From 7e4318d7ba97b7d3a6222935f84afe4c2e6c8c03 Mon Sep 17 00:00:00 2001 From: brian-armory <53799971+brian-armory@users.noreply.github.com> Date: Tue, 22 Sep 2020 14:14:38 -0700 Subject: [PATCH] docs(saas): reorganize and rewrite content in preparation for saas (#211) * reorg * more * docs(pipelines): remove unused demo pipelines feature (#213) (cherry picked from commit 999909b1e8d5353c7e2654be6a800e4317eb05dc) * see if older link checker version fails * see if older link checker version fails * remove : * i give up. the imgs arent actually broken * more moving * break the json * more moving * more moving * more moving * drop version back down to 1.05 on link checker * fix broken link * finish the moving * delete weight from frontmatter * fix broken links * Update redirects in netlify.toml * Revert redirects in netlify.toml Redirects to new section but not to new page name in cases where page name has been changed * add /docs/ to new page redirects * add missing : to mlc_config.json * Fix broken URLs; update linkcheck to 1.0.7 Co-authored-by: Aimee Ukasick --- .github/workflows/mlc_config.json | 6 +- .github/workflows/pr-link-check.yml | 2 +- content/en/docs/Overview/_index.md | 3 +- content/en/docs/Overview/architecture.md | 5 +- content/en/docs/Overview/overview.md | 2 +- .../Secrets/_index.md} | 20 +- .../Secrets/secrets-aws-sm.md | 2 + .../Secrets/secrets-gcs.md | 3 +- .../Secrets/secrets-kubernetes.md | 3 +- .../Secrets/secrets-s3.md | 3 +- .../Secrets/secrets-vault.md | 3 +- .../Secrets/vault-k8s-configuration.md | 3 +- content/en/docs/armory-admin/_index.md | 5 + .../account-management-api.md | 0 .../add-aws-account.md | 2 +- .../api-endpoint.md | 5 +- .../armory-halyard-reference.md | 2 +- .../artifacts-docker-connect.md} | 6 +- .../artifacts-ecr-connect.md} | 11 +- .../artifacts-github-connect.md} | 70 +-- .../artifacts-s3-configure.md} | 9 +- .../auth-okta-configure.md} | 29 +- .../authn-github.md | 14 +- .../authorization.md | 3 +- .../aws-dr.md | 7 +- .../aws-iam-roles-configure.md} | 208 +++---- .../aws-subnets-configure.md} | 9 +- .../bake-and-share.md | 3 +- .../clouddriver-sql-configure.md} | 7 +- .../diagnostics-configure.md} | 6 +- .../dinghy-enable.md} | 10 +- .../dns-and-ssl.md | 6 +- .../dynamic-accounts-configure.md} | 5 +- .../exposing-spinnaker.md | 2 +- .../armory-admin/fiat-create-permissions.md | 122 +++++ .../generating-certificates.md | 10 +- .../halyard-gitops.md | 5 +- .../hostname-deck-gate-configure.md} | 6 +- .../integrations-servicenow.md | 47 +- .../integrations-splunk.md} | 24 +- .../integrations-sumologic.md} | 9 +- .../jenkins-connect.md} | 9 +- .../en/docs/armory-admin/kayenta-configure.md | 115 ++++ .../kubernetes-account-add.md} | 5 +- .../manual-service-account.md | 10 +- .../mtls-configure.md} | 16 +- .../notifications-slack-configure.md} | 3 +- .../orca-sql-configure.md} | 10 +- .../packer.md | 9 +- .../policy-engine-enable.md | 5 +- .../prometheus-monitoring.md | 7 +- .../rate-limit.md | 16 +- .../terraform-enable-integration.md | 46 +- .../tls-configure.md} | 20 +- .../travis-connect.md} | 13 +- content/en/docs/installation/_index.md | 2 +- .../guide/aws-container-marketplace.md | 2 +- .../docs/installation/guide/install-on-aks.md | 2 +- .../docs/installation/guide/install-on-aws.md | 2 +- .../docs/installation/guide/install-on-gke.md | 2 +- .../docs/installation/guide/install-on-k8s.md | 2 +- .../Armory-Spinnaker-Quickstart-1.md | 3 +- .../Armory-Spinnaker-Quickstart-2.md | 3 +- .../Armory-Spinnaker-Quickstart-3.md | 1 + .../guide}/quickstart/_index.md | 0 .../guide}/upgrade-oss-to-armory.md | 3 +- .../guide}/upgrade-spinnaker.md | 3 +- content/en/docs/installation/operator.md | 2 +- .../armoryspinnaker_v2-21-0.md | 2 +- .../Secrets/_index.md | 6 - .../spinnaker-install-admin-guides/_index.md | 7 - .../fiat-create-permissions.md | 123 ----- .../StaticBaselineJudge.md | 1 - .../en/docs/spinnaker-user-guides/_index.md | 6 +- .../app-secrets.md | 2 +- .../application-pipeline.md | 1 - .../application-screen.md | 1 - .../artifact-promotion.md | 2 +- .../{docker.md => artifacts-docker-using.md} | 2 +- .../artifacts-github-use.md | 25 + ...3-artifacts-use.md => artifacts-s3-use.md} | 5 +- .../automated-rollbacks.md | 2 +- .../spinnaker-user-guides/baking-images.md | 5 - .../spinnaker-user-guides/best-practices.md | 2 - .../spinnaker-user-guides/debian-packages.md | 1 - .../docs/spinnaker-user-guides/deploying.md | 3 +- .../expression-language.md | 3 +- .../en/docs/spinnaker-user-guides/github.md | 20 +- .../{kayenta.md => kayenta-canary-use.md} | 12 +- .../kubernetes-deployments.md | 2 +- .../spinnaker-user-guides/kubernetes-v2.md | 1 - .../kustomize-manifests.md | 2 - .../pacrd-crd-docs.md | 3 +- .../pacrd.md | 3 +- .../docs/spinnaker-user-guides/pipelines.md | 1 - .../policy-engine-use.md | 10 +- .../terraform-use-integration.md | 6 +- .../using-dinghy.md | 6 +- .../spinnaker-user-guides/video-tutorials.md | 1 - .../en/docs/spinnaker-user-guides/webhooks.md | 1 - .../working-with-jenkins.md | 1 - .../spinnaker-user-guides/writing-scripts.md | 1 - content/en/docs/spinnaker/_index.md | 7 - .../en/docs/spinnaker/configure-kayenta.md | 513 ------------------ content/en/docs/spinnaker/halyard-secrets.md | 21 - .../artifacts/ecr-test.png} | Bin .../artifacts/okta}/okta-addapplication.png | Bin .../artifacts/okta}/okta-applications.png | Bin .../artifacts/okta}/okta-appname.png | Bin .../artifacts/okta}/okta-createnewapp.png | Bin .../okta}/okta-createnewintegration.png | Bin .../artifacts/okta}/okta-feedback.png | Bin .../artifacts/okta}/okta-idpmetadata.png | Bin .../artifacts/okta}/okta-samlsettings.png | Bin .../okta}/okta-viewsetupinstructions.png | Bin .../SpinnakerArchitecture.png} | Bin 116 files changed, 693 insertions(+), 1125 deletions(-) rename content/en/docs/{spinnaker-install-admin-guides/Secrets/secrets.md => armory-admin/Secrets/_index.md} (84%) rename content/en/docs/{spinnaker-install-admin-guides => armory-admin}/Secrets/secrets-aws-sm.md (95%) rename content/en/docs/{spinnaker-install-admin-guides => armory-admin}/Secrets/secrets-gcs.md (91%) rename content/en/docs/{spinnaker-install-admin-guides => armory-admin}/Secrets/secrets-kubernetes.md (94%) rename content/en/docs/{spinnaker-install-admin-guides => armory-admin}/Secrets/secrets-s3.md (94%) rename content/en/docs/{spinnaker-install-admin-guides => armory-admin}/Secrets/secrets-vault.md (98%) rename content/en/docs/{spinnaker-install-admin-guides => armory-admin}/Secrets/vault-k8s-configuration.md (97%) create mode 100644 content/en/docs/armory-admin/_index.md rename content/en/docs/{spinnaker => armory-admin}/account-management-api.md (100%) rename content/en/docs/{spinnaker-install-admin-guides => armory-admin}/add-aws-account.md (99%) rename content/en/docs/{spinnaker-install-admin-guides => armory-admin}/api-endpoint.md (99%) rename content/en/docs/{installation => armory-admin}/armory-halyard-reference.md (99%) rename content/en/docs/{spinnaker-install-admin-guides/docker.md => armory-admin/artifacts-docker-connect.md} (97%) rename content/en/docs/{spinnaker-install-admin-guides/ecr-registry.md => armory-admin/artifacts-ecr-connect.md} (93%) rename content/en/docs/{spinnaker-install-admin-guides/github.md => armory-admin/artifacts-github-connect.md} (55%) rename content/en/docs/{spinnaker-install-admin-guides/s3.md => armory-admin/artifacts-s3-configure.md} (90%) rename content/en/docs/{spinnaker-install-admin-guides/okta.md => armory-admin/auth-okta-configure.md} (81%) rename content/en/docs/{spinnaker-install-admin-guides => armory-admin}/authn-github.md (86%) rename content/en/docs/{spinnaker => armory-admin}/authorization.md (97%) rename content/en/docs/{spinnaker-install-admin-guides => armory-admin}/aws-dr.md (97%) rename content/en/docs/{spinnaker-install-admin-guides/add-aws-account-iam.md => armory-admin/aws-iam-roles-configure.md} (85%) rename content/en/docs/{spinnaker-install-admin-guides/aws-subnets.md => armory-admin/aws-subnets-configure.md} (90%) rename content/en/docs/{spinnaker => armory-admin}/bake-and-share.md (98%) rename content/en/docs/{spinnaker-install-admin-guides/clouddriver-sql.md => armory-admin/clouddriver-sql-configure.md} (97%) rename content/en/docs/{spinnaker-install-admin-guides/admin-diagnostics.md => armory-admin/diagnostics-configure.md} (96%) rename content/en/docs/{spinnaker/install-dinghy.md => armory-admin/dinghy-enable.md} (98%) mode change 100755 => 100644 rename content/en/docs/{spinnaker-install-admin-guides => armory-admin}/dns-and-ssl.md (96%) rename content/en/docs/{spinnaker-install-admin-guides/dynamic-accounts.md => armory-admin/dynamic-accounts-configure.md} (98%) rename content/en/docs/{spinnaker => armory-admin}/exposing-spinnaker.md (99%) create mode 100644 content/en/docs/armory-admin/fiat-create-permissions.md rename content/en/docs/{spinnaker-install-admin-guides => armory-admin}/generating-certificates.md (95%) rename content/en/docs/{spinnaker-install-admin-guides => armory-admin}/halyard-gitops.md (96%) rename content/en/docs/{spinnaker-install-admin-guides/single-hostname-deck-gate.md => armory-admin/hostname-deck-gate-configure.md} (95%) rename content/en/docs/{spinnaker => armory-admin}/integrations-servicenow.md (95%) rename content/en/docs/{spinnaker-install-admin-guides/splunk-spinnaker.md => armory-admin/integrations-splunk.md} (94%) rename content/en/docs/{spinnaker-install-admin-guides/sumologic-dashboard.md => armory-admin/integrations-sumologic.md} (97%) rename content/en/docs/{spinnaker-install-admin-guides/jenkins.md => armory-admin/jenkins-connect.md} (93%) create mode 100644 content/en/docs/armory-admin/kayenta-configure.md rename content/en/docs/{spinnaker-install-admin-guides/add-kubernetes-account.md => armory-admin/kubernetes-account-add.md} (99%) rename content/en/docs/{spinnaker-install-admin-guides => armory-admin}/manual-service-account.md (95%) rename content/en/docs/{spinnaker-install-admin-guides/services-mtls.md => armory-admin/mtls-configure.md} (87%) rename content/en/docs/{spinnaker-install-admin-guides/slack-notifications.md => armory-admin/notifications-slack-configure.md} (97%) rename content/en/docs/{spinnaker-install-admin-guides/orca-sql.md => armory-admin/orca-sql-configure.md} (91%) rename content/en/docs/{spinnaker-install-admin-guides => armory-admin}/packer.md (95%) rename content/en/docs/{spinnaker => armory-admin}/policy-engine-enable.md (99%) rename content/en/docs/{spinnaker-install-admin-guides => armory-admin}/prometheus-monitoring.md (97%) rename content/en/docs/{spinnaker-install-admin-guides => armory-admin}/rate-limit.md (91%) rename content/en/docs/{spinnaker => armory-admin}/terraform-enable-integration.md (97%) rename content/en/docs/{spinnaker-install-admin-guides/services-tls.md => armory-admin/tls-configure.md} (88%) rename content/en/docs/{spinnaker-install-admin-guides/configure-travis.md => armory-admin/travis-connect.md} (85%) rename content/en/docs/{spinnaker => installation/guide}/quickstart/Armory-Spinnaker-Quickstart-1.md (98%) rename content/en/docs/{spinnaker => installation/guide}/quickstart/Armory-Spinnaker-Quickstart-2.md (98%) rename content/en/docs/{spinnaker => installation/guide}/quickstart/Armory-Spinnaker-Quickstart-3.md (98%) rename content/en/docs/{spinnaker => installation/guide}/quickstart/_index.md (100%) rename content/en/docs/{spinnaker-install-admin-guides => installation/guide}/upgrade-oss-to-armory.md (99%) rename content/en/docs/{spinnaker-install-admin-guides => installation/guide}/upgrade-spinnaker.md (95%) delete mode 100644 content/en/docs/spinnaker-install-admin-guides/Secrets/_index.md delete mode 100644 content/en/docs/spinnaker-install-admin-guides/_index.md delete mode 100644 content/en/docs/spinnaker-install-admin-guides/fiat-create-permissions.md rename content/en/docs/{spinnaker => spinnaker-user-guides}/app-secrets.md (99%) rename content/en/docs/{spinnaker => spinnaker-user-guides}/artifact-promotion.md (99%) rename content/en/docs/spinnaker-user-guides/{docker.md => artifacts-docker-using.md} (98%) create mode 100644 content/en/docs/spinnaker-user-guides/artifacts-github-use.md rename content/en/docs/spinnaker-user-guides/{s3-artifacts-use.md => artifacts-s3-use.md} (92%) rename content/en/docs/{spinnaker => spinnaker-user-guides}/automated-rollbacks.md (99%) rename content/en/docs/spinnaker-user-guides/{kayenta.md => kayenta-canary-use.md} (96%) rename content/en/docs/{spinnaker => spinnaker-user-guides}/kubernetes-deployments.md (98%) rename content/en/docs/{spinnaker => spinnaker-user-guides}/pacrd-crd-docs.md (99%) rename content/en/docs/{spinnaker => spinnaker-user-guides}/pacrd.md (99%) rename content/en/docs/{spinnaker => spinnaker-user-guides}/policy-engine-use.md (96%) rename content/en/docs/{spinnaker => spinnaker-user-guides}/terraform-use-integration.md (99%) rename content/en/docs/{spinnaker => spinnaker-user-guides}/using-dinghy.md (99%) delete mode 100644 content/en/docs/spinnaker/_index.md delete mode 100644 content/en/docs/spinnaker/configure-kayenta.md delete mode 100755 content/en/docs/spinnaker/halyard-secrets.md rename static/images/{Image-2018-12-18-at-2.02.02-PM.png => armory-admin/artifacts/ecr-test.png} (100%) rename static/images/{ => armory-admin/artifacts/okta}/okta-addapplication.png (100%) rename static/images/{ => armory-admin/artifacts/okta}/okta-applications.png (100%) rename static/images/{ => armory-admin/artifacts/okta}/okta-appname.png (100%) rename static/images/{ => armory-admin/artifacts/okta}/okta-createnewapp.png (100%) rename static/images/{ => armory-admin/artifacts/okta}/okta-createnewintegration.png (100%) rename static/images/{ => armory-admin/artifacts/okta}/okta-feedback.png (100%) rename static/images/{ => armory-admin/artifacts/okta}/okta-idpmetadata.png (100%) rename static/images/{ => armory-admin/artifacts/okta}/okta-samlsettings.png (100%) rename static/images/{ => armory-admin/artifacts/okta}/okta-viewsetupinstructions.png (100%) rename static/images/{install_admin_guides_SpinnakerArchitecture.png => overview/SpinnakerArchitecture.png} (100%) diff --git a/.github/workflows/mlc_config.json b/.github/workflows/mlc_config.json index cd1e3a5bd0..b7e12ad9a0 100644 --- a/.github/workflows/mlc_config.json +++ b/.github/workflows/mlc_config.json @@ -1,10 +1,10 @@ { - "ignorePatterns" [ + "ignorePatterns": [ { - "pattern": "/^images/(.*)" + "pattern": "/^images/(*.*)" }, { - "pattern": "/^Images/(.*)" + "pattern": "/^Images/(*.*)" }, { "pattern": "^http://localhost:9000" diff --git a/.github/workflows/pr-link-check.yml b/.github/workflows/pr-link-check.yml index 9775fcde5f..5c25a452b4 100644 --- a/.github/workflows/pr-link-check.yml +++ b/.github/workflows/pr-link-check.yml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@master with: fetch-depth: 1 - - uses: gaurav-nelson/github-action-markdown-link-check@1.0.6 + - uses: gaurav-nelson/github-action-markdown-link-check@1.0.7 with: use-quiet-mode: 'yes' # Specify yes to only show errors in output.# use-verbose-mode: 'yes' # Specify yes to show detailed HTTP status for checked links.# diff --git a/content/en/docs/Overview/_index.md b/content/en/docs/Overview/_index.md index 7c2cc96d62..a02219d9b6 100644 --- a/content/en/docs/Overview/_index.md +++ b/content/en/docs/Overview/_index.md @@ -3,5 +3,6 @@ title: "Overview" linkTitle: "Overview" weight: 1 description: > - Overview of Spinnaker, Nomenclature, Applications, Pipelines, Load Balancers, Glossary + Overview of Armory, Spinnaker, and related technology --- + diff --git a/content/en/docs/Overview/architecture.md b/content/en/docs/Overview/architecture.md index aa7c813da8..0ae5a2ab4c 100644 --- a/content/en/docs/Overview/architecture.md +++ b/content/en/docs/Overview/architecture.md @@ -1,8 +1,7 @@ --- -title: "Spinnaker Architecture" +title: "Armory Architecture" summary: "Learn about the services that work together in Spinnaker." weight: 2 -linkTitle: "Architecture" aliases: - /spinnaker-install-admin-guides/architecture/ --- @@ -11,7 +10,7 @@ Spinnaker is composed of several microservices for resiliency and follows the single-responsibility principle. It allows for faster iteration on each individual component and a more pluggable architecture for custom components. -![Architecture Diagram](/images/install_admin_guides_SpinnakerArchitecture.png) +![Architecture Diagram](/images/overview/SpinnakerArchitecture.png) ## Spinnaker microservices diff --git a/content/en/docs/Overview/overview.md b/content/en/docs/Overview/overview.md index 0986044696..48b15178e2 100644 --- a/content/en/docs/Overview/overview.md +++ b/content/en/docs/Overview/overview.md @@ -41,7 +41,7 @@ Spinnaker solves these problems by enabling safer and faster deployments with th A typical work flow with Spinnaker starts with baking a Linux-based machine image. This image along with your launch configurations define an immutable infrastructure that you can use to deploy to your cloud provider with Spinnaker. After the deployment, run your tests, which can be integrated with Spinnaker and automatically triggered. Based on your deployment strategy and any criteria you set, go live with the build. -## What Armory is +## Armory Armory's platform includes an enterprise-grade distribution of Spinnaker that forms the core of Armory's Platform. It is preconfigured and runs in your Kubernetes cluster. The platform is an extension of open source Spinnaker and includes all those benefits as well as the following: diff --git a/content/en/docs/spinnaker-install-admin-guides/Secrets/secrets.md b/content/en/docs/armory-admin/Secrets/_index.md similarity index 84% rename from content/en/docs/spinnaker-install-admin-guides/Secrets/secrets.md rename to content/en/docs/armory-admin/Secrets/_index.md index e735c4adca..82674cf17e 100644 --- a/content/en/docs/spinnaker-install-admin-guides/Secrets/secrets.md +++ b/content/en/docs/armory-admin/Secrets/_index.md @@ -1,9 +1,13 @@ --- -layout: post -title: Spinnaker Secrets Overview -weight: 1 +title: "Working with Secrets" +linkTitle: "Working with Secrets" +description: > + Armory supports several secret stores. Use them to keep your secrets secure and not commit plain text secrets to your configs. aliases: - - /spinnaker-install-admin-guides/secrets/ + - /docs/spinnaker-install-admin-guides/secrets/ + - /docs/spinnaker/halyard_secrets/ + - /docs/spinnaker/halyard-secrets/ + - /docs/spinnaker-install-admin-guides/secrets/secrets/ --- ## Overview @@ -86,10 +90,4 @@ You can also provide secret references directly in `SpinnakerService` manifest u ### Supported secret engines -* [Encrypted S3 buckets]({{< ref "secrets-s3" >}}) (Open Source Spinnaker) -* [Google Storage (GCS)]({{< ref "secrets-gcs" >}}) (Open Source Spinnaker) -* [Kubernetes Secrets]({{< ref "secrets-kubernetes" >}}) (Open Source Spinnaker, only available if using the Operator) -* [AWS Secrets Manager]({{< ref "secrets-aws-sm">}})(Open Source Spinnaker) -* [Hashicorp Vault]({{< ref "secrets-vault" >}}) (Armory) - -Is there a secret engine you'd like us to support? Submit a feature request [here](http://go.armory.io/support)! \ No newline at end of file +Is there a secret engine you'd like us to support? Submit a feature request [here](mailto:hello@armory.io)! \ No newline at end of file diff --git a/content/en/docs/spinnaker-install-admin-guides/Secrets/secrets-aws-sm.md b/content/en/docs/armory-admin/Secrets/secrets-aws-sm.md similarity index 95% rename from content/en/docs/spinnaker-install-admin-guides/Secrets/secrets-aws-sm.md rename to content/en/docs/armory-admin/Secrets/secrets-aws-sm.md index 38ab2a037a..a455b9c145 100644 --- a/content/en/docs/spinnaker-install-admin-guides/Secrets/secrets-aws-sm.md +++ b/content/en/docs/armory-admin/Secrets/secrets-aws-sm.md @@ -1,5 +1,7 @@ --- title: Secrets with AWS Secrets Manager +aliases: + - /docs/spinnaker-install-admin-guides/secrets/secrets-aws-sm/ --- You can configure AWS Secrets Manager as a secrets engine for Spinnaker. For information about how to set up AWS Secrets Manager, see the [AWS documentation](https://docs.aws.amazon.com/secretsmanager/index.html). diff --git a/content/en/docs/spinnaker-install-admin-guides/Secrets/secrets-gcs.md b/content/en/docs/armory-admin/Secrets/secrets-gcs.md similarity index 91% rename from content/en/docs/spinnaker-install-admin-guides/Secrets/secrets-gcs.md rename to content/en/docs/armory-admin/Secrets/secrets-gcs.md index a52e491313..f72a37994a 100644 --- a/content/en/docs/spinnaker-install-admin-guides/Secrets/secrets-gcs.md +++ b/content/en/docs/armory-admin/Secrets/secrets-gcs.md @@ -2,7 +2,8 @@ title: Secrets with GCS weight: 50 aliases: - - /spinnaker-install-admin-guides/secrets-gcs/ + - /docs/spinnaker-install-admin-guides/secrets-gcs/ + - /docs/spinnaker-install-admin-guides/secrets/secrets-gcs/ --- This document describes how to set up Spinnaker secrets in an encrypted GCS bucket. This example uses a bucket (`mybucket`) to store GitHub credentials and a kubeconfig file. diff --git a/content/en/docs/spinnaker-install-admin-guides/Secrets/secrets-kubernetes.md b/content/en/docs/armory-admin/Secrets/secrets-kubernetes.md similarity index 94% rename from content/en/docs/spinnaker-install-admin-guides/Secrets/secrets-kubernetes.md rename to content/en/docs/armory-admin/Secrets/secrets-kubernetes.md index f1bfaa9732..9fc37ddd14 100644 --- a/content/en/docs/spinnaker-install-admin-guides/Secrets/secrets-kubernetes.md +++ b/content/en/docs/armory-admin/Secrets/secrets-kubernetes.md @@ -3,7 +3,8 @@ layout: post title: Secrets in Kubernetes weight: 50 aliases: - - /spinnaker-install-admin-guides/secrets-kubernetes/ + - /docs/spinnaker-install-admin-guides/secrets-kubernetes/ + - /docs/spinnaker-install-admin-guides/secrets/secrets-kubernetes/ --- >Note: Storing Spinnaker secrets in a Kubernetes secret is only supported if you're using the Operator to deploy and manage Spinnaker. diff --git a/content/en/docs/spinnaker-install-admin-guides/Secrets/secrets-s3.md b/content/en/docs/armory-admin/Secrets/secrets-s3.md similarity index 94% rename from content/en/docs/spinnaker-install-admin-guides/Secrets/secrets-s3.md rename to content/en/docs/armory-admin/Secrets/secrets-s3.md index b326cb3baa..40fa890357 100644 --- a/content/en/docs/spinnaker-install-admin-guides/Secrets/secrets-s3.md +++ b/content/en/docs/armory-admin/Secrets/secrets-s3.md @@ -2,7 +2,8 @@ title: Secrets with S3 weight: 50 aliases: - - /spinnaker-install-admin-guides/secrets-s3/ + - /docs/spinnaker-install-admin-guides/secrets-s3/ + - /docs/spinnaker-install-admin-guides/secrets/secrets-s3/ --- This document describes how to set up Spinnaker secrets in an encrypted S3 bucket. This example uses a bucket (`mybucket`) in the `us-west-2` region to store GitHub credentials and a kubeconfig file. You reference the bucket by its URL `mybucket.us-west-2.amazonaws.com`. diff --git a/content/en/docs/spinnaker-install-admin-guides/Secrets/secrets-vault.md b/content/en/docs/armory-admin/Secrets/secrets-vault.md similarity index 98% rename from content/en/docs/spinnaker-install-admin-guides/Secrets/secrets-vault.md rename to content/en/docs/armory-admin/Secrets/secrets-vault.md index 154d593254..a36c6a6758 100644 --- a/content/en/docs/spinnaker-install-admin-guides/Secrets/secrets-vault.md +++ b/content/en/docs/armory-admin/Secrets/secrets-vault.md @@ -2,7 +2,8 @@ title: Secrets with Vault weight: 10 aliases: - - /spinnaker-install-admin-guides/secrets-vault/ + - /docs/spinnaker-install-admin-guides/secrets-vault/ + - /docs/spinnaker-install-admin-guides/secrets/secrets-vault/ --- This document describes how to set up Spinnaker secrets in Hashicorp's Vault. In this example, we'll be using the default KV secret engine called `secret` and will be storing GitHub credentials, a kubeconfig file and a Java keystore for SAML SSO. diff --git a/content/en/docs/spinnaker-install-admin-guides/Secrets/vault-k8s-configuration.md b/content/en/docs/armory-admin/Secrets/vault-k8s-configuration.md similarity index 97% rename from content/en/docs/spinnaker-install-admin-guides/Secrets/vault-k8s-configuration.md rename to content/en/docs/armory-admin/Secrets/vault-k8s-configuration.md index 102d4defaa..1c075dd0f8 100644 --- a/content/en/docs/spinnaker-install-admin-guides/Secrets/vault-k8s-configuration.md +++ b/content/en/docs/armory-admin/Secrets/vault-k8s-configuration.md @@ -3,7 +3,8 @@ layout: post title: Configuring Vault for Kubernetes Auth weight: 10 aliases: - - /spinnaker-install-admin-guides/vault-configuration/ + - /docs/spinnaker-install-admin-guides/vault-configuration/ + - /docs/spinnaker-install-admin-guides/secrets/vault-configuration/ --- ## Overview diff --git a/content/en/docs/armory-admin/_index.md b/content/en/docs/armory-admin/_index.md new file mode 100644 index 0000000000..12f7ccc362 --- /dev/null +++ b/content/en/docs/armory-admin/_index.md @@ -0,0 +1,5 @@ +--- +title: "Armory Admin" +description: Administer an Armory deployment that is installed in your environment. +weight: 3 +--- \ No newline at end of file diff --git a/content/en/docs/spinnaker/account-management-api.md b/content/en/docs/armory-admin/account-management-api.md similarity index 100% rename from content/en/docs/spinnaker/account-management-api.md rename to content/en/docs/armory-admin/account-management-api.md diff --git a/content/en/docs/spinnaker-install-admin-guides/add-aws-account.md b/content/en/docs/armory-admin/add-aws-account.md similarity index 99% rename from content/en/docs/spinnaker-install-admin-guides/add-aws-account.md rename to content/en/docs/armory-admin/add-aws-account.md index f642a56de6..3736665da7 100644 --- a/content/en/docs/spinnaker-install-admin-guides/add-aws-account.md +++ b/content/en/docs/armory-admin/add-aws-account.md @@ -1,10 +1,10 @@ --- title: "AWS: Deploying to AWS from Spinnaker (using IAM credentials)" -weight: 33 aliases: - /spinnaker_install_admin_guides/add-aws-account/ - /spinnaker_install_admin_guides/add_aws_account/ - /spinnaker-install-admin-guides/add_aws_account/ + - /spinnaker-install-admin-guides/add-aws-account/ --- Once you have (OSS or Armory) Spinnaker up and running in Kubernetes, start adding deployment targets. diff --git a/content/en/docs/spinnaker-install-admin-guides/api-endpoint.md b/content/en/docs/armory-admin/api-endpoint.md similarity index 99% rename from content/en/docs/spinnaker-install-admin-guides/api-endpoint.md rename to content/en/docs/armory-admin/api-endpoint.md index 08454ff6fc..4e9881abb1 100755 --- a/content/en/docs/spinnaker-install-admin-guides/api-endpoint.md +++ b/content/en/docs/armory-admin/api-endpoint.md @@ -1,10 +1,11 @@ --- -title: Exposing the API Endpoint -weight: 47 +title: Exposing the Spinnaker API Endpoint +linkTitle: Exposing the API aliases: - /spinnaker_install_admin_guides/api-endpoint/ - /spinnaker_install_admin_guides/api_endpoint/ - /spinnaker-install-admin-guides/api_endpoint/ + - /docs/spinnaker-install-admin-guides/api-endpoint/ --- ## Overview diff --git a/content/en/docs/installation/armory-halyard-reference.md b/content/en/docs/armory-admin/armory-halyard-reference.md similarity index 99% rename from content/en/docs/installation/armory-halyard-reference.md rename to content/en/docs/armory-admin/armory-halyard-reference.md index 8b0d12e3e9..11ed94fc14 100755 --- a/content/en/docs/installation/armory-halyard-reference.md +++ b/content/en/docs/armory-admin/armory-halyard-reference.md @@ -1,11 +1,11 @@ --- title: Armory-extended Halyard Reference linkTitle: Halyard Reference -weight: 4 description: > Command reference with examples and Operator equivalents aliases: - /docs/spinnaker/armory_halyard/ + - /docs/installation/armory-halyard-reference/ --- ## hal diff --git a/content/en/docs/spinnaker-install-admin-guides/docker.md b/content/en/docs/armory-admin/artifacts-docker-connect.md similarity index 97% rename from content/en/docs/spinnaker-install-admin-guides/docker.md rename to content/en/docs/armory-admin/artifacts-docker-connect.md index 1dddbf0c87..818e5a1705 100755 --- a/content/en/docs/spinnaker-install-admin-guides/docker.md +++ b/content/en/docs/armory-admin/artifacts-docker-connect.md @@ -1,8 +1,8 @@ --- -title: Docker Registries -weight: 51 +title: Connecting Docker Registries aliases: - /spinnaker_install_admin_guides/docker/ + - /docs/spinnaker-install-admin-guides/docker/ --- ## Overview @@ -104,4 +104,4 @@ repositories explicitly, like above. Some do not (such as the Google Container Registry). Further details can be found [here](https://www.spinnaker.io/setup/install/providers/docker-registry/). Amazon's ECR requires additional configuration to work properly with Spinnaker. -[We've documented this separately]({{< ref "ecr-registry" >}}). +[We've documented this separately]({{< ref "artifacts-ecr-connect" >}}). diff --git a/content/en/docs/spinnaker-install-admin-guides/ecr-registry.md b/content/en/docs/armory-admin/artifacts-ecr-connect.md similarity index 93% rename from content/en/docs/spinnaker-install-admin-guides/ecr-registry.md rename to content/en/docs/armory-admin/artifacts-ecr-connect.md index 0905f1a27a..bc5177b87c 100644 --- a/content/en/docs/spinnaker-install-admin-guides/ecr-registry.md +++ b/content/en/docs/armory-admin/artifacts-ecr-connect.md @@ -1,14 +1,11 @@ --- -title: "AWS: Configuring AWS ECR as a Registry" -weight: 52 +title: "Connecting to AWS ECR as a Registry" +linkTitle: "Connecting to AWS ECR" aliases: - - /admin-guides/ecr-registry/ - - /admin-guides/ecr_registry/ - - /admin_guides/ecr-registry/ - - /admin_guides/ecr_registry/ - /spinnaker_install_admin_guides/ecr_registry/ - /spinnaker_install_admin_guides/ecr-registry/ - /spinnaker-install-admin-guides/ecr_registry/ + - /docs/spinnaker-install-admin-guides/ecr-registry/ --- This document reviews configuring ECR as a registry for a Spinnaker installation. @@ -93,4 +90,4 @@ hal deploy apply --service-names clouddriver Success! Now you will be able to use ECR as a docker registry in the configuration stage. -![](/images/Image-2018-12-18-at-2.02.02-PM.png) +![](/images/armory-admin/artifacts/ecr-test.png) diff --git a/content/en/docs/spinnaker-install-admin-guides/github.md b/content/en/docs/armory-admin/artifacts-github-connect.md similarity index 55% rename from content/en/docs/spinnaker-install-admin-guides/github.md rename to content/en/docs/armory-admin/artifacts-github-connect.md index 4153ee17f9..e22483a1ec 100755 --- a/content/en/docs/spinnaker-install-admin-guides/github.md +++ b/content/en/docs/armory-admin/artifacts-github-connect.md @@ -1,36 +1,36 @@ --- -title: Configure Spinnaker to use Github as an Artifact Source -linkTitle: Github as an Artifact Source -weight: 49 +title: Connecting Spinnaker to GitHub as an Artifact Source +linkTitle: Connecting to GitHub aliases: - /spinnaker_install_admin_guides/github/ + - /docs/spinnaker-install-admin-guides/github --- -## Configuring a Github Trigger +## Configuring a GitHub Trigger Spinnaker pipelines can be configured to trigger when a change is committed -to a Github repository. This doesn't require any configuration of Spinnaker -other than [adding a Github trigger](/docs/spinnaker-user-guides/github/) but does -require administration of the Github repositories to configure the webhook. +to a GitHub repository. This doesn't require any configuration of Spinnaker +other than [adding a GitHub trigger]({{< ref "artifacts-github-use" >}}) but does +require administration of the GitHub repositories to configure the webhook. The open source documentation -[has concise instructions for configuring Github webhooks.](https://www.spinnaker.io/setup/triggers/github/) +[has concise instructions for configuring GitHub webhooks.](https://www.spinnaker.io/setup/triggers/github/) -## Configuring Github as an Artifact Source +## Configuring GitHub as an Artifact Source -If you actually want to use a file from the Github commit in your pipeline, -you'll need to configure Github as an artifact source. +If you actually want to use a file from the GitHub commit in your pipeline, +you'll need to configure GitHub as an artifact source. This is just a quick walkthrough of how to configure your Spinnaker to access a -Github repo as a source of artifacts. Many of the commands below have +GitHub repo as a source of artifacts. Many of the commands below have additional options that may be useful (or possibly required). If you need more detailed help, take a look at the [Halyard command reference](https://www.spinnaker.io/reference/halyard/commands/#hal-config-artifact-github) if you're deploying Spinnaker with Halyard. -### Enable Github Artifacts +### Enable GitHub Artifacts If you haven't done this yet (for example, if you've just installed Armory -Spinnaker fresh), you'll need to enable Github as an artifact source: +Spinnaker fresh), you'll need to enable GitHub as an artifact source: **Operator** @@ -58,18 +58,18 @@ hal config features edit --artifacts true hal config artifact github enable ``` -### Add a Github Credential +### Add a GitHub Credential -To access private Github repositories, you'll need a Github "Personal Access -Token". This can be generated by going to the "Settings" page in Github, then +To access private GitHub repositories, you'll need a GitHub "Personal Access +Token". This can be generated by going to the "Settings" page in GitHub, then clicking on "Developer Settings" and then "Personal Access Token". The token will need the `repo` scope. Once you have a token, you should provide that token for Spinnaker's Igor service -as a credential to use to access Github. This can be done with a command like +as a credential to use to access GitHub. This can be done with a command like this: -*Replace the account name `github_user` with the string you want to use to identify this Github credential.* +*Replace the account name `github_user` with the string you want to use to identify this GitHub credential.* **Operator** @@ -90,14 +90,14 @@ spec: enabled: true accounts: - name: github_user - token: abc # Github's personal access token. This fields supports `encrypted` references to secrets. + token: abc # GitHub's personal access token. This fields supports `encrypted` references to secrets. # username: abc # GitHub username # password: abc # GitHub password. This fields supports `encryptedreferences` to secrets. # usernamePasswordFile: creds.txt # File containing "username:password" to use for GitHub authentication. This fields supports `encryptedFilereferences` to secrets. # tokenFile: token.txt # File containing a GitHub authentication token. This fields supports `encryptedFile` references to secrets. ``` -If you have a Github personal access token, you only need that to authenticate against Github, but there are other authentication options like username/password, or specifying credentials in a `file` entry. +If you have a GitHub personal access token, you only need that to authenticate against GitHub, but there are other authentication options like username/password, or specifying credentials in a `file` entry. Don't forget to apply your changes: @@ -117,34 +117,14 @@ Detailed information on all command line options can be found [here](https://www Don't forget to run `hal deploy apply` to apply your changes. -## Using the Github Credential +## Using the GitHub Credential -You may note that the above Github "account" doesn't actually have a endpoint for -your Github; this account is basically just the credential used by Spinnaker -artifacts to access Github. The actual Github API endpoint is specified in the +You may note that the above GitHub "account" doesn't actually have a endpoint for +your GitHub; this account is basically just the credential used by Spinnaker +artifacts to access GitHub. The actual GitHub API endpoint is specified in the artifact reference. There are a couple ways to use this credential, one example of which is detailed here: -### Pulling a Kubernetes Manifest from Github - -1. Under "Expected Artifacts" in your pipeline, create an artifact of type "Github". - -1. Specify the "file path" as the path within the repository to your file. For example, if your manifest is at `demo/manifests/deployment.yml` in the Github repository `orgname/reponame` , specify `demo/manifests/deployment.yml`. - -1. Check the "Use Default Artifact" checkbox. - -1. In the "Content URL", provide the full path to the *API URI* for your manifest. Here are some examples of this: - - * If you're using SaaS Github (www.github.com), the URI is generally formatted like this: `https://api.github.com/repos///contents/`. - * For example: `https://api.github.com/repos/armory/demo/contents/manifests/deployment.yml` - - * If you have an on-prem Github Enterprise, then the URI may be formatted like this: `https:///api/v3/repos///contents/`. - * For example: `http://github.customername.com/api/v3/repos/armory/spinnaker-pipelines/contents/manifests/deployment.yml` - -1. Create a "Deploy (Manifest)" stage. Rather than specifying the manifest directly in the UI, under the "Manifest Source" specify "Artifact", and in the "Expected Artifact" field, select the artifact you created above. - -1. If you have multiple Github Accounts (credentials) added to your Spinnaker cluster, there should be a dropdown to select which one to use. - ## Troubleshooting Credentials and URIs To verify that your token and URI are correct, you can run a `curl` command to diff --git a/content/en/docs/spinnaker-install-admin-guides/s3.md b/content/en/docs/armory-admin/artifacts-s3-configure.md similarity index 90% rename from content/en/docs/spinnaker-install-admin-guides/s3.md rename to content/en/docs/armory-admin/artifacts-s3-configure.md index fbe5d45d36..d1a6d6bab1 100755 --- a/content/en/docs/spinnaker-install-admin-guides/s3.md +++ b/content/en/docs/armory-admin/artifacts-s3-configure.md @@ -1,15 +1,14 @@ --- -title: "AWS: Configure S3 Artifacts" -weight: 61 +title: "Configuring S3 Artifacts" aliases: - /spinnaker_install_admin_guides/s3/ + - /docs/spinnaker-install-admin-guides/s3/ +description: To use a file stored in S3 in your pipeline, configure Spinnaker to use S3 as an artifact source. --- ## Overview -If you want to use a file from S3 in your pipeline, -you'll need to configure S3 as an artifact source. This is how you would, -for example, reference a Helm chart tarball for later use during +The example on this page describes how to reference a Helm chart tarball for later use during deployment. This is just a quick walkthrough of how to configure your Spinnaker to access diff --git a/content/en/docs/spinnaker-install-admin-guides/okta.md b/content/en/docs/armory-admin/auth-okta-configure.md similarity index 81% rename from content/en/docs/spinnaker-install-admin-guides/okta.md rename to content/en/docs/armory-admin/auth-okta-configure.md index ec34f12f18..2fa48bd949 100644 --- a/content/en/docs/spinnaker-install-admin-guides/okta.md +++ b/content/en/docs/armory-admin/auth-okta-configure.md @@ -1,20 +1,21 @@ --- -title: Okta SAML Integration -weight: 160 +title: Configuring Auth for Spinnaker Using Okta SAML +linkTitle: Configuring Okta for Auth +description: Spinnaker supports using Okta for authentication and authorization. +aliases: + - /docs/spinnaker-install-admin-guides/okta/ --- -Okta is a authorization and authentication service provider using SAML. - ## Configure a Spinnaker application in Okta Select Applications -> Applications from the top menu. -![Applications Screen](/images/okta-applications.png) +![Applications Screen](/images/armory-admin/artifacts/okta/okta-applications.png) Click the green "Add Application" button. -![AddApplicationButton](/images/okta-addapplication.png) +![AddApplicationButton](/images/armory-admin/artifacts/okta/okta-addapplication.png) Click the green "Create New App" button. -![CreateNewApp](/images/okta-createnewapp.png) +![CreateNewApp](/images/armory-admin/artifacts/okta/okta-createnewapp.png) In the dialog "Create a New Application Integration", select the following values: @@ -23,11 +24,11 @@ In the dialog "Create a New Application Integration", select the following value Then hit the green "Create" button. -![CreateNewIntegration](/images/okta-createnewintegration.png) +![CreateNewIntegration](/images/armory-admin/artifacts/okta/okta-createnewintegration.png) On "Create SAML Integration" page, enter an app name and hit the green "Next" button. -![CreateNewIntegration](/images/okta-appname.png) +![CreateNewIntegration](/images/armory-admin/artifacts/okta/okta-appname.png) On the "Configure SAML page", configure the following settings: @@ -46,10 +47,10 @@ In the GROUP ATTRIBUTE STATEMENTS section: * Name = memberOf, Name format = Unspecified, Filter = Regex: .