Armory Scale Agent Plugin Configuration Options
This guide contains a detailed list of plugin configuration options for the Armory Scale Agent for Spinnaker and Kubernetes.
| Setting | Type | Default | Description |
|---|---|---|---|
kubesvc.cache.accountCleanupFrequencySeconds | integer | 600 (10m) | How long to keep accounts that are no longer connected to any Agent |
kubesvc.cache.cacheDefaults | array | ReplicaSetServiceIngressDaemonSetDeploymentPodStatefulSetJobCronJobNetworkPolicyNamespaceCustomResourceDefinition | Default list of kubernetes kinds to cache, non overridable. |
kubesvc.cache.cacheKinds | array | kubesvc.cache.cacheDefaults | List of kubernetes kinds to cache, overridable. |
kubesvc.cache.cacheStreamingPoolCoreSizekubesvc.cache.cacheStreamingPoolMaxSize | integer | 10/100 | Thread pool sizing to write to cache. Each thread handles events for a single account at a time. It doesn't need to be greater than the number of agents. More threads means faster response. If Kubernetes accounts are very busy, you can set max size to number of Kubernetes accounts / number of Clouddriver instances. |
kubesvc.cache.cleanDataWithUnusedAccounts | boolean | true | When cleaning an old account, also clean its associated data. |
kubesvc.cache.eventsCleanupFrequencySeconds | integer | 7200 (2h) | How long to keep Kubernetes events cached for. |
kubesvc.cache.namespaceExpiryMinutes | integer | 0 | Disabled by default, set it to a value greater than 0 to enable. Specifies minutes to keep namespace definitions in memory to reduce calls to the database. |
kubesvc.cache.onDemandQuickWaitMs | integer | 10000 | How long to wait for a recache operation. |
kubesvc.cache.operationWaitMs | integer | 30000 | How long to wait for a Kubernetes operation like deploy, scale, delete, or others |
kubesvc.cluster | string | none | Type of clustering.local: for development only; don’t try to coordinate with other Clouddriver instancesredis: use Redis to coordinate via pubsub. Redis will be deprecated in a future release.0.10.24+0.9.400.8.48 kubernetes:(Recommended) Requires additional cluster-kubernetes configuration. |
kubesvc.cluster-kubernetes.kubeconfigFilekubesvc.cluster-kubernetes.verifySslkubesvc.cluster-kubernetes.namespacekubesvc.cluster-kubernetes.httpPortNamekubesvc.cluster-kubernetes.clouddriverServiceNamePrefix | string boolean string string string | null true null http spin-clouddriver | (Optional) If configured, the plugin uses this file to discover Endpoints. If not configured, it will use the service account mounted to the pod. (Optional) Whether to verify the Kubernetes API cert or not. (Optional) If configured, the plugin watches Endpoints in this namespace. If null, it watches endpoints in the namespace indicated in the file /var/run/secrets/kubernetes.io/serviceaccount/namespace(Optional) Name of the port configured in clouddriver Service that forwards traffic to clouddriver http port for REST requests. (Optional) Name prefix of the Kubernetes Service pointing to the Clouddriver standard HTTP port. |
kubesvc.credentials.poller.reloadFrequencyMs | long | 30000 | 2.23.0+ 1.23.0+ How often the plugin will refresh account credentials to clouddriver in case credentials.poller.enabled is disabled. Otherwise the standard properties of credentials.poller.enabled and credentials.poller.types.kubernetes.reloadFrequencyMs are respected |
kubesvc.disableV2Provider | boolean | false | If you don’t need the V2 provider account, set that to true to speed up caching deserialization. |
kubesvc.dynamicAccounts.enabled | boolean | false | 0.11.27+0.10.65+0.9.81+ Enable access to the Dynamic Accounts API |
kubesvc.grpc.auth.x509.enabled | boolean | false | Enable x509 subject filtering |
kubesvc.grpc.auth.x509.filters | list(string) | [] | x509 subject line filter; see x509 Certificate Subject Filtering |
kubesvc.grpc.server.address | string | * | Address to bind the gRPC server to |
kubesvc.grpc.server.port | int | 9091 | Port to bind the gRPC server to |
kubesvc.grpc.server.healthServiceEnabled | boolean | true | Enable gRPC healthcheck service |
kubesvc.grpc.server.maxInboundMessageSize | data size | 4MB | Maximum size of a gRPC message. It should be at least as big as the biggest Kubernetes object manifest you can expect. |
kubesvc.grpc.server.security.enabled | boolean | false | Enable transport level security |
kubesvc.grpc.server.security.certificateChain | string | none | Reference to the server's certificate chain. |
kubesvc.grpc.server.security.privateKey | string | none | Reference to the private key of the server. |
