Top
Configuration for artifact support.
Top
Configuration for the Bitbucket artifact provider.
Configuration for a Bitbucket artifact account. For each account, set both username and password, or set usernamePasswordFile.
Field
Type
Label
Description
name
string The name of the account, which must be unique among configured Bitbucket accounts.
username
string The username of the account.
password
string The password of the account.
usernamePasswordFile
string The path to a file containing the username and password of the account in the format ${username}:${password}.
Top
Configuration for the Google Cloud Storage artifact provider.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether the Google Cloud Storage artifact provider is enabled.
accounts
GcsAccount repeated
The list of configured Cloud Storage accounts.
Configuration for a Google Cloud Storage artifact account.
Field
Type
Label
Description
name
string The name of the account.
jsonPath
string The path to a JSON key to authenticate a Google Cloud service account. The service account must have the roles/storage.admin role enabled.
Top
Configuration for the GitHub artifact provider.
Configuration for a GitHub artifact account. For each account, set one of
the following:
username and passwordusernamePasswordFiletokentokenFile.
Field
Type
Label
Description
name
string The name of the account.
username
string The GitHub account username.
password
string The GitHub account password.
usernamePasswordFile
string The path to a file containing the username and password for the account in the format ${username}:${password}.
token
string The GitHub access token.
tokenFile
string The path to a file containing the GitHub access token.
Top
Configuration for the GitLab artifact provider.
Configuration for a GitLab artifact account. For authentication, specify
either token or tokenFile.
Field
Type
Label
Description
name
string The name of the account.
token
string The GitLab access token.
tokenFile
string The path to a file containing the GitLab access token.
Top
Configuration for the Git repo artifact provider.
Configuration for a Git repo artifact account.
An account configured here maps to a credential that can authenticate
against a Git repository hosted by a Git hosting service.
For authentication, set one of the following:
username and passwordusernamePasswordFiletokentokenFilesshPrivateKeyFilePath and sshPrivateKeyPassphrase
Field
Type
Label
Description
name
string The name of the account.
username
string The username of the account.
password
string The password of the account.
usernamePasswordFile
string The path to a file containing the username and password of the account in the format ${username}:${password}.
token
string The access token for the repository.
tokenFile
string The path to a file containing the repository access token.
sshPrivateKeyFilePath
string The path to an SSH private key to be used when connecting with the repository over SSH.
sshPrivateKeyPassphrase
string The passphrase to an SSH private key to be used when connecting with the repository over SSH.
sshKnownHostsFilePath
string The path to a known_hosts file to be used when connecting with a repository over SSH.
sshTrustUnknownHosts
google.protobuf.BoolValue If true, Spinnaker can connect with a Git repository over SSH without verifying the server's IP address against a known_hosts file.
Top
Configuration for the Helm artifact provider.
Configuration for a Helm artifact account. For authentication, specify
either username and password or usernamePasswordFile.
Field
Type
Label
Description
name
string The name of the account.
repository
string The Helm chart repository URL.
username
string A username for Helm chart repository basic authentication.
password
string A password for Helm chart repository basic authentication.
usernamePasswordFile
string The path to a file containing the username and password for Helm chart repository basic authentication. Must be in the format ${username}:${password}.
Top
Configuration for the HTTP artifact provider.
Configuration for an HTTP artifact account. For authentication, specify
either username and password or usernamePasswordFile.
Field
Type
Label
Description
name
string The name of the account.
username
string A username for HTTP basic authentication.
password
string A password for HTTP basic authentication.
usernamePasswordFile
string The path to a file containing the username and password for HTTP basic authentication. Contents of the file must be in the format ${username}:${password}.
Top
Configuration for the Maven artifact provider.
Configuration for a Maven artifact account.
Field
Type
Label
Description
name
string The name of the account.
repositoryUrl
string (Required) The full URI for the Maven repository (for example, http://some.host.com/repository/path).
Top
Configuration for the Oracle artifact provider.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether the Oracle artifact provider is enabled.
accounts
OracleAccount repeated
The list of configured Oracle artifact accounts.
Configuration for an Oracle artifact account.
Field
Type
Label
Description
name
string The name of the account.
fingerprint
string The fingerprint of the public key.
namespace
string The namespace in which the bucket and objects will be created.
privateKeyPassphrase
string The passphrase used for the private key, if it is encrypted.
region
string An Oracle region (for example, us-phoenix-1).
sshPrivateKeyFilePath
string Path to the private key in PEM format.
tenancyId
string The OCID of the Oracle Tenancy to use.
userId
string The OCID of the Oracle User with which to authenticate.
Top
Configuration for the S3 artifact provider.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether the S3 artifact provider is enabled.
accounts
S3Account repeated
The list of configured S3 artifact accounts.
Configuration for an S3 artifact account.
Top
Configuration for a Jinja template for Spinnaker to use for artifact
extraction. For more details, please read the documentation:
https://www.spinnaker.io/reference/artifacts/from-build-triggers/#artifacts-from-build-triggers
Field
Type
Label
Description
name
string The name of the artifact template.
templatePath
string The path to the artifact template.
Top
Configuration for the AWS canary integration.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Enables/disables Kayenta integration for AWS. If enabled, Kayenta can store canary configuration and archived results in an S3 bucket.
accounts
AwsAccount repeated
The list of configured accounts.
s3Enabled
google.protobuf.BoolValue Whether to enable S3 as a persistent store.
Configuration for the AWS account to be used .
Field
Type
Label
Description
name
string The name of the account.
bucket
string The name of a storage bucket that this account has access to. If you specify a globally unique bucket name that doesn't exist yet, Kayenta creates that bucket for you.
region
string The AWS region to use.
rootFolder
google.protobuf.StringValue The root folder in the chosen bucket in which to store all of the canary service's persistent data. Defaults to kayenta.
profileName
string The profile name to use when resolving AWS credentials. Typically found in ~/.aws/credentials. Defaults to default.
endpoint
string The endpoint used to reach the service implementing the S3 API. Typically you would use this with an S3 clone, like Minio.
accessKeyId
string The default access key used to communicate with AWS.
supportedTypes
SupportedType repeated
If you're enabling S3, include CONFIGURATION_STORE and/or OBJECT_STORE in this list.
Top
Configuration for Spinnaker's automated canary analysis features. See also
the
sample Kayenta configuration .
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether the canary service is enabled.
serviceIntegrations
Canary.ServiceIntegrations Canary service integrations. To enable Spinnaker's Automated Canary Analysis (ACA) features, you must configure at least one account for each canary.SupportedType (METRICS_STORE, CONFIGURATION_STORE, OBJECT_STORE).
defaultMetricsAccount
string Name of the metrics account to use by default.
defaultMetricsStore
string Name of the metrics store to use by default (for example, prometheus, datadog).
showAllConfigsEnabled
google.protobuf.BoolValue Whether to show all canary configs in Deck, or just those scoped to the current application.
templatesEnabled
google.protobuf.BoolValue Whether to enable custom filter templates for canary configs in Deck.
defaultJudge
string The default canary judge. NetflixACAJudge-v1.0 is currently the only open-source judge available by default.
storageAccountName
string Name of storage account to use by default.
Canary.ServiceIntegrations
Top
Configuration for the Datadog canary integration.
Configuration for a Datadog account.
Configuration for the Datadog server endpoint.
Field
Type
Label
Description
baseUrl
string (Required) The base URL of the Datadog server.
Top
Configuration for the Google Cloud Storage canary integration. If this is
enabled, you must also configure at least one canary.GoogleAccount with a
list of supportedTypes that includes
canary.SupportedType.CONFIGURATION_STORE or
canary.SupportedType.OBJECT_STORE or both.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether Google Cloud Storage is enabled as a backing store to support Spinnaker's automated canary analysis features.
Top
Configuration for the Google canary integration.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether Google is enabled as a metrics store provider.
accounts
GoogleAccount repeated
The list of configured accounts.
gcsEnabled
google.protobuf.BoolValue Whether Google Cloud Storage is enabled as a persistent store.
stackdriverEnabled
google.protobuf.BoolValue Whether Google Cloud Monitoring (formerly Stackdriver) is enabled as a metrics source.
metadataCachingIntervalMS
int32 Number of milliseconds to wait between caching the names of available Cloud Monitoring metric types (used when building canary configs). Defaults to 60000.
Configuration for a Google account.
Field
Type
Label
Description
name
string The name of the account.
jsonPath
string The path to a JSON file containing the service account key that Spinnaker will use to authenticate. You need this only if Spinnaker is not deployed on a Google Compute Engine VM, or if the account needs permissions not afforded to the VM it is running on. See https://cloud.google.com/compute/docs/access/service-accounts for more information.
bucket
string The name of a Cloud Storage bucket that this account has access to. If you specify a globally unique bucket name that doesn't exist yet, Kayenta creates that bucket for you.
bucketLocation
string Where to create the new bucket. This is only required if the bucket you specify doesn't exist yet. See https://cloud.google.com/storage/docs/managing-buckets#manage-class-location .
rootFolder
google.protobuf.StringValue The root-level folder, in the specified bucket, in which to store all the canary service's persistent data. Defaults to kayenta.
project
string (Required) The Google Cloud Platform project the canary service will use to consume Cloud Storage and Cloud Monitoring data.
supportedTypes
SupportedType repeated
For Google Cloud Monitoring (formerly Stackdriver) use METRICS_STORE. For Google Cloud Storage, use CONFIGURATION_STORE and OBJECT_STORE. All three can be a list of supportedTypes in the same account, or each in a separate account.
Top
Configuration for the New Relic canary integration.
Configuration for a New Relic account.
Configuration for the New Relic Insights server endpoint.
Field
Type
Label
Description
baseUrl
string The base URL to the New Relic Insights server.