* Then, hit the green "Next" button -![SamlSettings](/images/okta-samlsettings.png) +![SamlSettings](/images/armory-admin/artifacts/okta/okta-samlsettings.png) On the Create SAML Integration Feedback page, select the "I'm an Okta customer adding an internal app" button, then hit the green "Finish" button. -![Feedback](/images/okta-feedback.png) +![Feedback](/images/armory-admin/artifacts/okta/okta-feedback.png) This takes you to the "Sign On" tab of the application you just created. @@ -57,10 +58,10 @@ This takes you to the "Sign On" tab of the application you just created. You can navigate back to this page by going to applications -> applicationName -> Sign On tab. Click the button "View Setup Instructions". This will display the page with configuration information necessary to configure Spinnaker. -![ViewSetupInstructions](/images/okta-viewsetupinstructions.png) +![ViewSetupInstructions](/images/armory-admin/artifacts/okta/okta-viewsetupinstructions.png) Under the "Optional" section near the bottom, copy the contents of IDP metadata and save to file. For example, under `/Users/armory/.hal/saml/metadata.xml`. -![IDPmetadata](/images/okta-idpmetadata.png) +![IDPmetadata](/images/armory-admin/artifacts/okta/okta-idpmetadata.png) ## Configure Spinnaker to use Okta @@ -79,7 +80,7 @@ keytool -genkey -v -keystore $KEYSTORE_PATH -alias saml -keyalg RSA -keysize 204 **Operator** -Add the following snippet to `SpinnakerService` manifest. This references secrets stored in a Kubernetes secrets in the same namespace as Spinnaker, but secrets can be stored in any of the supported [secret engines](/spinnaker-install-admin-guides/secrets): +Add the following snippet to `SpinnakerService` manifest. This references secrets stored in a Kubernetes secrets in the same namespace as Spinnaker, but secrets can be stored in any of the supported [secret engines](/armory-admin/Secrets): ```yaml apiVersion: spinnaker.armory.io/{{< param operator-extended-crd-version >}} diff --git a/content/en/docs/spinnaker-install-admin-guides/authn-github.md b/content/en/docs/armory-admin/authn-github.md similarity index 86% rename from content/en/docs/spinnaker-install-admin-guides/authn-github.md rename to content/en/docs/armory-admin/authn-github.md index 8d45900b5c..c9c5a19768 100644 --- a/content/en/docs/spinnaker-install-admin-guides/authn-github.md +++ b/content/en/docs/armory-admin/authn-github.md @@ -1,30 +1,32 @@ --- title: Configuring GitHub OAuth for Spinnaker -linkTitle: GitHub OAuth for Spinnaker -weight: 900 +linkTitle: Configuring GitHub OAuth +aliases: + - /docs/spinnaker-install-admin-guides/authn-github/ --- -This post describes how to configure GitHub and Spinnaker to use GitHub as an OAuth2 authenticator. +This post describes how to configure GitHub and Spinnaker to use GitHub as an OAuth2 authenticator. ## Requirements: * Ability to modify developer settings for your GitHub organization -* Access to Halyard +* Access to Halyard * A Spinnaker deployment with [DNS and SSL]({{< ref "dns-and-ssl" >}}) configured ## Configuring GitHub OAuth 1. Login to GitHub and go to Settings > Developer Settings > OAuth Apps > New OAuth App 2. Note the Client ID / Client Secret -3. Homepage URL: This would be the URL of your Spinnaker service e.g. https://spinnaker.acme.com -4. Authorization callback URL: This is going to match your `--pre-established-redirect-uri` in halyard and the URL needs `login` appended to your gate endpoint e.g. https://gate.spinnaker.acme.com/login or https://spinnaker.acme.com/gate/login +3. Homepage URL: This would be the URL of your Spinnaker service e.g. `https://spinnaker.acme.com` +4. Authorization callback URL: This is going to match your `--pre-established-redirect-uri` in halyard and the URL needs `login` appended to your gate endpoint e.g. `https://gate.spinnaker.acme.com/login` or `https://spinnaker.acme.com/gate/login` ## Configuring Spinnaker **Operator** Add the following snippet to your `SpinnakerService` manifest under the `spec.spinnakerConfig.config.security.authn` level: + ``` oauth2: enabled: true diff --git a/content/en/docs/spinnaker/authorization.md b/content/en/docs/armory-admin/authorization.md similarity index 97% rename from content/en/docs/spinnaker/authorization.md rename to content/en/docs/armory-admin/authorization.md index e352ab2295..f6d3900d62 100644 --- a/content/en/docs/spinnaker/authorization.md +++ b/content/en/docs/armory-admin/authorization.md @@ -1,6 +1,7 @@ --- title: Authentication and Authorization -weight: 100 +aliases: + - /docs/spinnaker/authorization/ --- diff --git a/content/en/docs/spinnaker-install-admin-guides/aws-dr.md b/content/en/docs/armory-admin/aws-dr.md similarity index 97% rename from content/en/docs/spinnaker-install-admin-guides/aws-dr.md rename to content/en/docs/armory-admin/aws-dr.md index c9f9235c7f..6c59f23cae 100644 --- a/content/en/docs/spinnaker-install-admin-guides/aws-dr.md +++ b/content/en/docs/armory-admin/aws-dr.md @@ -1,7 +1,8 @@ --- title: "Configuring Spinnaker on AWS for Disaster Recovery" -weight: 35 - +linkTitle: "Configuring AWS for Disaster Recovery" +aliases: + - /docs/spinnaker-install-admin-guides/aws-dr/ --- ## Overview @@ -60,7 +61,7 @@ The following guidelines are meant for EKS workers: * The Kubernetes cluster should be able to support the Spinnaker load. Use the same instance type and configure the same number of worker nodes as the primary. * There needs to be at least 1 node in each availability zone the cluster is using. * The autoscaling group has to have a proper termination policy. Use one or all of the following policies: OldestLaunchConfiguration, OldestLaunchTemplate, OldestInstance. This allows the underlying worker AMIs to be rotated more easily. -* Ideally, Spinnaker pods for each service that do not have a replica of 1 should be spread out among the various workers. This means that [pod affinity/anti-affinity](https://blog.verygoodsecurity.com/posts/kubernetes-multi-az-deployments-using-pod-anti-affinity/) should be configured. With this configuration Spinnaker will be able to handle availability zone failures better. +* Ideally, Spinnaker pods for each service that do not have a replica of 1 should be spread out among the various workers. This means that pod affinity/anti-affinity should be configured. With this configuration Spinnaker will be able to handle availability zone failures better. ## DNS considerations diff --git a/content/en/docs/spinnaker-install-admin-guides/add-aws-account-iam.md b/content/en/docs/armory-admin/aws-iam-roles-configure.md similarity index 85% rename from content/en/docs/spinnaker-install-admin-guides/add-aws-account-iam.md rename to content/en/docs/armory-admin/aws-iam-roles-configure.md index efe6900e1e..9bed43eb41 100644 --- a/content/en/docs/spinnaker-install-admin-guides/add-aws-account-iam.md +++ b/content/en/docs/armory-admin/aws-iam-roles-configure.md @@ -1,11 +1,11 @@ --- -title: "AWS: Deploying to AWS from Spinnaker (using IAM Instance roles)" -linkTitle: Deploy to AWS using IAM Instance Roles -weight: 33 +title: "Configuring AWS for Spinnaker (using IAM Instance roles)" +linkTitle: Configuring AWS (IAM Instance Roles) aliases: - /spinnaker_install_admin_guides/add-aws-account-iam/ - /spinnaker_install_admin_guides/add_aws_account_iam/ - /spinnaker-install-admin-guides/add_aws_account_iam/ + - /docs/spinnaker-install-admin-guides/add-aws-account-iam/ --- Once you have (OSS or Armory) Spinnaker up and running in Kubernetes, you'll want to start adding deployment targets. *This document assumes Spinnaker was installed with Operator or Halyard, that you have access to the Spinnaker config files, a way to apply them (`kubectl` or `hal`), and that you have a way to create AWS permissions, users, and roles* @@ -72,111 +72,111 @@ Here's an example situation: ### Configuration -* **Operator** +**Operator** - Here's a sample `SpinnakerService` manifest block that supports the above: +Here's a sample `SpinnakerService` manifest block that supports the above: ```yaml - apiVersion: spinnaker.armory.io/{{< param operator-extended-crd-version >}} - kind: SpinnakerService - metadata: - name: spinnaker - spec: - spinnakerConfig: - config: - providers: - aws: - enabled: true - accounts: - - name: aws-1 - requiredGroupMembership: [] - providerVersion: V1 - permissions: {} - accountId: '111111111111' - regions: - - name: us-east-1 - - name: us-west-2 - assumeRole: role/spinnakerManaged - - name: aws-2 - requiredGroupMembership: [] - providerVersion: V1 - permissions: {} - accountId: '222222222222' - regions: - - name: us-east-1 - - name: us-west-2 - assumeRole: role/spinnakerManaged - - name: aws-3 - requiredGroupMembership: [] - providerVersion: V1 - permissions: {} - accountId: '333333333333' - regions: - - name: us-east-1 - - name: us-west-2 - assumeRole: role/spinnakerManaged - # Because we're baking in 111111111111, this must match the accountName that is associated with 111111111111 - primaryAccount: aws-1 - bakeryDefaults: - templateFile: aws-ebs-shared.json - baseImages: [] - awsAssociatePublicIpAddress: true - defaultVirtualizationType: hvm - defaultKeyPairTemplate: '{{name}}-keypair' - defaultRegions: - - name: us-west-2 - defaults: - iamRole: BaseIAMRole - ``` - -* **Halyard** + apiVersion: spinnaker.armory.io/{{< param operator-extended-crd-version >}} + kind: SpinnakerService + metadata: + name: spinnaker + spec: + spinnakerConfig: + config: + providers: + aws: + enabled: true + accounts: + - name: aws-1 + requiredGroupMembership: [] + providerVersion: V1 + permissions: {} + accountId: '111111111111' + regions: + - name: us-east-1 + - name: us-west-2 + assumeRole: role/spinnakerManaged + - name: aws-2 + requiredGroupMembership: [] + providerVersion: V1 + permissions: {} + accountId: '222222222222' + regions: + - name: us-east-1 + - name: us-west-2 + assumeRole: role/spinnakerManaged + - name: aws-3 + requiredGroupMembership: [] + providerVersion: V1 + permissions: {} + accountId: '333333333333' + regions: + - name: us-east-1 + - name: us-west-2 + assumeRole: role/spinnakerManaged + # Because we're baking in 111111111111, this must match the accountName that is associated with 111111111111 + primaryAccount: aws-1 + bakeryDefaults: + templateFile: aws-ebs-shared.json + baseImages: [] + awsAssociatePublicIpAddress: true + defaultVirtualizationType: hvm + defaultKeyPairTemplate: '{{name}}-keypair' + defaultRegions: + - name: us-west-2 + defaults: + iamRole: BaseIAMRole + ``` - Here's a sample halconfig `aws` YAML block that supports the above: - - ```yml - aws: - enabled: true - accounts: - - name: aws-1 - requiredGroupMembership: [] - providerVersion: V1 - permissions: {} - accountId: '111111111111' - regions: - - name: us-east-1 - - name: us-west-2 - assumeRole: role/spinnakerManaged - - name: aws-2 - requiredGroupMembership: [] - providerVersion: V1 - permissions: {} - accountId: '222222222222' - regions: - - name: us-east-1 - - name: us-west-2 - assumeRole: role/spinnakerManaged - - name: aws-3 - requiredGroupMembership: [] - providerVersion: V1 - permissions: {} - accountId: '333333333333' - regions: - - name: us-east-1 - - name: us-west-2 - assumeRole: role/spinnakerManaged - # Because we're baking in 111111111111, this must match the accountName that is associated with 111111111111 - primaryAccount: aws-1 - bakeryDefaults: - templateFile: aws-ebs-shared.json - baseImages: [] - awsAssociatePublicIpAddress: true - defaultVirtualizationType: hvm - defaultKeyPairTemplate: '{{name}}-keypair' - defaultRegions: - - name: us-west-2 - defaults: - iamRole: BaseIAMRole - ``` +**Halyard** + +Here's a sample halconfig `aws` YAML block that supports the above: + + ```yml + aws: + enabled: true + accounts: + - name: aws-1 + requiredGroupMembership: [] + providerVersion: V1 + permissions: {} + accountId: '111111111111' + regions: + - name: us-east-1 + - name: us-west-2 + assumeRole: role/spinnakerManaged + - name: aws-2 + requiredGroupMembership: [] + providerVersion: V1 + permissions: {} + accountId: '222222222222' + regions: + - name: us-east-1 + - name: us-west-2 + assumeRole: role/spinnakerManaged + - name: aws-3 + requiredGroupMembership: [] + providerVersion: V1 + permissions: {} + accountId: '333333333333' + regions: + - name: us-east-1 + - name: us-west-2 + assumeRole: role/spinnakerManaged + # Because we're baking in 111111111111, this must match the accountName that is associated with 111111111111 + primaryAccount: aws-1 + bakeryDefaults: + templateFile: aws-ebs-shared.json + baseImages: [] + awsAssociatePublicIpAddress: true + defaultVirtualizationType: hvm + defaultKeyPairTemplate: '{{name}}-keypair' + defaultRegions: + - name: us-west-2 + defaults: + iamRole: BaseIAMRole + ``` ## Prerequisites diff --git a/content/en/docs/spinnaker-install-admin-guides/aws-subnets.md b/content/en/docs/armory-admin/aws-subnets-configure.md similarity index 90% rename from content/en/docs/spinnaker-install-admin-guides/aws-subnets.md rename to content/en/docs/armory-admin/aws-subnets-configure.md index 8342034cfb..979ff27a3e 100644 --- a/content/en/docs/spinnaker-install-admin-guides/aws-subnets.md +++ b/content/en/docs/armory-admin/aws-subnets-configure.md @@ -1,12 +1,7 @@ --- -title: "AWS: Configuring AWS Networking" -weight: 35 +title: "Configuring AWS Networking" aliases: - - /install_guide/subnets/ - - /install-guide/subnets/ - - /spinnaker_install_admin_guides/aws-subnets/ - - /spinnaker_install_admin_guides/aws_subnets/ - - /spinnaker-install-admin-guides/aws_subnets/ + - /docs/spinnaker-install-admin-guides/aws-subnets/ --- ## Overview diff --git a/content/en/docs/spinnaker/bake-and-share.md b/content/en/docs/armory-admin/bake-and-share.md similarity index 98% rename from content/en/docs/spinnaker/bake-and-share.md rename to content/en/docs/armory-admin/bake-and-share.md index db33674f63..42fa1be29d 100644 --- a/content/en/docs/spinnaker/bake-and-share.md +++ b/content/en/docs/armory-admin/bake-and-share.md @@ -1,6 +1,7 @@ --- title: Bake and Share AMIs Across Accounts -weight: 100 +aliases: + - /docs/spinnaker/bake-and-share/ --- ## Overview diff --git a/content/en/docs/spinnaker-install-admin-guides/clouddriver-sql.md b/content/en/docs/armory-admin/clouddriver-sql-configure.md similarity index 97% rename from content/en/docs/spinnaker-install-admin-guides/clouddriver-sql.md rename to content/en/docs/armory-admin/clouddriver-sql-configure.md index f2da246d19..2484be308d 100644 --- a/content/en/docs/spinnaker-install-admin-guides/clouddriver-sql.md +++ b/content/en/docs/armory-admin/clouddriver-sql-configure.md @@ -1,8 +1,9 @@ --- -title: Clouddriver with RDBMS -weight: 49 +title: Configuring Orca to use a Relational Database Management System +linkTitle: Configuring Orca to use a RDBMS aliases: - /spinnaker_install_admin_guides/clouddriver-sql/ + - /docs/spinnaker-install-admin-guides/clouddriver-sql/ --- ## Overview @@ -12,7 +13,7 @@ Armory recommends MySQL 5.7. For AWS, you can use Aurora. ## Base configuration -You can find a complete description of the options in the [open source documentation](https://www.spinnaker.io/setup/productionize/persistence/clouddriver-sql/). +You can find a complete description of the options in the [open source documentation](https://www.spinnaker.io/setup/productionize/persistence/clouddriver-sql/). ## Database setup diff --git a/content/en/docs/spinnaker-install-admin-guides/admin-diagnostics.md b/content/en/docs/armory-admin/diagnostics-configure.md similarity index 96% rename from content/en/docs/spinnaker-install-admin-guides/admin-diagnostics.md rename to content/en/docs/armory-admin/diagnostics-configure.md index 2ed8b07420..d7aa2dbf2f 100644 --- a/content/en/docs/spinnaker-install-admin-guides/admin-diagnostics.md +++ b/content/en/docs/armory-admin/diagnostics-configure.md @@ -1,6 +1,8 @@ --- -title: Armory Diagnostics -weight: 999 +title: Configuring Support Diagnostics for the Armory Platform +linkTitle: Configuring Support Diagnostics +aliases: + - /docs/spinnaker-install-admin-guides/admin-diagnostics/ --- When you engage Armory Support, the support team might ask you about enabling Armory Diagnostics. This sends the log and event data from the your system to Armory so that the support team can remotely investigate what might be going on with your system, resulting in a faster turnaround on solutions. diff --git a/content/en/docs/spinnaker/install-dinghy.md b/content/en/docs/armory-admin/dinghy-enable.md old mode 100755 new mode 100644 similarity index 98% rename from content/en/docs/spinnaker/install-dinghy.md rename to content/en/docs/armory-admin/dinghy-enable.md index f73ccb60da..de01309980 --- a/content/en/docs/spinnaker/install-dinghy.md +++ b/content/en/docs/armory-admin/dinghy-enable.md @@ -1,8 +1,8 @@ --- -title: Installing Pipelines as Code -weight: 170 +title: Enabling Pipelines as Code aliases: - /spinnaker/install_dinghy/ + - /docs/spinnaker/install-dinghy/ --- This guide includes: @@ -165,12 +165,12 @@ Make PR Validations mandatory to ensure users only merge working `dinghyfiles`. Perform the following steps: 1. Go to your GitHub repository. -2. Click on **Settings > Branches**. +2. Click on **Settings > Branches**. 