What is the recommended approach for using `spin cli` with Jenkins (+Spinnaker?)


#1

The instructions for authenticating the spin cli with oauth2 require us to manually navigate to a url and authenticate with a user account. Is there any recommended approach for integrating this with CI? Even if I create a “jenkins” or “ci” user account is there a way that the credentials can be provided as environment variables via a kubernetes secret or something? Also it seems that the tool expects to be run alongside spinnaker, what’s the best way to override its default configuration that is pointing at localhost for all of the spinnaker services?

Just for testing out the tool I created a small dockerfile and mounted my configuration file, for the moment I am also port forwarding 8085 as that appears to be the redirect URI. I was able to get the initial oauth2 token but it then tried to connect to gate at localhost:8084. EDIT: Able to get it pointing at the right place using the --gate-endpoint parameter… not sure if there is any way to save this in a config so I don’t have to set it on every command.

Would love if any support can be provided on the concept of automating management of spinnaker pipelines even if spin is not mature enough yet.


#2

@jacobkiefer


#3

The oauth2 credentials are cached in the config file after the initial manual authentication. Every subsequent call from the spin CLI is authenticated with that oauth2 token. The token is refreshed when it expires.

--gate-endpoint should be included in the config, I agree.

We’re working on a guide for integrating spin with our jsonnet library sponnet.


#4

@jacobkiefer Thanks for the link on sponnet been looking at kubecfg and ksonnet for other parts of our workflow so this is great timing. As far as the OAuth2 discussion. Does that then mean that creating a “CI User” is the current recommended approach and requires a manual interaction for initial setup in our Jenkins environment?


#5

Yes, that’s the suggested method if possible for managing pipelines with spin currently (both the CI user and initial manual interaction).