Spinnaker is an open-source, multi-cloud continuous delivery platform used for releasing software changes with high velocity and confidence. It is designed to work seamlessly with cloud-native technologies and supports multi-cloud environments.

Spinnaker can be integrated with SSD using any of two methods given below:

• Integration using Webhook

• Integration through Config changes in the Spinnaker Gitops

Prerequisites:

• Secure Software Delivery

• Spinnaker

Integration using Webhook

Secure Software Delivery (SSD) can be integrated with Spinnaker using the webhook configuration in Spinnaker. Follow the steps given below to complete this integration process:

1. Add the below configuration in the default/profiles/ echo-local.yml file of the Spinnaker gitops repo.

rest:
  enabled: true
  endpoints:
    -
      wrap: true
      url: https://SSD-UI.URL.COMPANY.COM/ssdservice/v1/spinnakerevents
      eventName: preview-saas-ssd
      flatten: true

• url: Replace the SSD-UI.URL.COMPANY.COM value with your SSD UI ingress value.url: Replace the SSD-UI.URL.COMPANY.COM value with your SSD UI ingress value.

• eventName: Default value for this field is preview-saas-ssd. This value should be same as the queue and bindingKey value of the spinnakerConfig.yml in the supplychain-preprocessor secret in SSD. If you change this value in the supplychain-preprocessor secret, then you need to provide the same value here also.

2. Now restart the halyard pod of the spinnaker using the command given below:

kubectl delete po <halyard pod name> -n <namespace name>

Integration through Config changes in Spinnaker Gitops:

You have to do few custom changes in the Spinnaker gitops repo to push the echo events to Secure Software Delivery. Follow the instructions given below to update the changes in gitops repo.

1. Update the images mentioned below in the bom file of the gitops repo. In case if you are not using the bom file then update the images in the default/service-settings/echo-*.yml and deck.yml files.

echo:
    Image: quay.io/opsmxpublic/ubi8-oes-echo:b5dad694-OP-21052-v4.0-Testing

  deck:
    image: quay.io/opsmxpublic/ubi8-oes-deck:82451241c-13

2. Add the below configuration at the root level in the default/profiles/echo-local.yml file.

message-broker:
  endpoint:
      name: rabbitmq
  username: rabbitmq              
  password: Abcd123       
  host: rabbitmq-service
  port: 5672
ssd:
  name: preview-saas-ssd
  enable: true

• message-broker.endpoint.name: Provide a name for the RabbitMQ connection. Default value is rabbitmq.

• message-broker.username: Provide the SSD RabbitMQ username.

• message-broker.password: Provide the SSD RabbitMQ password.

• message-broker.host: Provide the SSD RabbitMQ host details. If the SSD is hosted in a different cluster then give external IP address or DNS value of that service.

• message-broker.port: Provide the rabbitmq-service port number. Default value is 5672.

• ssd.name: Default value is preview-saas-ssd. This value should be same as queue and bindingKey value of spinnakerConfig.yml in supplychain-preprocessor secret in SSD. If you change this value in supplychain-preprocessor secret, then you need to provide the same value here also.

3. Now restart the halyard pod of the spinnaker using the command given below:

kubectl delete po <halyard pod name> -n <namespace name>

Adding container labels in Deployment files

Once Spinnaker is integrated, add the below mentioned container labels in the deployments files used by the pipelines of spinnaker.

ssd.admissionreview.accountname: ${parameters.account}
ssd.admissionreview.appname: ${execution.application}

TroubleShooting:

If you face any issues while integrating Spinnaker to Secure Software Delivery, feel free to contact OpsMx support team.