Top
Configuration for the Prometheus canary integration.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether Prometheus is enabled as a metric store provider.
accounts
PrometheusAccount repeated
The list of configured accounts.
metadataCachingIntervalMS
int32 Number of milliseconds to wait between caching the names of available metric types (used when building canary configs). Defaults to 60000.
Configuration for a Prometheus account.
For authentication, you must provide either usernamePasswordFile or
username and password.
Field
Type
Label
Description
name
string The name of the account.
endpoint
PrometheusAccount.Endpoint Configuration for the Prometheus server endpoint.
username
string A basic-auth username.
password
string A basic-auth password.
usernamePasswordFile
string The path to a file containing the basic-auth username and password in the format ${username}:${password}.
PrometheusAccount.Endpoint Configuration for the Prometheus server endpoint.
Field
Type
Label
Description
baseUrl
string (Required) The base URL of the Prometheus server.
Top
Configuration for the S3 canary integration. If enabled, you must
also configure at least one canary.AwsAccount with a list of
supportedTypes that includes canary.SupportedType.CONFIGURATION_STORE
and/or canary.SupportedType.OBJECT_STORE.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether S3 is enabled as a backing store to support Spinnaker's automated canary analysis features.
Top
Configuration for the SignalFx canary integration.
Field
Type
Label
Description
name
string The name of the account.
accessToken
string (Required) The SignalFx access token.
endpoint
SignalFxAccount.Endpoint The SignalFx server endpoint.
defaultScopeKey
string The scope key, which is used to distinguish between base and canary deployments. If omitted, each request must supply the _scope_key param in extended scope params.
defaultLocationKey
string The location key, which is used to filter by deployment region. If omitted, each request must supply the _location_key if it is needed.
The SignalFx server endpoint.
Top
Configuration for the Google Cloud Monitoring (formerly Stackdriver) canary
integration. If enabled, you must also configure at least one
canary.GoogleAccount with a list of supportedTypes that includes
canary.SupportedType.METRICS_STORE.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether the Cloud Monitoring integration is enabled.
metadataCachingIntervalMS
int32 Number of milliseconds to wait between caching the names of available Cloud Monitoring metric types (used when building canary configs). Defaults to 60000.
Top
canary/supported_type.proto
Name
Number
Description
UNSPECIFIED
0
Unspecified. Do not directly use, instead omit the field.
METRICS_STORE
1
CONFIGURATION_STORE
2
OBJECT_STORE
3
Top
Configuration to integrate Spinnaker with your continuous integration system.
Top
Configuration to use AWS CodeBuild with Spinnnaker, for continuous integration.
Configuration for an AWS CodeBuild account.
Field
Type
Label
Description
name
string The name of the account.
accountId
string The AWS account ID that will be used to trigger CodeBuild builds.
assumeRole
string If set, Spinnaker configures a credentials provider that uses the AWS Security Token Service to assume the specified role.
region
string (Required) The AWS region in which your CodeBuild projects live.
Top
Configuration to use Concourse with Spinnaker, for continuous integration.
Configuration for a Concourse account.
Field
Type
Label
Description
name
string The name of the account.
username
string (Required) The username of the Concourse user to authenticate as.
password
string (Required) The password of the Concourse user to authenticate as.
url
string (Required) The URL at which your Concourse search is reachable.
permissions
proto.Permissions Configuration for Fiat permissions. A user must have at least one of the READ roles in order to view this build account or use it as a trigger source. A user must have at least one of the WRITE roles in order to run jobs on this build account.
Top
Configuration to use Google Cloud Build with Spinnaker, for continuous integration.
Configuration for a Cloud Build account.
Field
Type
Label
Description
name
string The name of the account.
project
string The name of the Google Cloud project in which to trigger and monitor builds.
subscriptionName
string The name of the Pub/Sub subscription on which to listen for build changes.
jsonKey
string The path to a JSON service account that Spinnaker will use for credentials. You need this only if Spinnaker is not deployed on a Compute Engine VM, or if Spinnaker needs permissions not afforded to the VM.
permissions
proto.Permissions Fiat permissions configuration. A user must have at least a READ role to view this build account or use it as a trigger source. A user must have at least one of the WRITE roles in order to run builds.
Top
Configuration to use Jenkins with Spinnaker, for continuous integration.
Configuration for a Jenkins account.
Field
Type
Label
Description
name
string The name of the account.
username
string (Required) The username of the Jenkins user to authenticate as.
password
string (Required) The password of the Jenkins user to authenticate as.
address
string (Required) The URL at which the Jenkins server is reachable.
csrf
google.protobuf.BoolValue Whether or not to negotiate CSRF tokens when calling Jenkins.
permissions
proto.Permissions Fiat permissions configuration. A user must have at least one of the READ roles in order to view this build account or use it as a trigger source. A user must have at least one of the WRITE roles in order to run jobs on this build account.
Top
Configuration to use Travis CI with Spinnaker, for continuous integration.
Configuration for a Travis account.
Field
Type
Label
Description
name
string The name of the account.
address
string (Required) The URL at which to reach the Travis API (https://api.travis-ci.org ).
baseUrl
string (Required) The base URL at which to reach the Travis UI (https://travis-ci.org ).
githubToken
string The GitHub token with which to authenticate against Travis.
permissions
proto.Permissions Fiat permissions configuration. A user must have at least one of the READ roles in order to view this build account or use it as a trigger source. A user must have at least one of the WRITE roles in order to run jobs on this build account.
numberOfJobs
string The maximum number of jobs the Travis integration will retrieve per polling cycle. Defaults to 100.
buildResultLimit
string The maximum number of builds Igor returns when querying for builds for a specific repo. This determines, for example, how many builds are displayed in the drop-down when a user starts a manual pipeline execution. If you set this too high, the Travis API might return an error for jobs that write many logs, so the default setting is only 10.
filteredRepositories
string repeated
The list of repositories that will be scraped. This is useful if your organization uses many repositories and you want to speed things up by scanning only a subset.
Top
Configuration to use Werker with Spinnaker, for continuous integration.
Configuration for a Wercker account.
Field
Type
Label
Description
name
string The name of the account.
address
string (Required) The address at which to reach your Wercker instance.
token
string The personal token of the Wercker user to authenticate as.
user
string The username of the Wercker user to authenticate as.
permissions
proto.Permissions Fiat permissions configuration. A user must have at least one of the READ roles in order to view this build account or use it as a trigger source. A user must have at least one of the WRITE roles in order to run jobs on this build account.
Top
cloudprovider/appengine.proto
Configuration for the Google App Engine (GAE) provider.
Configuration for an App Engine account.
Field
Type
Label
Description
cachingIntervalSeconds
int32 The interval in seconds at which Spinnaker will poll for updates in your App Engine clusters.
environment
string The environment name for the account. Many accounts can share the same environment (e.g., dev, test, prod).
gcloudReleaseTrack
GcloudReleaseTrack The gcloud release track that Spinnaker will use when deploying to App Engine.
gitHttpsUsername
string A username to be used when connecting to a remote git repository server over HTTPS. If set, gitHttpsPassword must also be set.
gitHttpsPassword
string A password to be used when connecting to a remote git repository server over HTTPS. If set, gitHttpsUsername must also be set.
githubOAuthAccessToken
string An OAuth token provided by Github for connecting to a git repository over HTTPS. See https://help.github.com/articles/creating-an-access-token-for-command-line-use for more information.
jsonPath
string The path to a JSON service account that Spinnaker will use as credentials. This is only needed if Spinnaker is not deployed on a Google Compute Engine VM, or needs permissions not afforded to the VM it is running on. See https://cloud.google.com/compute/docs/access/service-accounts for more information.
localRepositoryDirectory
string A local directory to be used to stage source files for App Engine deployments within Clouddriver. Defaults to /var/tmp/clouddriver.
omitServices
string repeated
A list of regular expressions. Any service matching one of these regexes will be ignored by Spinnaker.
omitVersions
string repeated
A list of regular expressions. Any version matching one of these regexes will be ignored by Spinnaker.
project
string The Google Cloud Platform project this Spinnaker account will manage.
permissions
proto.Permissions Fiat permissions configuration.
requiredGroupMembership
string repeated
(Deprecated): List of required Fiat permission groups. Configure permissions instead.
services
string repeated
A list of regular expressions. Any service matching one of these regexes will be indexed by Spinnaker (unless the service also matches a regex in omitServices).
sshKnownHostsFilePath
string The path to a known_hosts file to be used when connecting with a remote git repository over SSH.
sshPrivateKeyFilePath
string The path to an SSH private key to be used when connecting with a remote git repository over SSH. If set, sshPrivateKeyPassphrase must also be set.
sshPrivateKeyPassphrase
string The passphrase to an SSH private key to be used when connecting with a remote git repository over SSH. If set, sshPrivateKeyFilePath must also be set.
sshTrustUnknownHosts
google.protobuf.BoolValue Enabling this flag will allow Spinnaker to connect with a remote git repository over SSH without verifying the server's IP address against a known_hosts file. Defaults to false.
versions
string repeated
A list of regular expressions. Any version matching one of these regexes will be indexed by Spinnaker (unless the version also matches a regex in omitVersions).
name
string The name of the account.
Represents a release track of the gcloud tool.
Name
Number
Description
UNSPECIFIED
0
Unspecified. Do not directly use, instead omit the field.
STABLE
1
Standard release track; runs commands via gcloud...
BETA
2
Alpha release track; runs commands via gcloud beta...
ALPHA
3
Alpha release track; runs commands via gcloud alpha...