kubesvc.grpc.server.security.privateKeyPassword | string | none | Reference to private key password if password protected. You can use secret management to store the password. |
kubesvc.grpc.server.security.clientAuth | string | NONE | NONE: no client certificate verification, OPTIONAL: verify client certificates if presented, REQUIRE: require client to present certificates and verify it |
kubesvc.grpc.server.security.ciphers | list(string) | [] | By default, use the systems default ciphers. |
kubesvc.grpc.server.security.trustCertCollection | string | none | By default, use the systems default truststore (cacerts). Otherwise, reference to a truststore to validate clients. |
kubesvc.grpc.server.security.protocols | string | none | By default, use the systems default protocols. Otherwise, list of protocols accepted (TLSv1.1 |
kubesvc.grpc.server.security.keepAliveHeartbeatSeconds | int | none | how often should send keepalive grpc pings to client |
kubesvc.grpc.server.security.KeepAliveTimeOutSeconds | int | none | How long to wait for a response after a keepalive before closing the connection |
kubesvc.heartbeat.initialDelaykubesvc.heartbeat.periodkubesvc.heartbeat.periodUnit | long long timeUnit | 0 60 SECONDS | How often each Clouddriver node reports its assingments as recent. Set the heartbeat period to a value less than kubesvc.cache.accountCleanupFrequencySeconds to prevent losing account cache. |
kubesvc.heartbeat.enabled | boolean | true | 0.13.7+0.12.8+0.11.45+Optional. Setting this to false makes Clouddriver rely on gRPC connections instead of pings to consider a connection alive. Useful for remote agent configuration with slow network and no load balancers in between agent and Clouddriver. |
kubesvc.jobs.operation-history.purge.weeks | integer | 1 | 0.10.3+0.9.320.8.40(Optional) The number of weeks to retain information on the databse table kubesvc_ops_history. |
kubesvc.jobs.operation-history.purge.cron | Spring cron expression | 0 0 0 * * 0 | 0.10.3+0.9.320.8.40(Optional) How often to run the cleanup logic. |
kubesvc.loadBalancer | string | none | Pick a different account load balancing algorithm. Only implementation so far is the “MN algorithm” that does hides Agent connections from other clouddriver instances and assigns account to the least busy connected Clouddriver while never unassigning an account from a still connected instance unless it dies or stops being connected to that account. |
kubesvc.runtime.defaults.onlySpinnakerManaged | boolean | false | Same meaning as V2 provider. Should Spinnaker cache manifests that are not deployed by Spinnaker? |
kubesvc.runtime.defaults.customResources[].kubernetesKindkubesvc.runtime.defaults.customResources[].spinnakerKindkubesvc.runtime.defaults.customResources[].deployPrioritykubesvc.runtime.defaults.customResources[].versionedkubesvc.runtime.defaults.customResources[].namespaced | string string number as string (“100”) boolean boolean | none none “100” false false | Same meaning as V2 provider. Customize behavior of Spinnaker for an unknown (to Spinnaker) resource. - kubernetesKind in the format - spinnakerKind is one of the Spinnaker kinds- deployPriority will determine in which order Spinnaker will deploy a resource if multiple manifests are to be deployed in an operation.- versioned should Spinnaker version new resource or just update them?- namespaced is barely used with kubesvc. |
kubesvc.runtime.accounts[string].onlySpinnakerManagedkubesvc.runtime.accounts[string].customResources[]… | Same as above but per account. This takes priority over default runtime settings. Default values are used if not populated for the account. Format is a map (account name → props), e.g. kubesvc.runtime.accounts: prod: onlySpinnakerManaged: true | ||
kubesvc.v2-cache-eviction.disable | boolean | 0.10.3+ Set this to true if you want to turn off the eviction of the V2 cache. | |
kubesvc.v2-cache-eviction.batch-size | integer | 5 | 0.10.3+ How many Kubernetes kinds to evict for each eviction event. |
kubesvc.v2-cache-eviction.millis | integer | 200 | 0.10.3+ The time between evictions in milliseconds. Using a low value can lead to a spike in resource usage when migration occurs. |
kubesvc.ops.processTime.metric.result.maxLength | integer | 255 | How many characters as a maximum could have the kubesvc.ops.processTime.result attribute metric |
Feedback
Was this page helpful?
Thank you for letting us know!
Sorry to hear that. Please tell us how we can improve.
Last modified March 3, 2023: (2d069084)