Configure Armory Halyard
Overview of Armory Halyard
Armory-extended Halyard extends open source Halyard.
Armory-extended Halyard can be configured via
/opt/spinnaker/config/halyard.yml. If you run the Docker image, you can provide your own configuration by mounting the file or directory to the container. If you’re running the Armory Operator, you can also configure the behavior of the internal Halyard by creating a Kubernetes ConfigMap and mounting it to the Halyard container.
halyard: halconfig: directory: <user's home directory>/.hal spinnaker: artifacts: debianRepository: dockerRegistry: googleImageProject: config: input: bucket: halconfig region: us-west-2
You can choose a different location for your Armory configuration by changing
halyard.halconfig.directory. The Halyard daemon needs to be able to read and write to that location.
Armory-extended Halyard stores all the versions in a public s3 bucket (
halconfig). Sometimes, clients prefer to store the versions in a storage under their control.
Using a different s3 bucket
To use a different s3 bucket, you just need to change these two properties to point to your own bucket:
spinnaker: config: input: bucket: mybucket region: us-west-1
Using a private s3 bucket
By default Armory-extended Halyard will access version definitions and bills of materials without using the host’s s3 credentials. You can force it to sign the s3 requests by adding:
With that change, you’ll need to pass AWS credentials to Halyard’s daemon - for instance by specifying environment variables:
docker run --name armory-halyard --rm \ -e AWS_ACCESS_KEY_ID=<AWS account key> \ -e AWS_SECRET_ACCESS_KEY=<AWS secret key> \ -v ~/.hal:/home/spinnaker/.hal \ -v ~/.kube:/home/spinnaker/.kube \ -it docker.io/armory/halyard-armory:1.12.0
Using a private s3 bucket with assume role
Armory-extended Halyard can be configured to assume a specified role when accessing the bucket:
spinnaker.config.input.assumeRoleArn: <role arn to assume>
Using an s3 compatible storage
If you’re using an s3 compatible storage such as minio, you can override the endpoint:
You can also enable path-style access with:
Was this page helpful?
Thank you for letting us know!
Sorry to hear that. Please tell us how we can improve.
Last modified May 11, 2021: (d9ea153)