Top
Configuration for the AWS provider.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether the provider is enabled.
accounts
AwsAccount repeated
The list of configured accounts.
primaryAccount
string The name of the primary account.
accessKeyId
string Your AWS Access Key ID. Note that if you are baking AMIs with Rosco, you may also need to set AwsBakeryDefaults.awsAccessKey.
secretAccessKey
string Your AWS Secret Key. Note that if you are baking AMIs with Rosco, you may also need to set AwsBakeryDefaults.awsSecretKey.
defaultRegions
AwsRegion repeated
List of default regions.
features
AwsFeatures Configuration for AWS-specific features.
bakeryDefaults
AwsBakeryDefaults Configuration for Spinnaker's image bakery.
defaultKeyPairTemplate
string A template for generating the name of the AWS key-pair from the name of the account; only used for accounts where defaultKeyPair is not specified.
defaults
AwsDefaults Default values for AWS deployments.
Configuration for an AWS account.
Field
Type
Label
Description
accountId
string The AWS account ID to manage. See http://docs.aws.amazon.com/IAM/latest/UserGuide/console_account-alias.html for more information.
assumeRole
string If set, Spinnaker will configure a credentials provider that uses AWS Security Token Service to assume the specified role. Examples: user/spinnaker, role/spinnakerManaged.
defaultKeyPair
string The name of the AWS key-pair to use. See http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html for more information.
discovery
string The endpoint at which your Eureka discovery system is reachable. See https://github.com/Netflix/eureka for more information. Example: http://.eureka.url.to.use:8080/eureka-server/v2. Using will make Spinnaker use AWS regions in the hostname to access discovery so that you can have discovery for multiple regions.
edda
string The endpoint at which Edda is reachable. Edda is not a hard dependency of Spinnaker, but is helpful for reducing the request volume against AWS. See https://github.com/Netflix/edda for more information.
environment
string The environment name for the account. Many accounts can share the same environment (e.g., dev, test, prod).
permissions
proto.Permissions Fiat permissions configuration.
requiredGroupMembership
string repeated
(Deprecated): List of required Fiat permission groups. Configure permissions instead.
lifecycleHooks
AwsLifecycleHook repeated
List of configured AWS lifecycle hooks.
regions
AwsRegion repeated
List of configured AWS regions.
name
string The name of the account.
externalId
string Optional parameter used to identify and control access to AWS resources. Set this to the same value as the ExternalID parameter in the trust policy for the role you want to assume.
Configuration for Spinnaker's image bakery.
Field
Type
Label
Description
awsAccessKey
string The default access key used to communicate with AWS.
awsSecretKey
string The secret key used to communicate with AWS.
awsSubnetId
string If using VPC, the default ID of the subnet, such as subnet-12345def, where Packer will launch the EC2 instance. This field is required if you are using a non-default VPC.
awsVpcId
string If launching into a VPC subnet, Packer needs the VPC ID in order to create a temporary security group within the VPC. Requires subnet_id to be set. If this default value is left blank, Packer will try to get the VPC ID from awsSubnetId.
awsAssociatePublicIpAddress
google.protobuf.BoolValue If using a non-default VPC, public IP addresses are not provided by default. If this is enabled, your new instance will get a Public IP.
defaultVirtualizationType
string The default type of virtualization for the AMI you are building. This option must match the supported virtualization type of AwsVirtualizationSettings.sourceAmi. Acceptable values: pv, hvm.
baseImages
AwsBaseImageSettings repeated
List of configured base images.
templateFile
string This is the name of the packer template that will be used to bake images from this base image. The template file must be found in this list https://github.com/spinnaker/rosco/tree/master/rosco-web/config/packer , or supplied as described here: https://spinnaker.io/setup/bakery/ .
Base image configuration.
Field
Type
Label
Description
id
string This is the identifier used by AWS to find this base image.
shortDescription
string A short description to help human operators identify the image.
detailedDescription
string A long description to help human operators identify the image.
packageType
string This is used to help Spinnaker's bakery download the build artifacts you supply it with. For example, specifying deb indicates that your artifacts will need to be fetched from a debian repository.
templateFile
string The name of the Packer template that will be used to bake images from this base image. The template file must be found in this list: https://github.com/spinnaker/rosco/tree/master/rosco-web/config/packer , or supplied as described here: https://spinnaker.io/setup/bakery/ .
Configuration for a base image for the AWS provider's bakery.
Configuration for defaults for AWS deployments.
Field
Type
Label
Description
iamRole
string The default IAM role to use for deployments, when not otherwise specified.
Configuration for AWS-specific features.
AwsFeatures.CloudFormation Configuration for AWS CloudFormation.
Configuration for AWS Auto Scaling Lifecycle Hooks. For more information, see:
https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html
Field
Type
Label
Description
defaultResult
string Defines the action the Auto Scaling group should take when the lifecycle hook timeout elapses or if an unexpected failure occurs. Acceptable values: CONTINUE, ABANDON.
heartbeatTimeout
int32 Set the heartbeat timeout in seconds for the lifecycle hook. Instances can remain in a wait state for a finite period of time. Must be greater than or equal to 30 and less than or equal to 7200. The default is 3600 (one hour).
lifecycleTransition
string Type of lifecycle transition. Acceptable values: autoscaling:EC2_INSTANCE_LAUNCHING, autoscaling:EC2_INSTANCE_TERMINATING
notificationTargetARN
string The ARN of the notification target that Amazon EC2 Auto Scaling uses to notify you when an instance is in the transition state for the lifecycle hook. This target can be either an SQS queue or an SNS topic.
roleARN
string The ARN of the IAM role that allows the Auto Scaling group to publish to the specified notification target, for example, an Amazon SNS topic or an Amazon SQS queue.
An AWS region.
Field
Type
Label
Description
name
string The name of the region.
AwsVirtualizationSettings Base image virtualization settings.
Field
Type
Label
Description
region
string The name of the region in which to launch the EC2 instance to create the AMI.
virtualizationType
string The type of virtualization for the AMI you are building. This option must match the supported virtualization type of sourceAmi. Acceptable values: pv, hvm.
instanceType
string The EC2 instance type to use while building the AMI, such as t2.small.
sourceAmi
string The source AMI whose root volume will be copied and provisioned on the currently running instance. This must be an EBS-backed AMI with a root volume snapshot that you have access to.
sshUserName
string The username to connect to SSH with. Required if using SSH.
winRmUserName
string The username to use to connect to WinRM.
spotPrice
string The maximum hourly price to pay for a spot instance to create the AMI. Spot instances are a type of instance that EC2 starts when the current spot price is less than the maximum price you specify. Spot price will be updated based on available spot instance capacity and current spot instance requests. It may save you some costs. You can set this to auto for Packer to automatically discover the best spot price or to "0" to use an on demand instance (default).
spotPriceAutoProduct
string Required if spotPrice is set to auto. This tells Packer what sort of AMI you are launching to find the best spot price. This must be one of: Linux/UNIX, SUSE Linux, Windows, Linux/UNIX (Amazon VPC), SUSE Linux (Amazon VPC), Windows (Amazon VPC).
Top
cloudprovider/azure.proto
Configuration for the Azure provider.
Configuration for an Azure account.
Field
Type
Label
Description
name
string The name of the account.
appKey
string (Required) The appKey (password) of your service principal.
clientId
string (Required) The clientId (also called appId) of your service principal.
defaultKeyVault
string (Required) The name of a KeyVault that contains the user name, password, and ssh public key used to create VMs
defaultResourceGroup
string (Required) The default resource group to contain any non-application specific resources.
environment
string The environment name for the account. Many accounts can share the same environment (e.g., dev, test, prod).
objectId
string The objectId of your service principal. This is only required if using Packer to bake Windows images.
packerResourceGroup
string The resource group to use if baking images with Packer.
packerStorageAccount
string The storage account to use if baking images with Packer.
permissions
proto.Permissions Fiat permissions configuration.
requiredGroupMembership
string repeated
(Deprecated): List of required Fiat permission groups. Configure permissions instead.
regions
string repeated
The Azure regions this Spinnaker account will manage.
subscriptionId
string (Required) The subscriptionId to which your service principal is assigned.
tenantId
string (Required) The tenantId to which your service principal is assigned.
useSshPublicKey
google.protobuf.BoolValue If true, the SSH public key is used to provision the linux VM. If false, the password is used instead.
Configuration for Spinnaker's image bakery.
Base image configuration.
Field
Type
Label
Description
shortDescription
string A short description to help human operators identify the image.
detailedDescription
string A long description to help human operators identify the image.
publisher
string (Required) The Publisher name for your base image. See https://aka.ms/azspinimage to get a list of images.
offer
string (Required) The offer for your base image. See https://aka.ms/azspinimage to get a list of images.
sku
string (Required) The SKU for your base image. See https://aka.ms/azspinimage to get a list of images.
version
string The version of your base image. This defaults to latest if not specified.
packageType
string This is used to help Spinnaker's bakery download the build artifacts you supply it with. For example, specifying deb indicates that your artifacts will need to be fetched from a debian repository.
templateFile
string This is the name of the packer template that will be used to bake images from this base image. The template file must be found in this list: https://github.com/spinnaker/rosco/tree/master/rosco-web/config/packer , or supplied as described here: https://spinnaker.io/setup/bakery/ .
Configuration for a base image for the Azure provider's bakery.
Field
Type
Label
Description
baseImage
AzureBaseImage Base image configuration.
Top
cloudprovider/cloudfoundry.proto
Configuration for the Cloud Foundry provider.
Configuration for a Spinnaker Cloud Foundry account.
Field
Type
Label
Description
name
string The name of the account.
api
string (Required) Host of the Cloud Foundry Foundation API endpoint (e.g., api.sys.somesystem.com).
appsManagerUri
string HTTP(S) URL of the Apps Manager application for the Cloud Foundry Foundation (e.g., https://apps.sys.somesystem.com).
environment
string The environment name for the account. Many accounts can share the same environment (e.g., dev, test, prod).
metricsUri
string HTTP(S) URL of the metrics application for the Cloud Foundry Foundation (e.g., https://metrics.sys.somesystem.com).
password
string (Required) Password for the account to use for this Cloud Foundry Foundation.
skipSslValidation
google.protobuf.BoolValue (Default: false) Skip SSL server certificate validation of the API endpoint.
user
string (Required) User name for the account to use for this Cloud Foundry Foundation.
permissions
proto.Permissions Fiat permissions configuration.
requiredGroupMembership
string repeated
(Deprecated): List of required Fiat permission groups. Configure permissions instead.