3. In **Branch protection rules**, select **Add rule**. 4. Add `master` in **Branch name pattern** so that the rule gets enforced on the `master` branch. Note that if this is a brand new repository with no commits, the "dinghy" option does not appear. You must first create a `dinghyfile` in any branch. 5. Select **Require status checks to pass before merging** and make **dinghy** required. - Armory recommends selecting **Include administrators** as well so that all PRs get validated, regardless of user. + Armory recommends selecting **Include administrators** as well so that all PRs get validated, regardless of user. The following screenshot shows what your GitHub settings should resemble: {{< figure src="/images/dinghy/pr_validation/branch_mandatory.png" alt="Configured dinghy PR validation." >}} @@ -335,7 +335,7 @@ If you want to disable lock pipelines in the UI before overwriting changes, add #### Slack Notifications -If you have configured Spinnaker to send Slack notifications for pipeline events (documentation [here]({{< ref "slack-notifications" >}})), you can configure Dinghy to send pipeline update results to Slack: +If you have configured Spinnaker to send Slack notifications for pipeline events (documentation [here]({{< ref "notifications-slack-configure" >}})), you can configure Dinghy to send pipeline update results to Slack: **Operator** diff --git a/content/en/docs/spinnaker-install-admin-guides/dns-and-ssl.md b/content/en/docs/armory-admin/dns-and-ssl.md similarity index 96% rename from content/en/docs/spinnaker-install-admin-guides/dns-and-ssl.md rename to content/en/docs/armory-admin/dns-and-ssl.md index b916cb5d32..dd7a033d91 100644 --- a/content/en/docs/spinnaker-install-admin-guides/dns-and-ssl.md +++ b/content/en/docs/armory-admin/dns-and-ssl.md @@ -1,15 +1,15 @@ --- layout: post title: DNS and SSL -weight: 43 # This has different content than install-guide/dns-and-ssl aliases: - /spinnaker_install_admin_guides/dns_and_ssl/ - /spinnaker_install_admin_guides/dns-and-ssl/ - /spinnaker-install-admin-guides/dns_and_ssl/ + - /docs/spinnaker-install-admin-guides/dns-and-ssl/ --- -## Overview +## Overview In order to use Spinnaker in your organization, you're going to want to configure your infrastructure so that users can access Spinnaker. This has several steps: @@ -40,7 +40,7 @@ It's recommended to encrypt the exposed Spinnaker endpoints. There are three hi There are a number of ways to achieve all of these - you can work with your Kubernetes, security, and networking teams to determine which methods best meet your organization(s) needs. -If you need to terminate TLS on the backend containers (the second or third options), review the Open Source Spinnaker documentation regarding configuring TLS certificates on the backend microservices: (Setup/Security/Authentication/SSL)[https://www.spinnaker.io/setup/security/authentication/ssl/]. +If you need to terminate TLS on the backend containers (the second or third options), review the Open Source Spinnaker documentation regarding configuring TLS certificates on the backend microservices: (Setup/Security/SSL)[https://spinnaker.io/setup/security/ssl/]. ## Create a DNS Entry for your load balancer diff --git a/content/en/docs/spinnaker-install-admin-guides/dynamic-accounts.md b/content/en/docs/armory-admin/dynamic-accounts-configure.md similarity index 98% rename from content/en/docs/spinnaker-install-admin-guides/dynamic-accounts.md rename to content/en/docs/armory-admin/dynamic-accounts-configure.md index 59e1cdf1bb..57eaf5c279 100644 --- a/content/en/docs/spinnaker-install-admin-guides/dynamic-accounts.md +++ b/content/en/docs/armory-admin/dynamic-accounts-configure.md @@ -1,9 +1,10 @@ --- -title: Dynamic Kubernetes Accounts With Vault -weight: 32 +title: Configuring Dynamic Kubernetes Accounts With Vault +linkTitle: Configuring Dynamic Accounts aliases: - /spinnaker_install_admin_guides/dynamic_accounts/ - /spinnaker-install-admin-guides/dynamic_accounts/ + - /docs/spinnaker-install-admin-guides/dynamic-accounts/ --- ## Overview diff --git a/content/en/docs/spinnaker/exposing-spinnaker.md b/content/en/docs/armory-admin/exposing-spinnaker.md similarity index 99% rename from content/en/docs/spinnaker/exposing-spinnaker.md rename to content/en/docs/armory-admin/exposing-spinnaker.md index 3a348a885f..cfe0945237 100644 --- a/content/en/docs/spinnaker/exposing-spinnaker.md +++ b/content/en/docs/armory-admin/exposing-spinnaker.md @@ -1,9 +1,9 @@ --- title: Exposing Spinnaker -weight: 30 aliases: - /spinnaker/configure_ingress/ - /spinnaker/exposing_spinnaker/ + - /docs/spinnaker/exposing-spinnaker/ --- ## DNS Preparation diff --git a/content/en/docs/armory-admin/fiat-create-permissions.md b/content/en/docs/armory-admin/fiat-create-permissions.md new file mode 100644 index 0000000000..64c6c95698 --- /dev/null +++ b/content/en/docs/armory-admin/fiat-create-permissions.md @@ -0,0 +1,122 @@ +--- +title: Restrict Application Creation +description: "Configure Fiat, the Spinnaker microservice responsible for authorization (authz), to control which users can create applications by using the `prefix` parameter." +aliases: + - /docs/spinnaker-install-admin-guides/fiat-create-permissions/ +--- + +## Requirements + +* Armory 2.17 (OSS 1.17) or later +* Fiat must be enabled and configured to work with an identity provider. For more information, see [Authorization (RBAC)](https://www.spinnaker.io/setup/security/authorization/). + +## Guidelines + +When managing roles for Spinnaker, keep the following in mind: + +* Roles are case insensitive. All roles are changed to lowercase in Fiat's internal model. +* You must explicitly configure permissions for each user role. The default for a user role is no permissions, which means it cannot perform any actions. + + +## Restrict application creation + +Perform the following steps: + +1. Add the line `auth.permissions.provider.application: aggregate` to `SpinnakerService` manifest under key `spec.spinnakerConfig.profiles.fiat` if you are using Operator to deploy Spinnaker, or to `fiat-local.yml` if you are using Halyard. +2. Add prefixes as a source: + + ```yaml + auth.permissions.source.application.prefix: + enabled: true + ``` +3. Define the permissions for a prefix: + + ```yaml + - prefix: + permissions: + READ: + - "" + - "" + - "" + WRITE: + - "" + EXECUTE: + - "user role n>" + ``` + + Here is an example configuration with in-line comments: + + ```yaml + apiVersion: spinnaker.armory.io/{{< param operator-extended-crd-version >}} + kind: SpinnakerService + metadata: + name: spinnaker + spec: + spinnakerConfig: + profiles: + fiat: # Below section maps to fiat-local.yml if using Halyard + # Enables Fiat to read from new sources. + auth.permissions.provider.application: aggregate + # Sets `prefix` as one of these new sources + auth.permissions.source.application.prefix: + enabled: true + prefixes: + # Defines the prefix `apptest-x`. + - prefix: "apptest-*" + permissions: + # Defines permission requirements for all applications that match the prefix `apptest-*` based on roles. + # role-one and role-two have READ permission + READ: + - "role-one" + - "role-two" + # role-one has write permission + WRITE: + - "role-one" + # role-one has execute permission + EXECUTE: + - "role-one" + ``` + + As a result, any application that matches the prefix `apptest-*` has restrictions on who can perform actions. For example, a user with the user role `role-two` only has `READ` permission.
+ +4. To restrict application creation specifically, add `fiat.restrictApplicationCreation` at the top of fiat config and set it to `true`. + + **Note: Currently, the prefix source is the only source that support the CREATE permission.** + + The following example builds upon the example from the previous steps. In-line comments describe additions: + + ```yaml + apiVersion: spinnaker.armory.io/{{< param operator-extended-crd-version >}} + kind: SpinnakerService + metadata: + name: spinnaker + spec: + spinnakerConfig: + profiles: + fiat: # Below section maps to fiat-local.yml if using Halyard + # Add CREATE as a permission + fiat.restrictApplicationCreation: true + auth.permissions.provider.application: aggregate + auth.permissions.source.application.prefix: + enabled: true + prefixes: + - prefix: "*" + permissions: + # Assign CREATE permission to role-one + CREATE: + - "role-one" + READ: + - "role-one" + - "role-two" + WRITE: + - "role-one" + EXECUTE: + - "role-one" + ``` + + The above example assigns CREATE permission to users with the `role-one` role. Users without the `role-one` role cannot create any applications in Spinnaker. + +5. Apply your configuration changes to Spinnaker by running the following command: `kubectl -n apply -f ` if you are using Operator, or `hal deploy apply` if you are using Halyard. + +The following screenshot shows what happens when a user without sufficient permissions attempts to create an application in Deck, Spinnaker's UI: +![No CREATE Permission](/images/authz_create_permission.png) diff --git a/content/en/docs/spinnaker-install-admin-guides/generating-certificates.md b/content/en/docs/armory-admin/generating-certificates.md similarity index 95% rename from content/en/docs/spinnaker-install-admin-guides/generating-certificates.md rename to content/en/docs/armory-admin/generating-certificates.md index f069087298..e2d3cacec0 100644 --- a/content/en/docs/spinnaker-install-admin-guides/generating-certificates.md +++ b/content/en/docs/armory-admin/generating-certificates.md @@ -1,7 +1,9 @@ --- title: Generating Certificates -weight: 46 +description: If you do not have existing certificates to use for securing your Spinnaker environment, create them. +aliases: + - /docs/spinnaker-install-admin-guides/generating-certificates/ --- ## Requirements @@ -14,12 +16,12 @@ You need a recent version of OpenSSL. Generate a key for our certificate authority: ``` -openssl genrsa -aes256 -passout pass:TRUSTSTORE_PASS -out ca.key 2048 +openssl genrsa -aes256 -passout pass:TRUSTSTORE_PASS -out ca.key 2048 ``` Replace `TRUSTSTORE_PASS` with your own CA password. -**Important:** Keep `ca.key` secure and do not distribute it. +**Important:** Keep `ca.key` secure and do not distribute it. Next, generate the certificate of the CA: @@ -113,7 +115,7 @@ rm -rf services/* mkdir -p services/ echo "Generating CA key..." -openssl genrsa -aes256 -passout pass:${CA_PASSWORD} -out services/ca.key 4096 +openssl genrsa -aes256 -passout pass:${CA_PASSWORD} -out services/ca.key 4096 echo "Generate self signed root certificate" openssl req -x509 -new -nodes -key services/ca.key -sha256 -days 3650 -out services/ca.pem -passin pass:${CA_PASSWORD} -subj /C=US/CN=Test diff --git a/content/en/docs/spinnaker-install-admin-guides/halyard-gitops.md b/content/en/docs/armory-admin/halyard-gitops.md similarity index 96% rename from content/en/docs/spinnaker-install-admin-guides/halyard-gitops.md rename to content/en/docs/armory-admin/halyard-gitops.md index 4ba4a21f63..e5153c92eb 100644 --- a/content/en/docs/spinnaker-install-admin-guides/halyard-gitops.md +++ b/content/en/docs/armory-admin/halyard-gitops.md @@ -1,8 +1,9 @@ --- title: Spinnaker GitOps with Halyard -weight: 158 +description: You can manage your Halyard configs as part of a GitOps workflow by storing it in source control. +aliases: + - /docs/spinnaker-install-admin-guides/halyard-gitops/ --- -This article describes how to automate the deployment of Spinnaker and manage its configuration in source control. ## Workflow diff --git a/content/en/docs/spinnaker-install-admin-guides/single-hostname-deck-gate.md b/content/en/docs/armory-admin/hostname-deck-gate-configure.md similarity index 95% rename from content/en/docs/spinnaker-install-admin-guides/single-hostname-deck-gate.md rename to content/en/docs/armory-admin/hostname-deck-gate-configure.md index dd03b8e0d6..9308cbefd1 100644 --- a/content/en/docs/spinnaker-install-admin-guides/single-hostname-deck-gate.md +++ b/content/en/docs/armory-admin/hostname-deck-gate-configure.md @@ -1,8 +1,10 @@ --- -title: Serving Gate on the Same Hostname as Deck -weight: 44 +title: Configuring Gate and Deck to Run on the Same Hostname +linkTitle: Configuring Gate and Deck for the Same Hostname description: > Simplify DNS and Ingress management by deploying Gate and Deck to the same host. +aliases: + - /docs/spinnaker-install-admin-guides/single-hostname-deck-gate/ --- ## Overview diff --git a/content/en/docs/spinnaker/integrations-servicenow.md b/content/en/docs/armory-admin/integrations-servicenow.md similarity index 95% rename from content/en/docs/spinnaker/integrations-servicenow.md rename to content/en/docs/armory-admin/integrations-servicenow.md index 7da55571ee..5c1ab3b5de 100644 --- a/content/en/docs/spinnaker/integrations-servicenow.md +++ b/content/en/docs/armory-admin/integrations-servicenow.md @@ -1,6 +1,7 @@ --- title: Integrating ServiceNow with Spinnaker -weight: 175 +aliases: + - /docs/spinnaker/integrations-servicenow/ --- ## Overview @@ -9,16 +10,16 @@ ServiceNow provides several solutions (ITSM, PPM, Security Response, ITOM, etc). Consuming Webhooks in ServiceNow requires some conifiguration. You can read more about the process [here](https://community.servicenow.com/community?id=community_blog&sys_id=886d2a29dbd0dbc01dcaf3231f9619b0). -## Using a custom webhook stage to create a Change Request in ServiceNow +## Using a custom webhook stage to create a Change Request in ServiceNow -Potential uses for creating a change request in ServiceNow include: +Potential uses for creating a change request in ServiceNow include: * A deployment happens and a ticket needs to be filed in ServiceNow for record keeping -* A canary deployment is successful, and you need a change ticket to be created and approved before full deployment into production. +* A canary deployment is successful, and you need a change ticket to be created and approved before full deployment into production. In ServiceNow, you need to create a Scripted Web Service. At a high level, this service performs the following actions: * Receives the webhook from Spinnaker -* Processes the contents of the payload -* Creates a Change Request. +* Processes the contents of the payload +* Creates a Change Request. A very similar approach could be taken to create a different type of ticket. @@ -29,8 +30,8 @@ To create the Scripted Web Service, perform the following task: ![](/images/integrations-snow-scripted-rest-apis.png) -2. Create a new Scripted Web Service and give it a descriptive name. For example, you can name it “SpinnakerWebhookListener”. - +2. Create a new Scripted Web Service and give it a descriptive name. For example, you can name it “SpinnakerWebhookListener”. + ![](/images/integrations-snow-spinwebhooklistener.png) 3. Submit the information to create the service. @@ -46,22 +47,22 @@ To create the Scripted Web Service, perform the following task: ![](/images/integrations-snow-resource-changeticket.png) -6. Set the **HTTP method** to **POST**. - +6. Set the **HTTP method** to **POST**. + If you are planning on having only one resource in the REST API, you can leave the **Relative Path** as is. - + If you plan to create multiple Resources, set the relative path to be specific to this resource. This will be appended to the **API Path.** The resulting path is appended to your ServiceNow instance address, and that is the URL Spinnaker uses. > **Note**: For testing the integration, you can opt to not require authentication. -7. Optionally, provide the script. You can also provide one at a later time. +7. Optionally, provide the script. You can also provide one at a later time. -### Example script +### Example script The following is an example script you can use when configuring ServiceNow: ``` -(function process(/RESTAPIRequest/ request, /RESTAPIResponse/ response) { +(function process(/RESTAPIRequest/ request, /RESTAPIResponse/ response) { // implement resource here //gs.info(request.body.dataString); response = request.body.dataString; @@ -71,7 +72,7 @@ var parser = new JSONParser(); var parsedData = parser.parse(response); //gs.info(parsedData); gs.info(parsedData.application); - + gr.short_description = parsedData.application; gr.description = parsedData.description; //gr.change_request = current.sys_id; @@ -85,17 +86,17 @@ In the example script, the **response** object is the JSON payload from the webh ## ServiceNow REST API -ServiceNow also has a REST API. You can use ServiceNow's REST API Explorer to view sample code for any REST API call, including creating a change request. +ServiceNow also has a REST API. You can use ServiceNow's REST API Explorer to view sample code for any REST API call, including creating a change request. ## ServiceNow Workflows While most people are familiar with ServiceNow as a ‘ticketing system’, it also has an automation engine. RunBooks for this engine are created as workflows. These workflows can automate internal ServiceNow operations (like handling approval routing) as well as calling other systems APIs (called Orchestrations), like provisioning VMs on-premise or in the cloud. -These workflows can be called from a ServiceNow script in a Scripted REST API. +These workflows can be called from a ServiceNow script in a Scripted REST API. ## Setting Up the Webhook Stage in Spinnaker -The next step is to either create a generic webhook stage or a custom stage. +The next step is to either create a generic webhook stage or a custom stage. To create a custom stage, perform the following steps: @@ -133,20 +134,20 @@ To create a custom stage, perform the following steps: type: string ``` - Note that the example payload contains the two key/pair values that ServiceNow is expecting. - + Note that the example payload contains the two key/pair values that ServiceNow is expecting. + The application is going to be the artifact that is triggering the pipeline. In the example, the pipeline is triggered when a new version of a container for a given organization or application is pushed to the configured Docker Registry. Artifactory is configured as the Docker Registry, so the application is set to something that follows a similar format: `/ :`. - + The above is an example of using Pipeline Expressions to pass dynamic values. The description is an example of passing values that the user can enter in the stage when it is configured. 