Install the Armory Scale Agent in an Existing Armory CD Instance
kubectl
to deploy the Scale Agent components.Before you begin
This guide assumes you want to evaluate the Scale Agent with an existing Armory CD test instance that you deployed using the Armory Operator and Kustomize patches (spinnaker-kustomize-patches
repo). With that in mind:
Your Armory CD test instance is running in the
spinnaker
namespace.Your Clouddriver service uses a SQL backend. The Scale Agent plugin uses the SQL database to store cache data and dynamically created Kubernetes accounts.
You have Kubernetes accounts configured in Clouddriver so you can evaluate account migration.
You are going to deploy the Scale Agent service in the same cluster and namespace as your Armory CD test instance.
You are not going to configure mTLS, so the Scale Agent service and plugin are not going to communicate securely.
Choose the Scale Agent version that is compatible with your Armory CD version.
Armory CD (Spinnaker) Version Scale Agent Plugin Version Scale Agent Service Version 2.28.x (1.28.x) 0.11.56 1.0.83 1.29.x 0.12.21 1.0.83 2.30.x (1.30.x) 0.13.20 1.0.83 2.31.x (1.31.x) 0.14.1 1.0.83 2.32.x (1.32.x) 0.14.1 1.0.83 2.34.x (1.34.x) 0.15.0 1.0.83 Database compatibility:
MySQL PostgreSQL 5.7; AWS Aurora 10+
Scale Agent Features Limitation
The following Scale Agent features require Armory CD 2.28+ and Clouddriver Account Management:
- Automated scanning for newly created accounts in Clouddriver and migrating those accounts to Scale Agent management
- Intercepting and processing requests sent to Clouddriver’s
<GATE-URL>/credentials
endpoint
If your Armory CD version is earlier than 2.28, see the Configure the plugin section for how to disable Clouddriver Account Management.
Objectives
- Read about options for migrating Kubernetes accounts.
- Access the latest Scale Agent installation files.
- Update your local
kustomization
recipe. - Configure the plugin.
- Configure the service
- Install the Scale Agent
Options for migrating Kubernetes accounts
In Armory CD, you can configure Kubernetes accounts in multiple places:
- Clouddriver configuration files:
clouddriver.yml
,clouddriver-local.yml
,spinnaker.yml
,spinnaker-local.yml
- Clouddriver database:
clouddriver.accounts
table - Spring Cloud Config Server reading accounts from Git, Vault, or another supported backend
- Plugins
You have the following options for migrating accounts to the Scale Agent:
- You can configure the Scale Agent service to manage specific accounts by adding those accounts to a ConfigMap. This approach means you should remove the accounts from the Clouddriver credential source before you deploy the service.
- You can dynamically migrate accounts after the service has been deployed. This requires
kubectl
access to the cluster so you can port-forward the endpoint to your local machine.
This guide shows you how to statically add an accounts to the Scale Agent service configuration before deployment.
Access the installation files
You can find the files that install the Scale Agent in the spinnaker-kustomize-patches/targets/kubernetes/scale-agent
repo. Update your local copy from master
to get the latest updates.
Update your Kustomization recipe
components
section: addtargets/kubernetes/scale-agent
transformers
section: addutilities/unique-service-account.yml
Configure the plugin
Set the plugin version that is compatible with your Armory CD version
In
plugin-config.yml
, check that the version listed is compatible with your Armory CD version. If it isn’t, replace with a plugin version that is.spec: spinnakerConfig: profiles: clouddriver: spinnaker: extensibility: repositories: armory-agent-k8s-spinplug-releases: enabled: true url: https://raw.githubusercontent.com/armory-io/agent-k8s-spinplug-releases/master/repositories.json plugins: Armory.Kubesvc: enabled: true version: 0.11.32 # Replace with a version compatible with your Armory CD version extensions: armory.kubesvc: enabled: true
(Optional) Disable Clouddriver Account Management if your Armory CD version is earlier than 2.28.
Set
spec.spinnakerConfig.profiles.clouddriver.account.storage.enabled
tofalse
.spec: spinnakerConfig: profiles: clouddriver: account: storage: enabled: true
Configure the service
Version
The Scale Agent service version is set in spinnaker-kustomize-patches/targets/kubernetes/scale-agent/scale-agent-deployment.yml
. You don’t have to configure a version in the spec.template.spec.containers.image
field. The manifest pulls the latest version, which is compatible with Armory CD 2.26+ and corresponding plugin versions.
Kubernetes account
You should configure a Kubernetes account for the Scale Agent service to manage. You do this in targets/kubernetes/scale-agent/armory-agent.yml
. The Kubernetes account should not exist in Clouddriver.
Add your Kubernetes accounts to the kubernetes.accounts
section. For example:
kubernetes:
accounts:
- kubeconfigFile: /kubeconfigfiles/kubeconfig
name: agent-demo
Install the Scale Agent
Execute all commands from the root of spinnaker-kustomize-patches
. The following commands assume your Kustomization recipe is named kustomization.yml
and is in the root of your spinnaker-patches-kustomize
directory.
(Optional) Verify the Kustomize build output.
kubectl kustomize kustomization.yml
This prints out the contents of the manifest file that Kustomize built based on your
kustomization
file.Apply the manifest.
kubectl apply -k .
Verify the installation.
kubectl -n spinnaker get spinsvc && echo "" && kubectl -n spinnaker get pods
You can also access the Clouddriver log to verify that the plugin is running and communicating with the service.
kubectl -n spinnaker logs deployment/spin-clouddriver | grep -E "Start plugin|Starting Kubesvc plugin|Registering agent with"
Confirm success
Create a pipeline with a Deploy manifest
stage. You should see your target cluster available in the Accounts
list. Deploy a static manifest.
What’s next
- Dynamic Accounts Architecture and Features
- Migrate Clouddriver Kubernetes Accounts to the Armory Scale Agent
- Troubleshoot the Armory Scale Agent Service and Plugin page if you run into issues.
Feedback
Was this page helpful?
Thank you for letting us know!
Sorry to hear that. Please tell us how we can improve.
Last modified March 3, 2023: (2d069084)