Top
Configuration for the DC/OS (Distributed Cloud Operating System) provider.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether the provider is enabled.
accounts
DcosAccount repeated
The list of configured accounts.
primaryAccount
string The name of the primary account.
clusters
DcosCluster repeated
The list of configured clusters.
Credentials to authenticate against one or more DC/OS clusters.
Field
Type
Label
Description
name
string (Required) The name of the account.
clusters
DcosAccountCluster repeated
(Required) The clusters against which this account will authenticate.
environment
string The environment name for the account. Many accounts can share the same environment (e.g., dev, test, prod).
dockerRegistries
DcosAccountDockerRegistry repeated
(Required) The list of Docker registries to use with this DC/OS account.
permissions
proto.Permissions Fiat permissions configuration.
requiredGroupMembership
string repeated
(Deprecated) List of required Fiat permission groups. Configure permissions instead.
Configuration for a DC/OS cluster associated with a DcosAccount.
Field
Type
Label
Description
name
string (Required) The name of the cluster. Must match the name of a DcosCluster defined for this provider.
uid
string (Required) User or service account identifier.
serviceKeyFile
string Path to a file containing the secret key for service account authentication. If set, password should not be set.
password
string Password for a user account. If set, serviceKeyFile should not be set.
DcosAccountDockerRegistry Configuration for a Docker registry associated with a DcosAccount.
Field
Type
Label
Description
accountName
string The name of the Docker registry. Must be the name of an account configured with the Docker registry provider.
Configuration for a DC/OS cluster.
Field
Type
Label
Description
name
string (Required) The name of the cluster.
caCertFile
string Root certificate file to trust for connections to the cluster.
dcosUrl
string (Required) URL of the endpoint for the DC/OS cluster's admin router.
loadBalancer
DcosClusterLoadBalancer Configuration for a DC/OS load balancer.
insecureSkipTlsVerify
google.protobuf.BoolValue If true, disables verification of certificates from the cluster (insecure).
Configuration for a DC/OS load balancer.
Field
Type
Label
Description
image
string Marathon-lb image to use when creating a load balancer with Spinnaker.
serviceAccountSecret
string Name of the secret to use for allowing marathon-lb to authenticate with the cluster. Only necessary for clusters with strict or permissive security.
Top
cloudprovider/docker_registry.proto
Configuration for the Docker Registry provider.
A credential able to authenticate against a set of Docker repositories.
Field
Type
Label
Description
name
string The name of the account.
address
string (Required) The registry address from which to pull and deploy images (e.g., https://index.docker.io).
cacheIntervalSeconds
int32 The number of seconds between polling the Docker registry. Certain registries are sensitive to over-polling, and larger intervals (e.g., 10 minutes = 600 seconds) are desirable if you experience rate limiting. Defaults to 30.
cacheThreads
int32 The number of threads on which to cache all provided repositories. Really only useful if you have a ton of repos. Defaults to 1.
clientTimeoutMillis
int32 Timeout in milliseconds for provided repositories. Defaults to 60,000.
email
string The email associated with your Docker registry. Often this only needs to be well-formed, rather than be a real address.
environment
string The environment name for the account. Many accounts can share the same environment (e.g., dev, test, prod).
insecureRegistry
google.protobuf.BoolValue If true, Spinnaker will treat the Docker registry as insecure and not validate the SSL certificate. Defaults to false.
paginateSize
int32 Pagination size for the Docker repository _catalog endpoint. Defaults to 100.
password
string The Docker registry password. Only one of password, passwordCommand, and passwordFile should be specified.
passwordCommand
string Command to retrieve Docker token/password. The command must be available in the environment. Only one of password, passwordCommand, and passwordFile should be specified.
passwordFile
string The path to a file containing your Docker password in plaintext (not a Docker config.json file). Only one of password, passwordCommand, and passwordFile should be specified.
permissions
proto.Permissions Fiat permissions configuration.
requiredGroupMembership
string repeated
(Deprecated) List of required Fiat permission groups. Configure permissions instead.
repositories
string repeated
An optional list of repositories from which to cache images. If not provided, Spinnaker will attempt to read accessible repositories from the registries _catalog endpoint. In the case of registries that support nested paths, like GCR, you can target nested paths by including them sans their registry domain. For example: gcr.io/my-project/path/to/image => my-project/path/to/image
sortTagsByDate
google.protobuf.BoolValue If true, Spinnaker will sort tags by creation date. Defaults to false. Not recommended for use with large registries; sorting performance scales poorly due to limitations of the Docker V2 API.
trackDigests
google.protobuf.BoolValue If true, Spinnaker will track digest changes. This is not recommended because it greatly increases queries to the registry, and most registries are flaky. Defaults to false.
username
string The username associated with this Docker registry.
Top
Configuration for the ECS provider.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether the provider is enabled.
accounts
EcsAccount repeated
The list of configured accounts.
primaryAccount
string The name of the primary account.
Configuration for an ECS account.
Top
cloudprovider/google.proto
Configuration for Consul.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether Consul is enabled.
agentEndpoint
string Reachable Consul node endpoint connected to the Consul cluster. Defaults to localhost.
agentPort
int32 Port consul is running on for every agent. Defaults to 8500.
datacenters
string repeated
List of data centers to cache and keep updated. Defaults to all.
Configuration for Spinnaker's image bakery.
Base image configuration.
Field
Type
Label
Description
id
string This is the identifier used by GCP to find this base image.
shortDescription
string A short description to help human operators identify the image.
detailedDescription
string A long description to help human operators identify the image.
packageType
string This is used to help Spinnaker's bakery download the build artifacts you supply it with. For example, specifying deb indicates that your artifacts will need to be fetched from a debian repository.
imageFamily
google.protobuf.BoolValue If set to true, Deck will annotate the popup tooltip to indicate that the selected option represents an image family.
Configuration for a base image for the Google provider's bakery.
Configuration for the Google Compute Engine (GCE) provider.
GoogleComputeEngineAccount Configuration for a Spinnaker Google account. An account maps to a
credential that can authenticate against a GCP project.
Field
Type
Label
Description
name
string The name of the account.
requiredGroupMembership
string repeated
(Deprecated): List of required Fiat permission groups. Configure permissions instead.
permissions
proto.Permissions Fiat permissions configuration.
project
string The GCP project this Spinnaker account will manage.
jsonPath
string The path to a JSON service account that Spinnaker will use as credentials. This is only needed if Spinnaker is not deployed on a Google Compute Engine VM, or needs permissions not afforded to the VM it is running on. See https://cloud.google.com/compute/docs/access/service-accounts for more information.
alphaListed
google.protobuf.BoolValue Enable this flag if your GCP project has access to alpha features and you want Spinnaker to take advantage of them.
imageProjects
string repeated
A list of GCP projects from which Spinnaker will be able to cache and deploy images. When this is omitted, it defaults to the current project. Each project must have granted the IAM role compute.imageUser to the service account associated with the JSON key used by this account, as well as to the Google APIs service account automatically created for the project being managed (should look similar to [email protected] https://cloud.google.com/compute/docs/images/sharing-images-across-projects for more information about sharing images across GCP projects.
consul
Consul Configuration for Consul.
regions
string repeated
A list of regions for caching and mutating calls. This overwrites any default regions set on the provider.
userDataFile
string The path to user data template file. Spinnaker has the ability to inject userdata into generated instance templates. The mechanism is via a template file that is token replaced to provide some specifics about the deployment. See https://github.com/spinnaker/clouddriver/blob/master/clouddriver-aws/UserData.md for more information.
Image source configuration.
Field
Type
Label
Description
sourceImage
string The source image. If both sourceImage and sourceImageFamily are set, sourceImage will take precedence.
sourceImageFamily
string The source image family to create the image from. The newest, non-deprecated image is used. If both sourceImage and sourceImageFamily are set, sourceImage will take precedence.
Top
cloudprovider/huaweicloud.proto
Configuration for the Huawei Cloud provider.
Configuration for a Huawei Cloud account.
Field
Type
Label
Description
name
string The name of the account.
accountType
string The type of account.
requiredGroupMembership
string repeated
(Deprecated) List of required Fiat permission groups. Configure permissions instead.
permissions
proto.Permissions Fiat permissions configuration.
authUrl
string (Required) The auth URL of the cloud.
domainName
string (Required) The domain name of the cloud.
environment
string The environment name for the account. Many accounts can share the same environment (e.g., dev, test, prod).
insecure
google.protobuf.BoolValue If true, disables certificate validation on SSL connections. Needed if certificates are self-signed. Defaults to false.
password
string (Required) The password used to access the cloud.
projectName
string (Required) The name of the project within the cloud.
regions
string repeated
(Required) The region(s) of the cloud.
username
string (Required) The username used to access the cloud.
HuaweiCloudBakeryDefaults Configuration for Spinnaker's image bakery.
Field
Type
Label
Description
baseImages
HuaweiCloudBaseImageSettings repeated
List of configured base images.
templateFile
string This is the name of the packer template that will be used to bake images from this base image. The template file must be found in this list: https://github.com/spinnaker/rosco/tree/master/rosco-web/config/packer , or supplied as described here: https://spinnaker.io/setup/bakery/ .
authUrl
string (Required) The default auth URL in which images will be baked.
username
string (Required) The default username with which images will be baked.
password
string (Required) The default password with which images will be baked.
projectName
string The name of the default project in which images will be baked.
domainName
string (Required) The default domain name in which images will be baked.
insecure
google.protobuf.BoolValue The security setting for connecting to the Huawei Cloud account. Defaults to false.
vpcId
string (Required) The VPC in which images will be baked.
subnetId
string (Required) The subnet in which images will be baked.
securityGroup
string (Required) The default security group in which images will be baked.
eipBandwidthSize
int32 (Required) The bandwidth size of EIP in which images will be baked.