3. Apply your changes to Spinnaker: `hal deploy apply`. -4. Once you apply your changes, open Deck, Spinnaker's UI. +4. Once you apply your changes, open Deck, Spinnaker's UI. 5. When you create or edit a pipeline, a new stage available is available: ![](/images/integrations-snow-stage.png) - If the new stage does not appear, perform a hard refresh or clear your browser cache and reopen Deck. + If the new stage does not appear, perform a hard refresh or clear your browser cache and reopen Deck. Other Spinnaker users can use the ServiceNow stage you created. diff --git a/content/en/docs/spinnaker-install-admin-guides/splunk-spinnaker.md b/content/en/docs/armory-admin/integrations-splunk.md similarity index 94% rename from content/en/docs/spinnaker-install-admin-guides/splunk-spinnaker.md rename to content/en/docs/armory-admin/integrations-splunk.md index 14e3c5dd8d..f551316a97 100644 --- a/content/en/docs/spinnaker-install-admin-guides/splunk-spinnaker.md +++ b/content/en/docs/armory-admin/integrations-splunk.md @@ -1,13 +1,15 @@ --- -title: Configure the Armory Splunk App for Spinnaker™ +title: Configuring the Armory Splunk App for Spinnaker™ description: "The Armory Splunk App for Spinnaker brings all the SDLC information your organization has into a digestible and familiar format, Splunk dashboards." +aliases: + - /docs/spinnaker-install-admin-guides/splunk-spinnaker/ --- Connect Splunk to Armory Enterprise for Spinnaker with the Armory Splunk App for Spinnaker. See information like your top deployment artifacts and user information in Splunk. If you would like more information about the data that Spinnaker feeds into Splunk, watch the [video walkthrough](#video-walkthrough) at the bottom of this page. ## Install the Armory Splunk App for Spinnaker -1. Go to the [Splunk App store (Splunkbase)](https://splunkbase.splunk.com/) and download the "Armory Splunk App for Spinnaker" +1. Go to the [Splunk App store (Splunkbase)](https://splunkbase.splunk.com/) and download the "Armory Splunk App for Spinnaker" 2. Search for "Armory" or "Spinnaker." 3. Install the "Armory Splunk App for Spinnaker" on the Search Head, Indexer, or in the "/etc/master-apps/" directory on the master for Search Head Clustering. 4. The TA can be installed on the Indexers, Heavy Forwarders, or all in one Splunk. It's the data input, so install based on your Splunk architecture. @@ -34,7 +36,7 @@ Perform the following steps: You will see that Splunk successfully created the new data input, and the authentication token for the HTTP event collector is generated. Keep this token and store it for the Spinnaker configuration. You can always view the HTTP Event Collector Data Inputs and find the authentication token there.. -## Forward data to the Splunk HTTP Event Collector +## Forward data to the Splunk HTTP Event Collector This section describes how to forward data to Splunk so that you can see data from Spinnaker in your Splunk dashboard. Based on how you deployed Spinnaker, see [Halyard](#halyard-configuration) or [Operator](#operator-configuration). @@ -60,10 +62,10 @@ This section describes how to forward data to Splunk so that you can see data fr * **`Authorization`**: Replace `` with the token generated from the Splunk HTTP Event Collector configuration. 5. Save the file. 6. Run `hal deploy apply` within the Halyard container to apply the new Echo configuration. - -Once the Spinnaker services that need the configuration change restart, Spinnaker data starts to flow to the HTTP Event Collector and indexed in the "armory" index. -### Operator configuration +Once the Spinnaker services that need the configuration change restart, Spinnaker data starts to flow to the HTTP Event Collector and indexed in the "armory" index. + +### Operator configuration Insert this YAML into your `SpinnakerService.yml` file, or use it as a patch file if you use Kustomize to build `SpinnakerService.yml`: @@ -86,11 +88,11 @@ spec: template: '{"event":{{event}} }' insecure: true ``` -Make the following changes: +Make the following changes: * **`url`**: Replace `` with the IP or Hostname of your configured HTTP Event Collector. -* **`Authorization`**: Replace `` with the token generated from the Splunk HTTP Event Collector +* **`Authorization`**: Replace `` with the token generated from the Splunk HTTP Event Collector -Once the Spinnaker services that need the configuration change restart, Spinnaker data starts to flow to the HTTP Event Collector and indexed in the "armory" index. +Once the Spinnaker services that need the configuration change restart, Spinnaker data starts to flow to the HTTP Event Collector and indexed in the "armory" index. ## Verify the connection @@ -107,9 +109,9 @@ The Armory Splunk App for Spinnaker includes a Splunk webhook for data driven au {{< figure src="/images/splunk-settings-alert.png" alt="Go to the Searches, reports, and alerts page." >}} 2. Select **Action > Edit > Edit Alert**. {{< figure src="/images/splunk-edit-rollback.png" >}} -3. Find the **Trigger Actions** section. +3. Find the **Trigger Actions** section. 4. Under **Webhook** > **URL**, insert the following URL: - + `https:///api/v1/webhook/` * Replace the `` with the fully qualified domain name or IP of your Spinnaker Gate service. {{< figure src="/images/splunk-gate-rollback.png" >}} diff --git a/content/en/docs/spinnaker-install-admin-guides/sumologic-dashboard.md b/content/en/docs/armory-admin/integrations-sumologic.md similarity index 97% rename from content/en/docs/spinnaker-install-admin-guides/sumologic-dashboard.md rename to content/en/docs/armory-admin/integrations-sumologic.md index 3d00182aba..fdad973e91 100644 --- a/content/en/docs/spinnaker-install-admin-guides/sumologic-dashboard.md +++ b/content/en/docs/armory-admin/integrations-sumologic.md @@ -1,7 +1,8 @@ --- -title: Sumo Logic Dashboard Integration -linkTitle: Sumo Logic Integration -weight: 200 +title: Integrating a Sumo Logic Dashboard +linkTitle: Integrating Sumo Logic +aliases: + - /docs/spinnaker-install-admin-guides/sumologic-dashboard/ --- *This application has been developed and is supported by Armory, Inc. In case of technical questions, please [contact Armory](https://armory.io/contact) for support.* @@ -83,7 +84,7 @@ Run `kubectl -n apply -f ` if u Go to Sumo Logic App Catalog and search for "Spinnaker" by Armory ### Dashboard filters - + The Spinnaker Pipelines dashboard has a set of filters that you can apply to the entire dashboard as shown in the following example. Click the funnel icon in the top dashboard menu bar to display a scrollable list of filters that are applied across the entire dashboard. NOTE: You can use filters to drill down and examine the data on a granular level by application and pipeline diff --git a/content/en/docs/spinnaker-install-admin-guides/jenkins.md b/content/en/docs/armory-admin/jenkins-connect.md similarity index 93% rename from content/en/docs/spinnaker-install-admin-guides/jenkins.md rename to content/en/docs/armory-admin/jenkins-connect.md index c0b5a20cbf..173ea1cae8 100644 --- a/content/en/docs/spinnaker-install-admin-guides/jenkins.md +++ b/content/en/docs/armory-admin/jenkins-connect.md @@ -1,12 +1,11 @@ --- -title: Configure Jenkins -weight: 50 +title: Connecting Spinnaker to Jenkins +linkTitle: Connecting to Jenkins aliases: - - /spinnaker_install_admin_guides/jenkins/ + - /docs/spinnaker-install-admin-guides/jenkins/ +Description: To use Jenkins in Spinnaker, configure access to your Jenkins instance. --- -Before you can make use of Jenkins in Spinnaker, you'll need to -configure access to your Jenkins masters. > The Spinnaker project has more in-depth documentation on configuring Jenkins > in Spinnaker [here](https://www.spinnaker.io/setup/ci/jenkins/). diff --git a/content/en/docs/armory-admin/kayenta-configure.md b/content/en/docs/armory-admin/kayenta-configure.md new file mode 100644 index 0000000000..9f93aee533 --- /dev/null +++ b/content/en/docs/armory-admin/kayenta-configure.md @@ -0,0 +1,115 @@ +--- +title: Configuring Kayenta for Automated Canary Deployments +linkTitle: Configuring Canary Deployments +aliases: + - /spinnaker/configure_kayenta/ + - /docs/spinnaker/configure-kayenta/ +--- + +## Overview + +Kayenta is the Spinnaker service that performs Automated Canary Analysis (ACA). The goal of Kayenta is to provide the end user with confidence that a deployment is safe through automation and intelligence. For information about how to use Canary deployments, see [Using Canary deployments]({{< ref "kayenta-canary-use" >}}). + +## Configure Kayenta + +The open source Spinnaker documentation has a good overview of how to +configure Kayenta using Halyard at +[Set up canary support](https://www.spinnaker.io/setup/canary/). + +For Operator, the following example is an equivalent `SpinnakerService` manifest. The example config uses Datadog as a metrics provider and stores canary configs and analysis in a GCS bucket: + +```yaml +apiversion: spinnaker.io/{{< param operator-extended-crd-version >}} +kind: SpinnakerService +metadata: + name: spinnaker +spec: + spinnakerConfig: + config: + canary: + enabled: true # Enable/disable canary analysis + serviceIntegrations: + - name: google + enabled: true # Enable/disable Google provider + accounts: + - name: my-google-account + project: my-project-id # The Google Cloud Platform project the Canary service uses to consume GCS and Stackdriver. + jsonPath: gcp-sa.json # File name of a JSON service account that Spinnaker uses for credentials. This is only needed if Spinnaker is not deployed on a Google Compute Engine VM or needs permissions not afforded to the VM it is running on. See https://cloud.google.com/compute/docs/access/service-accounts for more information. This field supports using "encryptedFile" secret references (https://docs.armory.io/spinnaker-install-admin-guides/secrets/). + bucket: my-bucket # The name of a storage bucket that your specified account has access to. If you specify a globally unique bucket name that doesn't exist, Kayenta creates that bucket. + bucketLocation: us-central-1 # Required if the bucket you specify doesn't exist. In that case, the bucket gets created in that location. See https://cloud.google.com/storage/docs/managing-buckets#manage-class-location. + rootFolder: kayenta # The root folder in the chosen bucket to place all of the Canary service's persistent data in (Default: kayenta). + supportedTypes: # Array of: METRICS_STORE, CONFIGURATION_STORE, OBJECT_STORE + - CONFIGURATION_STORE + - OBJECT_STORE + gcsEnabled: true # Whether or not GCS is enabled as a persistent store (Default: false). + stackdriverEnabled: false # Whether or not Stackdriver is enabled Stackdriver as a metrics service (Default: false). + metadataCachingIntervalMS: 60000 # Number of milliseconds to wait between caching the names of available metric types for use in building canary configs. (Default: 60000) + - name: prometheus + enabled: false # Enable/disable Prometheus provider + accounts: + - name: my-prometheus-account + endpoint: + baseUrl: http://prometheus # The base URL to the Prometheus server. + username: my-username # Basic auth username. + password: abc # Basic auth password. This field supports "encrypted" field references (https://docs.armory.io/spinnaker-install-admin-guides/secrets/). + usernamePasswordFile: prom-creds # The path to a file containing "username:password". This field supports "encryptedFile" references (https://docs.armory.io/spinnaker-install-admin-guides/secrets/). + supportedTypes: # Array of: METRICS_STORE, CONFIGURATION_STORE, OBJECT_STORE + - METRICS_STORE + metadataCachingIntervalMS: 60000 # Number of milliseconds to wait between caching the names of available metric types for use in building canary configs. (Default: 60000) + - name: datadog + enabled: true # Enable/disable Datadog provider + accounts: + - name: my-datadog-account + endpoint: + baseUrl: https://app.datadoghq.com # The base URL to the Datadog server. + apiKey: my-api-key # Your org's unique Datadog API key. See https://app.datadoghq.com/account/settings#api. This field supports "encrypted" field references (https://docs.armory.io/spinnaker-install-admin-guides/secrets/). + applicationKey: my-app-key # Your Datadog application key. See https://app.datadoghq.com/account/settings#api. This field supports "encrypted" field references (https://docs.armory.io/spinnaker-install-admin-guides/secrets/). + supportedTypes: # Array of: METRICS_STORE, METRICS_STORE, OBJECT_STORE + - METRICS_STORE + - name: signalfx + enabled: false # Enable/disable SignalFx provider + accounts: + - name: my-signalfx-account + endpoint: + baseUrl: https://stream.signalfx.com # The base URL to the SignalFx server. Defaults to https://stream.signalfx.com + accessToken: abc # The SignalFx access token. This field supports "encrypted" field references (https://docs.armory.io/spinnaker-install-admin-guides/secrets/) + defaultScopeKey: abc # Scope key used to distinguish between base and canary deployments. If omitted every request must supply the _scope_key param in extended scope params + defaultLocationKey: abc # Location key used to filter by deployment region. If omitted requests must supply the _location_key if it is needed. + supportedTypes: # Array of: METRICS_STORE, METRICS_STORE, OBJECT_STORE + - METRICS_STORE + - name: aws + enabled: false # Enable/disable aws provider + accounts: + - name: my-aws-account + bucket: my-bucket # The name of a storage bucket that your specified account has access to. If you specify a globally unique bucket name that doesn't exist, Kayenta creates that bucket for you. + region: us-west-2 # The region to use. + rootFolder: kayenta # The root folder in the chosen bucket to place all of the Canary service's persistent data in (Default: kayenta). + profileName: default # The profile name to use when resolving AWS credentials. Typically found in ~/.aws/credentials (Default: default). + endpoint: http://minio # The endpoint used to reach the service implementing the AWS api. Typically used with Minio. + accessKeyId: abc # The default access key used to communicate with AWS. This field supports "encrypted" field references (https://docs.armory.io/spinnaker-install-admin-guides/secrets/) + secretAccessKey: abc # The secret key used to communicate with AWS. This field supports "encrypted" field references (https://docs.armory.io/spinnaker-install-admin-guides/secrets/) + supportedTypes: # Array of: METRICS_STORE, METRICS_STORE, OBJECT_STORE + - CONFIGURATION_STORE + - OBJECT_STORE + s3Enabled: false # Whether or not to enable S3 as a persistent store (Default: false). + - name: newrelic + enabled: false # Enable/disable New Relic provider + accounts: + - name: my-newrelic-account + endpoint: + baseUrl: https://newrelic # The base URL to the New Relic Insights server. + apiKey: abc # Your account's unique New Relic Insights API key. See https://docs.newrelic.com/docs/insights/insights-api/get-data/query-insights-event-data-api. This field supports "encrypted" field references (https://docs.armory.io/spinnaker-install-admin-guides/secrets/) + applicationKey: abc # Your New Relic account id. See https://docs.newrelic.com/docs/accounts/install-new-relic/account-setup/account-id. This field supports "encrypted" field references (https://docs.armory.io/spinnaker-install-admin-guides/secrets/) + supportedTypes: # Array of: METRICS_STORE, METRICS_STORE, OBJECT_STORE + - METRICS_STORE + reduxLoggerEnabled: true # Whether or not to enable redux logging in the canary module in deck (Default: true). + defaultJudge: NetflixACAJudge-v1.0 # Name of canary judge to use by default (Default: NetflixACAJudge-v1.0). + stagesEnabled: true # Whether or not to enable canary stages in deck (Default: true). + templatesEnabled: true # Whether or not to enable custom filter templates for canary configs in deck (Default: true). + showAllConfigsEnabled: true # Whether or not to show all canary configs in deck, or just those scoped to the current application (Default: true). + ... # rest of config omitted for brevity + files: + gcp-sa.json: | + +``` +> **Note**: You can delete all disabled provider sections. \ No newline at end of file diff --git a/content/en/docs/spinnaker-install-admin-guides/add-kubernetes-account.md b/content/en/docs/armory-admin/kubernetes-account-add.md similarity index 99% rename from content/en/docs/spinnaker-install-admin-guides/add-kubernetes-account.md rename to content/en/docs/armory-admin/kubernetes-account-add.md index 40226bc2c0..115be68a6f 100644 --- a/content/en/docs/spinnaker-install-admin-guides/add-kubernetes-account.md +++ b/content/en/docs/armory-admin/kubernetes-account-add.md @@ -1,8 +1,9 @@ --- title: Creating and Adding a Kubernetes Account to Spinnaker as a Deployment Target -linkTitle: Add Kubernetes Account as Deployment Target -weight: 10 +linkTitle: Adding Kubernetes Account as Deployment Target +aliases: + - /docs/spinnaker-install-admin-guides/add-kubernetes-account/ --- Once you have (OSS or Armory) Spinnaker up and running in Kubernetes, you'll want to start adding deployment targets. diff --git a/content/en/docs/spinnaker-install-admin-guides/manual-service-account.md b/content/en/docs/armory-admin/manual-service-account.md similarity index 95% rename from content/en/docs/spinnaker-install-admin-guides/manual-service-account.md rename to content/en/docs/armory-admin/manual-service-account.md index b47caa4e20..df864a3b04 100644 --- a/content/en/docs/spinnaker-install-admin-guides/manual-service-account.md +++ b/content/en/docs/armory-admin/manual-service-account.md @@ -1,7 +1,9 @@ --- - -title: "Kubernetes: Creating Service Accounts and Kubeconfigs" -weight: 20 +title: "Creating Kubernetes Service Accounts and Kubeconfigs" +linkTitle: Creating Kubernetes Service Accounts +aliases: + - /docs/spinnaker-install-admin-guides/manual-service-accounts/ +description: To use Kubernetes with Spinnaker, configure --- ## Overview @@ -20,7 +22,7 @@ The [spinnaker-tools binary](https://github.com/armory/spinnaker-tools) was buil - **Kubernetes Roles and Rolebindings** - **(Optionally) Kubernetes ClusterRoles and Rolebindings** -## Create the Service Account +## Create the service account You can use the following manifest to create a service account. Replace `NAMESPACE` with the namespace you want to use and, optionally, rename the service account. diff --git a/content/en/docs/spinnaker-install-admin-guides/services-mtls.md b/content/en/docs/armory-admin/mtls-configure.md similarity index 87% rename from content/en/docs/spinnaker-install-admin-guides/services-mtls.md rename to content/en/docs/armory-admin/mtls-configure.md index ba15311f20..0a24ddf360 100644 --- a/content/en/docs/spinnaker-install-admin-guides/services-mtls.md +++ b/content/en/docs/armory-admin/mtls-configure.md @@ -1,14 +1,11 @@ --- -title: Spinnaker Services mTLS -weight: 45 +title: Configuring mTLS for Spinnaker Services +linkTitle: Configuring mTLS aliases: - - /spinnaker_install_admin_guides/spinnaker-services-mtls/ - - /spinnaker_install_admin_guides/services_mtls/ +- /docs/spinnaker-install-admin-guides/service-mtls/ +description: This guide describes how to enable mutual TLS (mTLS) between Spinnaker services and is building on top of how to enable TLS. Adding mTLS provides additional security for your Spinnaker services since only validated clients can interact with services when mTLS is enabled. --- -This guide describes how to enable mutual TLS (mTLS) between Spinnaker services and is building on top of [how to enable TLS]({{< ref "services-tls" >}}). Adding mTLS provides additional security for your Spinnaker services as only validated clients can interact with services when mTLS is enabled. - - ## Introduction mTLS is a transport level security measure. When a client connects to a server, as in a TLS connection: @@ -25,10 +22,11 @@ To set up TLS, provide the following: - Certificate and private key to present to the server - Chain of