap.port:8083}
        address: ${services.orcaBootstrap.host:localhost}

      oort:
        baseUrl: ${services.clouddriverBootstrap.baseUrl:http://localhost:7002}

      mort:
        baseUrl: ${services.clouddriverBootstrap.baseUrl:http://localhost:7002}

      kato:
        baseUrl: ${services.clouddriverBootstrap.baseUrl:http://localhost:7002}

      echo:
        enabled: false

      front50:
        enabled: false

      bakery:
        enabled: false

      igor:
        enabled: false

      redis:
        connection: ${services.redisBootstrap.baseUrl:redis://localhost:6379}

      tasks:
        executionWindow:
          timezone: ${global.spinnaker.timezone:America/Los_Angeles}

    orca_orca.yml: |-
      # halconfig

      server:
        port: ${services.orca.port:8083}
        address: ${services.orca.host:localhost}

      oort:
        baseUrl: ${services.clouddriver.baseUrl:http://localhost:7002}

      front50:
        enabled: true
        baseUrl: ${services.front50.baseUrl:http://localhost:8080}

      mort:
        baseUrl: ${services.clouddriver.baseUrl:http://localhost:7002}

      kato:
        baseUrl: ${services.clouddriver.baseUrl:http://localhost:7002}

      bakery:
        enabled: true
        baseUrl: ${services.rosco.baseUrl:http://localhost:8087}
        extractBuildDetails: ${services.rosco.extractBuildDetails:true}
        allowMissingPackageInstallation: ${services.rosco.allowMissingPackageInstallation:false}

      echo:
        enabled: true
        baseUrl: ${services.echo.baseUrl:http://localhost:8089}

      igor:
        enabled: true
        baseUrl: ${services.igor.baseUrl:http://localhost:8088}

      kayenta:
        enabled: ${services.kayenta.enabled:false}
        baseUrl: ${services.kayenta.baseUrl:http://localhost:8090}

      redis:
        connection: ${services.redis.baseUrl:redis://localhost:6379}

      tasks:
        executionWindow:
          timezone: ${global.spinnaker.timezone:America/Los_Angeles}

    rosco_images.yml: |-
      aws:
        bakeryDefaults:
          baseImages:
          - baseImage:
              id: ubuntu
              shortDescription: v12.04
              detailedDescription: Ubuntu Precise Pangolin v12.04
              packageType: deb
              templateFile: aws-ebs.json
            virtualizationSettings:
            - region: us-east-1
              virtualizationType: hvm
              instanceType: t2.micro
              sourceAmi: ami-d4aed0bc
              sshUserName: ubuntu
              spotPrice: 0
              spotPriceAutoProduct: Linux/UNIX (Amazon VPC)
            - region: us-west-1
              virtualizationType: hvm
              instanceType: t2.micro
              sourceAmi: ami-4f285a2f
              sshUserName: ubuntu
              spotPrice: 0
              spotPriceAutoProduct: Linux/UNIX (Amazon VPC)
            - region: us-west-2
              virtualizationType: hvm
              instanceType: t2.micro
              sourceAmi: ami-59396769
              sshUserName: ubuntu
              spotPrice: 0
              spotPriceAutoProduct: Linux/UNIX (Amazon VPC)
            - region: us-east-1
              virtualizationType: pv
              instanceType: m3.medium
              sourceAmi: ami-8007b2e8
              sshUserName: ubuntu
              spotPrice: 0
              spotPriceAutoProduct: Linux/UNIX (Amazon VPC)
            - region: us-west-1
              virtualizationType: pv
              instanceType: m3.medium
              sourceAmi: ami-3a12605a
              sshUserName: ubuntu
              spotPrice: 0
              spotPriceAutoProduct: Linux/UNIX (Amazon VPC)
          - baseImage:
              id: trusty
              shortDescription: v14.04
              detailedDescription: Ubuntu Trusty Tahr v14.04
              packageType: deb
            virtualizationSettings:
            - region: us-east-1
              virtualizationType: hvm
              instanceType: t2.micro
              sourceAmi: ami-9eaa1cf6
              sshUserName: ubuntu
              spotPrice: 0
              spotPriceAutoProduct: Linux/UNIX (Amazon VPC)
            - region: us-west-1
              virtualizationType: hvm
              instanceType: t2.micro
              sourceAmi: ami-12512d72
              sshUserName: ubuntu
              spotPrice: 0
              spotPriceAutoProduct: Linux/UNIX (Amazon VPC)
            - region: us-west-2
              virtualizationType: hvm
              instanceType: t2.micro
              sourceAmi: ami-3d50120d
              sshUserName: ubuntu
              spotPrice: 0
              spotPriceAutoProduct: Linux/UNIX (Amazon VPC)
            - region: eu-central-1
              virtualizationType: hvm
              instanceType: t2.micro
              sourceAmi: ami-87564feb
              sshUserName: ubuntu
              spotPrice: 0
              spotPriceAutoProduct: Linux/UNIX (Amazon VPC)
            - region: eu-west-1
              virtualizationType: hvm
              instanceType: t2.micro
              sourceAmi: ami-f95ef58a
              sshUserName: ubuntu
              spotPrice: 0
              spotPriceAutoProduct: Linux/UNIX (Amazon VPC)
            - region: us-east-1
              virtualizationType: pv
              instanceType: m3.medium
              sourceAmi: ami-98aa1cf0
              sshUserName: ubuntu
              spotPrice: 0
              spotPriceAutoProduct: Linux/UNIX (Amazon VPC)
            - region: us-west-1
              virtualizationType: pv
              instanceType: m3.medium
              sourceAmi: ami-59502c39
              sshUserName: ubuntu
              spotPrice: 0
              spotPriceAutoProduct: Linux/UNIX (Amazon VPC)
            - region: us-west-2
              virtualizationType: pv
              instanceType: m3.medium
              sourceAmi: ami-37501207
              sshUserName: ubuntu
              spotPrice: 0
              spotPriceAutoProduct: Linux/UNIX (Amazon VPC)
          - baseImage:
              id: windows-2012-r2
              shortDescription: 2012 R2
              detailedDescription: Windows Server 2012 R2 Base
              packageType: nupkg
              templateFile: aws-windows-2012-r2.json
              osType: windows
            virtualizationSettings:
            - region: us-east-1
              virtualizationType: hvm
              instanceType: t2.micro
              sourceAmi: ami-21414f36
              winRmUserName: Administrator
              spotPrice: 0
              spotPriceAutoProduct: Windows (Amazon VPC)