Huawei Cloud base image settings.
Field
Type
Label
Description
id
string The name of the base image.
packageType
string This is used to help Spinnaker's bakery download the build artifacts you supply it with. For example, specifying deb indicates that your artifacts will need to be fetched from a debian repository.
templateFile
string This is the name of the packer template that will be used to bake images from this base image. The template file must be found in this list: https://github.com/spinnaker/rosco/tree/master/rosco-web/config/packer , or supplied as described here: https://spinnaker.io/setup/bakery/ .
shortDescription
string A short description to help human operators identify the image.
detailedDescription
string A long description to help human operators identify the image.
HuaweiCloudBaseImageSettings Configuration for a base image for the Huawei Cloud provider's bakery.
HuaweiCloudVirtualizationSettings Huawei Cloud virtualization settings.
Field
Type
Label
Description
region
string (Required) The region for the baking configuration.
instanceType
string (Required) The instance type for the baking configuration.
sourceImageId
string (Required) The source image ID for the baking configuration.
sshUserName
string (Required) The SSH username for the baking configuration.
eipType
string (Required) The EIP type for the baking configuration. See the API doc to get its value.
Top
cloudprovider/kubernetes.proto
Configuration for the Kubernetes provider.
Configuration for a Spinnaker Kubernetes account. An account maps to a
credential that can authenticate against your Kubernetes cluster.
Field
Type
Label
Description
name
string The name of the account.
kinds
string repeated
A list of resource kinds this Spinnaker account can deploy and will cache. When no kinds are configured, this defaults to all kinds described here: https://spinnaker.io/reference/providers/kubernetes-v2/ . This can only be set when omitKinds is empty or not set.
omitKinds
string repeated
A list of resource kinds this Spinnaker account cannot deploy to or cache. This can only be set when kinds is empty or not set.
context
string The kubernetes context to be managed by Spinnaker. See http://kubernetes.io/docs/user-guide/kubeconfig-file/#context for more information. When no context is configured for an account the current-context in your kubeconfig is assumed.
cacheThreads
int32 Number of caching agents for this kubernetes account. Each agent handles a subset of the namespaces available to this account. By default, only 1 agent caches all kinds for all namespaces in the account.
namespaces
string repeated
A list of namespaces this Spinnaker account can deploy to and will cache. When no namespaces are configured, this defaults to all namespaces.
omitNamespaces
string repeated
A list of namespaces this Spinnaker account cannot deploy to or cache. This can only be set when namespaces is empty or not set.
customResources
KubernetesCustomResource repeated
The list of custom resources Clouddriver will manage and make available for use in Patch and Delete (Manifest) stages.
cachingPolicies
KubernetesCachingPolicy repeated
The list of kind-specific caching policies.
dockerRegistries
KubernetesAccountDockerRegistry repeated
The list of the Spinnaker docker registry account names this Spinnaker account can use as image sources. These docker registry accounts must be registered in your halconfig before you can add them here.
oAuthScopes
string repeated
The list of OAuth scopes used by kubectl to fetch an OAuth token.
kubeconfigFile
string The path to your kubeconfig file. By default, it will be under the Spinnaker user's home directory in the typical .kube/config location.
permissions
proto.Permissions Fiat permissions configuration.
requiredGroupMembership
string repeated
(Deprecated): List of required Fiat permission groups. Configure permissions instead.
liveManifestCalls
google.protobuf.BoolValue When true, clouddriver will query manifest status during pipeline executions using live data rather than the cache. This eliminates all time spent in the "force cache refresh" task in pipelines, greatly reducing execution time. Defaults to false.
serviceAccount
google.protobuf.BoolValue When true, Spinnaker attempt to authenticate against Kubernetes using a Kubernetes service account. This only works when Halyard & Spinnaker are deployed in Kubernetes. Read more about service accounts here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ . Defaults to false.
kubeconfigContents
string The raw contents of your kubeconfig file. Ignored if kubeconfigFile is set.
kubectlPath
string The path to the kubectl executable. This should be omitted unless you want to override the default kubectl exectuable.
kubectlRequestTimeoutSeconds
int32 If set, all calls to kubectl will time out after the specified number of seconds.
checkPermissionsOnStartup
google.protobuf.BoolValue Whether to check whether the account has permission to read configured kinds before caching them. Kinds that the account does not have permission to read will be omitted from caching. This field defaults to true, and it is recommended to leave it at the default. If this field is set to false, any Kubernetes objects that are unreadable by the account will break caching for all objects.
oAuthServiceAccount
string When using OAuth to authenticate with your cluster, the name of the service account to use.
onlySpinnakerManaged
google.protobuf.BoolValue If true, only cache Kubernetes objects that have been deployed by Spinnaker, and ignore any other objects that exist in the cluster. Defaults to false.
debug
google.protobuf.BoolValue If true, enable detailed logging for all communications with the Kubernetes cluster for this account. Defaults to false.
KubernetesAccountDockerRegistry Configuration for a Docker registry.
Field
Type
Label
Description
accountName
string The configured name of the Docker registry.
namespaces
string repeated
The list of Docker registry namespaces usable as image sources.
Configuration for a kind-specific caching policy.
Field
Type
Label
Description
kubernetesKind
string The Kubernetes kind to which the policy applies.
maxEntriesPerAgent
int32 The maximum number of resources an agent will cache of the specified Kubernetes kind.
Configuration for a CRD to be managed by Spinnaker. If Spinnaker does not
have permission to list CRDs but you need Spinnaker to manage CRDs, you
need to explicitly register each CRD.
Field
Type
Label
Description
kubernetesKind
string The Kubernetes kind of the custom resource.
spinnakerKind
string The Spinnaker kind to which you would like the custom resource to map.
deployPriority
string An integer representing the deployment priority of this resource. Resources with lower values are deployed before resources with higher values.
versioned
google.protobuf.BoolValue Whether Spinnaker should manage versioning this resource.
namespaced
google.protobuf.BoolValue Whether the resource is namespaced. Defaults to true.
Top
cloudprovider/oracle.proto
Configuration for the Oracle provider.
Configuration for an Oracle account. An account maps to an Oracle Cloud
Infrastructure (OCI) user.
Field
Type
Label
Description
name
string The name of the account.
requiredGroupMembership
string repeated
(Deprecated) List of required Fiat permission groups. Configure permissions instead.
permissions
proto.Permissions Fiat permissions configuration.
compartmentId
string (Required) The OCID of the Oracle Compartment to use.
environment
string The environment name for the account. Many accounts can share the same environment (e.g., dev, test, prod).
fingerprint
string (Required) Fingerprint of the public key.
privateKeyPassphrase
string Passphrase used for the private key, if it is encrypted.
region
string (Required) An Oracle region (e.g., us-phoenix-1).
sshPrivateKeyFilePath
string (Required) Path to the private key in PEM format.
tenancyId
string (Required) The OCID of the Oracle Tenancy to use.
userId
string (Required) The OCID of the Oracle User with which to authenticate.
Configuration for Spinnaker's image bakery.
Oracle base image configuration.
Field
Type
Label
Description
id
string The name of the base image.
shortDescription
string A short description to help human operators identify the image.
detailedDescription
string A long description to help human operators identify the image.
packageType
string This is used to help Spinnaker's bakery download the build artifacts you supply it with. For example, specifying deb indicates that your artifacts will need to be fetched from a debian repository.
templateFile
string The name of the Packer template that will be used to bake images from this base image. The template file must be found in this list: https://github.com/spinnaker/rosco/tree/master/rosco-web/config/packer , or supplied as described here: https://spinnaker.io/setup/bakery/ .
Configuration for a base image for the Oracle provider's bakery.
OracleVirtualizationSettings Oracle virtualization settings.
Field
Type
Label
Description
baseImageId
string (Required) The OCID of the base image ID for the baking configuration.
sshUserName
string (Required) The ssh username for the baking configuration.
Top
cloudprovider/providers.proto
Configuration for cloud provider integrations.
Top
Configuration for the clouddriver microservice.
Top
config/config_files.proto
A config file for a Spinnaker microservice.
Field
Type
Label
Description
name
string The name of the config file.
contents
bytes The contents of the config file.
Wrapper for serialized config files for Spinnaker microservices.
Field
Type
Label
Description
configFile
ConfigFile repeated
Top
Field
Type
Label
Description
gateUrl
string The endpoint at which Deck communicates with Gate.
authEnabled
google.protobuf.BoolValue Whether authn is enabled.
authEndpoint
string The Gate authn endpoint.
bakeryDetailUrl
string Baking details URL used in Bake stage execution details.
canary
Deck.Canary Configuration for the canary UI.
notifications
Deck.Notifications Configuration for notifications providers.
providers
Deck.Providers Configuration for cloud provider defaults.
version
string Spinnaker version.
defaultTimeZone
string Default time zone in which to display timestamps in the UI.
feature
Deck.Features Configuration for UI-related feature flags.
Configuration for the canary UI.
Field
Type
Label
Description
defaultJudge
string The default canary judge. Defaults to NetflixACAJudge-v1.0, which is currently the only open-source judge available by default.
featureDisabled
google.protobuf.BoolValue Whether the canary UI is disabled.
metricsAccountName
string Name of the canary metrics account to use by default.
metricStore
string Name of the metrics store to use by default (e.g., prometheus, datadog).
showAllConfigs
google.protobuf.BoolValue Whether or not to show all canary configs in Deck, or just those scoped to the current application.
storageAccountName
string Name of storage account to use by default.
templatesEnabled
google.protobuf.BoolValue Whether or not to enable custom filter templates for canary configs in Deck.
