Armory Halyard

Armory-extended Halyard is a versatile command line interface (CLI) to configure and deploy Armory Enterprise for Spinnaker in Kubernetes or any cloud environment.

Visit the Armory-extended Halyard Release Notes page for a list of available Armory-extended Halyard versions and their release notes. You can view version differences as well as which versions are compatible with which Armory releases.

Running in Docker

Running Armory-extended Halyard in Docker is convenient and portable. The daemon will need access to files and environment variables, such as:

  • Halyard’s main configuration directory - make sure the daemon has write access to that directory
  • kubeconfig file for Spinnaker’s installation cluster (usually ~/.kube/config)
  • AWS profiles (usually ~/.aws) if access to AWS is needed
  • Any other configuration files that reside on the Docker host

The Docker container expects to use heptio-authenticator-aws instead of aws-iam-authenticator

Starting Daemon

Before you execute the command below, you need to set permissions on the host (local) directories mapped to the Docker container. These directories must allow for modification from within the container. The ~/.hal folder within the host (local) system directory needs write permissions (chmod 777 ~/.hal), or you will encounter issues when attempting to execute a hal deploy apply from within the container.

You can start Armory-extended Halyard in a Docker container with the following command:

docker run --name armory-halyard --rm \
    -v ~/.hal:/home/spinnaker/.hal \
    -v ~/.kube:/home/spinnaker/.kube \
    -v ~/.aws:/home/spinnaker/.aws \

Note: If you’re installing to Google Cloud, you’ll want to change the “.aws” mapping above to your Google credentials json file, and then you’ll need to set the environment variable GOOGLE_APPLICATION_CREDENTIALS within the shell so the installer can find it.

Our installer currently expects to find your kubeconfig named config in the .kube directory you map below. If you’ve named your config something else, you’ll need to rename or symlink the file accordingly.

Running Halyard Commands

Once Armory-extended Halyard is running, you can interact with it by opening a separate Terminal and running:

docker exec -it armory-halyard bash

From there, you can issue all your Halyard commands.

Run in Kubernetes

Armory-extended Halyard can also be installed as a Kubernetes StatefulSet. The advantage of running Halyard in the same cluster as Spinnaker is to get the same network access as Spinnaker itself in some locked down environments.

Installing Daemon

You can install Armory-extended Halyard with the following manifest:

apiVersion: v1
kind: PersistentVolumeClaim
  name: halconfig-pvc
    app: halyard
  namespace: halyard
  - ReadWriteOnce
      storage: 10Gi

apiVersion: apps/v1
kind: StatefulSet
  name: halyard
  namespace: halyard
  replicas: 1
      app: halyard
  serviceName: halyard
        app: halyard
      - name: halyard
        - name: halconfig
          mountPath: /home/spinnaker/
        fsGroup: 65533
      - name: halconfig
          claimName: halconfig-pvc

Copy and paste the manifest into a file named halyard.yml, then deploy the above manifest (halyard.yml) into Kubernetes with the following command:

kubectl apply -f halyard.yml

Note: This installs Halyard into the namespace ‘halyard’

Running Halyard Commands

Once the StatefulSet is ready - you can interact with it by running:

kubectl -n halyard exec -ti statefulset/halyard -- bash

Users of Kubernetes versions older than 1.16 may need to run this instead:

kubectl -n halyard exec -ti statefulset/halyard bash

Be sure to check the kubectl docs for the version of Kubernetes that you are running.

Last modified December 10, 2021: (556c295d)