Top
Configuration for artifact support.
Top
Configuration for the Bitbucket artifact provider.
Configuration for a Bitbucket artifact account. For each account, set both username
and password
, or set usernamePasswordFile
.
Field
Type
Label
Description
name
string
The name of the account, which must be unique among configured Bitbucket accounts.
username
string
The username of the account.
password
string
The password of the account.
usernamePasswordFile
string
The path to a file containing the username and password of the account in the format ${username}:${password}
.
Top
Configuration for the Google Cloud Storage artifact provider.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether the Google Cloud Storage artifact provider is enabled.
accounts
GcsAccount
repeated
The list of configured Cloud Storage accounts.
Configuration for a Google Cloud Storage artifact account.
Field
Type
Label
Description
name
string
The name of the account.
jsonPath
string
The path to a JSON key to authenticate a Google Cloud service account. The service account must have the roles/storage.admin
role enabled.
Top
Configuration for the GitHub artifact provider.
Configuration for a GitHub artifact account. For each account, set one of
the following:
username
and password
usernamePasswordFile
token
tokenFile
.
Field
Type
Label
Description
name
string
The name of the account.
username
string
The GitHub account username.
password
string
The GitHub account password.
usernamePasswordFile
string
The path to a file containing the username and password for the account in the format ${username}:${password}
.
token
string
The GitHub access token.
tokenFile
string
The path to a file containing the GitHub access token.
Top
Configuration for the GitLab artifact provider.
Configuration for a GitLab artifact account. For authentication, specify
either token
or tokenFile
.
Field
Type
Label
Description
name
string
The name of the account.
token
string
The GitLab access token.
tokenFile
string
The path to a file containing the GitLab access token.
Top
Configuration for the Git repo artifact provider.
Configuration for a Git repo artifact account.
An account configured here maps to a credential that can authenticate
against a Git repository hosted by a Git hosting service.
For authentication, set one of the following:
username
and password
usernamePasswordFile
token
tokenFile
sshPrivateKeyFilePath
and sshPrivateKeyPassphrase
Field
Type
Label
Description
name
string
The name of the account.
username
string
The username of the account.
password
string
The password of the account.
usernamePasswordFile
string
The path to a file containing the username and password of the account in the format ${username}:${password}
.
token
string
The access token for the repository.
tokenFile
string
The path to a file containing the repository access token.
sshPrivateKeyFilePath
string
The path to an SSH private key to be used when connecting with the repository over SSH.
sshPrivateKeyPassphrase
string
The passphrase to an SSH private key to be used when connecting with the repository over SSH.
sshKnownHostsFilePath
string
The path to a known_hosts
file to be used when connecting with a repository over SSH.
sshTrustUnknownHosts
google.protobuf.BoolValue
If true
, Spinnaker can connect with a Git repository over SSH without verifying the server's IP address against a known_hosts
file.
Top
Configuration for the Helm artifact provider.
Configuration for a Helm artifact account. For authentication, specify
either username
and password
or usernamePasswordFile
.
Field
Type
Label
Description
name
string
The name of the account.
repository
string
The Helm chart repository URL.
username
string
A username for Helm chart repository basic authentication.
password
string
A password for Helm chart repository basic authentication.
usernamePasswordFile
string
The path to a file containing the username and password for Helm chart repository basic authentication. Must be in the format ${username}:${password}
.
Top
Configuration for the HTTP artifact provider.
Configuration for an HTTP artifact account. For authentication, specify
either username
and password
or usernamePasswordFile
.
Field
Type
Label
Description
name
string
The name of the account.
username
string
A username for HTTP basic authentication.
password
string
A password for HTTP basic authentication.
usernamePasswordFile
string
The path to a file containing the username and password for HTTP basic authentication. Contents of the file must be in the format ${username}:${password}
.
Top
Configuration for the Maven artifact provider.
Configuration for a Maven artifact account.
Field
Type
Label
Description
name
string
The name of the account.
repositoryUrl
string
(Required) The full URI for the Maven repository (for example, http://some.host.com/repository/path
).
Top
Configuration for the Oracle artifact provider.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether the Oracle artifact provider is enabled.
accounts
OracleAccount
repeated
The list of configured Oracle artifact accounts.
Configuration for an Oracle artifact account.
Field
Type
Label
Description
name
string
The name of the account.
fingerprint
string
The fingerprint of the public key.
namespace
string
The namespace in which the bucket and objects will be created.
privateKeyPassphrase
string
The passphrase used for the private key, if it is encrypted.
region
string
An Oracle region (for example, us-phoenix-1
).
sshPrivateKeyFilePath
string
Path to the private key in PEM format.
tenancyId
string
The OCID of the Oracle Tenancy to use.
userId
string
The OCID of the Oracle User with which to authenticate.
Top
Configuration for the S3 artifact provider.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether the S3 artifact provider is enabled.
accounts
S3Account
repeated
The list of configured S3 artifact accounts.
Configuration for an S3 artifact account.
Top
Configuration for a Jinja template for Spinnaker to use for artifact
extraction. For more details, please read the documentation:
https://www.spinnaker.io/reference/artifacts/from-build-triggers/#artifacts-from-build-triggers
Field
Type
Label
Description
name
string
The name of the artifact template.
templatePath
string
The path to the artifact template.
Top
Configuration for the AWS canary integration.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Enables/disables Kayenta integration for AWS. If enabled, Kayenta can store canary configuration and archived results in an S3 bucket.
accounts
AwsAccount
repeated
The list of configured accounts.
s3Enabled
google.protobuf.BoolValue
Whether to enable S3 as a persistent store.
Configuration for the AWS account to be used .
Field
Type
Label
Description
name
string
The name of the account.
bucket
string
The name of a storage bucket that this account has access to. If you specify a globally unique bucket name that doesn't exist yet, Kayenta creates that bucket for you.
region
string
The AWS region to use.
rootFolder
google.protobuf.StringValue
The root folder in the chosen bucket in which to store all of the canary service's persistent data. Defaults to kayenta
.
profileName
string
The profile name to use when resolving AWS credentials. Typically found in ~/.aws/credentials
. Defaults to default
.
endpoint
string
The endpoint used to reach the service implementing the S3 API. Typically you would use this with an S3 clone, like Minio.
accessKeyId
string
The default access key used to communicate with AWS.
supportedTypes
SupportedType
repeated
If you're enabling S3, include CONFIGURATION_STORE and/or OBJECT_STORE in this list.
Top
Configuration for Spinnaker's automated canary analysis features. See also
the
sample Kayenta configuration .
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether the canary service is enabled.
serviceIntegrations
Canary.ServiceIntegrations
Canary service integrations. To enable Spinnaker's Automated Canary Analysis (ACA) features, you must configure at least one account for each canary.SupportedType
(METRICS_STORE
, CONFIGURATION_STORE
, OBJECT_STORE
).
defaultMetricsAccount
string
Name of the metrics account to use by default.
defaultMetricsStore
string
Name of the metrics store to use by default (for example, prometheus
, datadog
).
showAllConfigsEnabled
google.protobuf.BoolValue
Whether to show all canary configs in Deck, or just those scoped to the current application.
templatesEnabled
google.protobuf.BoolValue
Whether to enable custom filter templates for canary configs in Deck.
defaultJudge
string
The default canary judge. NetflixACAJudge-v1.0
is currently the only open-source judge available by default.
storageAccountName
string
Name of storage account to use by default.
Canary.ServiceIntegrations
Top
Configuration for the Datadog canary integration.
Configuration for a Datadog account.
Configuration for the Datadog server endpoint.
Field
Type
Label
Description
baseUrl
string
(Required) The base URL of the Datadog server.
Top
Configuration for the Google Cloud Storage canary integration. If this is
enabled, you must also configure at least one canary.GoogleAccount
with a
list of supportedTypes
that includes
canary.SupportedType.CONFIGURATION_STORE
or
canary.SupportedType.OBJECT_STORE
or both.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether Google Cloud Storage is enabled as a backing store to support Spinnaker's automated canary analysis features.
Top
Configuration for the Google canary integration.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether Google is enabled as a metrics store provider.
accounts
GoogleAccount
repeated
The list of configured accounts.
gcsEnabled
google.protobuf.BoolValue
Whether Google Cloud Storage is enabled as a persistent store.
stackdriverEnabled
google.protobuf.BoolValue
Whether Google Cloud Monitoring (formerly Stackdriver) is enabled as a metrics source.
metadataCachingIntervalMS
int32
Number of milliseconds to wait between caching the names of available Cloud Monitoring metric types (used when building canary configs). Defaults to 60000
.
Configuration for a Google account.
Field
Type
Label
Description
name
string
The name of the account.
jsonPath
string
The path to a JSON file containing the service account key that Spinnaker will use to authenticate. You need this only if Spinnaker is not deployed on a Google Compute Engine VM, or if the account needs permissions not afforded to the VM it is running on. See https://cloud.google.com/compute/docs/access/service-accounts for more information.
bucket
string
The name of a Cloud Storage bucket that this account has access to. If you specify a globally unique bucket name that doesn't exist yet, Kayenta creates that bucket for you.
bucketLocation
string
Where to create the new bucket. This is only required if the bucket you specify doesn't exist yet. See https://cloud.google.com/storage/docs/managing-buckets#manage-class-location .
rootFolder
google.protobuf.StringValue
The root-level folder, in the specified bucket, in which to store all the canary service's persistent data. Defaults to kayenta
.
project
string
(Required) The Google Cloud Platform project the canary service will use to consume Cloud Storage and Cloud Monitoring data.
supportedTypes
SupportedType
repeated
For Google Cloud Monitoring (formerly Stackdriver) use METRICS_STORE. For Google Cloud Storage, use CONFIGURATION_STORE and OBJECT_STORE. All three can be a list of supportedTypes
in the same account, or each in a separate account.
Top
Configuration for the New Relic canary integration.