Configuration for UI-related feature flags.
Configuration for notifications providers.
UI-specific provider default settings.
Deck.Providers.Appengine.Defaults
Field
Type
Label
Description
account
string
Deck.Providers.Aws.Defaults
Deck.Providers.Azure.Defaults
Deck.Providers.Cloudfoundry
Deck.Providers.Cloudfoundry.Defaults
Field
Type
Label
Description
account
string
Deck.Providers.Dcos.Defaults
Field
Type
Label
Description
account
string
Deck.Providers.Ecs.Defaults
Field
Type
Label
Description
account
string
Deck.Providers.Gce.Defaults
Deck.Providers.HuaweiCloud
Deck.Providers.HuaweiCloud.Defaults
Deck.Providers.Kubernetes The Kubernetes provider has no statically-configured defaults,
but Deck currently registers each cloud provider based on the existence
of an entry in the providers block.
Deck.Providers.TencentCloud TODO: add TencentCloud as a cloud provider so we can write
config to Deck and Clouddriver.
Deck.Providers.TencentCloud.Defaults
Top
Environment variables to be set when running deck.
Field
Type
Label
Description
deckCert
string Path to the .crt file containing deck's SSL certificate.
deckKey
string Path to the .key file for deck's SSL certificate.
passphrase
string The passphrase for deck's SSL certificate.
Top
Configuration for the echo microservice.
Echo scheduler configuration.
Cron configuration.
Field
Type
Label
Description
timezone
string Default timezone. Defaults to America/Los_Angeles.
Configuration for the status of non-core services.
Field
Type
Label
Description
keel
ServiceSettings Enabling keel for the echo service
Configuration for optional collection of usage metrics.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether to send usage metrics. Defaults to true.
instanceId
string A unique ID representing this deployment of Spinnaker.
spinnakerVersion
string The version of Spinnaker being deployed.
endpoint
string The endpoint to which usage metrics are sent. This should generally be left empty, in which case metrics are sent to the default endpoint.
deploymentMethod
proto.DeploymentMethod Information about how Spinnaker is configured and deployed.
Top
Configuration for the fiat microservice.
Top
Configuration for the front50 microservice.
Configuration for enabling ManagedDelivery
Top
Configuration for cross-origin resource sharing.
Field
Type
Label
Description
allowedOriginsPattern
string A regex matching all URLs authentication redirects may come from.
Configuration for the gate microservice.
Wrapper for Google-specific authentication.
Wrapper for Gate integrations.
Gate.Integrations.Gremlin Configuration for Gremlin fault-injection support.
Web server configuration.
Wrapper for Spring security configuration properties.
Top
Configuration for a Spinnaker installation.
Top
Configuration for the Igor microservice.
Top
Configuration for the Kayenta microservice.
Kayenta.ServiceIntegrations
Kayenta.ServiceIntegrations.Aws
Kayenta.ServiceIntegrations.Google
Top
config/managed_delivery.proto
Field
Type
Label
Description
keel
KeelConfig Keel specific configuration
eureka
Eureka Service discovery done through Eureka
sql
Keel.SQL Datastore used for keeping Keel data
Datastore configuration to be used with keel
KeelConfig.ArtifactRefresh Frequency of refreshing keel artifacts
Field
Type
Label
Description
frequency
string
Constraints on sending system information
KeelConfig.Constraints.InteractiveNotifications Enable notification
KeelConfig.Constraints.ManualJudgement ManualJudgement notification configuration
ManagedDelivery plugins
KeelConfig.Plugins.Bakery Bakery plugin
KeelConfig.Plugins.Bakery.BaseImage BaseImage information
KeelConfig.Plugins.DeliveryConfig Enable delivery configuration
EC2 plugin
KeelConfig.Plugins.Kubernetes Kubernetes plugin
Titus plugin
Frequency of checking keel resources
Field
Type
Label
Description
minAgeDuration
string
Top
Configuration for the spinnaker-monitoring microservice.
The monitoring protos use snake_case for backwards compatibility with
Halyard-generated hal configs and the spinnaker-monitoring microservice.
All new protos should be added using camelCase for consistency with the
rest of the hal config.
Configuration for monitoring period and enabled metric stores.
Field
Type
Label
Description
period
int32 Polling period for the monitoring daemon (seconds). Defaults to 30.
metricStore
MetricStoreType repeated
List of enabled metric stores.
Configurable metric store types.
Name
Number
Description
unspecified
0
datadog
1
newrelic
2
prometheus
3
stackdriver
4
Top
Configuration for the Orca microservice.
Defaults applicable to the orca microservice.
Orca.Defaults.BakeDefaults Configuration of bakery defaults.
Field
Type
Label
Description
account
string The default account to use for baking.
Configuration for pipeline templates.
Configuration for the status of non-core services.
Configuration for Orca tasks.
Orca.Tasks.ExecutionWindow Execution window configuration.
Field
Type
Label
Description
timezone
string Default timezone. Defaults to America/Los_Angeles.
Top
Configuration for the rosco microservice.
Top
config/service_enabled.proto
Configuration for a particular microservice.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether the microservice is enabled.
baseUrl
string The base URL for the microservice. In general, this should be the externally-resolvable URL for services that are exposed externally (ie, deck and gate).
Top
Configuration for Spinnaker's microservices.
Top
Feature flags
Top
metricstores/datadog.proto
Configuration for the Datadog metric store.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether the Datadog metric store is enabled.
apiKey
string Datadog API key.
appKey
string Datadog app key. Only required if you want Spinnaker to push pre-configured Spinnaker dashboards to your Datadog account.
tags
string repeated
Datadog custom tags. Delimit the key-value pair with colons (e.g., app:test).
Top
metricstores/metricstores.proto
Configuration for the Spinnaker monitoring daemon metric stores.
Field
Type
Label
Description
datadog
Datadog Configuration for the Datadog metric store.
newrelic
Newrelic Configuration for the Newrelic metric store.
prometheus
Prometheus Configuration for the Prometheus metric store.
stackdriver
Stackdriver Configuration for the Stackdriver metric store.
period
int32 Polling period for the monitoring daemon (seconds). Defaults to 30.
Top
metricstores/newrelic.proto
Configuration for the New Relic metric store.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether the New Relic metric store is enabled.
insertKey
string Your New Relic Insights insert key.
host
string The URL to post metric data to. In almost all cases, this is set correctly by default and should not be used.
tags
string repeated
New Relic custom tags. Delimit the key-value pair with colons (e.g., app:test).
Top
metricstores/prometheus.proto
Configuration for the Prometheus metric store.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether the Prometheus metric store is enabled.
pushGateway
string The endpoint to which the monitoring Daemon should push metrics. If you have configured Prometheus to automatically discover all your Spinnaker services and pull metrics from them, this is not required.
Top
metricstores/stackdriver.proto
Configuration for the Stackdriver metric store.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether the Datadog metric store is enabled.
credentialsPath
string Path to a Google JSON service account that has permission to publish metrics.
project
string The project to which Spinnaker's metrics should be published.
zone
string The zone with which Spinnaker's metrics should be associated.
Top
notification/bearychat.proto
Configuration for BearyChat notifications.
Top
Configuration for Email notifications.
Top
notification/github_status.proto
Configuration for Github status notifications.
Top
notification/google_chat.proto
Configuration for Google Chat notifications.
Top
notification/microsoft_teams.proto
Configuration for Microsoft Teams notifications.
Top
notification/notifications.proto
Configuration for notifications.
Top
notification/pubsub.proto
Configuration for Pub/Sub notifications.
Top
Configuration for Slack notifications.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether Slack notifications are enabled.
botName
string The name of your Slack bot.
token
string Your Slack bot token.
baseUrl
string Slack endpoint. Optional, can only be set if using a compatible API.
forceUseIncomingWebhook
google.protobuf.BoolValue Force usage of incoming webhooks endpoint for Slack. Optional, only set if using a compatible API.
Top
notification/twilio.proto
Configuration for Twilio notifications.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether Twilio notifications are enabled.
account
string Your Twilio account SID.
token
string Your Twilio auth token.
baseUrl
string The endpoint of the Twilio API. Optional, only set if overriding the default.
from
string The phone number from which the SMS will be sent (e.g., +1234-567-8910).
Top
A Fiat permissions configuration object.
Field
Type
Label
Description
READ
string repeated
A user must have at least one of these roles in order to view this account's cloud resources.
WRITE
string repeated
A user must have at least one of these roles in order to make changes to this account's cloud resources.
EXECUTE
string repeated
A user must have at least one of these roles in order to execute pipelines.
Top
Configuration for Google Cloud Pub/Sub integration.
Configuration for a Google Cloud Pub/Sub publisher.
Field
Type
Label
Description
name
string The name of the publisher account.
project
string The name of the GCP project your topic lives in.
topicName
string The name of the topic to publish to. This identifier does not include the name of the project, and must already be configured.
jsonPath
string The path to a JSON service account that Spinnaker will use as credentials. This is only needed if Spinnaker is not deployed on a Google Compute Engine VM, or needs permissions not afforded to the VM it is running on. See https://cloud.google.com/compute/docs/access/service-accounts for more information.
content
string The content to publish to the topic. Must be one of ALL or NOTIFICATIONS.
Configuration for a Google Cloud Pub/Sub subscriber.
Field
Type
Label
Description
name
string The name of the subscriber account.
project
string The name of the GCP project your subscription lives in.
subscriptionName
string The name of the subscription to listen to. This identifier does not include the name of the project, and must already be configured.
jsonPath
string The path to a JSON service account that Spinnaker will use as credentials. This is only needed if Spinnaker is not deployed on a Google Compute Engine VM, or needs permissions not afforded to the VM it is running on. See https://cloud.google.com/compute/docs/access/service-accounts for more information.
ackDeadlineSeconds
int32 The acknowledgement deadline as configured on the Pub/Sub subscription.
messageFormat
MessageFormat The format of the incoming message. Used to translate the incoming message into Spinnaker artifacts.
templatePath
string A path to a jinja template that specifies how artifacts from this pubsub system are interpreted and transformed into Spinnaker artifacts. Only used if messageFormat is set to CUSTOM.
