Quick Start: Spinnaker and the Armory Scale Agent

This guide shows you how to use the Spinnaker Operator and Kustomize to install Spinnaker and the Scale Agent in the same Kubernetes cluster and namespace for testing the Scale Agent’s features.

Quick start overview

In this guide, you deploy a basic instance of Spinnaker 1.28+ and the corresponding Scale Agent plugin and service. You can evaluate:

Objectives

  1. Meet the requirements listed in the Before you begin section.
  2. Learn the options for migrating Clouddriver accounts to the Scale Agent.
  3. Deploy the Spinnaker Operator.
  4. Get the spinnaker-kustomize-patches repo.
  5. Configure Spinnaker.
  6. Deploy Spinnaker and the Scale Agent.

Since this guide is for installing the Armory Scale Agent in a test environment, it does not include mTLS configuration. The Scale Agent service and plugin do not communicate securely.

Before you begin

Options for migrating Kubernetes accounts

In Spinnaker, you can configure Kubernetes accounts in multiple places:

  • Clouddriver configuration files: clouddriver.yml, clouddriver-local.yml, spinnaker.yml, spinnaker-local.yml
  • Clouddriver database: clouddriver.accounts table
  • Spring Cloud Config Server reading accounts from Git, Vault, or another supported backend
  • Plugins

You have the following options for migrating accounts to the Scale Agent:

  1. You can configure the Scale Agent service to manage specific accounts by adding those accounts to a ConfigMap. This approach means you should remove the accounts from the Clouddriver credential source before you deploy the service.
  2. You can dynamically migrate accounts after the service has been deployed. This requires kubectl access to the cluster so you can port-forward the endpoint to your local machine.

This guide shows you how to statically add an account to the Scale Agent service configuration before deployment.

Deploy the Spinnaker Operator

Decide which Spinnaker Operator release you need based on the Kubernetes version you are using.

Kubernetes VersionSpinnaker Operator VersionSpinnaker Version
1.22+1.3+1.27+
1.211.2.51.27+
  1. Fetch the Spinnaker Operator.

    Replace <release-version> with a specific version or use latest to fetch the latest release.

    mkdir -p spinnaker-operator && cd spinnaker-operator
    bash -c 'curl -L https://github.com/armory/spinnaker-operator/releases/<release-version>/download/manifests.tgz | tar -xz'
    
  2. From the root of your spinnaker-operator directory, install the Spinnaker Operator CRDs cluster-wide.

    kubectl apply -f deploy/crds/
    
  3. Install the Spinnaker Operator in namespace spinnaker.

    kubectl create ns spinnaker
    kubectl -n spinnaker apply -f deploy/operator/cluster
    
  4. Verify that the Spinnaker Operator is running before you deploy Spinnaker.

    kubectl get pods -n spinnaker | grep operator
    

    Output is similar to:

    spinnaker-operator-79599cbf55-js5pg   2/2     Running   0          159m
    

Get the spinnaker-kustomize-patches repo

Armory maintains the spinnakaker-kustomize-patches repo, which contains common configuration options for Armory Continuous Deployment or Spinnaker as well as helper scripts. The patches in this repo give you a reliable starting point when adding and removing features.

Configuration in this repository is meant for Armory Continuous Delivery. To make it compatible with Spinnaker instead, apply the utilities/switch-to-oss.yml patch.

To start, create your own copy of the spinnaker-kustomize-patches repository by clicking the Use this template button:

If you intend to update your copy from upstream, use Fork instead. See Creating a repository from a template for the difference between Use this template and Fork.

Once created, clone this repository to your local machine.

Configure Spinnaker

You can find the recipe for deploying Spinnaker and the Scale Agent in recipes/kustomization-oss-agent.yml.

#-------------------------------------------------------------------------------
# Minimum Starting Point Recipe with Armory Scale Agent.
#
# Self contained Spinnaker installation with no external dependencies and no
# additional configuration needed. This is intended as a starting point for any
# kubernetes cluster. Not for production use.
#
# Features:
# - Spinnaker Operator
# - One Kubernetes account (Spinnaker's own cluster) using the Scale Agent
# - Spinnaker authentication disabled
# - Self hosted minio as a persistent storage
# - Self hosted redis backend for caching and temporal storage of services
#-------------------------------------------------------------------------------
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

namespace: spinnaker

resources:
  - infrastructure/mysql.yml           # (Optional, not for production use). MySQL server needed if using SQL backend in Spinnaker

components:  
  - core/base                             # Defines base configuration across the cluster
  - core/persistence/in-cluster           # Enables persistence using MinIO in-cluster
  - targets/kubernetes/scale-agent        # Enables the plugin version of the Scale Agent

patchesStrategicMerge:
  - core/patches/oss-version.yml          # Sets the OSS version to use  
  - persistence/patch-sql-clouddriver.yml # setup clouddriver to use SQL for storage

transformers:
  - utilities/unique-service-account.yml  # Ensures that ServiceAccounts are unique  

