We handle numerous questions every day in the Spinnaker Slack channel related to configuring Spinnaker.
Each of the core components runs as a Spring Boot application, and it has a powerful system for composing and overwriting values via YAML files.
It’s important to first understand that there are shared settings that apply to every service, and some that are specific to an individual service. Shared settings can be overridden by the individual services.
The common settings are defined in the spinnaker.yml file (found in
/opt/spinnaker/config), and component-specific settings are found in files like
Now, it’s important that you do not edit these files. They are [source controlled] (https://github.com/spinnaker/spinnaker/tree/master/config), so the next time you update Spinnaker, any changes you’ve made will be clobbered.
Instead, you should create a separate
-local.yml file, and replicate the YAML
settings you want to overwrite.
When each of the services come up, they will load the config files in this order (I’ll use the Gate service as the example):
So lets say there’s a snippet of YAML in spinnaker.yml that you want to change:
the: special: setting: 42
You’ll first create (or edit) the
spinnaker-local.yml file that overwrites this
the: special: setting: 1337
Now, all of the component services will have the.special.setting property with a value of 1337.
“But what if I want it changed just for a specific component?”
No problem - just overwrite it in that component’s
You may recognize this as a “last write wins” kind of pattern -
sets it to a default value, it’s overwritten in
spinnaker-local.yml, and then
overwritten again in a component’s
Spring Profiles are a powerful way to group logical sets of configurations that can be turned on and off with command line arguments or environmental properties.
For example, we bake in common settings for Google, Azure, and GitHub OAuth settings directly into Gate. Here is a snippet:
spring: profiles: googleOAuth oauth2: client: # Set these values in your own config file (e.g. gate-googleOAuth.yml). # clientId: # clientSecret: accessTokenUri: https://www.googleapis.com/oauth2/v4/token userAuthorizationUri: https://accounts.google.com/o/oauth2/v2/auth scope: "profile email" resource: userInfoUri: https://www.googleapis.com/oauth2/v3/userinfo userInfoMapping: email: email firstName: given_name lastName: family_name
Notice the name of the profile is
googleOAuth. The comment suggests writing
clientSecret into a file named
gate-googleOAuth.yml, which would look
spring: oauth2: client: clientId: abcdefgh clientSecret: shhhDontTellAnyone
That looks strangely familiar to
gate-local setup, no? That’s because local is
in fact a Spring profile! It’s applied automatically by each component at
The easiest way to set your active profiles is using the
environmental variable and restart. Be sure to include the local profile too!