Configuration for a New Relic account.
Configuration for the New Relic Insights server endpoint.
Field
Type
Label
Description
baseUrl
string
The base URL to the New Relic Insights server.
Top
Configuration for the Prometheus canary integration.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether Prometheus is enabled as a metric store provider.
accounts
PrometheusAccount
repeated
The list of configured accounts.
metadataCachingIntervalMS
int32
Number of milliseconds to wait between caching the names of available metric types (used when building canary configs). Defaults to 60000.
Configuration for a Prometheus account.
For authentication, you must provide either usernamePasswordFile
or
username
and password
.
Field
Type
Label
Description
name
string
The name of the account.
endpoint
PrometheusAccount.Endpoint
Configuration for the Prometheus server endpoint.
username
string
A basic-auth username.
password
string
A basic-auth password.
usernamePasswordFile
string
The path to a file containing the basic-auth username and password in the format ${username}:${password}
.
PrometheusAccount.Endpoint
Configuration for the Prometheus server endpoint.
Field
Type
Label
Description
baseUrl
string
(Required) The base URL of the Prometheus server.
Top
Configuration for the S3 canary integration. If enabled, you must
also configure at least one canary.AwsAccount
with a list of
supportedTypes
that includes canary.SupportedType.CONFIGURATION_STORE
and/or canary.SupportedType.OBJECT_STORE
.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether S3 is enabled as a backing store to support Spinnaker's automated canary analysis features.
Top
Configuration for the SignalFx canary integration.
Field
Type
Label
Description
name
string
The name of the account.
accessToken
string
(Required) The SignalFx access token.
endpoint
SignalFxAccount.Endpoint
The SignalFx server endpoint.
defaultScopeKey
string
The scope key, which is used to distinguish between base and canary deployments. If omitted, each request must supply the _scope_key
param in extended scope params.
defaultLocationKey
string
The location key, which is used to filter by deployment region. If omitted, each request must supply the _location_key
if it is needed.
The SignalFx server endpoint.
Top
Configuration for the Google Cloud Monitoring (formerly Stackdriver) canary
integration. If enabled, you must also configure at least one
canary.GoogleAccount
with a list of supportedTypes
that includes
canary.SupportedType.METRICS_STORE
.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether the Cloud Monitoring integration is enabled.
metadataCachingIntervalMS
int32
Number of milliseconds to wait between caching the names of available Cloud Monitoring metric types (used when building canary configs). Defaults to 60000.
Top
canary/supported_type.proto
Name
Number
Description
UNSPECIFIED
0
Unspecified. Do not directly use, instead omit the field.
METRICS_STORE
1
CONFIGURATION_STORE
2
OBJECT_STORE
3
Top
Configuration to integrate Spinnaker with your continuous integration system.
Top
Configuration to use AWS CodeBuild with Spinnnaker, for continuous integration.
Configuration for an AWS CodeBuild account.
Field
Type
Label
Description
name
string
The name of the account.
accountId
string
The AWS account ID that will be used to trigger CodeBuild builds.
assumeRole
string
If set, Spinnaker configures a credentials provider that uses the AWS Security Token Service to assume the specified role.
region
string
(Required) The AWS region in which your CodeBuild projects live.
Top
Configuration to use Concourse with Spinnaker, for continuous integration.
Configuration for a Concourse account.
Field
Type
Label
Description
name
string
The name of the account.
username
string
(Required) The username of the Concourse user to authenticate as.
password
string
(Required) The password of the Concourse user to authenticate as.
url
string
(Required) The URL at which your Concourse search is reachable.
permissions
proto.Permissions
Configuration for Fiat permissions. A user must have at least one of the READ roles in order to view this build account or use it as a trigger source. A user must have at least one of the WRITE roles in order to run jobs on this build account.
Top
Configuration to use Google Cloud Build with Spinnaker, for continuous integration.
Configuration for a Cloud Build account.
Field
Type
Label
Description
name
string
The name of the account.
project
string
The name of the Google Cloud project in which to trigger and monitor builds.
subscriptionName
string
The name of the Pub/Sub subscription on which to listen for build changes.
jsonKey
string
The path to a JSON service account that Spinnaker will use for credentials. You need this only if Spinnaker is not deployed on a Compute Engine VM, or if Spinnaker needs permissions not afforded to the VM.
permissions
proto.Permissions
Fiat permissions configuration. A user must have at least a READ role to view this build account or use it as a trigger source. A user must have at least one of the WRITE roles in order to run builds.
Top
Configuration to use Jenkins with Spinnaker, for continuous integration.
Configuration for a Jenkins account.
Field
Type
Label
Description
name
string
The name of the account.
username
string
(Required) The username of the Jenkins user to authenticate as.
password
string
(Required) The password of the Jenkins user to authenticate as.
address
string
(Required) The URL at which the Jenkins server is reachable.
csrf
google.protobuf.BoolValue
Whether or not to negotiate CSRF tokens when calling Jenkins.
permissions
proto.Permissions
Fiat permissions configuration. A user must have at least one of the READ roles in order to view this build account or use it as a trigger source. A user must have at least one of the WRITE roles in order to run jobs on this build account.
Top
Configuration to use Travis CI with Spinnaker, for continuous integration.
Configuration for a Travis account.
Field
Type
Label
Description
name
string
The name of the account.
address
string
(Required) The URL at which to reach the Travis API (https://api.travis-ci.org ).
baseUrl
string
(Required) The base URL at which to reach the Travis UI (https://travis-ci.org ).
githubToken
string
The GitHub token with which to authenticate against Travis.
permissions
proto.Permissions
Fiat permissions configuration. A user must have at least one of the READ roles in order to view this build account or use it as a trigger source. A user must have at least one of the WRITE roles in order to run jobs on this build account.
numberOfJobs
string
The maximum number of jobs the Travis integration will retrieve per polling cycle. Defaults to 100
.
buildResultLimit
string
The maximum number of builds Igor returns when querying for builds for a specific repo. This determines, for example, how many builds are displayed in the drop-down when a user starts a manual pipeline execution. If you set this too high, the Travis API might return an error for jobs that write many logs, so the default setting is only 10
.
filteredRepositories
string
repeated
The list of repositories that will be scraped. This is useful if your organization uses many repositories and you want to speed things up by scanning only a subset.
Top
Configuration to use Werker with Spinnaker, for continuous integration.
Configuration for a Wercker account.
Field
Type
Label
Description
name
string
The name of the account.
address
string
(Required) The address at which to reach your Wercker instance.
token
string
The personal token of the Wercker user to authenticate as.
user
string
The username of the Wercker user to authenticate as.
permissions
proto.Permissions
Fiat permissions configuration. A user must have at least one of the READ roles in order to view this build account or use it as a trigger source. A user must have at least one of the WRITE roles in order to run jobs on this build account.
Top
cloudprovider/appengine.proto
Configuration for the Google App Engine (GAE) provider.
Configuration for an App Engine account.
Field
Type
Label
Description
cachingIntervalSeconds
int32
The interval in seconds at which Spinnaker will poll for updates in your App Engine clusters.
environment
string
The environment name for the account. Many accounts can share the same environment (e.g., dev, test, prod).
gcloudReleaseTrack
GcloudReleaseTrack
The gcloud release track that Spinnaker will use when deploying to App Engine.
gitHttpsUsername
string
A username to be used when connecting to a remote git repository server over HTTPS. If set, gitHttpsPassword
must also be set.
gitHttpsPassword
string
A password to be used when connecting to a remote git repository server over HTTPS. If set, gitHttpsUsername
must also be set.
githubOAuthAccessToken
string
An OAuth token provided by Github for connecting to a git repository over HTTPS. See https://help.github.com/articles/creating-an-access-token-for-command-line-use for more information.
jsonPath
string
The path to a JSON service account that Spinnaker will use as credentials. This is only needed if Spinnaker is not deployed on a Google Compute Engine VM, or needs permissions not afforded to the VM it is running on. See https://cloud.google.com/compute/docs/access/service-accounts for more information.
localRepositoryDirectory
string
A local directory to be used to stage source files for App Engine deployments within Clouddriver. Defaults to /var/tmp/clouddriver
.
omitServices
string
repeated
A list of regular expressions. Any service matching one of these regexes will be ignored by Spinnaker.
omitVersions
string
repeated
A list of regular expressions. Any version matching one of these regexes will be ignored by Spinnaker.
project
string
The Google Cloud Platform project this Spinnaker account will manage.
permissions
proto.Permissions
Fiat permissions configuration.
requiredGroupMembership
string
repeated
(Deprecated): List of required Fiat permission groups. Configure permissions
instead.
services
string
repeated
A list of regular expressions. Any service matching one of these regexes will be indexed by Spinnaker (unless the service also matches a regex in omitServices
).
sshKnownHostsFilePath
string
The path to a known_hosts
file to be used when connecting with a remote git repository over SSH.
sshPrivateKeyFilePath
string
The path to an SSH private key to be used when connecting with a remote git repository over SSH. If set, sshPrivateKeyPassphrase
must also be set.
sshPrivateKeyPassphrase
string
The passphrase to an SSH private key to be used when connecting with a remote git repository over SSH. If set, sshPrivateKeyFilePath
must also be set.
sshTrustUnknownHosts
google.protobuf.BoolValue
Enabling this flag will allow Spinnaker to connect with a remote git repository over SSH without verifying the server's IP address against a known_hosts
file. Defaults to false.
versions
string
repeated
A list of regular expressions. Any version matching one of these regexes will be indexed by Spinnaker (unless the version also matches a regex in omitVersions
).
name
string
The name of the account.
Represents a release track of the gcloud tool.
Name
Number
Description
UNSPECIFIED
0
Unspecified. Do not directly use, instead omit the field.
STABLE
1
Standard release track; runs commands via gcloud...
BETA
2
Alpha release track; runs commands via gcloud beta...
ALPHA
3
Alpha release track; runs commands via gcloud alpha...