Represents the format of an incoming pub/sub message.
Name
Number
Description
UNSPECIFIED
0
Unspecified. Do not directly use, instead omit the field.
CUSTOM
1
GCB
2
GCS
3
GCR
4
Top
Configuration for Pub/Sub integration.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether Pub/Sub is enabled.
google
Google Configuration for the Google Cloud Pub/Sub integration.
Top
repository/artifactory.proto
Artifactory repository integration.
Artifactory service search configuration.
Field
Type
Label
Description
name
string Name of the search.
baseUrl
string The base URL at which your Artifactory search is reachable.
repo
string The repo in your Artifactory to be searched.
groupId
string The group ID in your Artifactory to be searched.
repoType
string The package type of repo in your Artifactory to be searched. Defaults to MAVEN.
username
string The username of the Artifactory user to authenticate as.
password
string The password of the Artifactory user to authenticate as.
Top
repository/repository.proto
Repository integrations.
Field
Type
Label
Description
artifactory
Artifactory Artifactory repository integration.
Top
security/authn/authn.proto
Configuration of how users authenticate against Spinnaker.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether to enabled authentication.
oauth2
OAuth2 OAuth 2.0 configuration.
saml
Saml SAML configuration.
ldap
Ldap LDAP configuration.
x509
X509 X509 configuration.
iap
Iap Google Cloud Identity-Aware Proxy configuration.
basic
Basic Basic username/password authentication.
Configuration for basic username/password authentication
Configuration for authentication via Google Cloud Identity-Aware Proxy.
Google Cloud Identity-Aware Proxy (IAP) is an authentication model that utilizes
Google OAuth 2.0 and an authorization service to provide access control for users
of GCP. After a user has been authenticated and authorized by IAP's service, a
JWT token is passed along which Spinnaker uses to check for authenticity and to
get the user email from the payload and sign the user in. To configure IAP, set
the audience field retrieved from the IAP console.
Configuration for authentication via LDAP.
Lightweight Directory Access Protocol (LDAP) is a standard way many organizations
maintain user credentials and group memberships. Spinnaker uses the standard
'bind' approach for user authentication. This is a fancy way of saying that
Gate uses your username and password to login to the LDAP server, and if the
connection is successful, you're considered authenticated.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether the authentication method is enabled.
url
string ldap:// or ldaps:// url of the LDAP server.
userDnPattern
string The pattern for finding a user's DN using simple pattern matching. For example, if your LDAP server has the URL ldap://mysite.com/dc=spinnaker,dc=org, and you have the pattern 'uid={0},ou=members', 'me' will map to a DN uid=me,ou=members,dc=spinnaker,dc=org. If no match is found, will try to find the user using user-search-filter, if set.
userSearchBase
string The part of the directory tree under which user searches should be performed. If user-search-base isn't supplied, the search will be performed from the root.
userSearchFilter
string The filter to use when searching for a user's DN. Will search either from user-search-base (if specified) or root for entires matching the filter, then attempt to bind as that user with the login password. For example, the filter 'uid={0}' would apply to any user where uid matched the user's login name. If -user-dn-pattern is also specified, will attempt to find a match using the specified pattern first, before searching with the specified search filter if no match is found from the pattern.
managerDn
string An LDAP manager user is required for binding to the LDAP server for the user authentication process. This property refers to the DN of that entry. I.e. this is not the user which will be authenticated when logging into DHIS2, rather the user which binds to the LDAP server in order to do the authentication.
managerPassword
string The password for the LDAP manager user.
groupSearchBase
string The part of the directory tree under which group searches should be performed.
Configuration for authentication via OAuth 2.0.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether the authentication method is enabled.
client
OAuth2Client Configuration for your OAuth 2.0 client.
userInfoRequirements
OAuth2.UserInfoRequirementsEntry repeated
The map of requirements the userInfo request must have. This is used to restrict user login to specific domains or having a specific attribute.
resource
OAuth2Resource Configuration for OAuth 2.0 resources.
userInfoMapping
OAuth2UserInfoMapping Mapping of user attributes to fields returned by your OAuth 2.0 provider. This field controls how the fields returned from the OAuth 2.0 provider's user info endpoint are translated into a Spinnaker user.
OAuth2.UserInfoRequirementsEntry
Configuration for an OAuth 2.0 client.
Field
Type
Label
Description
clientId
string The OAuth client ID you have configured with your OAuth 2.0 provider.
clientSecret
string The OAuth client secret you have configured with your OAuth provider.
accessTokenUri
string The access token uri for your OAuth provider.
userAuthorizationUri
string The user authorization uri for your OAuth 2.0 provider.
clientAuthenticationScheme
OAuth2Client.AuthenticationScheme The method used to transmit authentication credentials to your OAuth 2.0 provider.
scope
string The scope to request when obtaining an access token from your OAuth 2.0 provider.
preEstablishedRedirectUri
string The externally accessible URL for Gate. For use with load balancers that do any kind of address manipulation for Gate traffic, such as an SSL terminating load balancer.
useCurrentUri
google.protobuf.BoolValue Whether the current URI in the request should be preferred over the pre-established redirect URI.
Configuration for OAuth 2.0 resources.
Field
Type
Label
Description
userInfoUri
string The user info URI for your OAuth 2.0 provider.
Mapping of user attributes to fields returned by an OAuth 2.0 provider.
This field controls how the fields returned from the OAuth 2.0 provider's user
info endpoint are translated into a Spinnaker user.
Field
Type
Label
Description
email
string Email.
firstName
string First name.
lastName
string Last name.
username
string Username.
Configuration for authentication via SAML.
SAML authenticates users by passing cryptographically signed XML documents
between the Gate server and an identity provider. Gate's key is stored and
accessed via the -keystore parameters, while the identity provider's keys are
included in the metadata.xml. Finally, the identity provider must redirect the
control flow (through the user's browser) back to Gate by way of the
-serviceAddressUrl. This is likely the address of Gate's load balancer.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether the authentication method is enabled.
metadataUrl
string The path to a local file containing identity provider's metadata XML file; can be either a local file or a URI.
issuerId
string The identity of the Spinnaker application registered with the SAML provider.
keyStore
string Path to the keystore that contains this server's private key. This key is used to cryptographically sign SAML AuthNRequest objects.
keyStorePassword
string The password used to access the file specified in -keystore.
keyStoreAliasName
string The name of the alias under which this server's private key is stored in the -keystore file.
redirectHostname
string The host name of the gate server as accessible by the SAML identity provider. If deployed behind a load balancer, this would be the load balancer's address. (Ex: gate.org.com:8084)
redirectBasePath
string The base path on the gate server to which redirects will be sent. Defaults to '/' if absent.
redirectProtocol
string The protocol to use to when redirecting back to the Gate server. Defaults to 'https' if absent.
userAttributeMapping
Saml.UserAttributes Configuration for fields returned from your SAML provider.
signatureDigest
Saml.SignatureDigest Digest algorithm to sign SAML messages (optional).
Configuration for fields returned from your SAML provider.
Field
Type
Label
Description
firstName
string First name.
lastName
string Last name.
roles
string Roles.
rolesDelimiter
string Roles delimiter.
username
string Username.
email
string Email.
Configuration for a username/password combination.
Field
Type
Label
Description
username
string Username.
password
string Password.
Configuration for authentication via X509 certificates.
X509 authenticates users via client certificate and a corresponding private key.
These certificates optionally provide authorization information via custom OIDs
with corresponding group information for the user. This can be configured via -roleOid.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether the authentication method is enabled.
roleOid
string The OID that encodes roles that the user specified in the x509 certificate belongs to.
subjectPrincipalRegex
string The regex used to parse the subject principal name embedded in the x509 certificate if necessary.
OAuth2Client.AuthenticationScheme Methods to transmit authentication tokens to an OAuth 2.0 provider.
Name
Number
Description
unspecified
0
Unspecified. Do not directly use, instead omit the field.
header
1
Token is sent in the request header.
query
2
Token is sent as a query parameter.
form
3
Token is sent in the form body.
none
4
Token is not sent at all.
Digest algorithms to sign SAML messages.
Name
Number
Description
UNSPECIFIED
0
Unspecified. Do not directly use, instead omit the field.
SHA1
1
Digest algorithm SHA1 (default).
SHA256
2
Digest algorithm SHA256.
SHA384
3
Digest algorithm SHA384.
SHA512
4
Digest algorithm SHA512.
RIPEMD160
5
Digest algorithm RIPEMD160.
MD5
6
Digest algorithm MD5 (not recommended).
Top
security/authz/authz.proto
Configuration for what resources users of Spinnaker can read and modify.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether Spinnaker's role-based authorization is enabled.
groupMembership
GroupMembership Configuration role providers that map users to groups.
Configuration for the file-based role provider.
Field
Type
Label
Description
path
string A path to a file describing the roles of each user.
Configuration for the GitHub role provider.
Field
Type
Label
Description
baseUrl
string Used if using GitHub enterprise some other non github.com GitHub installation.
accessToken
string A personal access token of an account with access to your organization's GitHub Teams structure.
organization
string The GitHub organization under which to query for GitHub Teams.
Configuration for the Google role provider.
Field
Type
Label
Description
credentialPath
string A path to a valid json service account that can authenticate against the Google role provider.
adminUsername
string Your role provider's admin username e.g. [email protected]
domain
string The domain your role provider is configured for e.g. myorg.net.
Configuration role providers that map users to groups.