      azure:
        bakeryDefaults:
          templateFile: azure-linux.json
          baseImages:
          - baseImage:
              id: ubuntu-1604
              shortDescription: v16.04
              detailedDescription: Ubuntu Server 16.04-LTS
              publisher: Canonical
              offer: UbuntuServer
              sku: 16.04-LTS
              version: 16.04.201612140
              osType: Linux
              packageType: deb
          - baseImage:
              id: ubuntu-1804
              shortDescription: v18.04
              detailedDescription: Ubuntu Server 18.04-LTS
              publisher: Canonical
              offer: UbuntuServer
              sku: 18.04-LTS
              version: 18.04.201804262
              osType: Linux
              packageType: deb
          - baseImage:
              id: ubuntu-1404
              shortDescription: v14.04
              detailedDescription: Ubuntu Server 14.04.5-LTS
              publisher: Canonical
              offer: UbuntuServer
              sku: 14.04.5-LTS
              version: 14.04.201612130
              osType: Linux
              packageType: deb
          - baseImage:
              id: centos
              shortDescription: 7
              detailedDescription: OpenLogic CentOS 7.1.20150731
              publisher: OpenLogic
              offer: CentOS
              sku: 7.1
              version: 7.1.20150731
              osType: Linux
              packageType: rpm
          - baseImage:
              id: windows-2012-r2
              shortDescription: 2012 R2
              detailedDescription: Windows Server 2012 R2 Datacenter
              publisher: MicrosoftWindowsServer
              offer: WindowsServer
              sku: 2012-R2-Datacenter
              version: 4.0.20170111
              osType: windows
              packageType: nupkg
              templateFile: azure-windows-2012-r2.json

      docker:
        bakeryDefaults:
          baseImages:
          - baseImage:
              id: precise
              shortDescription: v12.04
              detailedDescription: Ubuntu Precise Pangolin v12.04
              packageType: deb
            virtualizationSettings:
              sourceImage: ubuntu:precise
          - baseImage:
              id: trusty
              shortDescription: v14.04
              detailedDescription: Ubuntu Trusty Tahr v14.04
              packageType: deb
            virtualizationSettings:
              sourceImage: ubuntu:trusty