Top
Configuration for the AWS provider.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether the provider is enabled.
accounts
AwsAccount
repeated
The list of configured accounts.
primaryAccount
string
The name of the primary account.
accessKeyId
string
Your AWS Access Key ID. Note that if you are baking AMIs with Rosco, you may also need to set AwsBakeryDefaults.awsAccessKey
.
secretAccessKey
string
Your AWS Secret Key. Note that if you are baking AMIs with Rosco, you may also need to set AwsBakeryDefaults.awsSecretKey
.
defaultRegions
AwsRegion
repeated
List of default regions.
features
AwsFeatures
Configuration for AWS-specific features.
bakeryDefaults
AwsBakeryDefaults
Configuration for Spinnaker's image bakery.
defaultKeyPairTemplate
string
A template for generating the name of the AWS key-pair from the name of the account; only used for accounts where defaultKeyPair is not specified.
defaults
AwsDefaults
Default values for AWS deployments.
Configuration for an AWS account.
Field
Type
Label
Description
accountId
string
The AWS account ID to manage. See http://docs.aws.amazon.com/IAM/latest/UserGuide/console_account-alias.html for more information.
assumeRole
string
If set, Spinnaker will configure a credentials provider that uses AWS Security Token Service to assume the specified role. Examples: user/spinnaker
, role/spinnakerManaged
.
defaultKeyPair
string
The name of the AWS key-pair to use. See http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html for more information.
discovery
string
The endpoint at which your Eureka discovery system is reachable. See https://github.com/Netflix/eureka for more information. Example: http://.eureka.url.to.use:8080/eureka-server/v2
. Using will make Spinnaker use AWS regions in the hostname to access discovery so that you can have discovery for multiple regions.
edda
string
The endpoint at which Edda is reachable. Edda is not a hard dependency of Spinnaker, but is helpful for reducing the request volume against AWS. See https://github.com/Netflix/edda for more information.
environment
string
The environment name for the account. Many accounts can share the same environment (e.g., dev, test, prod).
permissions
proto.Permissions
Fiat permissions configuration.
requiredGroupMembership
string
repeated
(Deprecated): List of required Fiat permission groups. Configure permissions
instead.
lifecycleHooks
AwsLifecycleHook
repeated
List of configured AWS lifecycle hooks.
regions
AwsRegion
repeated
List of configured AWS regions.
name
string
The name of the account.
externalId
string
Optional parameter used to identify and control access to AWS resources. Set this to the same value as the ExternalID parameter in the trust policy for the role you want to assume.
Configuration for Spinnaker's image bakery.
Field
Type
Label
Description
awsAccessKey
string
The default access key used to communicate with AWS.
awsSecretKey
string
The secret key used to communicate with AWS.
awsSubnetId
string
If using VPC, the default ID of the subnet, such as subnet-12345def
, where Packer will launch the EC2 instance. This field is required if you are using a non-default VPC.
awsVpcId
string
If launching into a VPC subnet, Packer needs the VPC ID in order to create a temporary security group within the VPC. Requires subnet_id
to be set. If this default value is left blank, Packer will try to get the VPC ID from awsSubnetId
.
awsAssociatePublicIpAddress
google.protobuf.BoolValue
If using a non-default VPC, public IP addresses are not provided by default. If this is enabled, your new instance will get a Public IP.
defaultVirtualizationType
string
The default type of virtualization for the AMI you are building. This option must match the supported virtualization type of AwsVirtualizationSettings.sourceAmi
. Acceptable values: pv
, hvm
.
baseImages
AwsBaseImageSettings
repeated
List of configured base images.
templateFile
string
This is the name of the packer template that will be used to bake images from this base image. The template file must be found in this list https://github.com/spinnaker/rosco/tree/master/rosco-web/config/packer , or supplied as described here: https://spinnaker.io/setup/bakery/ .
Base image configuration.
Field
Type
Label
Description
id
string
This is the identifier used by AWS to find this base image.
shortDescription
string
A short description to help human operators identify the image.
detailedDescription
string
A long description to help human operators identify the image.
packageType
string
This is used to help Spinnaker's bakery download the build artifacts you supply it with. For example, specifying deb indicates that your artifacts will need to be fetched from a debian repository.
templateFile
string
The name of the Packer template that will be used to bake images from this base image. The template file must be found in this list: https://github.com/spinnaker/rosco/tree/master/rosco-web/config/packer , or supplied as described here: https://spinnaker.io/setup/bakery/ .
Configuration for a base image for the AWS provider's bakery.
Configuration for defaults for AWS deployments.
Field
Type
Label
Description
iamRole
string
The default IAM role to use for deployments, when not otherwise specified.
Configuration for AWS-specific features.
AwsFeatures.CloudFormation
Configuration for AWS CloudFormation.
Configuration for AWS Auto Scaling Lifecycle Hooks. For more information, see:
https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html
Field
Type
Label
Description
defaultResult
string
Defines the action the Auto Scaling group should take when the lifecycle hook timeout elapses or if an unexpected failure occurs. Acceptable values: CONTINUE
, ABANDON
.
heartbeatTimeout
int32
Set the heartbeat timeout in seconds for the lifecycle hook. Instances can remain in a wait state for a finite period of time. Must be greater than or equal to 30 and less than or equal to 7200. The default is 3600 (one hour).
lifecycleTransition
string
Type of lifecycle transition. Acceptable values: autoscaling:EC2_INSTANCE_LAUNCHING
, autoscaling:EC2_INSTANCE_TERMINATING
notificationTargetARN
string
The ARN of the notification target that Amazon EC2 Auto Scaling uses to notify you when an instance is in the transition state for the lifecycle hook. This target can be either an SQS queue or an SNS topic.
roleARN
string
The ARN of the IAM role that allows the Auto Scaling group to publish to the specified notification target, for example, an Amazon SNS topic or an Amazon SQS queue.
An AWS region.
Field
Type
Label
Description
name
string
The name of the region.
AwsVirtualizationSettings
Base image virtualization settings.
Field
Type
Label
Description
region
string
The name of the region in which to launch the EC2 instance to create the AMI.
virtualizationType
string
The type of virtualization for the AMI you are building. This option must match the supported virtualization type of sourceAmi
. Acceptable values: pv
, hvm
.
instanceType
string
The EC2 instance type to use while building the AMI, such as t2.small
.
sourceAmi
string
The source AMI whose root volume will be copied and provisioned on the currently running instance. This must be an EBS-backed AMI with a root volume snapshot that you have access to.
sshUserName
string
The username to connect to SSH with. Required if using SSH.
winRmUserName
string
The username to use to connect to WinRM.
spotPrice
string
The maximum hourly price to pay for a spot instance to create the AMI. Spot instances are a type of instance that EC2 starts when the current spot price is less than the maximum price you specify. Spot price will be updated based on available spot instance capacity and current spot instance requests. It may save you some costs. You can set this to auto
for Packer to automatically discover the best spot price or to "0" to use an on demand instance (default).
spotPriceAutoProduct
string
Required if spotPrice
is set to auto
. This tells Packer what sort of AMI you are launching to find the best spot price. This must be one of: Linux/UNIX
, SUSE Linux
, Windows
, Linux/UNIX (Amazon VPC)
, SUSE Linux (Amazon VPC)
, Windows (Amazon VPC)
.
Top
cloudprovider/azure.proto
Configuration for the Azure provider.
Configuration for an Azure account.
Field
Type
Label
Description
name
string
The name of the account.
appKey
string
(Required) The appKey
(password) of your service principal.
clientId
string
(Required) The clientId
(also called appId
) of your service principal.
defaultKeyVault
string
(Required) The name of a KeyVault that contains the user name, password, and ssh public key used to create VMs
defaultResourceGroup
string
(Required) The default resource group to contain any non-application specific resources.
environment
string
The environment name for the account. Many accounts can share the same environment (e.g., dev, test, prod).
objectId
string
The objectId
of your service principal. This is only required if using Packer to bake Windows images.
packerResourceGroup
string
The resource group to use if baking images with Packer.
packerStorageAccount
string
The storage account to use if baking images with Packer.
permissions
proto.Permissions
Fiat permissions configuration.
requiredGroupMembership
string
repeated
(Deprecated): List of required Fiat permission groups. Configure permissions
instead.
regions
string
repeated
The Azure regions this Spinnaker account will manage.
subscriptionId
string
(Required) The subscriptionId
to which your service principal is assigned.
tenantId
string
(Required) The tenantId
to which your service principal is assigned.
useSshPublicKey
google.protobuf.BoolValue
If true, the SSH public key is used to provision the linux VM. If false, the password is used instead.
Configuration for Spinnaker's image bakery.
Base image configuration.
Field
Type
Label
Description
shortDescription
string
A short description to help human operators identify the image.
detailedDescription
string
A long description to help human operators identify the image.
publisher
string
(Required) The Publisher name for your base image. See https://aka.ms/azspinimage to get a list of images.
offer
string
(Required) The offer for your base image. See https://aka.ms/azspinimage to get a list of images.
sku
string
(Required) The SKU for your base image. See https://aka.ms/azspinimage to get a list of images.
version
string
The version of your base image. This defaults to latest
if not specified.
packageType
string
This is used to help Spinnaker's bakery download the build artifacts you supply it with. For example, specifying deb
indicates that your artifacts will need to be fetched from a debian repository.
templateFile
string
This is the name of the packer template that will be used to bake images from this base image. The template file must be found in this list: https://github.com/spinnaker/rosco/tree/master/rosco-web/config/packer , or supplied as described here: https://spinnaker.io/setup/bakery/ .
Configuration for a base image for the Azure provider's bakery.
Field
Type
Label
Description
baseImage
AzureBaseImage
Base image configuration.
Top
cloudprovider/cloudfoundry.proto
Configuration for the Cloud Foundry provider.
Configuration for a Spinnaker Cloud Foundry account.
