Kubernetes SIG Participation


#1

Hi All! For those of you who didn’t know, we’ve been hosting a bi-weekly SIG (Special Interest Group) for Kubernetes (you can find the details here)! We’re hoping that the meeting serves as a place where the community can get more engaged with the project and speak with the maintainers face-to-face. However, we’ve noticed that we haven’t done a great job of promoting it or actively driving involvement so I’m making this post to ask you, the community, what you’d like to see us do, or talk about, during these meetings! Here are some ideas to get us started but we’re open to any suggestions!

  • Use a portion of the meeting time to answer any questions about how something works or any questions related to open issues or PRs.
  • Demos. We love to see what the community is doing with Spinnaker!
  • Discuss anything that might feel odd about the Kubernetes integration or enhancements you’d like to see.

These are just a couple of things we could do, but we want to make this SIG as valuable to you, the user, as possible. If you think there’s something that we could be doing, let us know here!

As always, the Kubernetes SIG meets every other Tuesday at 1PM EST / 10AM PST. If you have anything you’d like to add to the agenda, let myself or @lwander know


#2

Would love to hear how I can help move pipeline templates forward.


#3

As someone new to Spinnaker (mostly just getting it setup + working at my company), I’d like to know more about how I can get involved, as well as how I could help develop on spinnaker. Even a quick guide on best practices for how to develop on spinnaker, open PRs, etc. would be helpful.

Also this may exist and I just don’t know, if so, my apologies!


#4

@dbyron is this specific to the Kubernetes provider or are you talking about pipeline templates in Spinnaker generally? The SIG has a strong focus on K8s-specific issues so if there are things in the pipeline templates + kubernetes realm that you’d like to talk or hear about then that sounds like a great topic.

@dyung I can point you at two resources for getting involved and getting developing. The first is the set of contributor pages at https://www.spinnaker.io/community/contributing/submitting/ and the second is a short dev guide we’re piecing together over at https://github.com/spinnaker/spinnaker.github.io/pull/915 - give it a try if you have time and let me know if you have any feedback either on the issue or on slack.


#5

I’m planning to use it with the Kubernetes v2 provider, yes. Mostly I can’t quite tell what the state of affairs is, and what the next steps are. I’d much rather spend time on a community solution than inventing something specific for my $dayjob.


#6

This is really exciting!

A consistent source of confusion for me in rolling out Spinnaker + Kubernetes was the distinction between k8s as a runtime environment for Spinnaker, and k8s as a cloud provider target of Spinnaker. Is this SIG focussed on development in one area or the other, or both?

For the former, I think we all know that it’s quite tough to get up and running with Spinnaker. I’ve heard mention of work on a halyard helm chart to make deployments easier and more reproducible. I will most likely need to develop something similar for my day-job, so it would be great to be able to see what the community plans and contribute to that.

Another stumbling block I’ve had in deployments is on secure ingress to spin-deck. Are there best practises about using k8s ingress controllers (nginx in my case) to access the web UI?

Using kubernetes as a cloud-provider target, I’m not thrilled with the method of providing k8s service account credentials to spinnaker (i.e. store all necessary tokens for deployment and provisioning in my ~/.kube/config, which halyard reads and provides to clouddriver as a secret). This feels insecure, as it gives clouddriver everything in my kube config, including the service account needed for deploying spinnaker itself, and any credentials/contexts I may have left in there by accident. I also foresee this not scaling terribly well, as we intend to roll out many new k8s clusters (each having multiple environments), meaning that we will need to reprovision spinnaker with new service account credentials every time. Are there ongoing discussions about how credentials are provided?


#7

Hey @blaffoy! Yes, this SIG is focused on both areas and we’d love to hear your feedback. Would you be able to attend our next meeting (Tuesday, July 31) to discuss about some of these things? Reach out to me on Slack and let me know!

Regarding your question about Ingress: While the out of the box install doesn’t provide a direct way to set this up, I’d be happy to help you get it setup the way you’d prefer ( I used nginx-ingress-controller at my last job). Halyard attempts to capture the most common use cases but it’s certainly possible to setup ingress after the fact.