# This patch ensures that the correct OSS apiVersion is used.
patches:
  - target:
      kind: SpinnakerService
    path: utilities/switch-to-oss.yml
  • The resources section contains files that install apps that you want Spinnaker to use, such as MySQL.
  • The components section contains paths to directories that define collections of Kubernetes resources. This section contains a link to the targets/kubernetes/scale-agent directory, which contains the Scale Agent installation files.
  • The patchesStrategicMerge section contains links to files that contain partial resource definitions. Kustomize uses these patch files to overwrite sections of components or resources, such as the SpinnakerService definition.
  • The patches section is a list of files that Kustomize executes to add or replace fields on resources. The utilities/switch-to-oss.yml patch instructs Kustomize to replace apiVersion: spinnaker.armory.io/v1alpha2 with apiVersion: spinnaker.io/v1alpha2 in the SpinnakerService manifest.
  • The transformers section contains links to files that define Kustomize transformers.

What this recipe does

  • Configures MinIO as the persistent storage provider (instead of Redis or cloud storage)
  • Installs MySQL and configures Clouddriver to use MySQL
  • Enables Clouddriver Account Management
  • Installs the plugin
  • Creates a ServiceAccount, ClusterRole, and ClusterRoleBinding for the Scale Agent service
  • Deploys the service

What this recipe does not do

  • Publicly expose Spinnaker services
  • Configure mTLS; communication between the plugin and service is not secure

Spinnaker version

To change the Spinnaker version, update spec.spinnakerConfig.config.version in core/patches/oss-version.yml.

If you chose a Spinnaker version earlier than 1.28, you should modify the targets/kubernetes/scale-agent/plugin-config file to disable Clouddriver Account Management as in the following example:

spec:
  spinnakerConfig:
    profiles:
      clouddriver:
        account:
          storage:
            enabled: false # This enables Clouddriver Account Management; requires Armory CD 2.28+ or Spinnaker 1.28+

Configure your Kubernetes account

You should configure a Kubernetes account or accounts for the Scale Agent service to manage. You do this in targets/kubernetes/scale-agent/armory-agent.yml.

Add your Kubernetes accounts to the kubernetes.accounts section. For example:

kubernetes:
  accounts:
    - kubeconfigFile: /kubeconfigfiles/kubeconfig
      name: agent-demo

Deploy Spinnaker

Execute all commands from the root of spinnaker-kustomize-patches.

  1. Set the kustomize recipe.

    The kustomization.yml file in the project root is a symlink to recipes/kustomization-all.yml. Update to point to recipes/kustomization-oss-agent.yml.

    ln -vfns ./recipes/kustomization-oss-agent.yml kustomization.yml
    
  2. (Optional) Verify the Kustomize build output.

    kubectl kustomize kustomization.yml
    

    This prints out the contents of the manifest file that Kustomize built based on your kustomization file.

  3. Apply the manifest.

    kubectl apply -k .
    
  4. Verify the installation.

    kubectl -n spinnaker get spinsvc && echo "" && kubectl -n spinnaker get pods
    

    You can also access the Clouddriver log to verify that the plugin is running and communicating with the service.

    kubectl -n spinnaker logs deployment/spin-clouddriver | grep -E "Start plugin|Starting Kubesvc plugin|Registering agent with"
    

Confirm success

If you haven’t publicly exposed Spinnaker based on your cloud provider’s guides, you should port-forward in order to access the Spinnaker UI and API:

# port-forward for the UI
kubectl port-forward svc/spin-deck 9000:9000 -n spinnaker
# port-forward for the API
kubectl port-forward svc/spin-gate 8084:8084 -n spinnaker

Create a pipeline with a Deploy manifest stage. You should see your target cluster available in the Accounts list. Deploy a static manifest.

What’s next


Last modified March 3, 2023: (2d069084)