Field
Type
Label
Description
name
string
The name of the account.
api
string
(Required) Host of the Cloud Foundry Foundation API endpoint (e.g., api.sys.somesystem.com
).
appsManagerUri
string
HTTP(S) URL of the Apps Manager application for the Cloud Foundry Foundation (e.g., https://apps.sys.somesystem.com
).
environment
string
The environment name for the account. Many accounts can share the same environment (e.g., dev, test, prod).
metricsUri
string
HTTP(S) URL of the metrics application for the Cloud Foundry Foundation (e.g., https://metrics.sys.somesystem.com
).
password
string
(Required) Password for the account to use for this Cloud Foundry Foundation.
skipSslValidation
google.protobuf.BoolValue
(Default: false
) Skip SSL server certificate validation of the API endpoint.
user
string
(Required) User name for the account to use for this Cloud Foundry Foundation.
permissions
proto.Permissions
Fiat permissions configuration.
requiredGroupMembership
string
repeated
(Deprecated): List of required Fiat permission groups. Configure permissions
instead.
Top
Configuration for the DC/OS (Distributed Cloud Operating System) provider.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether the provider is enabled.
accounts
DcosAccount
repeated
The list of configured accounts.
primaryAccount
string
The name of the primary account.
clusters
DcosCluster
repeated
The list of configured clusters.
Credentials to authenticate against one or more DC/OS clusters.
Field
Type
Label
Description
name
string
(Required) The name of the account.
clusters
DcosAccountCluster
repeated
(Required) The clusters against which this account will authenticate.
environment
string
The environment name for the account. Many accounts can share the same environment (e.g., dev, test, prod).
dockerRegistries
DcosAccountDockerRegistry
repeated
(Required) The list of Docker registries to use with this DC/OS account.
permissions
proto.Permissions
Fiat permissions configuration.
requiredGroupMembership
string
repeated
(Deprecated) List of required Fiat permission groups. Configure permissions
instead.
Configuration for a DC/OS cluster associated with a DcosAccount
.
Field
Type
Label
Description
name
string
(Required) The name of the cluster. Must match the name of a DcosCluster
defined for this provider.
uid
string
(Required) User or service account identifier.
serviceKeyFile
string
Path to a file containing the secret key for service account authentication. If set, password
should not be set.
password
string
Password for a user account. If set, serviceKeyFile
should not be set.
DcosAccountDockerRegistry
Configuration for a Docker registry associated with a DcosAccount
.
Field
Type
Label
Description
accountName
string
The name of the Docker registry. Must be the name of an account configured with the Docker registry provider.
Configuration for a DC/OS cluster.
Field
Type
Label
Description
name
string
(Required) The name of the cluster.
caCertFile
string
Root certificate file to trust for connections to the cluster.
dcosUrl
string
(Required) URL of the endpoint for the DC/OS cluster's admin router.
loadBalancer
DcosClusterLoadBalancer
Configuration for a DC/OS load balancer.
insecureSkipTlsVerify
google.protobuf.BoolValue
If true
, disables verification of certificates from the cluster (insecure).
Configuration for a DC/OS load balancer.
Field
Type
Label
Description
image
string
Marathon-lb image to use when creating a load balancer with Spinnaker.
serviceAccountSecret
string
Name of the secret to use for allowing marathon-lb to authenticate with the cluster. Only necessary for clusters with strict or permissive security.
Top
cloudprovider/docker_registry.proto
Configuration for the Docker Registry provider.
A credential able to authenticate against a set of Docker repositories.
Field
Type
Label
Description
name
string
The name of the account.
address
string
(Required) The registry address from which to pull and deploy images (e.g., https://index.docker.io
).
cacheIntervalSeconds
int32
The number of seconds between polling the Docker registry. Certain registries are sensitive to over-polling, and larger intervals (e.g., 10 minutes = 600 seconds) are desirable if you experience rate limiting. Defaults to 30
.
cacheThreads
int32
The number of threads on which to cache all provided repositories. Really only useful if you have a ton of repos. Defaults to 1.
clientTimeoutMillis
int32
Timeout in milliseconds for provided repositories. Defaults to 60,000
.
email
string
The email associated with your Docker registry. Often this only needs to be well-formed, rather than be a real address.
environment
string
The environment name for the account. Many accounts can share the same environment (e.g., dev, test, prod).
insecureRegistry
google.protobuf.BoolValue
If true
, Spinnaker will treat the Docker registry as insecure and not validate the SSL certificate. Defaults to false
.
paginateSize
int32
Pagination size for the Docker repository _catalog
endpoint. Defaults to 100
.
password
string
The Docker registry password. Only one of password
, passwordCommand
, and passwordFile
should be specified.
passwordCommand
string
Command to retrieve Docker token/password. The command must be available in the environment. Only one of password
, passwordCommand
, and passwordFile
should be specified.
passwordFile
string
The path to a file containing your Docker password in plaintext (not a Docker config.json
file). Only one of password
, passwordCommand
, and passwordFile
should be specified.
permissions
proto.Permissions
Fiat permissions configuration.
requiredGroupMembership
string
repeated
(Deprecated) List of required Fiat permission groups. Configure permissions
instead.
repositories
string
repeated
An optional list of repositories from which to cache images. If not provided, Spinnaker will attempt to read accessible repositories from the registries _catalog
endpoint. In the case of registries that support nested paths, like GCR, you can target nested paths by including them sans their registry domain. For example: gcr.io/my-project/path/to/image
=> my-project/path/to/image
sortTagsByDate
google.protobuf.BoolValue
If true
, Spinnaker will sort tags by creation date. Defaults to false
. Not recommended for use with large registries; sorting performance scales poorly due to limitations of the Docker V2 API.
trackDigests
google.protobuf.BoolValue
If true
, Spinnaker will track digest changes. This is not recommended because it greatly increases queries to the registry, and most registries are flaky. Defaults to false
.
username
string
The username associated with this Docker registry.
Top
Configuration for the ECS provider.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether the provider is enabled.
accounts
EcsAccount
repeated
The list of configured accounts.
primaryAccount
string
The name of the primary account.
Configuration for an ECS account.
Top
cloudprovider/google.proto
Configuration for Consul.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether Consul is enabled.
agentEndpoint
string
Reachable Consul node endpoint connected to the Consul cluster. Defaults to localhost.
agentPort
int32
Port consul is running on for every agent. Defaults to 8500.
datacenters
string
repeated
List of data centers to cache and keep updated. Defaults to all.
Configuration for Spinnaker's image bakery.
Base image configuration.
Field
Type
Label
Description
id
string
This is the identifier used by GCP to find this base image.
shortDescription
string
A short description to help human operators identify the image.
detailedDescription
string
A long description to help human operators identify the image.
packageType
string
This is used to help Spinnaker's bakery download the build artifacts you supply it with. For example, specifying deb indicates that your artifacts will need to be fetched from a debian repository.
imageFamily
google.protobuf.BoolValue
If set to true, Deck will annotate the popup tooltip to indicate that the selected option represents an image family.
Configuration for a base image for the Google provider's bakery.
Configuration for the Google Compute Engine (GCE) provider.
GoogleComputeEngineAccount
Configuration for a Spinnaker Google account. An account maps to a
credential that can authenticate against a GCP project.
Field
Type
Label
Description
name
string
The name of the account.
requiredGroupMembership
string
repeated
(Deprecated): List of required Fiat permission groups. Configure permissions
instead.
permissions
proto.Permissions
Fiat permissions configuration.
project
string
The GCP project this Spinnaker account will manage.
jsonPath
string
The path to a JSON service account that Spinnaker will use as credentials. This is only needed if Spinnaker is not deployed on a Google Compute Engine VM, or needs permissions not afforded to the VM it is running on. See https://cloud.google.com/compute/docs/access/service-accounts for more information.
alphaListed
google.protobuf.BoolValue
Enable this flag if your GCP project has access to alpha features and you want Spinnaker to take advantage of them.
imageProjects
string
repeated
A list of GCP projects from which Spinnaker will be able to cache and deploy images. When this is omitted, it defaults to the current project. Each project must have granted the IAM role compute.imageUser to the service account associated with the JSON key used by this account, as well as to the Google APIs service account automatically created for the project being managed (should look similar to [email protected] ). See https://cloud.google.com/compute/docs/images/sharing-images-across-projects for more information about sharing images across GCP projects.
consul
Consul
Configuration for Consul.
regions
string
repeated
A list of regions for caching and mutating calls. This overwrites any default regions set on the provider.
userDataFile
string
The path to user data template file. Spinnaker has the ability to inject userdata into generated instance templates. The mechanism is via a template file that is token replaced to provide some specifics about the deployment. See https://github.com/spinnaker/clouddriver/blob/master/clouddriver-aws/UserData.md for more information.
Image source configuration.
Field
Type
Label
Description
sourceImage
string
The source image. If both sourceImage and sourceImageFamily are set, sourceImage will take precedence.
sourceImageFamily
string
The source image family to create the image from. The newest, non-deprecated image is used. If both sourceImage and sourceImageFamily are set, sourceImage will take precedence.
Top
cloudprovider/huaweicloud.proto
Configuration for the Huawei Cloud provider.
Configuration for a Huawei Cloud account.
Field
Type
Label
Description
name
string
The name of the account.
accountType
string
The type of account.
requiredGroupMembership
string
repeated
(Deprecated) List of required Fiat permission groups. Configure permissions
instead.
permissions
proto.Permissions
Fiat permissions configuration.
authUrl
string
(Required) The auth URL of the cloud.
domainName
string
(Required) The domain name of the cloud.
environment
string
The environment name for the account. Many accounts can share the same environment (e.g., dev, test, prod).
insecure
google.protobuf.BoolValue
If true
, disables certificate validation on SSL connections. Needed if certificates are self-signed. Defaults to false
.
password
string
(Required) The password used to access the cloud.
projectName
string
(Required) The name of the project within the cloud.
regions
string
repeated
(Required) The region(s) of the cloud.
username
string
(Required) The username used to access the cloud.
