Armory Scale Agent Plugin Configuration Options

This guide contains a detailed list of plugin configuration options for the Armory Scale Agent for Spinnaker and Kubernetes.
Setting Type Default Description
integer 10/100 Thread pool sizing to write to cache. Each thread handles events for a single account at a time. It doesn't need to be greater than the number of agents. More threads means faster response. If Kubernetes accounts are very busy, you can set max size to number of Kubernetes accounts / number of Clouddriver instances.
kubesvc.cache.onDemandQuickWaitMs integer 10000 How long to wait for a recache operation.
kubesvc.cache.operationWaitMs integer 30000 How long to wait for a Kubernetes operation like deploy, scale, delete, or others
kubesvc.cache.eventsCleanupFrequencySeconds integer 7200 (2h) How long to keep Kubernetes events cached for.
kubesvc.cache.accountCleanupFrequencySeconds integer 600 (10m) How long to keep accounts that are no longer connected to any Agent
kubesvc.cache.cleanDataWithUnusedAccounts boolean true When cleaning an old account, also clean its associated data
kubesvc.cluster string none Type of clustering.
local: for development only; don’t try to coordinate with other Clouddriver instances
redis: use Redis to coordinate via pubsub. Redis will be deprecated in a future release.
0.10.24+0.9.400.8.48 kubernetes:(Recommended) Requires additional cluster-kubernetes configuration.
(Optional) If configured, the plugin uses this file to discover Endpoints. If not configured, it will use the service account mounted to the pod.
(Optional) Whether to verify the Kubernetes API cert or not.
(Optional) If configured, the plugin watches Endpoints in this namespace. If null, it watches endpoints in the namespace indicated in the file /var/run/secrets/
(Optional) Name of the port configured in clouddriver Service that forwards traffic to clouddriver http port for REST requests.
(Optional) Name prefix of the Kubernetes Service pointing to the Clouddriver standard HTTP port.
kubesvc.credentials.poller.reloadFrequencyMs long 30000 2.23.0+ 1.23.0+ How often the plugin will refresh account credentials to clouddriver in case credentials.poller.enabled is disabled. Otherwise the standard properties of credentials.poller.enabled and credentials.poller.types.kubernetes.reloadFrequencyMs are respected
kubesvc.disableV2Provider boolean false If you don’t need the V2 provider account, set that to true to speed up caching deserialization.
kubesvc.dynamicAccounts.enable boolean false 0.11.27+0.10.65+0.9.81+ Enable access to the Dynamic Accounts API
kubesvc.grpc.auth.x509.enabled boolean false Enable x509 subject filtering
kubesvc.grpc.auth.x509.filters list(string) [] x509 subject line filter; see x509 Certificate Subject Filtering
kubesvc.grpc.server.address string * Address to bind the gRPC server to
kubesvc.grpc.server.port int 9091 Port to bind the gRPC server to
kubesvc.grpc.server.healthServiceEnabled boolean true Enable gRPC healthcheck service
kubesvc.grpc.server.maxInboundMessageSize data size 4MB Maximum size of a gRPC message. It should be at least as big as the biggest Kubernetes object manifest you can expect. boolean false Enable transport level security string none Reference to the server's certificate chain. string none Reference to the private key of the server. string none Reference to private key password if password protected. You can use secret management to store the password. string NONE NONE: no client certificate verification, OPTIONAL: verify client certificates if presented, REQUIRE: require client to present certificates and verify it list(string) [] By default, use the systems default ciphers. string none By default, use the systems default truststore (cacerts). Otherwise, reference to a truststore to validate clients. string none By default, use the systems default protocols. Otherwise, list of protocols accepted (TLSv1.1, TLSv1.2, etc. int none how often should send keepalive grpc pings to client int none How long to wait for a response after a keepalive before closing the connection
How often each Clouddriver node reports its assingments as recent. Set the heartbeat period to a value less than kubesvc.cache.accountCleanupFrequencySeconds to prevent losing account cache. integer 1 0.10.3+0.9.320.8.40(Optional) The number of weeks to retain information on the databse table kubesvc_ops_history. Spring cron expression 0 0 0 * * 0 0.10.3+0.9.320.8.40(Optional) How often to run the cleanup logic.
kubesvc.loadBalancer string none Pick a different account load balancing algorithm. Only implementation so far is the “MN algorithm” that does hides Agent connections from other clouddriver instances and assigns account to the least busy connected Clouddriver while never unassigning an account from a still connected instance unless it dies or stops being connected to that account.
kubesvc.runtime.defaults.onlySpinnakerManaged boolean false Same meaning as V2 provider. Should Spinnaker cache manifests that are not deployed by Spinnaker?
number as string (“100”)
Same meaning as V2 provider. Customize behavior of Spinnaker for an unknown (to Spinnaker) resource.

- kubernetesKind in the format .
- spinnakerKind is one of the Spinnaker kinds
- deployPriority will determine in which order Spinnaker will deploy a resource if multiple manifests are to be deployed in an operation.
- versioned should Spinnaker version new resource or just update them?
- namespaced is barely used with kubesvc.
Same as above but per account. This takes priority over default runtime settings. Default values are used if not populated for the account.

Format is a map (account name → props), e.g.
onlySpinnakerManaged: true
kubesvc.v2-cache-eviction.disable boolean 0.10.3+ Set this to true if you want to turn off the eviction of the V2 cache.
kubesvc.v2-cache-eviction.batch-size integer 5 0.10.3+ How many Kubernetes kinds to evict for each eviction event.
kubesvc.v2-cache-eviction.millis integer 200 0.10.3+ The time between evictions in milliseconds. Using a low value can lead to a spike in resource usage when migration occurs.

Last modified March 3, 2023: (2d06908)