certificates to validate the server (if self signed) +For informaiton about TLS, see [how to enable TLS]({{< ref "tls-configure" >}}). ## What you need -In the following sections, you need the same information that you needed for [TLS setup]({{< ref "services-tls#what-you-need" >}}): +In the following sections, you need the same information that you needed for [TLS setup]({{< ref "tls-configure#what-you-need" >}}): - `ca.pem` (all Golang servers): the CA certificate in PEM format - `[service].crt` (each Golang server): the certificate and optionally the private key of the Golang server in PEM format @@ -94,7 +92,7 @@ http: ## Changing service endpoints -This section is identical to [changing endpoints for TLS](../services-tls#changing-service-endpoints). +This section is identical to [changing endpoints for TLS]({{< ref "tls-configure#changing-service-endpoints" >}}). ## Changing readiness probe diff --git a/content/en/docs/spinnaker-install-admin-guides/slack-notifications.md b/content/en/docs/armory-admin/notifications-slack-configure.md similarity index 97% rename from content/en/docs/spinnaker-install-admin-guides/slack-notifications.md rename to content/en/docs/armory-admin/notifications-slack-configure.md index ffb458d9b4..5eef760329 100644 --- a/content/en/docs/spinnaker-install-admin-guides/slack-notifications.md +++ b/content/en/docs/armory-admin/notifications-slack-configure.md @@ -1,6 +1,7 @@ --- title: Configuring Slack Notifications -weight: 87 +aliases: + - /docs/spinnaker-install-admin-guides/slack-notifcations --- This article describes how to configure Spinnaker to send Slack notifications. diff --git a/content/en/docs/spinnaker-install-admin-guides/orca-sql.md b/content/en/docs/armory-admin/orca-sql-configure.md similarity index 91% rename from content/en/docs/spinnaker-install-admin-guides/orca-sql.md rename to content/en/docs/armory-admin/orca-sql-configure.md index 768327fd88..fded9c1471 100644 --- a/content/en/docs/spinnaker-install-admin-guides/orca-sql.md +++ b/content/en/docs/armory-admin/orca-sql-configure.md @@ -1,13 +1,15 @@ --- -title: Orca with RDBMS -weight: 48 +title: Configuring Orca to use a Relational Database Management System +linkTitle: Configuring Orca to use RDBMS +description: aliases: - /spinnaker_install_admin_guides/orca-sql/ + - /docs/spinnaker-install-admin-guides/orca-sql/ --- ## Overview -By default, Orca (the task orchestration service) uses Redis as its backing store. You can now configure Orca to use a relational database to store its pipeline execution. The main advantage of doing so is a gain in performance and the removal of Redis as a single point of failure. +By default, Orca (the task orchestration service) uses Redis as its backing store. You can configure Orca to use a relational database to store its pipeline execution. The main advantage of doing so is a gain in performance and the removal of Redis as a single point of failure. Armory recommends MySQL 5.7. For AWS, you can use Aurora. @@ -71,7 +73,7 @@ The above configuration grants authorization from any host. You can restrict it ## Keeping existing execution history -The above configuration will point Orca to your database. +The above configuration will point Orca to your database. You have the option to run a dual repository by adding `dual` in `profiles/orca-local.yml`. Armory v2.18+: diff --git a/content/en/docs/spinnaker-install-admin-guides/packer.md b/content/en/docs/armory-admin/packer.md similarity index 95% rename from content/en/docs/spinnaker-install-admin-guides/packer.md rename to content/en/docs/armory-admin/packer.md index 4654552c97..b3838f9a7d 100644 --- a/content/en/docs/spinnaker-install-admin-guides/packer.md +++ b/content/en/docs/armory-admin/packer.md @@ -1,15 +1,16 @@ --- -title: Baking Machine Images (AWS, GCE, etc.) Using Packer -linkTitle: Baking Machine Images Using Packer -weight: 35 +title: Baking Machine Images Using Packer +linkTitle: Baking Machine Images # Substantially different from install_guide/packer aliases: - /spinnaker_install_admin_guides/packer/ + - /docs/spinnaker-install-admin-guides/packer/ +description: Spinnaker has a built-in capability to 'bake' (build) machine images for deployment to various cloud environments. --- ## Overview -Spinnaker has a built-in capability to 'bake' (build) machine images for deployment to various cloud environments. For example, if you are deploying to AWS, you can use Spinnaker to bake Amazon Machine Images (AMIs) from the artifacts that were produced by your CI tool. This is achieved by using the open source Packer tool, which is included in the Spinnaker Rosco microservice. +Spinnaker uses the open source Packer tool to bake images, which is included in the Spinnaker Rosco microservice. For example, if you are deploying to AWS, you can use Spinnaker to bake Amazon Machine Images (AMIs) from the artifacts that were produced by your CI tool. **Note** This section focuses on configuring Packer scripts to build machine images (such as AMIs). If you're only deploying to Kubernetes, you can skip this section. diff --git a/content/en/docs/spinnaker/policy-engine-enable.md b/content/en/docs/armory-admin/policy-engine-enable.md similarity index 99% rename from content/en/docs/spinnaker/policy-engine-enable.md rename to content/en/docs/armory-admin/policy-engine-enable.md index 3ab3d76c1e..aee8d42158 100644 --- a/content/en/docs/spinnaker/policy-engine-enable.md +++ b/content/en/docs/armory-admin/policy-engine-enable.md @@ -1,11 +1,10 @@ --- title: Enabling Policy Engine -weight: 143 aliases: - /spinnaker/policy_engine/ - /spinnaker/policy-engine/ - - /docs/spinnaker/policy-engine/ -summary: "Enable the Policy Engine and configure an OPA server. When enabled, the Policy Engine can perform save time or runtime validation on your Spinnaker pipelines." + - /docs/spinnaker/policy-engine-enable/ +summary: "Enable the Policy Engine and configure an OPA server. When enabled, the Policy Engine can perform save time or runtime validation on your Spinnaker pipelines." --- ## Overview diff --git a/content/en/docs/spinnaker-install-admin-guides/prometheus-monitoring.md b/content/en/docs/armory-admin/prometheus-monitoring.md similarity index 97% rename from content/en/docs/spinnaker-install-admin-guides/prometheus-monitoring.md rename to content/en/docs/armory-admin/prometheus-monitoring.md index 1d92f0fa3a..e76796f0c6 100644 --- a/content/en/docs/spinnaker-install-admin-guides/prometheus-monitoring.md +++ b/content/en/docs/armory-admin/prometheus-monitoring.md @@ -1,8 +1,9 @@ --- title: Monitoring Spinnaker with Prometheus -order: 920 description: > Monitoring Spinnaker using Prometheus and Grafana +aliases: + - /docs/spinnaker-install-admin-guides/prometheus-monitoring/ --- {{% alert title="Warning" color="warning" %}}There is a known issue with metric names in version 2.20.x. Until this issue is resolved, any dashboards created from the instructions on this page will not work. For more information, see the release notes for your version, such as [2.20.5]({{< ref "armoryspinnaker_v2-20-5#spinnaker-metrics" >}}). {{% /alert %}} @@ -176,10 +177,10 @@ Access the Grafana web interface via http://localhost:3000 and use the default g ## Add Armory dashboards to Grafana -Armory provides some sample dashboards (in JSON format) that you can import into Grafana as a starting point for metrics to graph for monitoring. +Armory provides some sample dashboards (in JSON format) that you can import into Grafana as a starting point for metrics to graph for monitoring. Armory has additional dashboards that are availabe to Armory customers. You can skip this section if you are a Grafana expert. -To import the sample dashboards, perform the following steps: +To import the sample dashboards, perform the following steps: 1. Git clone this repo to your local workstation: (https://github.com/spinnaker/spinnaker-monitoring) 2. Access the Grafana web interface (as shown above) diff --git a/content/en/docs/spinnaker-install-admin-guides/rate-limit.md b/content/en/docs/armory-admin/rate-limit.md similarity index 91% rename from content/en/docs/spinnaker-install-admin-guides/rate-limit.md rename to content/en/docs/armory-admin/rate-limit.md index cc0bcedfe3..f341787a2b 100644 --- a/content/en/docs/spinnaker-install-admin-guides/rate-limit.md +++ b/content/en/docs/armory-admin/rate-limit.md @@ -1,19 +1,15 @@ --- -title: Rate Limiting Spinnaker API Calls -weight: 140 +title: Rate Limiting the Spinnaker API +linkTitle: Rate Limiting Spinnaker aliases: - - /admin-guides/rate-limit/ - - /admin-guides/rate_limit/ - - /admin_guides/rate-limit/ - - /admin_guides/rate_limit/ - - /spinnaker_install_admin_guides/rate_limit/ - - /spinnaker_install_admin_guides/rate-limit/ - /spinnaker-install-admin-guides/rate_limit/ + - /docs/spinnaker-install-admin-guides/rate-limit/ +description: By default Spinnaker, queries (polls) the entire state of cloud resources managed by Spinnaker every 30 seconds through the Clouddriver service. --- ## How Spinnaker monitors a deployment -By default Spinnaker queries (e.g. polls) the entire state of the AWS resources managed by Spinnaker every 30 seconds through the Clouddriver sub-service. This can cause AWS to throttle the requests on your account. If you have a large number of Auto-Scaling Groups and Elastic Load Balancers in your account or other services commonly querying the same APIs then you can expect to see throttling exceptions in your Spinnaker logs. +The polling can cause cloud providers, such as AWS, to throttle the requests on your account. If you have a large number of Auto-Scaling Groups and Elastic Load Balancers in your account or other services commonly querying the same APIs then you can expect to see throttling exceptions in your Spinnaker logs. ### How to alleviate AWS throttling exceptions @@ -23,7 +19,7 @@ There are several things you can do to help reduce the effects of throttling: - Decrease the polling interval. -## Fine grained rate limits +## Fine-grained rate limits Spinnaker queries your Cloud Provider (AWS, GCP, Azure, Kubernetes, etc) frequently to understand the state of your existing infrastructure and current deployments. However, this might cause you to run into rate limits imposed by the Cloud Provider. To help avoid this Spinnaker provides controls to limit the number of requests it generates. The unit used for these controls is "requests per second" (a double float value). Global defaults are `10.0` max requests per second. diff --git a/content/en/docs/spinnaker/terraform-enable-integration.md b/content/en/docs/armory-admin/terraform-enable-integration.md similarity index 97% rename from content/en/docs/spinnaker/terraform-enable-integration.md rename to content/en/docs/armory-admin/terraform-enable-integration.md index edc5aea6c7..3782277d50 100644 --- a/content/en/docs/spinnaker/terraform-enable-integration.md +++ b/content/en/docs/armory-admin/terraform-enable-integration.md @@ -1,10 +1,10 @@ --- layout: post title: Enabling the Terraform Integration Stage -weight: 141 aliases: - /spinnaker/terraform_integration/ - /spinnaker/terraform-configure-integration/ + - /docs/spinnaker/terraform-enable-integration/ --- ## Overview @@ -17,7 +17,7 @@ Armory's Terraform Integration integrates your infrastructure-as-code Terraform Armory ships several versions of Terraform as part of the Terraform Integration feature. The Terraform binaries are verified by checksum and with Hashicorp's GPG key before being installed into an Armory release. -When creating a Terraform Integration stage, pipeline creators select a specific available version from a list of available versions: +When creating a Terraform Integration stage, pipeline creators select a specific available version from a list of available versions: ![Terraform version to use](/images/terraform_version.png) @@ -97,8 +97,8 @@ For more information about how to generate a GitHub PAT, see [Creating a Persona ## Configure your artifact accounts The Terraform Integration uses the following artifact accounts: - * **Git Repo** - To fetch the repo housing your main Terraform files. - * **GitHub, BitBucket or HTTP** - *Optional*. To fetch single files such as var-files or backend config files. + * **Git Repo** - To fetch the repo housing your main Terraform files. + * **GitHub, BitBucket or HTTP** - *Optional*. To fetch single files such as var-files or backend config files. ### Configure the Git Repo artifact @@ -216,7 +216,7 @@ spec: spinnakerConfig: config: artifacts: - bitbucket: + bitbucket: enabled: true accounts: - name: bitbucket-for-terraform @@ -283,7 +283,7 @@ When using remote backends, keep the following in mind: * The minimum supported Terraform version is 0.12.0. * In the Terraform Cloud/Enterprise UI, the type of `plan` action that the Terraform Integration performs is a "speculative plan." For more information, see [Speculative Plans](https://www.terraform.io/docs/cloud/run/index.html#speculative-plans). * You cannot save and apply a plan file. - + #### Enable remote backend support End users can use remote backends by configuring the Terraform Integration stage with the following parameters: @@ -320,7 +320,7 @@ window.spinnakerSettings.feature.terraform = true; After you finish your Terraform integration configuration, perform the following steps: -1. Apply the changes: +1. Apply the changes: **Operator** @@ -350,9 +350,9 @@ After you finish your Terraform integration configuration, perform the following ## Configure Terraform for your cloud provider -Since the Terraform Integration executes all Terraform commands against the `terraform` binary, all methods of configuring authentication are supported for your desired cloud provider. This section describes how to accomplish this for various cloud providers. +Since the Terraform Integration executes all Terraform commands against the `terraform` binary, all methods of configuring authentication are supported for your desired cloud provider. This section describes how to accomplish this for various cloud providers. -You can also configure a profile that grants access to resources, like AWS. +You can also configure a profile that grants access to resources, like AWS. ## Named Profiles @@ -375,14 +375,14 @@ For information about how to configure a Profile, see [Configuring a profile](#c **AWS** -Use the `aws` credential type to provide authentication to AWS. There are two methods you can use to provide authentication - by defining a static key pair or a role that should be assumed before a Terraform action is executed. +Use the `aws` credential type to provide authentication to AWS. There are two methods you can use to provide authentication - by defining a static key pair or a role that should be assumed before a Terraform action is executed. For defining a static key pair, supply an `accessKeyId` and a `secretAccessKey`: ```yaml - name: devops # Unique name for the profile. Shows up in Deck. variables: - - kind: aws # Type of credential + - kind: aws # Type of credential options: accessKeyId: AKIAIOWQXTLW36DV7IEA secretAccessKey: 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 @@ -390,10 +390,10 @@ For defining a static key pair, supply an `accessKeyId` and a `secretAccessKey`: For assuming a role instead of defining a static set of credentials, supply the ARN of the role to assume: -```yaml +```yaml - name: devops # Unique name for the profile. Shows up in Deck. variables: - - kind: aws # Type of credential + - kind: aws # Type of credential options: assumeRole: arn:aws:iam::012345567:role/roleAssume ``` @@ -407,7 +407,7 @@ Use the `git-ssh` credential kind to provide authentication to private Git repos ```yaml - name: pixel-git # Unique name for the profile. Shows up in Deck. variables: - - kind: git-ssh # Type of credential + - kind: git-ssh # Type of credential options: sshPrivateKey: encrypted:vault!e:!p:!k:!b: ``` @@ -419,7 +419,7 @@ Use the `static` credential kind to provide any arbitrary key/value pair that is ```yaml - name: devops # Unique name for the profile. Shows up in Deck. variables: - - kind: static # Type of credential + - kind: static # Type of credential options: name: AWS_REGION value: us-west-2 @@ -444,32 +444,32 @@ Configure profiles that users can select when creating a Terraform Integration s 1. In the `.hal/default/profiles` directory, create or edit `terraformer-local.yml`. 