Install Armory in Lightweight Kubernetes (K3s) using the Armory Operator
This guide walks you through using the Armory Operator to install Armory in a Lightweight Kubernetes (K3s) instance running on an AWS EC2 instance. The environment is for POCs and development only. It is not meant for production environments.
See the Install on Kubernetes guide for how to install Armory using the Armory Operator in a regular Kubernetes installation.
If you want to install open source SpinnakerTM, use the open source Spinnaker Operator instead of the Armory Operator.
- Know how to create a VM in AWS EC2
- Be familiar with AWS IAM roles and S3 buckets
- Have knowledge of Kubernetes Operators, which use custom resources to manage applications and their components
- Understand the concept of managing Kubernetes resources using manifests
Create an AWS EC2 instance
- Ubuntu Server 18.04 LTS (HVM), SSD Volume Type; 64-bit (x86)
- Minimum 2 vCPUs
- Minimum 8 GB of memory
- Minimum of 50 GB of storage
- Public IP
SSH into your VM and run the following command to install the latest version of K3s:
curl -sfL https://get.k3s.io | sh -s - --write-kubeconfig-mode 644
Output is similar to:
[INFO] Finding release for channel stable [INFO] Using v1.18.6+k3s1 as release [INFO] Downloading hash https://github.com/rancher/k3s/releases/download/v1.18.6+k3s1/sha256sum-amd64.txt [INFO] Downloading binary https://github.com/rancher/k3s/releases/download/v1.18.6+k3s1/k3s [INFO] Verifying binary download [INFO] Installing k3s to /usr/local/bin/k3s [INFO] Creating /usr/local/bin/kubectl symlink to k3s [INFO] Creating /usr/local/bin/crictl symlink to k3s [INFO] Creating /usr/local/bin/ctr symlink to k3s [INFO] Creating killall script /usr/local/bin/k3s-killall.sh [INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh [INFO] env: Creating environment file /etc/systemd/system/k3s.service.env [INFO] systemd: Creating service file /etc/systemd/system/k3s.service [INFO] systemd: Enabling k3s unit Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service. [INFO] systemd: Starting k3
Create an S3 bucket
Spinnaker’s Front50 service needs access to an S3 bucket, so create an S3 bucket with a globally unique name. See the Creating a bucket page in the Amazon Simple Storage Service docs for how to create a bucket and naming constraints.
On the Configure options screen, select Versioning and Default encryption.
On the Set permissions screen, select Block all public access.
Create your bucket.
Create an IAM Role
Create an IAM Role that you will attach to your EC2 instance. Calls to S3 use this role to get credentials for the requests. You can read more about IAM Roles in AWS’ AWS Identity and Access Management guide.
From the Services menu, select IAM in the Security, Identity, & Compliance section.
Select the Roles section.
Press the Create role button.
AWS Service is highlighted. Select EC2. Then press the Next: Permissions button.
In the Filter policies field, type “s3” and press enter. This action displays polices for S3. Select AmazonS3FullAccess. Then press the Next: Tags button.
You can optionally add tags to your Role. Press the Next: Review button to move to the Review screen. Type in a name for your role in the Role name field and then press the Create role button.
Attach your IAM Role to your EC2 instance
Navigate to the EC2 services screen and then access your running instance. Select your instance. From the Actions menu, select Instance Settings and then Attach/Replace IAM Role.
Select the IAM role you created in the previous section. The press Apply.
Install the Armory Operator
Install the Armory Operator in basic mode, which installs Armory into a single namespace. This mode does not perform pre-flight checks before applying a manifest.
SSH into your EC2 VM and download the Armory Operator files:
mkdir -p spinnaker-operator && cd spinnaker-operator bash -c 'curl -L https://github.com/armory-io/spinnaker-operator/releases/latest/download/manifests.tgz | tar -xz'
Install the Custom Resource Definitions (CRDs):
kubectl apply -f deploy/crds/
kubectl create ns spinnaker-operator
Install the Armory Operator on K3s:
kubectl -n spinnaker-operator apply -f deploy/operator/basic
You can verify successful installation by executing:
kubectl -n spinnaker-operator get pods
Terminal output is similar to:
NAME READY STATUS RESTARTS AGE spinnaker-operator-589ccc6fd4-56wlc 2/2 Running 0 4m28s
Modify the Armory manifest
SpinnakerService.yml manifest file located in the
You can find detailed configuration information in the Armory Operator Configuration guide.