HuaweiCloudBakeryDefaults
Configuration for Spinnaker's image bakery.
Field
Type
Label
Description
baseImages
HuaweiCloudBaseImageSettings
repeated
List of configured base images.
templateFile
string
This is the name of the packer template that will be used to bake images from this base image. The template file must be found in this list: https://github.com/spinnaker/rosco/tree/master/rosco-web/config/packer , or supplied as described here: https://spinnaker.io/setup/bakery/ .
authUrl
string
(Required) The default auth URL in which images will be baked.
username
string
(Required) The default username with which images will be baked.
password
string
(Required) The default password with which images will be baked.
projectName
string
The name of the default project in which images will be baked.
domainName
string
(Required) The default domain name in which images will be baked.
insecure
google.protobuf.BoolValue
The security setting for connecting to the Huawei Cloud account. Defaults to false
.
vpcId
string
(Required) The VPC in which images will be baked.
subnetId
string
(Required) The subnet in which images will be baked.
securityGroup
string
(Required) The default security group in which images will be baked.
eipBandwidthSize
int32
(Required) The bandwidth size of EIP in which images will be baked.
Huawei Cloud base image settings.
Field
Type
Label
Description
id
string
The name of the base image.
packageType
string
This is used to help Spinnaker's bakery download the build artifacts you supply it with. For example, specifying deb
indicates that your artifacts will need to be fetched from a debian repository.
templateFile
string
This is the name of the packer template that will be used to bake images from this base image. The template file must be found in this list: https://github.com/spinnaker/rosco/tree/master/rosco-web/config/packer , or supplied as described here: https://spinnaker.io/setup/bakery/ .
shortDescription
string
A short description to help human operators identify the image.
detailedDescription
string
A long description to help human operators identify the image.
HuaweiCloudBaseImageSettings
Configuration for a base image for the Huawei Cloud provider's bakery.
HuaweiCloudVirtualizationSettings
Huawei Cloud virtualization settings.
Field
Type
Label
Description
region
string
(Required) The region for the baking configuration.
instanceType
string
(Required) The instance type for the baking configuration.
sourceImageId
string
(Required) The source image ID for the baking configuration.
sshUserName
string
(Required) The SSH username for the baking configuration.
eipType
string
(Required) The EIP type for the baking configuration. See the API doc to get its value.
Top
cloudprovider/kubernetes.proto
Configuration for the Kubernetes provider.
Configuration for a Spinnaker Kubernetes account. An account maps to a
credential that can authenticate against your Kubernetes cluster.
Field
Type
Label
Description
name
string
The name of the account.
kinds
string
repeated
A list of resource kinds this Spinnaker account can deploy and will cache. When no kinds are configured, this defaults to all kinds described here: https://spinnaker.io/reference/providers/kubernetes-v2/ . This can only be set when omitKinds is empty or not set.
omitKinds
string
repeated
A list of resource kinds this Spinnaker account cannot deploy to or cache. This can only be set when kinds is empty or not set.
context
string
The kubernetes context to be managed by Spinnaker. See http://kubernetes.io/docs/user-guide/kubeconfig-file/#context for more information. When no context is configured for an account the current-context
in your kubeconfig is assumed.
cacheThreads
int32
Number of caching agents for this kubernetes account. Each agent handles a subset of the namespaces available to this account. By default, only 1 agent caches all kinds for all namespaces in the account.
namespaces
string
repeated
A list of namespaces this Spinnaker account can deploy to and will cache. When no namespaces are configured, this defaults to all namespaces.
omitNamespaces
string
repeated
A list of namespaces this Spinnaker account cannot deploy to or cache. This can only be set when namespaces is empty or not set.
customResources
KubernetesCustomResource
repeated
The list of custom resources Clouddriver will manage and make available for use in Patch and Delete (Manifest) stages.
cachingPolicies
KubernetesCachingPolicy
repeated
The list of kind-specific caching policies.
dockerRegistries
KubernetesAccountDockerRegistry
repeated
The list of the Spinnaker docker registry account names this Spinnaker account can use as image sources. These docker registry accounts must be registered in your halconfig before you can add them here.
oAuthScopes
string
repeated
The list of OAuth scopes used by kubectl to fetch an OAuth token.
kubeconfigFile
string
The path to your kubeconfig file. By default, it will be under the Spinnaker user's home directory in the typical .kube/config location.
permissions
proto.Permissions
Fiat permissions configuration.
requiredGroupMembership
string
repeated
(Deprecated): List of required Fiat permission groups. Configure permissions
instead.
liveManifestCalls
google.protobuf.BoolValue
When true, clouddriver will query manifest status during pipeline executions using live data rather than the cache. This eliminates all time spent in the "force cache refresh" task in pipelines, greatly reducing execution time. Defaults to false.
serviceAccount
google.protobuf.BoolValue
When true, Spinnaker attempt to authenticate against Kubernetes using a Kubernetes service account. This only works when Halyard & Spinnaker are deployed in Kubernetes. Read more about service accounts here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ . Defaults to false.
kubeconfigContents
string
The raw contents of your kubeconfig file. Ignored if kubeconfigFile is set.
kubectlPath
string
The path to the kubectl executable. This should be omitted unless you want to override the default kubectl exectuable.
kubectlRequestTimeoutSeconds
int32
If set, all calls to kubectl will time out after the specified number of seconds.
checkPermissionsOnStartup
google.protobuf.BoolValue
Whether to check whether the account has permission to read configured kinds before caching them. Kinds that the account does not have permission to read will be omitted from caching. This field defaults to true, and it is recommended to leave it at the default. If this field is set to false, any Kubernetes objects that are unreadable by the account will break caching for all objects.
oAuthServiceAccount
string
When using OAuth to authenticate with your cluster, the name of the service account to use.
onlySpinnakerManaged
google.protobuf.BoolValue
If true, only cache Kubernetes objects that have been deployed by Spinnaker, and ignore any other objects that exist in the cluster. Defaults to false.
debug
google.protobuf.BoolValue
If true, enable detailed logging for all communications with the Kubernetes cluster for this account. Defaults to false.
KubernetesAccountDockerRegistry
Configuration for a Docker registry.
Field
Type
Label
Description
accountName
string
The configured name of the Docker registry.
namespaces
string
repeated
The list of Docker registry namespaces usable as image sources.
Configuration for a kind-specific caching policy.
Field
Type
Label
Description
kubernetesKind
string
The Kubernetes kind to which the policy applies.
maxEntriesPerAgent
int32
The maximum number of resources an agent will cache of the specified Kubernetes kind.
Configuration for a CRD to be managed by Spinnaker. If Spinnaker does not
have permission to list CRDs but you need Spinnaker to manage CRDs, you
need to explicitly register each CRD.
Field
Type
Label
Description
kubernetesKind
string
The Kubernetes kind of the custom resource.
spinnakerKind
string
The Spinnaker kind to which you would like the custom resource to map.
deployPriority
string
An integer representing the deployment priority of this resource. Resources with lower values are deployed before resources with higher values.
versioned
google.protobuf.BoolValue
Whether Spinnaker should manage versioning this resource.
namespaced
google.protobuf.BoolValue
Whether the resource is namespaced. Defaults to true.
Top
cloudprovider/oracle.proto
Configuration for the Oracle provider.
Configuration for an Oracle account. An account maps to an Oracle Cloud
Infrastructure (OCI) user.
Field
Type
Label
Description
name
string
The name of the account.
requiredGroupMembership
string
repeated
(Deprecated) List of required Fiat permission groups. Configure permissions
instead.
permissions
proto.Permissions
Fiat permissions configuration.
compartmentId
string
(Required) The OCID of the Oracle Compartment to use.
environment
string
The environment name for the account. Many accounts can share the same environment (e.g., dev, test, prod).
fingerprint
string
(Required) Fingerprint of the public key.
privateKeyPassphrase
string
Passphrase used for the private key, if it is encrypted.
region
string
(Required) An Oracle region (e.g., us-phoenix-1
).
sshPrivateKeyFilePath
string
(Required) Path to the private key in PEM format.
tenancyId
string
(Required) The OCID of the Oracle Tenancy to use.
userId
string
(Required) The OCID of the Oracle User with which to authenticate.
Configuration for Spinnaker's image bakery.
Oracle base image configuration.
Field
Type
Label
Description
id
string
The name of the base image.
shortDescription
string
A short description to help human operators identify the image.
detailedDescription
string
A long description to help human operators identify the image.
packageType
string
This is used to help Spinnaker's bakery download the build artifacts you supply it with. For example, specifying deb indicates that your artifacts will need to be fetched from a debian repository.
templateFile
string
The name of the Packer template that will be used to bake images from this base image. The template file must be found in this list: https://github.com/spinnaker/rosco/tree/master/rosco-web/config/packer , or supplied as described here: https://spinnaker.io/setup/bakery/ .
Configuration for a base image for the Oracle provider's bakery.
OracleVirtualizationSettings
Oracle virtualization settings.
Field
Type
Label
Description
baseImageId
string
(Required) The OCID of the base image ID for the baking configuration.
sshUserName
string
(Required) The ssh username for the baking configuration.
Top
cloudprovider/providers.proto
Configuration for cloud provider integrations.
Top
Configuration for the clouddriver microservice.
Top
config/config_files.proto
A config file for a Spinnaker microservice.
Field
Type
Label
Description
name
string
The name of the config file.
contents
bytes
The contents of the config file.
Wrapper for serialized config files for Spinnaker microservices.