2. Add the values for the profile(s) you want to add under the `profiles` section. The following example adds a profile named `pixel-git` for an SSH key secured in Vault. - + ```yaml - name: pixel-git # Unique profile name displayed in Deck variables: - kind: git-ssh options: - sshPrivateKey: encrypted:vault!e:!p:!k:!b: + sshPrivateKey: encrypted:vault!e:!p:!k:!b: ``` - + When a user creates or edits a Terraform Integration stage in Deck, they can select the profile `pixel-git` from a dropdown. Keep the following in mind when adding profiles: * You can add multiple profiles under the `profiles` section. - * Do not commit plain text secrets to `terraformer-local.yml`. Instead, use a secret store: [Vault]({{< ref "secrets-vault" >}}), an [encrypted S3 bucket]({{< ref "secrets-s3" >}}), or an [encrypted GCS bucket]({{< ref "secrets-gcs" >}}). + * Do not commit plain text secrets to `terraformer-local.yml`. Instead, use a secret store: [Vault]({{< ref "secrets-vault" >}}), an [encrypted S3 bucket]({{< ref "secrets-s3" >}}), or an [encrypted GCS bucket]({{< ref "secrets-gcs" >}}). * For SSH keys, one option parameter at a time is supported for each Profile. This means that you can use a private key file (`sshPrivateKeyFilePath`) or the key (`sshPrivateKey`) as the option. To use the key file path, use `sshPrivateKeyFilePath` for the option and provide the path to the key file. The path can also be encrypted using a secret store such as Vault. The following `option` example uses `sshPrivateKeyFilePath`: - + ```yaml options: sshPrivateKeyFilePath: encryptedFile:!e:... ``` - + For more information, see the documentation for your secret store. -3. Save the file. +3. Save the file. 4. Apply your changes: - + ``` hal deploy apply ``` diff --git a/content/en/docs/spinnaker-install-admin-guides/services-tls.md b/content/en/docs/armory-admin/tls-configure.md similarity index 88% rename from content/en/docs/spinnaker-install-admin-guides/services-tls.md rename to content/en/docs/armory-admin/tls-configure.md index 64f33c9d35..4e9abb888e 100644 --- a/content/en/docs/spinnaker-install-admin-guides/services-tls.md +++ b/content/en/docs/armory-admin/tls-configure.md @@ -1,15 +1,15 @@ --- -title: Spinnaker Services TLS -weight: 44 +title: Configuring TLS for Spinnaker Services +linkTitle: Configuring TLS aliases: - /spinnaker_install_admin_guides/spinnaker-services-tls/ - /spinnaker_install_admin_guides/services_tls/ - - /spinnaker-install-admin-guides/spinnaker-services-ssl/ + - /docs/spinnaker-install-admin-guides/spinnaker-services-ssl/ +description: > + Spinnaker services communicate with each other and can exchange potentially sensitive data. Enabling TLS between services ensures that this data is encrypted and that a service will only communicate with another service that has a valid certificate. --- -Spinnaker services communicate with each other and can exchange potentially sensitive data. Enabling TLS between services ensures that this data is encrypted and that a service will only communicate with another service that has a valid certificate. - -Switching from plain HTTP to HTTPS will cause some short disruption to the services as they become healthy at different times. +> Switching from plain HTTP to HTTPS will cause some short disruption to the services as they become healthy at different times. ## Overview @@ -26,7 +26,7 @@ Note that distributing a CA public key is only needed if you sign certificates w **Java** -Java services can present #1 as a keystore and #2 as a trust store in PKCS12 (preferred) or JKS format. +Java services can present #1 as a keystore and #2 as a trust store in PKCS12 (preferred) or JKS format. **Golang** @@ -55,7 +55,7 @@ The following table lists the Armory and Spinnaker services, their type (Java or * Dinghy is the service for Pipelines as Code. * Terraformer is the service for the Terraform Integration. -**Note**: Gate may be handled differently if you already [terminating SSL at Gate](../dns-and-ssl). If not, make sure the load balancer and ingress you are using supports self-signed certificates. +**Note**: Gate may be handled differently if you already [terminating SSL at Gate]({{< ref "dns-and-ssl" >}}). If not, make sure the load balancer and ingress you are using supports self-signed certificates. In the following sections, you need to have the following information available: @@ -69,7 +69,7 @@ In the following sections, you need to have the following information available: - `[SERVICE]_KEY_PASS` (each Java server): the password to the keystore you're using -To learn how to generate these files, refer to [generating certificates](../generating-certificates/#putting-it-together-tls). +To learn how to generate these files, refer to [generating certificates]({{< ref "generating-certificates/#putting-it-together-tls" >}}). ## Configuration (Java services) @@ -225,4 +225,4 @@ server: Run `hal deploy apply` after you make your changes. -**Note**: There is currently no way to pass passwords stored in Kubernetes secrets as environment variables using Halyard. You can remove passwords from the keys you're using or use the Spinnaker Operator to reference Kubernetes secrets directly. +> There is currently no way to pass passwords stored in Kubernetes secrets as environment variables using Halyard. You can remove passwords from the keys you're using or use the Spinnaker Operator to reference Kubernetes secrets directly. diff --git a/content/en/docs/spinnaker-install-admin-guides/configure-travis.md b/content/en/docs/armory-admin/travis-connect.md similarity index 85% rename from content/en/docs/spinnaker-install-admin-guides/configure-travis.md rename to content/en/docs/armory-admin/travis-connect.md index 84cb8d76ba..e9140bf4b7 100644 --- a/content/en/docs/spinnaker-install-admin-guides/configure-travis.md +++ b/content/en/docs/armory-admin/travis-connect.md @@ -1,6 +1,7 @@ --- -title: Configure Travis -weight: 51 +title: Connecting to Travis +aliases: + - /docs/spinnaker-install-admin/guides/configure-travis/ --- ## Overview @@ -12,7 +13,7 @@ Configuring Travis in your Spinnaker instance with Halyard is pretty easy, but there are a few "gotchas" to watch out for. -## Configure Travis +## Add Travis to Spinnaker First, configure your Travis master: @@ -25,7 +26,7 @@ hal config ci travis master add Travis --address https://api.travis-ci.org --bas For reference, you can look at the [Spinnaker docs](https://www.spinnaker.io/reference/halyard/commands/#hal-config-ci-travis-master-add) -## Enable Travis +## Enable Travis support Next, enable Travis with Halyard: @@ -33,7 +34,7 @@ Next, enable Travis with Halyard: hal config ci travis enable ``` - + ### Enable Travis Stages diff --git a/content/en/docs/installation/_index.md b/content/en/docs/installation/_index.md index 2ba71f89e7..fcda26c558 100644 --- a/content/en/docs/installation/_index.md +++ b/content/en/docs/installation/_index.md @@ -3,7 +3,7 @@ title: "Installation" linkTitle: "Installation" weight: 2 description: | - Installing Armory + Installing Armory in your environment aliases: - /install_guide/install/ - /install-guide/getting_started/ diff --git a/content/en/docs/installation/guide/aws-container-marketplace.md b/content/en/docs/installation/guide/aws-container-marketplace.md index 4e30e759de..435a85b566 100644 --- a/content/en/docs/installation/guide/aws-container-marketplace.md +++ b/content/en/docs/installation/guide/aws-container-marketplace.md @@ -461,5 +461,5 @@ Now that Armory is running, here are potential next steps: * Configure certificates to secure our cluster (see [this section](#configuring-tls-certificates) for notes on this) * Configure authentication/authorization (see the [Open Source Spinnaker documentation](https://www.spinnaker.io/setup/security/)) -* Add external Kubernetes accounts to deploy applications to (see [Creating and Adding a Kubernetes Account to Spinnaker (Deployment Target)]({{< ref "add-kubernetes-account" >}})) +* Add external Kubernetes accounts to deploy applications to (see [Creating and Adding a Kubernetes Account to Spinnaker (Deployment Target)]({{< ref "kubernetes-account-add" >}})) * Add AWS accounts to deploy applications to (see the [Open Source Spinnaker documentation](https://www.spinnaker.io/setup/install/providers/aws/)) diff --git a/content/en/docs/installation/guide/install-on-aks.md b/content/en/docs/installation/guide/install-on-aks.md index 949886eeae..1003d69c8d 100644 --- a/content/en/docs/installation/guide/install-on-aks.md +++ b/content/en/docs/installation/guide/install-on-aks.md @@ -566,7 +566,7 @@ Now that you have Spinnaker up and running, here are some of the next things you * Configuration of certificates to secure your cluster (see [this section](#configuring-tls-certificates) for notes on this) * Configuration of Authentication/Authorization (see the [Open Source Spinnaker documentation](https://www.spinnaker.io/setup/security/)) -* Add Kubernetes accounts to deploy applications to (see [Creating and Adding a Kubernetes Account to Spinnaker as a Deployment Target]({{< ref "add-kubernetes-account" >}})) +* Add Kubernetes accounts to deploy applications to (see [Creating and Adding a Kubernetes Account to Spinnaker as a Deployment Target]({{< ref "kubernetes-account-add" >}})) * Add Azure accounts to deploy applications to (see the [Open Source Spinnaker documentation](https://www.spinnaker.io/setup/install/providers/azure/)) * Add GCP accounts to deploy applications to (see the [Open Source Spinnaker documentation](https://www.spinnaker.io/setup/install/providers/gce/)) * Add AWS accounts to deploy applications to (see the [Open Source Spinnaker documentation](https://www.spinnaker.io/setup/install/providers/aws/)) diff --git a/content/en/docs/installation/guide/install-on-aws.md b/content/en/docs/installation/guide/install-on-aws.md index 54212ccb7b..c17c71fea2 100644 --- a/content/en/docs/installation/guide/install-on-aws.md +++ b/content/en/docs/installation/guide/install-on-aws.md @@ -664,6 +664,6 @@ Now that you have Armory up and running, here are some of the next things you ma - Configuration of certificates to secure your cluster (see [this section](#configuring-tls-certificates) for notes on this) - Configuration of Authentication/Authorization (see the [Open Source Spinnaker documentation](https://www.spinnaker.io/setup/security/)) -- Add Kubernetes accounts to deploy applications to (see [Creating and Adding a Kubernetes Account to Armory as a Deployment Target]({{< ref "add-kubernetes-account" >}})) +- Add Kubernetes accounts to deploy applications to (see [Creating and Adding a Kubernetes Account to Armory as a Deployment Target]({{< ref "kubernetes-account-add" >}})) - Add GCP accounts to deploy applications to (see the [Open Source Spinnaker documentation](https://www.spinnaker.io/setup/install/providers/gce/)) - Add AWS accounts to deploy applications to (see the [Open Source Spinnaker documentation](https://www.spinnaker.io/setup/install/providers/aws/)) diff --git a/content/en/docs/installation/guide/install-on-gke.md b/content/en/docs/installation/guide/install-on-gke.md index bb35c5cc09..098ae23b02 100644 --- a/content/en/docs/installation/guide/install-on-gke.md +++ b/content/en/docs/installation/guide/install-on-gke.md @@ -558,6 +558,6 @@ Now that you have Armory up and running, here are some of the next things you ma * Configuration of certificates to secure your cluster (see [this section](#configuring-tls-certificates) for notes on this) * Configuration of Authentication/Authorization (see the [Open Source Spinnaker documentation](https://www.spinnaker.io/setup/security/)) -* Add Kubernetes accounts to deploy applications to (see [Creating and Adding a Kubernetes Account to Armory as a Deployment Target]({{< ref "add-kubernetes-account" >}})) +* Add Kubernetes accounts to deploy applications to (see [Creating and Adding a Kubernetes Account to Armory as a Deployment Target]({{< ref "kubernetes-account-add" >}})) * Add GCP accounts to deploy applications to (see the [Open Source Spinnaker documentation](https://www.spinnaker.io/setup/install/providers/gce/)) * Add AWS accounts to deploy applications to (see the [Open Source Spinnaker documentation](https://www.spinnaker.io/setup/install/providers/aws/)) diff --git a/content/en/docs/installation/guide/install-on-k8s.md b/content/en/docs/installation/guide/install-on-k8s.md index 334a735394..19f695f003 100644 --- a/content/en/docs/installation/guide/install-on-k8s.md +++ b/content/en/docs/installation/guide/install-on-k8s.md @@ -948,6 +948,6 @@ Now that Armory is running, here are potential next steps: * Configuration of certificates to secure our cluster (see [this section](#configuring-tls-certificates) for notes on this) * Configuration of Authentication/Authorization (see the [Open Source Spinnaker documentation](https://www.spinnaker.io/setup/security/)) -* Add Kubernetes accounts to deploy applications to (see [Creating and Adding a Kubernetes Account to Armory as a Deployment Target]({{< ref "add-kubernetes-account" >}})) +* Add Kubernetes accounts to deploy applications to (see [Creating and Adding a Kubernetes Account to Armory as a Deployment Target]({{< ref "kubernetes-account-add" >}})) * Add GCP accounts to deploy applications to (see the [Open Source Spinnaker documentation](https://www.spinnaker.io/setup/install/providers/gce/)) * Add AWS accounts to deploy applications to (see the [Open Source Spinnaker documentation](https://www.spinnaker.io/setup/install/providers/aws/)) diff --git a/content/en/docs/spinnaker/quickstart/Armory-Spinnaker-Quickstart-1.md b/content/en/docs/installation/guide/quickstart/Armory-Spinnaker-Quickstart-1.md similarity index 98% rename from content/en/docs/spinnaker/quickstart/Armory-Spinnaker-Quickstart-1.md rename to content/en/docs/installation/guide/quickstart/Armory-Spinnaker-Quickstart-1.md index 22a2440762..d3c049cd39 100644 --- a/content/en/docs/spinnaker/quickstart/Armory-Spinnaker-Quickstart-1.md +++ b/content/en/docs/installation/guide/quickstart/Armory-Spinnaker-Quickstart-1.md @@ -2,7 +2,8 @@ title: AWS QuickStart Step 1 weight: 2 aliases: - - /spinnaker/Armory-Spinnaker-Quickstart-1 + - /spinnaker/Armory-Spinnaker-Quickstart-1/ + - /docs/spinnaker/quickstart/Armory-Spinnaker-Quickstart-1/ description: > The AWS QuickStart walks you through configuring your Spinnaker instance hosted on AWS to deploy to AWS. --- diff --git a/content/en/docs/spinnaker/quickstart/Armory-Spinnaker-Quickstart-2.md b/content/en/docs/installation/guide/quickstart/Armory-Spinnaker-Quickstart-2.md similarity index 98% rename from content/en/docs/spinnaker/quickstart/Armory-Spinnaker-Quickstart-2.md rename to content/en/docs/installation/guide/quickstart/Armory-Spinnaker-Quickstart-2.md index 98ae0d6f98..4ed4fcfc27 100644 --- a/content/en/docs/spinnaker/quickstart/Armory-Spinnaker-Quickstart-2.md +++ b/content/en/docs/installation/guide/quickstart/Armory-Spinnaker-Quickstart-2.md @@ -3,6 +3,7 @@ title: AWS QuickStart Step 2 weight: 2 aliases: - /spinnaker/Armory-Spinnaker-Quickstart-2/ + - /docs/spinnaker/quickstart/Armory-Spinnaker-Quickstart-2/ description: > Configure the AWS Provider for Spinnaker and connect to an EKS cluster. --- @@ -83,7 +84,7 @@ The Account name is arbitrary and should be a name that is an identifiable. The If subnets do not appear in Deck (the Spinnaker UI), perform AWS Subnet tagging. "example-purpose" should be a descriptor of the subnet and will appear in the Spinnaker UI dropdown. -For more information about AWS Subnet tagging, see [AWS: Configuring AWS Networking]({{< ref "aws-subnets" >}}). +For more information about AWS Subnet tagging, see [AWS: Configuring AWS Networking]({{< ref "aws-subnets-configure" >}}). ``` Key Value diff --git a/content/en/docs/spinnaker/quickstart/Armory-Spinnaker-Quickstart-3.md b/content/en/docs/installation/guide/quickstart/Armory-Spinnaker-Quickstart-3.md similarity index 98% rename from content/en/docs/spinnaker/quickstart/Armory-Spinnaker-Quickstart-3.md rename to content/en/docs/installation/guide/quickstart/Armory-Spinnaker-Quickstart-3.md index 4b66ff43e9..d5ee2e7da0 100644 --- a/content/en/docs/spinnaker/quickstart/Armory-Spinnaker-Quickstart-3.md +++ b/content/en/docs/installation/guide/quickstart/Armory-Spinnaker-Quickstart-3.md @@ -5,6 +5,7 @@ description: | Deploy to EKS and EC2. aliases: - /spinnaker/Armory-Spinnaker-Quickstart-3/ + - /docs/spinnaker/quickstart/Armory-Spinnaker-Quickstart-3/ --- Need help setting this up? - For a guided tutorial, see the [video walkthrough](#aws-quickstart-step-3-video) at the bottom of this page. diff --git a/content/en/docs/spinnaker/quickstart/_index.md b/content/en/docs/installation/guide/quickstart/_index.md similarity index 100% rename from content/en/docs/spinnaker/quickstart/_index.md rename to content/en/docs/installation/guide/quickstart/_index.md diff --git a/content/en/docs/spinnaker-install-admin-guides/upgrade-oss-to-armory.md b/content/en/docs/installation/guide/upgrade-oss-to-armory.md similarity index 99% rename from content/en/docs/spinnaker-install-admin-guides/upgrade-oss-to-armory.md rename to content/en/docs/installation/guide/upgrade-oss-to-armory.md index 496bbeefec..eb3b871f4d 100644 --- a/content/en/docs/spinnaker-install-admin-guides/upgrade-oss-to-armory.md +++ b/content/en/docs/installation/guide/upgrade-oss-to-armory.md @@ -1,6 +1,7 @@ --- title: Upgrading Open Source Spinnaker to Armory -weight: 2 +aliases: + - /spinnaker-install-admin-guides/upgrade-oss-to-armory/ --- ## Overview diff --git a/content/en/docs/spinnaker-install-admin-guides/upgrade-spinnaker.md b/content/en/docs/installation/guide/upgrade-spinnaker.md similarity index 95% rename from content/en/docs/spinnaker-install-admin-guides/upgrade-spinnaker.md rename to content/en/docs/installation/guide/upgrade-spinnaker.md index 8d739ca84d..9df5f79e77 100644 --- a/content/en/docs/spinnaker-install-admin-guides/upgrade-spinnaker.md +++ b/content/en/docs/installation/guide/upgrade-spinnaker.md @@ -1,6 +1,7 @@ --- title: Upgrade Spinnaker using Halyard -weight: 2 +aliases: + - /docs/spinnaker-install-admin-guides/upgrade-spinnaker/ --- ## Determining the target version diff --git a/content/en/docs/installation/operator.md b/content/en/docs/installation/operator.md index 1426db2bd1..408a4d6ba1 100644 --- a/content/en/docs/installation/operator.md +++ b/content/en/docs/installation/operator.md @@ -198,7 +198,7 @@ See this [repo](https://github.com/armory/spinnaker-kustomize-patches) for examp ### Secret Management -You can store secrets in one of the [supported secret engine](/docs/spinnaker-install-admin-guides/secrets/secrets/#supported-secret-engines). +You can store secrets in one of the [supported secret engine]({{< ref "secrets#supported-secret-engines" >}}). #### Kubernetes Secret With the Operator, you can also reference secrets stored in existing Kubernetes secrets in the same namespace as Spinnaker. diff --git a/content/en/docs/release-notes/rn-armory-spinnaker/armoryspinnaker_v2-21-0.md b/content/en/docs/release-notes/rn-armory-spinnaker/armoryspinnaker_v2-21-0.md index 97c32c661f..a7be1ea68c 100644 --- a/content/en/docs/release-notes/rn-armory-spinnaker/armoryspinnaker_v2-21-0.md +++ b/content/en/docs/release-notes/rn-armory-spinnaker/armoryspinnaker_v2-21-0.md @@ -260,7 +260,7 @@ This section describes changes to Front50, Spinnaker's metadata repository: Pipelines as Code now supports Pull Request (PR) Validation for GitHub. When a PR is submitted, you can ensure that the `dinghyfile` is valid by enabling this feature. -For more information, see [Pull Request Validation]({{< ref "install-dinghy#pull-request-validations" >}}). +For more information, see [Pull Request Validation]({{< ref "dinghy-enable#pull-request-validations" >}}). ### Task orchestration diff --git a/content/en/docs/spinnaker-install-admin-guides/Secrets/_index.md b/content/en/docs/spinnaker-install-admin-guides/Secrets/_index.md deleted file mode 100644 index 340d64b0f0..0000000000 --- a/content/en/docs/spinnaker-install-admin-guides/Secrets/_index.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: "Working with Secrets" -linkTitle: "Working with Secrets" -description: > - Armory supports several secret stores. Use them to keep your secrets secure and not commit plain text secrets to your configs. ---- diff --git a/content/en/docs/spinnaker-install-admin-guides/_index.md b/content/en/docs/spinnaker-install-admin-guides/_index.md deleted file mode 100644 index 360cfcb148..0000000000 --- a/content/en/docs/spinnaker-install-admin-guides/_index.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: "Administration Guides" -linkTitle: "Administration" -weight: 4 -description: > - Administration Guides ---- diff --git a/content/en/docs/spinnaker-install-admin-guides/fiat-create-permissions.md b/content/en/docs/spinnaker-install-admin-guides/fiat-create-permissions.md deleted file mode 100644 index 5942aaefba..0000000000 --- a/content/en/docs/spinnaker-install-admin-guides/fiat-create-permissions.md +++ /dev/null @@ -1,123 +0,0 @@ ---- -title: Restrict Application Creation -weight: 210 ---- - -## Overview - -Configure Fiat, the Spinnaker microservice responsible for authorization (authz), to control which users can create applications. This guide focuses on the `prefix` source to control permissions for any applications whose name starts with a given prefix. - -## Requirements - -* Armory 2.17 (OSS 1.17) or later -* Fiat must be enabled and configured to work with an identity provider. For more information, see [Authorization (RBAC)](https://www.spinnaker.io/setup/security/authorization/). - -## Guidelines - -When managing roles for Spinnaker, keep the following in mind: -* Roles are case insensitive. All roles are changed to lowercase in Fiat's internal model. -* You must explicitly configure permissions for each user role. The default for a user role is no permissions, which means it cannot perform any actions. - - -## Restrict application creation - -Perform the following steps: - -1. Add the line `auth.permissions.provider.application: aggregate` to `SpinnakerService` manifest under key `spec.spinnakerConfig.profiles.fiat` if you are using Operator to deploy Spinnaker, or to `fiat-local.yml` if you are using Halyard. -2. Add prefixes as a source: - - ``` - auth.permissions.source.application.prefix: - enabled: true - ``` -3. Define the permissions for a prefix: - - ``` - - prefix: - permissions: - READ: - - "" - - "" - - "" - WRITE: - - "" - EXECUTE: - - "user role n>" - ``` - - Here is an example configuration with in-line comments: - - ```yaml - apiVersion: spinnaker.armory.io/{{< param operator-extended-crd-version >}} - kind: SpinnakerService - metadata: - name: spinnaker - spec: - spinnakerConfig: - profiles: - fiat: # Below section maps to fiat-local.yml if using Halyard - # Enables Fiat to read from new sources. - auth.permissions.provider.application: aggregate - # Sets `prefix` as one of these new sources - auth.permissions.source.application.prefix: - enabled: true - prefixes: - # Defines the prefix `apptest-x`. - - prefix: "apptest-*" - permissions: - # Defines permission requirements for all applications that match the prefix `apptest-*` based on roles. - # role-one and role-two have READ permission - READ: - - "role-one" - - "role-two" - # role-one has write permission - WRITE: - - "role-one" - # role-one has execute permission - EXECUTE: - - "role-one" - ``` - - As a result, any application that matches the prefix `apptest-*` has restrictions on who can perform actions. For example, a user with the user role `role-two` only has `READ` permission.
