We handle numerous questions every day in the Spinnaker Slack channel related to configuring Spinnaker.
Each of the core components runs as a Spring Boot application, and it has a powerful system for composing and overwriting values via YAML files.
It's important to first understand that there are shared settings that apply to every service, and some that are specific to an individual service. Shared settings can be overridden by the individual services.
The common settings are defined in the
spinnaker.yml file (found in
/opt/spinnaker/config), and component-specific settings are found in files like
Now, it's important that you do not edit these files. They are source controlled, so the next time you update Spinnaker, any changes you've made will be clobbered.
Instead, you should create a separate
-local.yml file, and replicate the YAML settings you want to overwrite.
When each of the services come up, they will load the config files in this order (I'll use the Gate service as the example):
So lets say there's a snippet of YAML in
spinnaker.yml that you want to change:
the: special: setting: 42
You'll first create (or edit) the
spinnaker-local.yml file that overwrites this setting
the: special: setting: 1337
Now, all of the component services will have
the.special.setting property with a value of 1337.
"But what if I want it changed just for a specific component?"
No problem - just overwrite it in that component's
You may recognize this as a "last write wins" kind of pattern -
spinnaker.yml sets it to a default value, it's overwritten in
spinnaker-local.yml, and then overwritten again in a component's
Spring Profiles are a powerful way to group logical sets of configurations that can be turned on and off with command line arguments or environmental properties.
For example, we bake in common settings for Google, Azure, and GitHub OAuth settings directly into Gate. Here is a snippet:
--- spring: profiles: googleOAuth spring: oauth2: client: # Set these values in your own config file (e.g. gate-googleOAuth.yml). # clientId: # clientSecret: accessTokenUri: https://www.googleapis.com/oauth2/v4/token userAuthorizationUri: https://accounts.google.com/o/oauth2/v2/auth scope: "profile email" resource: userInfoUri: https://www.googleapis.com/oauth2/v3/userinfo userInfoMapping: email: email firstName: given_name lastName: family_name ---
Notice the name of the profile is
googleOAUth. The comment suggests writing
clientSecret into a file named
gate-googleOAuth, which would look like:
spring: oauth2: client: clientId: abcdefgh clientSecret: shhhDontTellAnyone
That looks strangely familiar to
gate-local setup, no? That's because
local is in fact a Spring profile! It's applied automatically by each component at startup time.
The easiest way to set your active profiles is using the
SPRING_PROFILES_ACTIVE environmental variable and restart. Be sure to include the
local profile too!