Update Armory version and S3 bucket name
spec.spinnakerConfig.config.version value to the version of Armory you want to deploy. Check the Release Notes if you are unsure which version to install. Choose v2.20.4, v2.20.5 or v2.21+ if you want to deploy plugins.
Additionally, replace myBucket (
spec.spinnakerConfig.config.persistentStorage.s3.bucket) with the name of the s3 bucket you created in Create an S3 Bucket.
kind: SpinnakerService metadata: name: spinnaker spec: # spec.spinnakerConfig - This section is how to specify configuration spinnaker spinnakerConfig: # spec.spinnakerConfig.config - This section contains the contents of a deployment found in a halconfig .deploymentConfigurations config: version: 2.15.1 # the version of Spinnaker to be deployed persistentStorage: persistentStoreType: s3 s3: bucket: mybucket rootFolder: front50
This example shows the config if your bucket is named
my-s3-bucket and you want to install Armory 2.21.1::
kind: SpinnakerService metadata: name: spinnaker spec: # spec.spinnakerConfig - This section is how to specify configuration spinnaker spinnakerConfig: # spec.spinnakerConfig.config - This section contains the contents of a deployment found in a halconfig .deploymentConfigurations config: version: 2.21.1 # the version of Spinnaker to be deployed persistentStorage: persistentStoreType: s3 s3: bucket: my-s3-bucket rootFolder: front50
Modifications for running on K3s
spec.spinnakerConfig.config.security section like the example below, replacing
<your-vm-ip> with the public IP address of your EC2 instance. The
security section is at the same level as the
kind: SpinnakerService metadata: name: spinnaker spec: # spec.spinnakerConfig - This section is how to specify configuration spinnaker spinnakerConfig: # spec.spinnakerConfig.config - This section contains the contents of a deployment found in a halconfig .deploymentConfigurations config: version: 2.21.1 # the version of Spinnaker to be deployed persistentStorage: persistentStoreType: s3 s3: bucket: my-s3-bucket rootFolder: front50 security: apiSecurity: # Gate overrideBaseUrl: <your-vm-ip>:8084 uiSecurity: # Deck overrideBaseUrl: <your-vm-ip>:9000
expose.service.overrides section at the bottom of the file. Add configuration for Deck and Gate.
expose: type: service # Kubernetes LoadBalancer type (service/ingress), note: only "service" is supported for now service: type: LoadBalancer annotations: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http # provide an override to the exposing KubernetesService overrides: deck: publicPort: 9000 gate: publicPort: 8084
Spacing is very important in YAML files. Make sure that the spacing is correct in the
SpinnakerService.yml file and that there are no tabs instead of spaces. Incorrect spacing or tabs cause errors when you install Spinnaker.
Show complete SpinnakerService.yml file
Because you installed the Armory Operator in
basic mode, you must install Armory into the same
spinnaker-operator namespace. Use
kubectl apply to deploy the Armory manifest:
kubectl -n spinnaker-operator apply -f deploy/spinnaker/basic/SpinnakerService.yml
You can watch the installation progress by executing:
kubectl -n spinnaker-operator get spinsvc spinnaker -w
You can verify pod status by executing:
kubectl -n spinnaker-operator get pods
Upgrade Armory by changing the
version value in
SpinnakerService.yml and using
kubectl to apply the manifest.
Since you installed Armory in the same namespace as the Armory Operator, do not delete the
spinnaker-operator namespace unless you want to delete the Armory Operator as well.
You can use the
kubectl delete command to delete Armory:
kubectl -n spinnaker-operator delete spinnakerservice spinnaker
You can access the Armory Operator logs by executing:
kubectl -n spinnaker-operator logs deploy/spinnaker-operator -c spinnaker-operator
Operator uses Halyard, so you can access the Halyard logs by executing:
kubectl -n spinnaker-operator logs deploy/spinnaker-operator -c halyard
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.