Field
Type
Label
Description
configFile
ConfigFile
repeated
Top
Field
Type
Label
Description
gateUrl
string
The endpoint at which Deck communicates with Gate.
authEnabled
google.protobuf.BoolValue
Whether authn is enabled.
authEndpoint
string
The Gate authn endpoint.
bakeryDetailUrl
string
Baking details URL used in Bake stage execution details.
canary
Deck.Canary
Configuration for the canary UI.
notifications
Deck.Notifications
Configuration for notifications providers.
providers
Deck.Providers
Configuration for cloud provider defaults.
version
string
Spinnaker version.
defaultTimeZone
string
Default time zone in which to display timestamps in the UI.
feature
Deck.Features
Configuration for UI-related feature flags.
Configuration for the canary UI.
Field
Type
Label
Description
defaultJudge
string
The default canary judge. Defaults to NetflixACAJudge-v1.0
, which is currently the only open-source judge available by default.
featureDisabled
google.protobuf.BoolValue
Whether the canary UI is disabled.
metricsAccountName
string
Name of the canary metrics account to use by default.
metricStore
string
Name of the metrics store to use by default (e.g., prometheus
, datadog
).
showAllConfigs
google.protobuf.BoolValue
Whether or not to show all canary configs in Deck, or just those scoped to the current application.
storageAccountName
string
Name of storage account to use by default.
templatesEnabled
google.protobuf.BoolValue
Whether or not to enable custom filter templates for canary configs in Deck.
Configuration for UI-related feature flags.
Configuration for notifications providers.
UI-specific provider default settings.
Deck.Providers.Appengine.Defaults
Field
Type
Label
Description
account
string
Deck.Providers.Aws.Defaults
Deck.Providers.Azure.Defaults
Deck.Providers.Cloudfoundry
Deck.Providers.Cloudfoundry.Defaults
Field
Type
Label
Description
account
string
Deck.Providers.Dcos.Defaults
Field
Type
Label
Description
account
string
Deck.Providers.Ecs.Defaults
Field
Type
Label
Description
account
string
Deck.Providers.Gce.Defaults
Deck.Providers.HuaweiCloud
Deck.Providers.HuaweiCloud.Defaults
Deck.Providers.Kubernetes
The Kubernetes provider has no statically-configured defaults,
but Deck currently registers each cloud provider based on the existence
of an entry in the providers
block.
Deck.Providers.TencentCloud
TODO: add TencentCloud as a cloud provider so we can write
config to Deck and Clouddriver.
Deck.Providers.TencentCloud.Defaults
Top
Environment variables to be set when running deck.
Field
Type
Label
Description
deckCert
string
Path to the .crt file containing deck's SSL certificate.
deckKey
string
Path to the .key file for deck's SSL certificate.
passphrase
string
The passphrase for deck's SSL certificate.
Top
Configuration for the echo microservice.
Echo scheduler configuration.
Cron configuration.
Field
Type
Label
Description
timezone
string
Default timezone. Defaults to America/Los_Angeles
.
Configuration for optional collection of usage metrics.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether to send usage metrics. Defaults to true.
instanceId
string
A unique ID representing this deployment of Spinnaker.
spinnakerVersion
string
The version of Spinnaker being deployed.
endpoint
string
The endpoint to which usage metrics are sent. This should generally be left empty, in which case metrics are sent to the default endpoint.
deploymentMethod
proto.DeploymentMethod
Information about how Spinnaker is configured and deployed.
Top
Configuration for the fiat microservice.
Top
Configuration for the front50 microservice.
Top
Configuration for cross-origin resource sharing.
Field
Type
Label
Description
allowedOriginsPattern
string
A regex matching all URLs authentication redirects may come from.
Configuration for the gate microservice.
Wrapper for Google-specific authentication.
Wrapper for Gate integrations.
Gate.Integrations.Gremlin
Configuration for Gremlin fault-injection support.
Web server configuration.
Wrapper for Spring security configuration properties.
Top
Configuration for a Spinnaker installation.
Top
Configuration for the Igor microservice.
Top
Configuration for the Kayenta microservice.
Kayenta.ServiceIntegrations
Kayenta.ServiceIntegrations.Aws
Kayenta.ServiceIntegrations.Google
Top
Configuration for the spinnaker-monitoring microservice.
The monitoring protos use snake_case for backwards compatibility with
Halyard-generated hal configs and the spinnaker-monitoring microservice.
All new protos should be added using camelCase for consistency with the
rest of the hal config.
Configuration for monitoring period and enabled metric stores.
Field
Type
Label
Description
period
int32
Polling period for the monitoring daemon (seconds). Defaults to 30.
metricStore
MetricStoreType
repeated
List of enabled metric stores.
Configurable metric store types.
Name
Number
Description
unspecified
0
datadog
1
newrelic
2
prometheus
3
stackdriver
4
Top
Configuration for the Orca microservice.
Defaults applicable to the orca microservice.
Orca.Defaults.BakeDefaults
Configuration of bakery defaults.
Field
Type
Label
Description
account
string
The default account to use for baking.
Configuration for pipeline templates.
Configuration for the status of non-core services.
Configuration for Orca tasks.
Orca.Tasks.ExecutionWindow
Execution window configuration.
Field
Type
Label
Description
timezone
string
Default timezone. Defaults to America/Los_Angeles
.
Top
Configuration for the rosco microservice.
Top
config/service_enabled.proto
Configuration for a particular microservice.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether the microservice is enabled.
baseUrl
string
The base URL for the microservice. In general, this should be the externally-resolvable URL for services that are exposed externally (ie, deck and gate).
Top
Configuration for Spinnaker's microservices.
Top
Feature flags
Top
metricstores/datadog.proto
Configuration for the Datadog metric store.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether the Datadog metric store is enabled.
apiKey
string
Datadog API key.
appKey
string
Datadog app key. Only required if you want Spinnaker to push pre-configured Spinnaker dashboards to your Datadog account.
tags
string
repeated
Datadog custom tags. Delimit the key-value pair with colons (e.g., app:test
).
Top
metricstores/metricstores.proto
Configuration for the Spinnaker monitoring daemon metric stores.
Field
Type
Label
Description
datadog
Datadog
Configuration for the Datadog metric store.
newrelic
Newrelic
Configuration for the Newrelic metric store.
prometheus
Prometheus
Configuration for the Prometheus metric store.
stackdriver
Stackdriver
Configuration for the Stackdriver metric store.
period
int32
Polling period for the monitoring daemon (seconds). Defaults to 30.
Top
metricstores/newrelic.proto
Configuration for the New Relic metric store.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether the New Relic metric store is enabled.
insertKey
string
Your New Relic Insights insert key.
host
string
The URL to post metric data to. In almost all cases, this is set correctly by default and should not be used.
tags
string
repeated
New Relic custom tags. Delimit the key-value pair with colons (e.g., app:test
).
Top
metricstores/prometheus.proto
Configuration for the Prometheus metric store.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether the Prometheus metric store is enabled.
pushGateway
string
The endpoint to which the monitoring Daemon should push metrics. If you have configured Prometheus to automatically discover all your Spinnaker services and pull metrics from them, this is not required.
Top
metricstores/stackdriver.proto
Configuration for the Stackdriver metric store.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether the Datadog metric store is enabled.
credentialsPath
string
Path to a Google JSON service account that has permission to publish metrics.
project
string
The project to which Spinnaker's metrics should be published.
zone
string
The zone with which Spinnaker's metrics should be associated.
Top
notification/bearychat.proto
Configuration for BearyChat notifications.
Top
Configuration for Email notifications.
Top
notification/github_status.proto
Configuration for Github status notifications.
Top
notification/google_chat.proto
Configuration for Google Chat notifications.
Top
notification/microsoft_teams.proto
Configuration for Microsoft Teams notifications.
Top
notification/notifications.proto
Configuration for notifications.
Top
notification/pubsub.proto
Configuration for Pub/Sub notifications.
Top
Configuration for Slack notifications.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether Slack notifications are enabled.
botName
string
The name of your Slack bot.
token
string
Your Slack bot token.
baseUrl
string
Slack endpoint. Optional, can only be set if using a compatible API.
forceUseIncomingWebhook
google.protobuf.BoolValue
Force usage of incoming webhooks endpoint for Slack. Optional, only set if using a compatible API.
Top
notification/twilio.proto
Configuration for Twilio notifications.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether Twilio notifications are enabled.
account
string
Your Twilio account SID.
token
string
Your Twilio auth token.
baseUrl
string
The endpoint of the Twilio API. Optional, only set if overriding the default.
from
string
The phone number from which the SMS will be sent (e.g., +1234-567-8910).
Top
A Fiat permissions configuration object.
Field
Type
Label
Description
READ
string
repeated
A user must have at least one of these roles in order to view this account's cloud resources.
WRITE
string
repeated
A user must have at least one of these roles in order to make changes to this account's cloud resources.
EXECUTE
string
repeated
A user must have at least one of these roles in order to execute pipelines.
Top
Configuration for Google Cloud Pub/Sub integration.
Configuration for a Google Cloud Pub/Sub publisher.
Field
Type
Label
Description
name
string
The name of the publisher account.
project
string
The name of the GCP project your topic lives in.
topicName
string
The name of the topic to publish to. This identifier does not include the name of the project, and must already be configured.
jsonPath
string
The path to a JSON service account that Spinnaker will use as credentials. This is only needed if Spinnaker is not deployed on a Google Compute Engine VM, or needs permissions not afforded to the VM it is running on. See https://cloud.google.com/compute/docs/access/service-accounts for more information.
content
string
The content to publish to the topic. Must be one of ALL or NOTIFICATIONS.
Configuration for a Google Cloud Pub/Sub subscriber.
Field
Type
Label
Description
name
string
The name of the subscriber account.
project
string
The name of the GCP project your subscription lives in.
subscriptionName
string
The name of the subscription to listen to. This identifier does not include the name of the project, and must already be configured.
jsonPath
string
The path to a JSON service account that Spinnaker will use as credentials. This is only needed if Spinnaker is not deployed on a Google Compute Engine VM, or needs permissions not afforded to the VM it is running on. See https://cloud.google.com/compute/docs/access/service-accounts for more information.
ackDeadlineSeconds
int32
The acknowledgement deadline as configured on the Pub/Sub subscription.
messageFormat
MessageFormat
The format of the incoming message. Used to translate the incoming message into Spinnaker artifacts.
templatePath
string
A path to a jinja template that specifies how artifacts from this pubsub system are interpreted and transformed into Spinnaker artifacts. Only used if messageFormat is set to CUSTOM.
