Install Armory Enterprise for Spinnaker on OpenShift using the Armory Operator
This document is intended for users who have purchased the Armory Red Hat Marketplace offering. It will not work if you have not purchased the Armory Operator. Please contact Armory if you’re interested in a Red Hat Marketplace Private Offer.
Overview of the Armory Operator Red Hat Marketplace offering
The Install Armory Enterprise for Spinnaker Using the Armory Operator is a Kubernetes Operator that makes it easier to install, deploy, and upgrade Armory. You can get the Armory Operator from the Red Hat Marketplace, which is available directly from your OpenShift web console. See the Red Hat Marketplace docs for how to use marketplace.
Installing Armory consists of the following:
Prerequisites for installing Armory
You have an active Red Hat Marketplace account.
You have a Red Hat Marketplace
Cluster Adminrole, which enables you to install Operators from the Red Hat Marketplace.
You are familiar with installing OpenShift Operators.
You have registered your OpenShift cluster with the Red Hat Marketplace.
You have a Kubernetes cluster available in OpenShift Container Platform v4.4+.
You have configured persistent storage for Armory’s Front50 service.
Front50 requires persistent storage for application and pipeline definitions. There are a number of options for this:
Configure the persistent storage option that works best for your situation.
Install the Armory Operator
You can install the Armory Operator from the Red Hat Marketplace or from the OpenShift web console’s OperatorHub.
- Search for
- Choose to start a free trial or to purchase the Armory Operator. After you have made your choice, follow the instructions from Red Hat to install the Armory Operator into your cluster.
After you have deployed the Armory Operator in your cluster, it appears in the Installed Operators list in the Operators section of the OpenShift web console.
Click on Armory Operator to load details about the Operator. There is one available instance listed under Provided APIs.
Click Create Instance on the spinnakerservices.spinnaker.armory.io tile.
A page opens with a basic console specification of parameters that you need to customize.
Select YAML View to open the YAML editor. The specification you see is abbreviated to only the required parameters:
kind: SpinnakerService metadata: name: spinnaker spec: # spec.spinnakerConfig - This section is how to specify configuration spinnaker spinnakerConfig: # spec.spinnakerConfig.config - This section contains the contents of a deployment found in a halconfig .deploymentConfigurations config: version: 2.21.4-ubi # the version of Spinnaker to be deployed for Openshift persistentStorage: persistentStoreType: s3 s3: bucket: my-s3-bucket rootFolder: front50
Add your configuration using the example
SpinnakerService.yml file below as a guide. Consult the
Armory Operator Configuration page for detailed explanations of each config section. Be sure to configure the
spec.spinnakerConfig.config.persistentStorage section based on the persistent storage option you created for your Armory instance. See the
Persistent Storage Config page for details.
Show complete SpinnakerService.yml file
Spacing is very important in YAML files. Make sure that the spacing is correct, and that here are no tabs instead of spaces. Incorrect spacing or tabs cause errors when you install Armory.
Click Create after you are satisfied with your edits to the specification.
If everything is configured properly, the Armory Operator sees the
SpinnakerService custom resource and starts creating Kubernetes Deployments, ServiceAccounts, and Secrets. You can monitor this on the
Once your Armory instance is running, you need to configure it to be accessible. There are two main parts to this:
- Expose the
spin-gateservices so that they can be reached by your end users and client services.
- Configure Armory to know about its exposed endpoints.
Given a domain name or IP address such as
188.8.131.52, you should be able to:
- Reach the
spin-deckservice at the root of the domain (
- Reach the
spin-gateservice at the root of the domain (
You can use either
https, as long as you use the same for both.
Create a Route for
Determine a DNS name that you can use for Armory within your OpenShift cluster.
Then, create an Openshift Route (Networking -> Routes) to expose
spin-deck and another to expose
spin-deck, use the following content to create your route, replacing
spec.host with your values:
kind: Route apiVersion: route.openshift.io/v1 metadata: name: ui-spinnaker namespace: <your-project-name> spec: host: <ui-spinnaker.apps.my-cluster.company.io> to: kind: Service name: spin-deck weight: 100 port: targetPort: deck-tcp tls: termination: edge insecureEdgeTerminationPolicy: Allow wildcardPolicy: None
spin-gate, use the following content to create your route, replacing
spec.host with your values:
kind: Route apiVersion: route.openshift.io/v1 metadata: name: api-spinnaker namespace: <your-project-name> spec: host: <api-spinnaker.apps.my-cluster.company.io> to: kind: Service name: spin-gate weight: 100 port: targetPort: gate-tcp tls: termination: edge insecureEdgeTerminationPolicy: Allow wildcardPolicy: None
Configure Armory to be aware of its endpoints
Go to the Installed Operators page and select
spinnakerservices.spinnaker.armory.io to access the details of your deployed Armory instance.
spinnaker instance you created earlier.
This opens the page with details of your installation. Select Edit SpinnakerService from the Actions drop-down menu.
Add or update the
spec.spinnakerConfig.config.security section, replacing
security.apiSecurity.overrideBaseUrl with your endpoints. Make sure to specify
https according to your environment
spec: spinnakerConfig: config: # ... more configuration security: uiSecurity: overrideBaseUrl: http://ui-spinnaker.apps.my-cluster.company.io # Replace this with the IP address or DNS that points to our nginx ingress instance apiSecurity: overrideBaseUrl: http://api-spinnaker.apps.my-cluster.company.io # Replace this with the IP address or DNS that points to our nginx ingress instance # ... more configuration
Save to apply the changes.
Access your Armory instance
The Armory URL is the
spec.host value you configured in your
spin-deck route. You can find the URL on the details page for your installation.
Now that Armory is running, here are potential next steps:
- Configure certificates to secure your cluster (see this section for notes on this)
- Configure authentication/authorization (see the Open Source Spinnaker documentation)
- Add external Kubernetes accounts to deploy applications to (see Creating and Adding a Kubernetes Account to Spinnaker (Deployment Target))
- Add AWS accounts to deploy applications to (see the Open Source Spinnaker documentation)
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.