Configure Armory Enterprise Using Kustomize
This guide is for both the Armory Operator and the Spinnaker Operator. Armory Enterprise and Spinnaker configuration is the same except for features only in Armory Enterprise. Those features are marked .
Why use Kustomize patches for Spinnaker configuration
Even though you can configure Armory Enterprise or Spinnaker in a single manifest file, the advantage of using Kustomize patch files is readability, consistency across environments, and maintainability.
How Kustomize works
Kustomize uses patch files to build a deployment file by overwriting sections of the
spinnakerservice.yml manifest file. You declare your patch files in a
kustomization.yml file, which
kubectl and Kustomize and use to build the Armory Enterprise or Spinnaker manifest file.
You can put each manifest config section in its own file. For example, if you create a
profiles-patch.yml patch with configuration for various services, you are telling Kustomize to overwrite the
profiles section of the
spinnakerservice.yml manifest with the contents of
profiles-patch.yml. Kustomize is flexible, though, so you could instead create a separate patch file for each service (
profiles-deck-patch.yml, etc.), and then declare those patches in the
Kustomize is part of
kubectl, so you do not need to install Kustomize locally to build and verify your manifest file. You can run
kubectl kustomize <path-to-kustomization.yml>. This prints out the contents of the manifest file that Kustomize builds using your
kubectlversions up to and including v1.20 come bundled with Kustomize v2.0.3.
kubectl1.21 comes bundled with Kustomize v4.0.5. Using Kustomize patches has been tested with
kubectlv1.19.x. and standalone Kustomize v2 and v3. You may see a
panicerror if you use the
spinnaker-kustomize-patchesrepo with Kustomize v4.0+ or
You should familiarize yourself with Kustomize before you create patch files to configure Armory Enterprise.
- You are familiar with Kubernetes Operators, which use custom resources to manage applications and their components.
- You understand the concept of managing Kubernetes resources using manifests.
- You have reviewed and met the Armory Enterprise system requirements.
Spinnaker Kustomize patches repo
Armory maintains the
spinnakaker-kustomize-patches repo, which contains common configuration options for Armory Enterprise or Spinnaker as well as helper scripts. The patches in this repo give you a reliable starting point when adding and removing features.
All of the patches in the repo are for configuring Armory Enterprise. To use the patches to configure open source Spinnaker, you must change
spinnaker.io. This field is on the first line in a patch file.
To start, create your own copy of the
by clicking the
Use this template button:
If you intend to update your copy from upstream, use Fork instead. See Creating a repository from a template for the difference between Use this template and Fork.
Once created, clone this repository to your local machine.
Configure Armory Enterprise
Follow these steps to configure Armory Enterprise:
- Choose a
- (Optional) If you are deploying open source Spinnaker, change the
apiVersionin each patch file.
- Set the Armory Enterprise (or Spinnaker) version.
- Verify the content of each resource file.
- Verify the configuration contents of each patch file.
Before you begin configuring Armory Enterprise, you need to choose or create a
kustomization.yml file. The
kustomization.yml specifies the namespace for Armory Enterprise, a list of Kubernetes resources, and a list of patch files to merge into the
spinnakerservice.yml manifest file. For example, the
recipes/kustomization-quickstart.yml file contains the following:
apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization # Namespace where spinnaker and all its infrastructure will be installed. # NOTE: If changed, also change it in all ClusterRoleBinding namespace references. namespace: spinnaker resources: - spinnakerservice.yml # (Mandatory). Base spinnaker manifest - infrastructure/minio.yml # Self hosted minio, a S3 compatible data store - infrastructure/redis.yml - accounts/kubernetes/spin-sa.yml # Kubernetes service account needed by patch-kube.yml patchesStrategicMerge: - persistence/patch-minio.yml # (Mandatory). Persistence to store spinnaker applications and pipelines - persistence/patch-redis.yml - expose/patch-lb.yml # Automatically expose spinnaker - accounts/kubernetes/patch-kube.yml # Kubernetes accounts - accounts/docker/patch-dockerhub.yml # Docker accounts
resourcessection contains links to files that define Kubernetes resources: Minio, Redis, and a Kubernetes Service Account.
patchesStrategicMergesection contains links to files that contain partial or complete resource definitions. Kustomize uses these patch files to overwrite sections of the
spinnaker-kustomize-patches/kustomization.yml is a symlink that points to
spinnaker-kustomize-patches/recipes/kustomization-minimum.yml. There are multiple
kustomization examples in the
recipes directory. Choose the one that most closely resembles your use case and link to it. Alternately, you can delete the symlink, move your desired Kustomization file from
recipes to the top-level directory, and rename the file to
WarningIf you are in an air-gapped environment and are using MinIO to host the Armory Enterprise BOM, remove
infrastructure/minio.ymlfrom the list of resources to prevent the accidental deletion of the bucket when calling
kubectl delete -k ..
This step is required only if you are deploying open source Spinnaker.
The first line in each patch file defines the
spinnaker.io if you are deploying open source Spinnaker.
Set the Armory Enterprise version
kind: SpinnakerService metadata: name: spinnaker spec: spinnakerConfig: # ------- Main config section, equivalent to "~/.hal/config" from Halyard config: version: 2.27.0
core_config/patch-version.yml to your
kustomization.yml file in the
Read each file linked to in the
resources section to make sure that the Kubernetes resource as configured works with your environment.
Read each file linked to in the
patchesStrategicMerge section. You may need to update each patch configuration with values specific to you and your environment. For example, the
kustomization-quickstart.yml file described in the Choose a
kustomization file section links to
accounts/docker/patch-dockerhub.yml. You need to update that patch file with your own DockerHub credentials.
Explore the patches in various folders to see if there are any that you want to use. Remember to list additional patches in the
patchesStrategicMerge section of your
If you want to store Spinnaker secrets in Kubernetes, store secret literals in
secrets/secrets.env and secret files in
Deploy Armory Enterprise
Once you have configured your patch files, you can deploy Armory Enterprise.
kubectl create ns spinnaker
If you want to use a different namespace, you must update the
namespacevalue in your
(Optional) Verify the Kustomize build output:
kubectl kustomize <path-to-kustomization.yml>
This prints out the contents of the manifest file that Kustomize built based on your
Apply the manifest:
kubectl apply -k <path-to-kustomization.yml>
Watch the install progress and see the pods being created:
kubectl -n spinnaker get spinsvc spinnaker -w
- Armory Operator and Armory Enterprise: contact Armory Support or use the Spinnaker Slack
- Spinnaker Operator and Spinnaker: Spinnaker Slack
- See the Manifest Reference for configuration options by section.
- Learn how to manage your Spinnaker instance.
- See the Errors and Troubleshooting guide if you encounter issues.
Was this page helpful?
Thank you for letting us know!
Sorry to hear that. Please tell us how we can improve.
Last modified December 10, 2021: (556c295)