Represents the format of an incoming pub/sub message.
Name
Number
Description
UNSPECIFIED
0
Unspecified. Do not directly use, instead omit the field.
CUSTOM
1
GCB
2
GCS
3
GCR
4
Top
Configuration for Pub/Sub integration.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether Pub/Sub is enabled.
google
Google
Configuration for the Google Cloud Pub/Sub integration.
Top
repository/artifactory.proto
Artifactory repository integration.
Artifactory service search configuration.
Field
Type
Label
Description
name
string
Name of the search.
baseUrl
string
The base URL at which your Artifactory search is reachable.
repo
string
The repo in your Artifactory to be searched.
groupId
string
The group ID in your Artifactory to be searched.
repoType
string
The package type of repo in your Artifactory to be searched. Defaults to MAVEN
.
username
string
The username of the Artifactory user to authenticate as.
password
string
The password of the Artifactory user to authenticate as.
Top
repository/repository.proto
Repository integrations.
Field
Type
Label
Description
artifactory
Artifactory
Artifactory repository integration.
Top
security/authn/authn.proto
Configuration of how users authenticate against Spinnaker.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether to enabled authentication.
oauth2
OAuth2
OAuth 2.0 configuration.
saml
Saml
SAML configuration.
ldap
Ldap
LDAP configuration.
x509
X509
X509 configuration.
iap
Iap
Google Cloud Identity-Aware Proxy configuration.
basic
Basic
Basic username/password authentication.
Configuration for basic username/password authentication
Configuration for authentication via Google Cloud Identity-Aware Proxy.
Google Cloud Identity-Aware Proxy (IAP) is an authentication model that utilizes
Google OAuth 2.0 and an authorization service to provide access control for users
of GCP. After a user has been authenticated and authorized by IAP's service, a
JWT token is passed along which Spinnaker uses to check for authenticity and to
get the user email from the payload and sign the user in. To configure IAP, set
the audience field retrieved from the IAP console.
Configuration for authentication via LDAP.
Lightweight Directory Access Protocol (LDAP) is a standard way many organizations
maintain user credentials and group memberships. Spinnaker uses the standard
'bind' approach for user authentication. This is a fancy way of saying that
Gate uses your username and password to login to the LDAP server, and if the
connection is successful, you're considered authenticated.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether the authentication method is enabled.
url
string
ldap:// or ldaps:// url of the LDAP server.
userDnPattern
string
The pattern for finding a user's DN using simple pattern matching. For example, if your LDAP server has the URL ldap://mysite.com/dc=spinnaker,dc=org, and you have the pattern 'uid={0},ou=members', 'me' will map to a DN uid=me,ou=members,dc=spinnaker,dc=org. If no match is found, will try to find the user using user-search-filter, if set.
userSearchBase
string
The part of the directory tree under which user searches should be performed. If user-search-base isn't supplied, the search will be performed from the root.
userSearchFilter
string
The filter to use when searching for a user's DN. Will search either from user-search-base (if specified) or root for entires matching the filter, then attempt to bind as that user with the login password. For example, the filter 'uid={0}' would apply to any user where uid matched the user's login name. If -user-dn-pattern is also specified, will attempt to find a match using the specified pattern first, before searching with the specified search filter if no match is found from the pattern.
managerDn
string
An LDAP manager user is required for binding to the LDAP server for the user authentication process. This property refers to the DN of that entry. I.e. this is not the user which will be authenticated when logging into DHIS2, rather the user which binds to the LDAP server in order to do the authentication.
managerPassword
string
The password for the LDAP manager user.
groupSearchBase
string
The part of the directory tree under which group searches should be performed.
Configuration for authentication via OAuth 2.0.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether the authentication method is enabled.
client
OAuth2Client
Configuration for your OAuth 2.0 client.
userInfoRequirements
OAuth2.UserInfoRequirementsEntry
repeated
The map of requirements the userInfo request must have. This is used to restrict user login to specific domains or having a specific attribute.
resource
OAuth2Resource
Configuration for OAuth 2.0 resources.
userInfoMapping
OAuth2UserInfoMapping
Mapping of user attributes to fields returned by your OAuth 2.0 provider. This field controls how the fields returned from the OAuth 2.0 provider's user info endpoint are translated into a Spinnaker user.
OAuth2.UserInfoRequirementsEntry
Configuration for an OAuth 2.0 client.
Field
Type
Label
Description
clientId
string
The OAuth client ID you have configured with your OAuth 2.0 provider.
clientSecret
string
The OAuth client secret you have configured with your OAuth provider.
accessTokenUri
string
The access token uri for your OAuth provider.
userAuthorizationUri
string
The user authorization uri for your OAuth 2.0 provider.
clientAuthenticationScheme
OAuth2Client.AuthenticationScheme
The method used to transmit authentication credentials to your OAuth 2.0 provider.
scope
string
The scope to request when obtaining an access token from your OAuth 2.0 provider.
preEstablishedRedirectUri
string
The externally accessible URL for Gate. For use with load balancers that do any kind of address manipulation for Gate traffic, such as an SSL terminating load balancer.
useCurrentUri
google.protobuf.BoolValue
Whether the current URI in the request should be preferred over the pre-established redirect URI.
Configuration for OAuth 2.0 resources.
Field
Type
Label
Description
userInfoUri
string
The user info URI for your OAuth 2.0 provider.
Mapping of user attributes to fields returned by an OAuth 2.0 provider.
This field controls how the fields returned from the OAuth 2.0 provider's user
info endpoint are translated into a Spinnaker user.
Field
Type
Label
Description
email
string
Email.
firstName
string
First name.
lastName
string
Last name.
username
string
Username.
Configuration for authentication via SAML.
SAML authenticates users by passing cryptographically signed XML documents
between the Gate server and an identity provider. Gate's key is stored and
accessed via the -keystore parameters, while the identity provider's keys are
included in the metadata.xml. Finally, the identity provider must redirect the
control flow (through the user's browser) back to Gate by way of the
-serviceAddressUrl. This is likely the address of Gate's load balancer.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether the authentication method is enabled.
metadataUrl
string
The path to a local file containing identity provider's metadata XML file; can be either a local file or a URI.
issuerId
string
The identity of the Spinnaker application registered with the SAML provider.
keyStore
string
Path to the keystore that contains this server's private key. This key is used to cryptographically sign SAML AuthNRequest objects.
keyStorePassword
string
The password used to access the file specified in -keystore.
keyStoreAliasName
string
The name of the alias under which this server's private key is stored in the -keystore file.
redirectHostname
string
The host name of the gate server as accessible by the SAML identity provider. If deployed behind a load balancer, this would be the load balancer's address. (Ex: gate.org.com:8084)
redirectBasePath
string
The base path on the gate server to which redirects will be sent. Defaults to '/' if absent.
redirectProtocol
string
The protocol to use to when redirecting back to the Gate server. Defaults to 'https' if absent.
userAttributeMapping
Saml.UserAttributes
Configuration for fields returned from your SAML provider.
signatureDigest
Saml.SignatureDigest
Digest algorithm to sign SAML messages (optional).
Configuration for fields returned from your SAML provider.
Field
Type
Label
Description
firstName
string
First name.
lastName
string
Last name.
roles
string
Roles.
rolesDelimiter
string
Roles delimiter.
username
string
Username.
email
string
Email.
Configuration for a username/password combination.
Field
Type
Label
Description
username
string
Username.
password
string
Password.
Configuration for authentication via X509 certificates.
X509 authenticates users via client certificate and a corresponding private key.
These certificates optionally provide authorization information via custom OIDs
with corresponding group information for the user. This can be configured via -roleOid.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether the authentication method is enabled.
roleOid
string
The OID that encodes roles that the user specified in the x509 certificate belongs to.
subjectPrincipalRegex
string
The regex used to parse the subject principal name embedded in the x509 certificate if necessary.
OAuth2Client.AuthenticationScheme
Methods to transmit authentication tokens to an OAuth 2.0 provider.
Name
Number
Description
unspecified
0
Unspecified. Do not directly use, instead omit the field.
header
1
Token is sent in the request header.
query
2
Token is sent as a query parameter.
form
3
Token is sent in the form body.
none
4
Token is not sent at all.
Digest algorithms to sign SAML messages.
Name
Number
Description
UNSPECIFIED
0
Unspecified. Do not directly use, instead omit the field.
SHA1
1
Digest algorithm SHA1 (default).
SHA256
2
Digest algorithm SHA256.
SHA384
3
Digest algorithm SHA384.
SHA512
4
Digest algorithm SHA512.
RIPEMD160
5
Digest algorithm RIPEMD160.
MD5
6
Digest algorithm MD5 (not recommended).
Top
security/authz/authz.proto
Configuration for what resources users of Spinnaker can read and modify.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether Spinnaker's role-based authorization is enabled.
groupMembership
GroupMembership
Configuration role providers that map users to groups.
Configuration for the file-based role provider.
Field
Type
Label
Description
path
string
A path to a file describing the roles of each user.
Configuration for the GitHub role provider.
Field
Type
Label
Description
baseUrl
string
Used if using GitHub enterprise some other non github.com GitHub installation.
accessToken
string
A personal access token of an account with access to your organization's GitHub Teams structure.
organization
string
The GitHub organization under which to query for GitHub Teams.
Configuration for the Google role provider.
Field
Type
Label
Description
credentialPath
string
A path to a valid json service account that can authenticate against the Google role provider.
adminUsername
string
Your role provider's admin username e.g. [email protected] .
domain
string
The domain your role provider is configured for e.g. myorg.net.