      google:
        bakeryDefaults:
          baseImages:
          - baseImage:
              id: trusty
              shortDescription: v14.04 - Deprecated
              detailedDescription: Ubuntu Trusty Tahr v14.04 - Deprecated.
              packageType: deb
              isImageFamily: false
            virtualizationSettings:
              # Last published release of Trusty. Has been removed for 1.18 and above.
              sourceImage: ubuntu-1404-trusty-v20191107
          - baseImage:
              id: xenial
              shortDescription: v16.04
              detailedDescription: Ubuntu Xenial Xerus v16.04
              packageType: deb
              isImageFamily: true
            virtualizationSettings:
              sourceImageFamily: ubuntu-1604-lts
          - baseImage:
              id: bionic
              shortDescription: v18.04
              detailedDescription: Ubuntu Bionic Beaver v18.04
              packageType: deb
              isImageFamily: true
            virtualizationSettings:
              sourceImageFamily: ubuntu-1804-lts

    rosco_rosco.yml: |-
      # halconfig

      server:
        port: ${services.rosco.port:8087}
        address: ${services.rosco.host:localhost}

      redis:
        connection: ${services.redis.baseUrl:redis://localhost:6379}

      rosco:
        configDir: /opt/rosco/config/packer

  ## Uncomment if you want to add extra commands to the init script
  ## run by the init container before halyard is started.
  ## The content will be passed through `tpl`, so value interpolation is supported.
  # additionalInitScript: |-

  ## Uncomment if you want to add annotations on halyard and install-using-hal pods
  # annotations:
  #   iam.amazonaws.com/role: <role_arn>

  ## Uncomment the following resources definitions to control the cpu and memory
  # resources allocated for the halyard pod
  resources: {}
    # requests:
    #   memory: "1Gi"
    #   cpu: "100m"
    # limits:
    #   memory: "2Gi"
    #   cpu: "200m"

  ## Uncomment if you want to set environment variables on the Halyard pod.
  # env:
  #   - name: JAVA_OPTS
  #     value: -Dhttp.proxyHost=proxy.example.com
  customCerts:
    ## Enable to override the default cacerts with your own one
    enabled: false
    secretName: custom-cacerts

# Define which registries and repositories you want available in your
# Spinnaker pipeline definitions
# For more info visit:
#   https://www.spinnaker.io/setup/providers/docker-registry/

# Configure your Docker registries here
dockerRegistries:
- name: dockerhub
  address: index.docker.io
  repositories:
    - library/alpine
    - library/ubuntu
    - library/centos
    - library/nginx
# - name: gcr
#   address: https://gcr.io
#   username: _json_key
#   password: '<INSERT YOUR SERVICE ACCOUNT JSON HERE>'
#   email: 1234@5678.com

# If you don't want to put your passwords into a values file
# you can use a pre-created secret instead of putting passwords
# (specify secret name in below `dockerRegistryAccountSecret`)
# per account above with data in the format:
# <name>: <password>

# dockerRegistryAccountSecret: myregistry-secrets

kubeConfig:
  # Use this when you want to register arbitrary clusters with Spinnaker
  # Upload your ~/kube/.config to a secret
  enabled: false
  secretName: my-kubeconfig
  secretKey: config
  # Use this when you want to configure halyard to reference a kubeconfig from s3
  # This allows you to keep your kubeconfig in an encrypted s3 bucket
  # For more info visit:
  #   https://www.spinnaker.io/reference/halyard/secrets/s3-secrets/#secrets-in-s3
  # encryptedKubeconfig: encrypted:s3!r:us-west-2!b:mybucket!f:mykubeconfig
  # List of contexts from the kubeconfig to make available to Spinnaker
  contexts:
  - default
  deploymentContext: default
  omittedNameSpaces:
  - kube-system
  - kube-public
  onlySpinnakerManaged:
    enabled: false

  # When false, clouddriver will skip the permission checks for all kubernetes kinds at startup.
  # This can save a great deal of time during clouddriver startup when you have many kubernetes
  # accounts configured. This disables the log messages at startup about missing permissions.
  checkPermissionsOnStartup: true

  # A list of resource kinds this Spinnaker account can deploy to and will cache.
  # When no kinds are configured, this defaults to ‘all kinds'.
  # kinds:
  # -

  # A list of resource kinds this Spinnaker account cannot deploy to or cache.
  # This can only be set when –kinds is empty or not set.
  # omittedKinds:
  # -

