Configure Armory Enterprise Using Kustomize
This guide is for both the Armory Operator and the Spinnaker Operator. Armory Enterprise and Spinnaker configuration is the same except for features only in Armory Enterprise. Those features are marked .
Why use Kustomize patches for Spinnaker configuration
Even though you can configure Armory Enterprise or Spinnaker in a single manifest file, the advantage of using Kustomize patch files is readability, consistency across environments, and maintainability.
How Kustomize works
Kustomize uses patch files to build a deployment file by overwriting sections of the
spinnakerservice.yml manifest file. You declare your patch files in a
kustomization.yml file, which
kubectl and Kustomize and use to build the Armory Enterprise or Spinnaker manifest file.
You can put each manifest config section in its own file. For example, if you create a
profiles-patch.yml patch with configuration for various services, you are telling Kustomize to overwrite the
profiles section of the
spinnakerservice.yml manifest with the contents of
profiles-patch.yml. Kustomize is flexible, though, so you could instead create a separate patch file for each service (
profiles-deck-patch.yml, etc.), and then declare those patches in the
Kustomize is part of
kubectl, so you do not need to install Kustomize locally to build and verify your manifest file. You can run
kubectl kustomize <path-to-kustomization.yml>. This prints out the contents of the manifest file that Kustomize builds using your
kubectlversions up to and including v1.20 come bundled with Kustomize v2.0.3.
kubectl1.21 comes bundled with Kustomize v4.0.5. Using Kustomize patches has been tested with
kubectlv1.19.x. and standalone Kustomize v2 and v3. You may see a
panicerror if you use the
spinnaker-kustomize-patchesrepo with Kustomize v4.0+ or
You should familiarize yourself with Kustomize before you create patch files to configure Armory Enterprise.
- You are familiar with Kubernetes Operators, which use custom resources to manage applications and their components.
- You understand the concept of managing Kubernetes resources using manifests.
- You have reviewed and met the Armory Enterprise system requirements.
Spinnaker Kustomize patches repo
Armory maintains the
spinnakaker-kustomize-patches repo, which contains common configuration options for Armory Enterprise or Spinnaker as well as helper scripts. The patches in this repo give you a reliable starting point when adding and removing features.
Configuration in this repository is meant for Armory Continuous Delivery. To make it compatible with Spinnaker instead, apply the
To start, create your own copy of the
by clicking the
Use this template button:
If you intend to update your copy from upstream, use Fork instead. See Creating a repository from a template for the difference between Use this template and Fork.
Once created, clone this repository to your local machine.
Configure Armory Enterprise
Follow these steps to configure Armory Enterprise:
- Choose a
- (Optional) If you are deploying open source Spinnaker, change the
apiVersionin each patch file.
- Set the Armory Enterprise (or Spinnaker) version.
- Verify the content of each resource file.
- Verify the configuration contents of each patch file.
Before you begin configuring Armory Enterprise, you need to choose or create a
kustomization.yml file. The
kustomization.yml specifies the namespace for
Armory Enterprise, a list of Kubernetes resources, and a list of patch files to
merge into the
spinnakerservice.yml manifest file. For example, the
recipes/kustomization-minimum.yml file contains the following:
#----------------------------------------------------------------------------------------------------------------------- # Minimum Starting Point recipe # # Self contained Spinnaker installation with no external dependencies and no additional configuration needed. # This is intended as a starting point for any kubernetes cluster. # Not for production use. # # Features: # - One Kubernetes account (Spinnaker's own cluster) for deployment targets # - Spinnaker authentication disabled # - Self hosted minio as a persistent storage # - Self hosted redis backend for caching and temporal storage of services #----------------------------------------------------------------------------------------------------------------------- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: spinnaker components: - core/base - core/persistence/in-cluster - targets/kubernetes/default patchesStrategicMerge: - core/patches/version.yml transformers: - utilities/unique-service-account.yml
componentssection contains paths to directories that define collections of Kubernetes resources, such as: in-cluster Spinnaker persistence with Minio, Kubernetes Service Account and patches to enable the cluster in Spinnaker.
patchesStrategicMergesection contains links to files that contain partial resource definitions. Kustomize uses these patch files to overwrite sections of components or resources, such as the
spinnaker-kustomize-patches/kustomization.yml is a symlink that points to
spinnaker-kustomize-patches/recipes/kustomization-all.yml. There are
kustomization examples in the
recipes directory. Choose the one
that most closely resembles your use case and link to it. Alternately, you can
delete the symlink, move your desired Kustomization file from
recipes to the
top-level directory, and rename the file to
WarningIf you are in an air-gapped environment and are using MinIO to host the Armory Enterprise BOM, remove
core/persistence/in-cluster/minio.ymlfrom the list of resources to prevent the accidental deletion of the bucket when calling
kubectl delete -k ..
Choose Open Source Spinnaker
This step is required only if you are deploying open source Spinnaker.
Add the following patch to your
patches: - target: kind: SpinnakerService path: utilities/switch-to-oss.yml
Set the Armory Enterprise version
kind: SpinnakerService metadata: name: spinnaker spec: spinnakerConfig: config: version: 2.28.0
Read each file linked to from your chosen
kustomization.yml file section to
make sure that the Kubernetes resource as configured works with your
Read each file linked to in the
patchesStrategicMerge section. You may need to update each patch configuration with values specific to you and your environment. For example, the
kustomization-quickstart.yml file described in the Choose a
kustomization file section links to
accounts/docker/patch-dockerhub.yml. You need to update that patch file with your own DockerHub credentials.
Explore the patches in various folders to see if there are any that you want to use. Remember to list additional patches in the
patchesStrategicMerge section of your
If you want to store Spinnaker secrets in Kubernetes, we recommend using Kustomize generators.
Deploy Armory Enterprise
Once you have configured your patch files, you can deploy Armory Enterprise.
kubectl create ns spinnaker
If you want to use a different namespace, you must update the
namespacevalue in your
(Optional) Verify the Kustomize build output:
kubectl kustomize <path-to-kustomization.yml>
This prints out the contents of the manifest file that Kustomize built based on your
Apply the manifest:
kubectl apply -k <path-to-kustomization.yml>
Watch the install progress and see the pods being created:
kubectl -n spinnaker get spinsvc spinnaker -w
- Armory Operator and Armory Enterprise: contact Armory Support or use the Spinnaker Slack
- Spinnaker Operator and Spinnaker: Spinnaker Slack
- See the Manifest Reference for configuration options by section.
- Learn how to manage your Spinnaker instance.
- See the Errors and Troubleshooting guide if you encounter issues.
Was this page helpful?
Thank you for letting us know!
Sorry to hear that. Please tell us how we can improve.
Last modified June 15, 2022: (5239aaae)