Configuration role providers that map users to groups.
Field
Type
Label
Description
service
GroupMembership.RoleProviderType
Configuration for which role provider to use for authorization decisions. Each role provider has a corresponding field; configuration specific to the role provider you are using should be added to the appropriate field.
google
GoogleRoleProvider
Configuration for the Google role provider.
github
GithubRoleProvider
Configuration for the GitHub role provider.
file
FileRoleProvider
Configuration for the file-based role provider.
ldap
LdapRoleProvider
Configuration for the LDAP role provider.
Configuration for the LDAP role provider.
Field
Type
Label
Description
url
string
ldap:// or ldaps:// url of the LDAP server.
managerDn
string
The manager user's distinguished name (principal) to use for querying LDAP groups.
managerPassword
string
The manager user's password to use for querying LDAP groups.
userDnPattern
string
The pattern for finding a user's DN using simple pattern matching. For example, if your LDAP server has the URL ldap://mysite.com/dc=spinnaker,dc=org, and you have the pattern 'uid={0},ou=members', 'me' will map to a DN uid=me,ou=members,dc=spinnaker,dc=org. If no match is found, will try to find the user using -user-search-filter, if set.
userSearchBase
string
The part of the directory tree under which user searches should be performed. If -user-search-base isn't supplied, the search will be performed from the root.
groupSearchBase
string
The part of the directory tree under which group searches should be performed.
userSearchFilter
string
The filter to use when searching for a user's DN. Will search either from -user-search-base (if specified) or root for entries matching the filter.
groupSearchFilter
string
The filter which is used to search for group membership. The default is 'uniqueMember={0}', corresponding to the groupOfUniqueMembers LDAP class. In this case, the substituted parameter is the full distinguished name of the user. The parameter '{1}' can be used if you want to filter on the login name.
groupRoleAttributes
string
The attribute which contains the name of the authority defined by the group entry. Defaults to 'cn'.
GroupMembership.RoleProviderType
Configuration for which role provider to use for authorization decisions.
Name
Number
Description
UNSPECIFIED
0
Unspecified. Do not directly use, instead omit the field.
FILE
1
File-based role provider.
GOOGLE
2
Google role provider.
GITHUB
3
GitHub role provider.
LDAP
4
LDAP role provider.
Top
Configuration for security settings.
Field
Type
Label
Description
apiSecurity
ApiSecurity
Configuration for the API server's addressable URL and CORS policies.
uiSecurity
UiSecurity
Configuration for the UI server's addressable URL.
authn
authn.Authentication
Configuration of how users authenticate against Spinnaker.
authz
authz.Authorization
Configuration for what resources users of Spinnaker can read and modify.
Top
Configuration for the API server's addressable URL and CORS policies.
Field
Type
Label
Description
corsAccessPattern
string
If you have authentication enabled, are accessing Spinnaker remotely, and are logging in from sources other than the UI, provide a regex matching all URLs authentication redirects may come from.
ssl
ApiSsl
If you want the API server to do SSL termination, it must be enabled and configured here. If you are doing your own SSL termination, leave this disabled.
overrideBaseUrl
string
If you are accessing the API server remotely, provide the full base URL of whatever proxy or load balancer is fronting the API requests
Configuration for SSL termination by the API server.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether SSL is enabled.
keyAlias
string
Name of your keystore entry as generated with your keytool.
keyStore
string
Path to the keystore holding your security certificates.
keyStoreType
string
The type of your keystore. Examples include JKS, and PKCS12.
keyStorePassword
string
The password to unlock your keystore. Due to a limitation in Tomcat, this must match your key's password in the keystore.
trustStore
string
Path to the truststore holding your trusted certificates.
trustStoreType
string
The type of your truststore. Examples include JKS, and PKCS12.
trustStorePassword
string
The password to unlock your truststore.
clientAuth
ClientAuth
Whether to require or allow client authentication.
Configuration for the UI server's addressable URL.
Field
Type
Label
Description
ssl
UiSsl
Configuration for SSL termination by the UI gateway.
overrideBaseUrl
string
If you are accessing the UI server remotely, provide the full base URL of whatever proxy or load balancer is fronting the UI requests.
Configuration for SSL termination by the UI gateway.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether SSL is enabled.
sslCertificateFile
string
Path to your .crt file.
sslCertificateKeyFile
string
Path to your .key file.
sslCACertificateFile
string
Path to the .crt file for the CA that issued your SSL certificate. This is only needed for local git deployments that serve the UI using webpack dev server.
sslCertificatePassphrase
string
The passphrase needed to unlock your SSL certificate. This will be provided to Apache on startup.
Setting for client authentication.
Name
Number
Description
UNSPECIFIED
0
Unspecified. Do not directly use, instead omit the field.
NONE
1
No client authentication.
WANT
2
Client authentication is optional.
NEED
3
Client authentication is required.
Top
security/trust_store.proto
Configuration for a custom trust store.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether this custom trust store is enabled.
trustStore
string
The path to a key store in JKS format containing certification authorities that should be trusted.
trustStorePassword
string
The password for the supplied trustStore.
Configuration for webhooks.
Field
Type
Label
Description
trust
TrustStore
A custom trust store to use for outgoing webhook connections.
Top
Information about how Spinnaker is configured and deployed.
Field
Type
Label
Description
type
string
The tool used to configure Spinnaker (in this case, kleat).
version
string
The kleat version.
Configuration for optional collection of usage metrics.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether to send usage metrics. Defaults to true.
instanceId
string
A unique ID representing this deployment of Spinnaker.
endpoint
string
The endpoint to which usage metrics are sent. This should generally be left empty, in which case metrics are sent to the default endpoint.
Top
Configuration for an Azure Storage persistent store.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether this persistent store is enabled.
storageAccountName
string
The name of an Azure Storage Account.
storageAccountKey
string
The key to access the Azure Storage Account.
storageContainerName
string
The container name in the chosen storage account to place Spinnaker's persistent data. Defaults to 'spinnaker' if unspecified.
Top
Configuration for a Google Cloud Storage persistent store
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether this persistent store is enabled.
jsonPath
string
A path to a JSON service account with permission to read and write to the bucket to be used as a backing store.
project
string
The Google Cloud Platform project you are using to host the GCS bucket as a backing store.
bucket
string
The name of a storage bucket that your specified account has access to.
rootFolder
google.protobuf.StringValue
The root folder in the chosen bucket to place all of Spinnaker's persistent data in.
bucketLocation
string
This is only required if the bucket you specify does not exist yet.
Top
Configuration for an Oracle persistent store.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue
Whether this persistent store is enabled.
bucketName
string
The bucket name to store persistent state object in.
namespace
string
The namespace the bucket and objects should be created in.
region
string
An Oracle region (e.g., us-phoenix-1).
userId
string
The OCID of the Oracle User you're authenticating as.
fingerprint
string
Fingerprint of the public key.
sshPrivateKeyFilePath
string
Path to the private key in PEM format.
privateKeyPassphrase
string
Passphrase used for the private key, if it is encrypted.
tenancyId
string
The OCID of the Oracle Tenancy to use.
compartmentId
string
The OCID of the Oracle Compartment to use.
Top
storage/persistent_storage.proto
Configuration of Spinnaker's persistent storage.
Top
Configuration for an Amazon S3 persistent store.
Configuration for S3 server-side encryption; values correspond to values of
the 'x-amz-server-side-encryption' header.
Name
Number
Description
UNSPECIFIED
0
Unspecified. Do not directly use, instead omit the field.
AES256
1
Amazon S3-managed encryption keys, equivalent to a header value of 'AES256'.
AWSKMS
2
AWS KMS-managed encryption keys, equivalent to a header value of 'aws:kms'.
Top
ConnectionPool confifugration for the SQL server
Field
Type
Label
Description
user
string
Database username
password
string
Database password
jdbcUrl
string
Database connection string. This needs to include server port and database name as well
connectionTimeout
int32
Database connection timeout in milliseconds
maxLifetime
int32
maxLifetime controls the maximum lifetime of a connection in the pool in milliseconds.
maxPoolSize
int32
Maximum number of connections stored in the connection pool
The default connection pool
.proto Type
Notes
C++
Java
Python
Go
C#
PHP
Ruby
double
double
double
float
float64
double
float
Float
float
float
float
float
float32
float
float
Float
int32
Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead.
int32
int
int
int32
int
integer
Bignum or Fixnum (as required)
int64
Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead.
int64
long
int/long
int64
long
integer/string
Bignum
uint32
Uses variable-length encoding.
uint32
int
int/long
uint32
uint
integer
Bignum or Fixnum (as required)
uint64
Uses variable-length encoding.
uint64
long
int/long
uint64
ulong
integer/string
Bignum or Fixnum (as required)
sint32
Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s.
int32
int
int
int32
int
integer
Bignum or Fixnum (as required)
sint64
Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s.
int64
long
int/long
int64
long
integer/string
Bignum
fixed32
Always four bytes. More efficient than uint32 if values are often greater than 2^28.
uint32
int
int
uint32
uint
integer
Bignum or Fixnum (as required)
fixed64
Always eight bytes. More efficient than uint64 if values are often greater than 2^56.
uint64
long
int/long
uint64
ulong
integer/string
Bignum
sfixed32
Always four bytes.
int32
int
int
int32
int
integer
Bignum or Fixnum (as required)
sfixed64
Always eight bytes.
int64
long
int/long
int64
long
integer/string
Bignum
bool
bool
boolean
boolean
bool
bool
boolean
TrueClass/FalseClass
string
A string must always contain UTF-8 encoded or 7-bit ASCII text.
string
String
str/unicode
string
string
string
String (UTF-8)
bytes
May contain any arbitrary sequence of bytes.
string
ByteString
str
[]byte
ByteString
string
String (ASCII-8BIT)