Armory Continuous Deployment-as-a-Service System Requirements

Remote Network Agent

Armory CD-as-a-Service uses agents that run in target Kubernetes clusters to communicate with Armory services. Make sure your environment meets the networking requirements so that the agents can communicate with Armory CD-as-a-Service.

There are no additional requirements for installing the agents that Armory CD-as-a-Service uses. For information about how to install these agents, see Enable the Armory CD-as-a-Service Remote Network Agent in target Kubernetes clusters or Get Started with Armory CD-as-a-Service.

If you are using the Armory Scale Agent for Spinnaker and Kubernetes, that is a separate agent from the Remote Networking Agent. It has its own requirements. For more information, see Armory Scale Agent for Spinnaker and Kubernetes Installation.

Deployment target

You need a Kubernetes cluster to act as the deployment target for your app. The cluster must run Kubernetes 1.16 or later.


All network traffic is encrypted while in transit.

Encryption in transit is over HTTPS using TLS encryption. When using Armory-provided software for both the client and server, these connections are secured by TLS 1.2. Certain APIs support older TLS versions for clients that do not support 1.2.

Encryption at rest uses AES256 encryption.

The following network endpoints are used for communication into Armory CD-as-a-Service:

DNS Port Protocol Description 443 TLS enabled gRPC over HTTP/2
TLS version 1.2
Remote Network Agent Hub connection; Agent Hub routes deployment commands to RNAs and caches data received from them. Agent Hub does not require direct network access to the RNAs since they connect to Agent Hub through an encrypted, long-lived gRPC HTTP2 connection. Agent Hub uses this connection to send deployment commands to the RNA for execution. 443 HTTP over TLS (HTTPS)
TLS version 1.2
Armory REST API; Clients connect to these APIs to interact with Armory CD-as-a-Service. 443 HTTP over TLS (HTTPS)
TLS version 1.2
OIDC Service; The Open ID Connect (OIDC) service is used to authorize and authenticate machines and users. The RNAs, Armory Continuous Deployment (Spinnaker) plugin, and other services all authenticate against this endpoint. The service provides an identity token that can be passed to the Armory API and Agent Hub.

Last modified August 4, 2022: (256b89f)