Field
Type
Label
Description
service
GroupMembership.RoleProviderType Configuration for which role provider to use for authorization decisions. Each role provider has a corresponding field; configuration specific to the role provider you are using should be added to the appropriate field.
google
GoogleRoleProvider Configuration for the Google role provider.
github
GithubRoleProvider Configuration for the GitHub role provider.
file
FileRoleProvider Configuration for the file-based role provider.
ldap
LdapRoleProvider Configuration for the LDAP role provider.
Configuration for the LDAP role provider.
Field
Type
Label
Description
url
string ldap:// or ldaps:// url of the LDAP server.
managerDn
string The manager user's distinguished name (principal) to use for querying LDAP groups.
managerPassword
string The manager user's password to use for querying LDAP groups.
userDnPattern
string The pattern for finding a user's DN using simple pattern matching. For example, if your LDAP server has the URL ldap://mysite.com/dc=spinnaker,dc=org, and you have the pattern 'uid={0},ou=members', 'me' will map to a DN uid=me,ou=members,dc=spinnaker,dc=org. If no match is found, will try to find the user using -user-search-filter, if set.
userSearchBase
string The part of the directory tree under which user searches should be performed. If -user-search-base isn't supplied, the search will be performed from the root.
groupSearchBase
string The part of the directory tree under which group searches should be performed.
userSearchFilter
string The filter to use when searching for a user's DN. Will search either from -user-search-base (if specified) or root for entries matching the filter.
groupSearchFilter
string The filter which is used to search for group membership. The default is 'uniqueMember={0}', corresponding to the groupOfUniqueMembers LDAP class. In this case, the substituted parameter is the full distinguished name of the user. The parameter '{1}' can be used if you want to filter on the login name.
groupRoleAttributes
string The attribute which contains the name of the authority defined by the group entry. Defaults to 'cn'.
GroupMembership.RoleProviderType Configuration for which role provider to use for authorization decisions.
Name
Number
Description
UNSPECIFIED
0
Unspecified. Do not directly use, instead omit the field.
FILE
1
File-based role provider.
GOOGLE
2
Google role provider.
GITHUB
3
GitHub role provider.
LDAP
4
LDAP role provider.
Top
Configuration for security settings.
Field
Type
Label
Description
apiSecurity
ApiSecurity Configuration for the API server's addressable URL and CORS policies.
uiSecurity
UiSecurity Configuration for the UI server's addressable URL.
authn
authn.Authentication Configuration of how users authenticate against Spinnaker.
authz
authz.Authorization Configuration for what resources users of Spinnaker can read and modify.
Top
Configuration for the API server's addressable URL and CORS policies.
Field
Type
Label
Description
corsAccessPattern
string If you have authentication enabled, are accessing Spinnaker remotely, and are logging in from sources other than the UI, provide a regex matching all URLs authentication redirects may come from.
ssl
ApiSsl If you want the API server to do SSL termination, it must be enabled and configured here. If you are doing your own SSL termination, leave this disabled.
overrideBaseUrl
string If you are accessing the API server remotely, provide the full base URL of whatever proxy or load balancer is fronting the API requests
Configuration for SSL termination by the API server.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether SSL is enabled.
keyAlias
string Name of your keystore entry as generated with your keytool.
keyStore
string Path to the keystore holding your security certificates.
keyStoreType
string The type of your keystore. Examples include JKS, and PKCS12.
keyStorePassword
string The password to unlock your keystore. Due to a limitation in Tomcat, this must match your key's password in the keystore.
trustStore
string Path to the truststore holding your trusted certificates.
trustStoreType
string The type of your truststore. Examples include JKS, and PKCS12.
trustStorePassword
string The password to unlock your truststore.
clientAuth
ClientAuth Whether to require or allow client authentication.
Configuration for the UI server's addressable URL.
Field
Type
Label
Description
ssl
UiSsl Configuration for SSL termination by the UI gateway.
overrideBaseUrl
string If you are accessing the UI server remotely, provide the full base URL of whatever proxy or load balancer is fronting the UI requests.
Configuration for SSL termination by the UI gateway.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether SSL is enabled.
sslCertificateFile
string Path to your .crt file.
sslCertificateKeyFile
string Path to your .key file.
sslCACertificateFile
string Path to the .crt file for the CA that issued your SSL certificate. This is only needed for local git deployments that serve the UI using webpack dev server.
sslCertificatePassphrase
string The passphrase needed to unlock your SSL certificate. This will be provided to Apache on startup.
Setting for client authentication.
Name
Number
Description
UNSPECIFIED
0
Unspecified. Do not directly use, instead omit the field.
NONE
1
No client authentication.
WANT
2
Client authentication is optional.
NEED
3
Client authentication is required.
Top
security/trust_store.proto
Configuration for a custom trust store.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether this custom trust store is enabled.
trustStore
string The path to a key store in JKS format containing certification authorities that should be trusted.
trustStorePassword
string The password for the supplied trustStore.
Configuration for webhooks.
Field
Type
Label
Description
trust
TrustStore A custom trust store to use for outgoing webhook connections.
Top
spinnaker/extensibility.proto
Extensibility flags
Extensibility.PluginsEntry
Extensibility.RepositoriesEntry
Spinnaker plugin flags
Spinnaker plugin repository flags
Field
Type
Label
Description
id
string unique repository name.
url
string URL of plugins.json file.
Spinnaker flags
Top
Information about how Spinnaker is configured and deployed.
Field
Type
Label
Description
type
string The tool used to configure Spinnaker (in this case, kleat).
version
string The kleat version.
Configuration for optional collection of usage metrics.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether to send usage metrics. Defaults to true.
instanceId
string A unique ID representing this deployment of Spinnaker.
endpoint
string The endpoint to which usage metrics are sent. This should generally be left empty, in which case metrics are sent to the default endpoint.
Top
Configuration for an Azure Storage persistent store.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether this persistent store is enabled.
storageAccountName
string The name of an Azure Storage Account.
storageAccountKey
string The key to access the Azure Storage Account.
storageContainerName
string The container name in the chosen storage account to place Spinnaker's persistent data. Defaults to 'spinnaker' if unspecified.
Top
Configuration for a Google Cloud Storage persistent store
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether this persistent store is enabled.
jsonPath
string A path to a JSON service account with permission to read and write to the bucket to be used as a backing store.
project
string The Google Cloud Platform project you are using to host the GCS bucket as a backing store.
bucket
string The name of a storage bucket that your specified account has access to.
rootFolder
google.protobuf.StringValue The root folder in the chosen bucket to place all of Spinnaker's persistent data in.
bucketLocation
string This is only required if the bucket you specify does not exist yet.
Top
Configuration for an Oracle persistent store.
Field
Type
Label
Description
enabled
google.protobuf.BoolValue Whether this persistent store is enabled.
bucketName
string The bucket name to store persistent state object in.
namespace
string The namespace the bucket and objects should be created in.
region
string An Oracle region (e.g., us-phoenix-1).
userId
string The OCID of the Oracle User you're authenticating as.
fingerprint
string Fingerprint of the public key.
sshPrivateKeyFilePath
string Path to the private key in PEM format.
privateKeyPassphrase
string Passphrase used for the private key, if it is encrypted.
tenancyId
string The OCID of the Oracle Tenancy to use.
compartmentId
string The OCID of the Oracle Compartment to use.
Top
storage/persistent_storage.proto
Configuration of Spinnaker's persistent storage.
Top
Configuration for an Amazon S3 persistent store.
Configuration for S3 server-side encryption; values correspond to values of
the 'x-amz-server-side-encryption' header.
Name
Number
Description
UNSPECIFIED
0
Unspecified. Do not directly use, instead omit the field.
AES256
1
Amazon S3-managed encryption keys, equivalent to a header value of 'AES256'.
AWSKMS
2
AWS KMS-managed encryption keys, equivalent to a header value of 'aws:kms'.
Top
ConnectionPool confifugration for the SQL server
Field
Type
Label
Description
user
string Database username
password
string Database password
jdbcUrl
string Database connection string. This needs to include server port and database name as well
connectionTimeout
int32 Database connection timeout in milliseconds
maxLifetime
int32 maxLifetime controls the maximum lifetime of a connection in the pool in milliseconds.
maxPoolSize
int32 Maximum number of connections stored in the connection pool
Default connection pool to Keel's datastore
.proto Type
Notes
C++
Java
Python
Go
C#
PHP
Ruby
double double
double
float
float64
double
float
Float
float float
float
float
float32
float
float
Float
int32 Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead.
int32
int
int
int32
int
integer
Bignum or Fixnum (as required)
int64 Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead.
int64
long
int/long
int64
long
integer/string
Bignum
uint32 Uses variable-length encoding.
uint32
int
int/long
uint32
uint
integer
Bignum or Fixnum (as required)
uint64 Uses variable-length encoding.
uint64
long
int/long
uint64
ulong
integer/string
Bignum or Fixnum (as required)
sint32 Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s.
int32
int
int
int32
int
integer
Bignum or Fixnum (as required)
sint64 Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s.
int64
long
int/long
int64
long
integer/string
Bignum
fixed32 Always four bytes. More efficient than uint32 if values are often greater than 2^28.
uint32
int
int
uint32
uint
integer
Bignum or Fixnum (as required)
fixed64 Always eight bytes. More efficient than uint64 if values are often greater than 2^56.
uint64
long
int/long
uint64
ulong
integer/string
Bignum
sfixed32 Always four bytes.
int32
int
int
int32
int
integer
Bignum or Fixnum (as required)
sfixed64 Always eight bytes.
int64
long
int/long
int64
long
integer/string
Bignum
bool bool
boolean
boolean
bool
bool
boolean
TrueClass/FalseClass
string A string must always contain UTF-8 encoded or 7-bit ASCII text.
string
String
str/unicode
string
string
string
String (UTF-8)
bytes May contain any arbitrary sequence of bytes.
string
ByteString
str
[]byte
ByteString
string
String (ASCII-8BIT)