- -4. To restrict application creation specifically, add `fiat.restrictApplicationCreation` at the top of fiat config and set it to `true`. - - **Note: Currently, the prefix source is the only source that support the CREATE permission.** - - The following example builds upon the example from the previous steps. In-line comments describe additions: - - ```yaml - apiVersion: spinnaker.armory.io/{{< param operator-extended-crd-version >}} - kind: SpinnakerService - metadata: - name: spinnaker - spec: - spinnakerConfig: - profiles: - fiat: # Below section maps to fiat-local.yml if using Halyard - # Add CREATE as a permission - fiat.restrictApplicationCreation: true - auth.permissions.provider.application: aggregate - auth.permissions.source.application.prefix: - enabled: true - prefixes: - - prefix: "*" - permissions: - # Assign CREATE permission to role-one - CREATE: - - "role-one" - READ: - - "role-one" - - "role-two" - WRITE: - - "role-one" - EXECUTE: - - "role-one" - ``` - - The above example assigns CREATE permission to users with the `role-one` role. Users without the `role-one` role cannot create any applications in Spinnaker. - -5. Apply your configuration changes to Spinnaker by running the following command: `kubectl -n apply -f ` if you are using Operator, or `hal deploy apply` if you are using Halyard. - -The following screenshot shows what happens when a user without sufficient permissions attempts to create an application in Deck, Spinnaker's UI: -![No CREATE Permission](/images/authz_create_permission.png) diff --git a/content/en/docs/spinnaker-user-guides/StaticBaselineJudge.md b/content/en/docs/spinnaker-user-guides/StaticBaselineJudge.md index 9259d1462f..d697a056c4 100644 --- a/content/en/docs/spinnaker-user-guides/StaticBaselineJudge.md +++ b/content/en/docs/spinnaker-user-guides/StaticBaselineJudge.md @@ -1,6 +1,5 @@ --- title: Static Judge Canary Analysis (Kayenta) -weight: 130 --- ## Overview diff --git a/content/en/docs/spinnaker-user-guides/_index.md b/content/en/docs/spinnaker-user-guides/_index.md index f03ca574b6..e26b3a6144 100644 --- a/content/en/docs/spinnaker-user-guides/_index.md +++ b/content/en/docs/spinnaker-user-guides/_index.md @@ -1,7 +1,7 @@ --- -title: "Spinnaker User Guides" -linkTitle: "Spinnaker User Guides" +title: "User Guides" +linkTitle: "User Guides" weight: 4 description: > - Spinnaker Guides for Developers and Users + Guides for Application Developers and other non-admin users --- diff --git a/content/en/docs/spinnaker/app-secrets.md b/content/en/docs/spinnaker-user-guides/app-secrets.md similarity index 99% rename from content/en/docs/spinnaker/app-secrets.md rename to content/en/docs/spinnaker-user-guides/app-secrets.md index 376571cf1f..5c995fdaa6 100644 --- a/content/en/docs/spinnaker/app-secrets.md +++ b/content/en/docs/spinnaker-user-guides/app-secrets.md @@ -1,8 +1,8 @@ --- title: Application Secrets Management -weight: 60 aliases: - /spinnaker/app_secrets/ + - /docs/spinnaker/app-secrets/ --- ## Overview diff --git a/content/en/docs/spinnaker-user-guides/application-pipeline.md b/content/en/docs/spinnaker-user-guides/application-pipeline.md index cad4fbb20c..42c9e2cf23 100644 --- a/content/en/docs/spinnaker-user-guides/application-pipeline.md +++ b/content/en/docs/spinnaker-user-guides/application-pipeline.md @@ -1,6 +1,5 @@ --- title: Application Deployment Pipeline (AWS EC2) -weight: 100 aliases: - /install-guide/application-pipeline/ - /install-guide/application_pipeline/ diff --git a/content/en/docs/spinnaker-user-guides/application-screen.md b/content/en/docs/spinnaker-user-guides/application-screen.md index dd2c4ae256..c29717e8aa 100644 --- a/content/en/docs/spinnaker-user-guides/application-screen.md +++ b/content/en/docs/spinnaker-user-guides/application-screen.md @@ -1,6 +1,5 @@ --- title: Application Screen -weight: 10 aliases: - /user-guides/application-screen/ - /user_guides/application-screen/ diff --git a/content/en/docs/spinnaker/artifact-promotion.md b/content/en/docs/spinnaker-user-guides/artifact-promotion.md similarity index 99% rename from content/en/docs/spinnaker/artifact-promotion.md rename to content/en/docs/spinnaker-user-guides/artifact-promotion.md index 9e41affe04..e0e0680427 100644 --- a/content/en/docs/spinnaker/artifact-promotion.md +++ b/content/en/docs/spinnaker-user-guides/artifact-promotion.md @@ -1,8 +1,8 @@ --- title: Artifact Progression through Environments -weight: 70 aliases: - /spinnaker/artifact_promotion/ + - /docs/spinnaker/artifact-promotion/ --- diff --git a/content/en/docs/spinnaker-user-guides/docker.md b/content/en/docs/spinnaker-user-guides/artifacts-docker-using.md similarity index 98% rename from content/en/docs/spinnaker-user-guides/docker.md rename to content/en/docs/spinnaker-user-guides/artifacts-docker-using.md index a9c954bf71..a31bdc6fc8 100644 --- a/content/en/docs/spinnaker-user-guides/docker.md +++ b/content/en/docs/spinnaker-user-guides/artifacts-docker-using.md @@ -1,8 +1,8 @@ --- -weight: 20 title: Working with Docker Images aliases: - /spinnaker_user_guides/docker/ + - /docs/spinnaker-user-guides/docker/ --- diff --git a/content/en/docs/spinnaker-user-guides/artifacts-github-use.md b/content/en/docs/spinnaker-user-guides/artifacts-github-use.md new file mode 100644 index 0000000000..da891fad1b --- /dev/null +++ b/content/en/docs/spinnaker-user-guides/artifacts-github-use.md @@ -0,0 +1,25 @@ +--- +title: Using GitHub Artifacts in Pipelines +linkTitle: Using GitHub Artifacts +--- + +## Pulling a Kubernetes Manifest from Github + +1. Under "Expected Artifacts" in your pipeline, create an artifact of type "Github". + +1. Specify the "file path" as the path within the repository to your file. For example, if your manifest is at `demo/manifests/deployment.yml` in the Github repository `orgname/reponame` , specify `demo/manifests/deployment.yml`. + +1. Check the "Use Default Artifact" checkbox. + +1. In the "Content URL", provide the full path to the *API URI* for your manifest. Here are some examples of this: + + * If you're using SaaS Github (www.github.com), the URI is generally formatted like this: `https://api.github.com/repos///contents/`. + * For example: `https://api.github.com/repos/armory/demo/contents/manifests/deployment.yml` + + * If you have an on-prem Github Enterprise, then the URI may be formatted like this: `https:///api/v3/repos///contents/`. + * For example: `http://github.customername.com/api/v3/repos/armory/spinnaker-pipelines/contents/manifests/deployment.yml` + +1. Create a "Deploy (Manifest)" stage. Rather than specifying the manifest directly in the UI, under the "Manifest Source" specify "Artifact", and in the "Expected Artifact" field, select the artifact you created above. + +1. If you have multiple Github Accounts (credentials) added to your Spinnaker cluster, there should be a dropdown to select which one to use. + diff --git a/content/en/docs/spinnaker-user-guides/s3-artifacts-use.md b/content/en/docs/spinnaker-user-guides/artifacts-s3-use.md similarity index 92% rename from content/en/docs/spinnaker-user-guides/s3-artifacts-use.md rename to content/en/docs/spinnaker-user-guides/artifacts-s3-use.md index 2b1688bb69..677199c1fe 100644 --- a/content/en/docs/spinnaker-user-guides/s3-artifacts-use.md +++ b/content/en/docs/spinnaker-user-guides/artifacts-s3-use.md @@ -1,12 +1,11 @@ --- -weight: 60 title: Working with S3 Artifacts aliases: - - /spinnaker_user_guides/s3/ + - /docs/spinnaker-user-guides/s3/ --- -> Before you start, you'll need to [configure an S3 artifact account](/docs/spinnaker-install-admin-guides/s3/). If +> Before you start, you'll need to [configure an S3 artifact account]({{< ref "artifacts-s3-configure" >}}). If > you don't see an S3 option for Expected Artifacts "Match against" in the UI, > you'll need to double-check your Spinnaker is configured with the S3 account. diff --git a/content/en/docs/spinnaker/automated-rollbacks.md b/content/en/docs/spinnaker-user-guides/automated-rollbacks.md similarity index 99% rename from content/en/docs/spinnaker/automated-rollbacks.md rename to content/en/docs/spinnaker-user-guides/automated-rollbacks.md index 9294fbbbf1..cb793a86a7 100644 --- a/content/en/docs/spinnaker/automated-rollbacks.md +++ b/content/en/docs/spinnaker-user-guides/automated-rollbacks.md @@ -1,8 +1,8 @@ --- title: Automated Kubernetes Rollbacks -weight: 140 aliases: - /spinnaker/automated_rollbacks/ + - /docs/spinnaker/automated-rollbacks/ --- diff --git a/content/en/docs/spinnaker-user-guides/baking-images.md b/content/en/docs/spinnaker-user-guides/baking-images.md index 9bd0f973ba..0da8b990f9 100644 --- a/content/en/docs/spinnaker-user-guides/baking-images.md +++ b/content/en/docs/spinnaker-user-guides/baking-images.md @@ -1,11 +1,6 @@ --- -layout: post title: Baking Images (AWS EC2) -weight: 70 aliases: - # I don't think the `baking` ones are necessary, but they also won't hurt - - /user-guides/baking/ - - /user_guides/baking/ - /spinnaker_user_guides/baking/ - /user-guides/baking-images/ - /user-guides/baking_images/ diff --git a/content/en/docs/spinnaker-user-guides/best-practices.md b/content/en/docs/spinnaker-user-guides/best-practices.md index b49125cd51..f3cc9c59db 100644 --- a/content/en/docs/spinnaker-user-guides/best-practices.md +++ b/content/en/docs/spinnaker-user-guides/best-practices.md @@ -1,7 +1,5 @@ --- -layout: post title: Best Practices -weight: 110 aliases: - /user-guides/best-practices/ - /user-guides/best_practices/ diff --git a/content/en/docs/spinnaker-user-guides/debian-packages.md b/content/en/docs/spinnaker-user-guides/debian-packages.md index 43eb3938e4..f0609fc75d 100644 --- a/content/en/docs/spinnaker-user-guides/debian-packages.md +++ b/content/en/docs/spinnaker-user-guides/debian-packages.md @@ -1,6 +1,5 @@ --- title: Debian Packages -weight: 150 aliases: - /user-guides/debian-packages/ - /user-guides/debian_packages/ diff --git a/content/en/docs/spinnaker-user-guides/deploying.md b/content/en/docs/spinnaker-user-guides/deploying.md index 77785b6ca1..841d126dc1 100644 --- a/content/en/docs/spinnaker-user-guides/deploying.md +++ b/content/en/docs/spinnaker-user-guides/deploying.md @@ -1,6 +1,5 @@ --- title: Deploying (AWS EC2) -weight: 80 aliases: - /user-guides/deploying/ - /user_guides/deploying/ @@ -38,7 +37,7 @@ Press the '+' on the right to create a new load balancer, you may need to select We'll enter 'prod' into the 'Stack' field because our environment contains dev, stage, and prod. -Set the [VPC Subnet Type]({{< ref "aws-subnets" >}}), which maps to our pre-created security group, set the correct forwarding ports and most importantly set the healthcheck. +Set the [VPC Subnet Type]({{< ref "aws-subnets-configure" >}}), which maps to our pre-created security group, set the correct forwarding ports and most importantly set the healthcheck. Now we can hit create. diff --git a/content/en/docs/spinnaker-user-guides/expression-language.md b/content/en/docs/spinnaker-user-guides/expression-language.md index 5241b2768a..0c87123052 100644 --- a/content/en/docs/spinnaker-user-guides/expression-language.md +++ b/content/en/docs/spinnaker-user-guides/expression-language.md @@ -1,6 +1,5 @@ --- -title: Expression Language -weight: 140 +title: Spring Expression Language aliases: - /user-guides/expression-language/ - /user-guides/expression_language/ diff --git a/content/en/docs/spinnaker-user-guides/github.md b/content/en/docs/spinnaker-user-guides/github.md index 7f4513a27c..255430a275 100644 --- a/content/en/docs/spinnaker-user-guides/github.md +++ b/content/en/docs/spinnaker-user-guides/github.md @@ -1,18 +1,17 @@ --- -weight: 40 -title: Working with Github +title: Working with GitHub aliases: - /spinnaker_user_guides/github/ --- -## Trigger a Pipeline with a Github commit +## Trigger a Pipeline with a GitHub commit -> Before you start, you'll need to [configure your Github repositories](/docs/spinnaker-install-admin-guides/github). +> Before you start, you'll need to [configure your GitHub repositories]({{< ref "artifacts-github-use" >}}). > You'll be able to configure a pipeline trigger without having configured -> your Github webhook, but the trigger won't fire until Spinnaker can receive -> those calls from Github. +> your GitHub webhook, but the trigger won't fire until Spinnaker can receive +> those calls from GitHub. -To add a Github trigger to your pipeline, go to your configurations stage +To add a GitHub trigger to your pipeline, go to your configurations stage and select "Add Trigger", then select "Git" from the Type dropdown menu. Then select "github". You can then enter your organization (ex. "armory") and the repository name to monitor (ex. "demoapp"). Branch and Secret @@ -24,9 +23,4 @@ with common patterns or partial matches. {{< include "regex_vs_wildcard.md" >}} -![Configure Github Trigger](/images/github-user-guide-1.gif) - -## Using artifacts from Github - -> Before you start, you'll need to [configure Github as an artifact source](/docs/spinnaker-install-admin-guides/github#configuring-github-as-an-artifact-source) -> You won't see the Github artifact type until this is configured. +![Configure GitHub Trigger](/images/github-user-guide-1.gif) \ No newline at end of file diff --git a/content/en/docs/spinnaker-user-guides/kayenta.md b/content/en/docs/spinnaker-user-guides/kayenta-canary-use.md similarity index 96% rename from content/en/docs/spinnaker-user-guides/kayenta.md rename to content/en/docs/spinnaker-user-guides/kayenta-canary-use.md index 08a190565b..74c93c0077 100644 --- a/content/en/docs/spinnaker-user-guides/kayenta.md +++ b/content/en/docs/spinnaker-user-guides/kayenta-canary-use.md @@ -1,15 +1,15 @@ --- -title: Automatic Canary Analysis (Kayenta) -weight: 120 +title: Using Automatic Canary Analysis aliases: - - /user-guides/kayenta/ - - /user_guides/kayenta/ - /spinnaker_user_guides/kayenta/ + - /docs/spinnaker-user-guides/kayenta --- +Before you can start using Canary deployments, ensure that Kayenta, the Spinnaker for canary deployments, is enabled. For more information, see [Configuring Kayenta]({{< ref "kayenta-configure" >}}). + ## Overview -Kayenta is an automated canarying analysis (ACA) service that is provided through Spinnaker. The goal of Kayenta is to provide the end user with confidence that a deployment is safe through automation and intelligence. +Kayenta is the Spinnaker service that performs Automated Canary Analysis (ACA). The goal of Kayenta is to provide the end user with confidence that a deployment is safe through automation and intelligence. Kayenta uses real-time data sources to validate that a canary is good or bad. Today, Kayenta supports the following real-time data sources: @@ -30,7 +30,7 @@ Make sure it's checked and saved. If you don't see this option in your application config, make sure you've [configured Kayenta](https://www.spinnaker.io/guides/user/canary/). -You can also find more information about Kayenta on [Automated Canary Deployments]({{< ref "configure-kayenta" >}}). +You can also find more information about Kayenta on [Automated Canary Deployments]({{< ref "kayenta-configure" >}}). In this document, we will quickly run through the process to simply get you going. diff --git a/content/en/docs/spinnaker/kubernetes-deployments.md b/content/en/docs/spinnaker-user-guides/kubernetes-deployments.md similarity index 98% rename from content/en/docs/spinnaker/kubernetes-deployments.md rename to content/en/docs/spinnaker-user-guides/kubernetes-deployments.md index c7e40f8283..b19b5e91d1 100644 --- a/content/en/docs/spinnaker/kubernetes-deployments.md +++ b/content/en/docs/spinnaker-user-guides/kubernetes-deployments.md @@ -1,8 +1,8 @@ --- title: Kubernetes Deployments -weight: 132 aliases: - /spinnaker/kubernetes_deployments/ + - /docs/spinnaker/kubernetes-deployments/ --- diff --git a/content/en/docs/spinnaker-user-guides/kubernetes-v2.md b/content/en/docs/spinnaker-user-guides/kubernetes-v2.md index 9cbefb5704..5b5c220a15 100644 --- a/content/en/docs/spinnaker-user-guides/kubernetes-v2.md +++ b/content/en/docs/spinnaker-user-guides/kubernetes-v2.md @@ -1,6 +1,5 @@ --- title: Kubernetes V2 Provider Guide -weight: 160 # This is different from user-guides/kubernetes - no redirect aliases: - /spinnaker_user_guides/kubernetes-v2/ diff --git a/content/en/docs/spinnaker-user-guides/kustomize-manifests.md b/content/en/docs/spinnaker-user-guides/kustomize-manifests.md index 2656f31b9d..6f507cf53c 100644 --- a/content/en/docs/spinnaker-user-guides/kustomize-manifests.md +++ b/content/en/docs/spinnaker-user-guides/kustomize-manifests.md @@ -1,7 +1,5 @@ --- -layout: post title: Using Kustomize for Manifests -weight: 170 --- ## Overview diff --git a/content/en/docs/spinnaker/pacrd-crd-docs.md b/content/en/docs/spinnaker-user-guides/pacrd-crd-docs.md similarity index 99% rename from content/en/docs/spinnaker/pacrd-crd-docs.md rename to content/en/docs/spinnaker-user-guides/pacrd-crd-docs.md index 2485ec4b30..12b49c991e 100644 --- a/content/en/docs/spinnaker/pacrd-crd-docs.md +++ b/content/en/docs/spinnaker-user-guides/pacrd-crd-docs.md @@ -1,6 +1,7 @@ --- title: PaCRD CRD Documentation -weight: 171 +aliases: + - /docs/spinnaker/pacrd-crd-docs/ --- {{< include "experimental-feature.html" >}} diff --git a/content/en/docs/spinnaker/pacrd.md b/content/en/docs/spinnaker-user-guides/pacrd.md similarity index 99% rename from content/en/docs/spinnaker/pacrd.md rename to content/en/docs/spinnaker-user-guides/pacrd.md index 30d012d89f..6105b11974 100644 --- a/content/en/docs/spinnaker/pacrd.md +++ b/content/en/docs/spinnaker-user-guides/pacrd.md @@ -1,6 +1,7 @@ --- title: PaCRD -weight: 171 +aliases: + - /docs/spinnaker/pacrd/ ---