# Change this if youd like to expose Spinnaker outside the cluster
ingress:
  enabled: false
  # host: spinnaker.example.org
  # annotations:
    # ingress.kubernetes.io/ssl-redirect: 'true'
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  # tls:
  #  - secretName: -tls
  #    hosts:
  #      - domain.com

ingressGate:
  enabled: false
  # host: gate.spinnaker.example.org
  # annotations:
    # ingress.kubernetes.io/ssl-redirect: 'true'
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  # tls:
  #  - secretName: -tls
  #    hosts:
  #      - domain.com

# spinnakerFeatureFlags is a list of Spinnaker feature flags to enable
# Ref: https://www.spinnaker.io/reference/halyard/commands/#hal-config-features-edit
# spinnakerFeatureFlags:
#   - artifacts
#   - pipeline-templates
spinnakerFeatureFlags:
  - artifacts

# Node labels for pod assignment
# Ref: https://kubernetes.io/docs/user-guide/node-selection/
# nodeSelector to provide to each of the Spinnaker components
nodeSelector: {}

# Redis password to use for the in-cluster redis service
# Enable redis to use in-cluster redis
redis:
  enabled: true
  # External Redis option will be enabled if in-cluster redis is disabled
  external:
    host: "<EXTERNAL-REDIS-HOST-NAME>"
    port: 6379
    # password: ""
  password: password
  nodeSelector: {}
  cluster:
    enabled: false
# Uncomment if you don't want to create a PVC for redis
#  master:
#    persistence:
#      enabled: false

# Minio access/secret keys for the in-cluster S3 usage
# Minio is not exposed publically
minio:
  enabled: true
  imageTag: RELEASE.2019-02-13T19-48-27Z
  serviceType: ClusterIP
  accessKey: spinnakeradmin
  secretKey: spinnakeradmin
  bucket: "spinnaker"
  nodeSelector: {}
# Uncomment if you don't want to create a PVC for minio
#  persistence:
#    enabled: false

# Google Cloud Storage
gcs:
  enabled: false
  project: my-project-name
  bucket: "<GCS-BUCKET-NAME>"
  ## if jsonKey is set, will create a secret containing it
  jsonKey: '<INSERT CLOUD STORAGE JSON HERE>'
  ## override the name of the secret to use for jsonKey, if `jsonKey`
  ## is empty, it will not create a secret assuming you are creating one
  ## external to the chart. the key for that secret should be `key.json`.
  secretName:

# AWS Simple Storage Service
s3:
  enabled: false
  bucket: "<S3-BUCKET-NAME>"
  # rootFolder: "front50"
  # region: "us-east-1"
  # endpoint: ""
  # accessKey: ""
  # secretKey: ""
  # assumeRole: "<role to assume>"
  ## Here you can pass extra arguments to configure s3 storage options
  extraArgs: []
  #  - "--path-style-access true"

# Azure Storage Account
azs:
  enabled: false
#   storageAccountName: ""
#   accessKey: ""
#   containerName: "spinnaker"

rbac:
  # Specifies whether RBAC resources should be created
  create: true

serviceAccount:
  # Specifies whether a ServiceAccount should be created
  create: true
  # The name of the ServiceAccounts to use.
  # If left blank it is auto-generated from the fullname of the release
  halyardName:
  spinnakerName:
securityContext:
  # Specifies permissions to write for user/group
  runAsUser: 1000
  fsGroup: 1000

All images for service configurations have been pushed to my private registry docker.registry:5000. So for instance rosco is available as follows:

docker pull docker.registry:5000/gcr.io/spinnaker-marketplace/rosco:0.14.2-20191203092431
Trying to pull repository docker.registry:5000/gcr.io/spinnaker-marketplace/rosco ...
0.14.2-20191203092431: Pulling from docker.registry:5000/gcr.io/spinnaker-marketplace/rosco
Digest: sha256:f2cdd21da6e2a2366f1a376c1c856f095f81e23f0cdf9affdbb8bc61c95fcd24
Status: Image is up to date for docker.registry:5000/gcr.io/spinnaker-marketplace/rosco:0.14.2-20191203092431

Basically it gets stuck on this step for a while and then the pod restarts (I do the helm install inside namespace spintest3):

+ hal --daemon-endpoint http://spintest3-spinnaker-halyard:8064 config version edit --version local:1.16.6
+ Get current deployment
  Success
_ Edit Spinnaker version
  Running validation: Validating halconfig with HalconfigValidator

Any ideas folks? This is a really REALLY painful process.

osobh commented 4 years ago

I second this and the need to provide some documentation on an airgapped or private deployment.

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.

stale[bot] commented 4 years ago

This issue is being automatically closed due to inactivity.