Install the Armory Scale Agent in an Existing Armory CD Instance

Before you begin

This guide assumes you want to evaluate the Scale Agent with an existing Armory CD test instance that you deployed using the Armory Operator and Kustomize patches (spinnaker-kustomize-patches repo). With that in mind:

1. Your Armory CD test instance is running in the spinnaker namespace.

2. Your Clouddriver service uses a SQL backend. The Scale Agent plugin uses the SQL database to store cache data and dynamically created Kubernetes accounts.

3. You have Kubernetes accounts configured in Clouddriver so you can evaluate account migration.

4. You are going to deploy the Scale Agent service in the same cluster and namespace as your Armory CD test instance.

5. You are not going to configure mTLS, so the Scale Agent service and plugin are not going to communicate securely.

6. Choose the Scale Agent version that is compatible with your Armory CD version.

   Armory CD (Spinnaker) Version	Scale Agent Plugin Version	Scale Agent Service Version
   2.28.x (1.28.x)	0.11.56	1.0.83
   1.29.x	0.12.21	1.0.83
   2.30.x (1.30.x)	0.13.20	1.0.83
   2.31.x (1.31.x)	0.14.1	1.0.83
   2.32.x (1.32.x)	0.14.1	1.0.83

   Database compatibility:

   MySQL	PostgreSQL
   5.7; AWS Aurora	10+

Objectives

1. Read about options for migrating Kubernetes accounts.
2. Access the latest Scale Agent installation files.
3. Update your local kustomization recipe.
4. Configure the plugin.
5. Configure the service
6. Install the Scale Agent

Options for migrating Kubernetes accounts

In Armory CD, you can configure Kubernetes accounts in multiple places:

• Clouddriver configuration files: clouddriver.yml, clouddriver-local.yml, spinnaker.yml, spinnaker-local.yml
• Clouddriver database: clouddriver.accounts table
• Spring Cloud Config Server reading accounts from Git, Vault, or another supported backend
• Plugins

You have the following options for migrating accounts to the Scale Agent:

1. You can configure the Scale Agent service to manage specific accounts by adding those accounts to a ConfigMap. This approach means you should remove the accounts from the Clouddriver credential source before you deploy the service.
2. You can dynamically migrate accounts after the service has been deployed. This requires kubectl access to the cluster so you can port-forward the endpoint to your local machine.

This guide shows you how to statically add an accounts to the Scale Agent service configuration before deployment.

Access the installation files

You can find the files that install the Scale Agent in the spinnaker-kustomize-patches/targets/kubernetes/scale-agent repo. Update your local copy from master to get the latest updates.

Update your Kustomization recipe

• components section: add targets/kubernetes/scale-agent
• transformers section: add utilities/unique-service-account.yml

Configure the plugin

1. Set the plugin version that is compatible with your Armory CD version

   In plugin-config.yml, check that the version listed is compatible with your Armory CD version. If it isn’t, replace with a plugin version that is.

   spec:
        spinnakerConfig:
          profiles:
            clouddriver:
              spinnaker:
                extensibility:
                  repositories:
                    armory-agent-k8s-spinplug-releases:
                      enabled: true
                      url: https://raw.githubusercontent.com/armory-io/agent-k8s-spinplug-releases/master/repositories.json
                  plugins:
                    Armory.Kubesvc:
                      enabled: true
                      version: 0.11.32 # Replace with a version compatible with your Armory CD version
                      extensions:
                        armory.kubesvc:
                          enabled: true
      

2. (Optional) Disable Clouddriver Account Management if your Armory CD version is earlier than 2.28.

   Set spec.spinnakerConfig.profiles.clouddriver.account.storage.enabled to false.

   spec:
        spinnakerConfig:
          profiles:
            clouddriver:
              account:
                storage:
                  enabled: true
      

Configure the service

Version

The Scale Agent service version is set in spinnaker-kustomize-patches/targets/kubernetes/scale-agent/scale-agent-deployment.yml. You don’t have to configure a version in the spec.template.spec.containers.image field. The manifest pulls the latest version, which is compatible with Armory CD 2.26+ and corresponding plugin versions.

Kubernetes account

You should configure a Kubernetes account for the Scale Agent service to manage. You do this in targets/kubernetes/scale-agent/armory-agent.yml. The Kubernetes account should not exist in Clouddriver.

Add your Kubernetes accounts to the kubernetes.accounts section. For example:

kubernetes:
  accounts:
    - kubeconfigFile: /kubeconfigfiles/kubeconfig
      name: agent-demo

Install the Scale Agent

Execute all commands from the root of spinnaker-kustomize-patches. The following commands assume your Kustomization recipe is named kustomization.yml and is in the root of your spinnaker-patches-kustomize directory.

1. (Optional) Verify the Kustomize build output.

   kubectl kustomize kustomization.yml
   

   This prints out the contents of the manifest file that Kustomize built based on your kustomization file.

2. Apply the manifest.

   kubectl apply -k .
   

3. Verify the installation.

   kubectl -n spinnaker get spinsvc && echo "" && kubectl -n spinnaker get pods
   

   You can also access the Clouddriver log to verify that the plugin is running and communicating with the service.

   kubectl -n spinnaker logs deployment/spin-clouddriver | grep -E "Start plugin|Starting Kubesvc plugin|Registering agent with"
   

Confirm success

Create a pipeline with a Deploy manifest stage. You should see your target cluster available in the Accounts list. Deploy a static manifest.

What’s next

• Dynamic Accounts Architecture and Features
• Migrate Clouddriver Kubernetes Accounts to the Armory Scale Agent
• Troubleshoot the Armory Scale Agent Service and Plugin page if you run into issues.