Armory Scale Agent Service Configuration Options

This page contains a detailed list of configuration options for the Agent service.

Configuration options

Settings Type Default Description
clouddriver.auth.token string none 0.3.0+ Optional bearer token added to each request back to the endpoint.
0.3.0+ Allows to invoke a command every refreshIntervalSeconds seconds that outputs either the token (format is raw) or a JSON object with an attribute of token if format is json or left empty. args is the optional list of parameters to the command.
clouddriver.grpc string (hostname) spin-clouddriver-grpc:9091 Hostname of the Clouddriver or gRPC proxy endpoint.
clouddriver.keepAliveHeartbeatSeconds integer none 0.6.9+Optional. How often the gPRC keep alive message is sent.
- Not set: (default) sent every 60 seconds.
- 0: not sent.
- Any n value greater than 0: sent every n seconds.
clouddriver.keepAliveTimeOutSeconds integer none Timeout before closing the grpc connection.
clouddriver.insecure boolean true Set to false, if you are connecting to a TLS server.
clouddriver.noProxy boolean false 0.3.1+ Ignore the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables when connecting back to the control plane (Armory Continuous Deployment).
0.6.7+Enables or disables retries.
0.6.7+How many times to retry sending the response to Clouddriver.
0.6.7+How much time to wait between retries in milliseconds.
Note that Agent Plugin config option kubesvc.cache.operationWaitMs should be set so that it does not time out before the retries are complete.
clouddriver.tls.serverName string none Server name on the remote certificate (override from the hostname).
clouddriver.tls.insecureSkipVerify boolean false Do not verify the endpoint's certificate.
Client certificate file for mTLS.
Client key file if not included in the certificate.
Password the key file if needed.
clouddriver.tls.cacertFile string none If provided, verify endpoint certificate with the trust store. Otherwise, the system trust store is used.
dynamicAccountsEnabled boolean true 1.0.39+ Enable or disable access to the Dynamic Accounts API.
kubernetes.noProxy boolean false 0.3.1+ Ignore the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables when connecting to any Kubernetes cluster.
kubernetes.reconnectTimeoutMs integer 5000 How long to wait before reconnecting to Armory Continuous Deployment.
kubernetes.accounts[].context string empty If provided, use the given context of the configured kubeconfig.
kubernetes.accounts[].customResourceDefinitions []{kind: } empty 0.4.0+ List of CustomResourceDefinition to expose to Armory Continuous Deployment. This is not needed if onlyNamespacedResources is left off. The format of kind is
kubernetes.accounts[].customResourceDefinitions.scope string Namespaced 1.0.9+ Possible values are `Cluster` and `Namespaced`. The default value if left unconfigured is `Namespaced`.
kubernetes.accounts[].kinds []string empty Defines which Kubernetes kinds to cache for the Spinnaker UI. If not empty, only kinds in the list are cached. Use only the kind name in singular form and without group name (e.g. deployment, not deployment.apps). This also applies to CRDs.
There’s no benefit to caching kinds that don’t display in the Spinnaker UI. The recommended set of kinds to include (per account) is: replicaSet, service, ingress, daemonSet, deployment, pod, statefulSet, job, cronJob.
Note: Operations are still possible on every kind regardless of the config, and statuses for those operations are not affected. For example, if you need to deploy another kind such as HorizontalPodAutoscaler, and this kind is not defined in this list, the deployment still succeeds.
kubernetes.accounts[].kubeConfigFile string none Path to the kubeconfig file if not using serviceAccount.
kubernetes.accounts[].insecure boolean false Do not verify the TLS certificate of the Kubernetes API server
Don’t use without a good reason.
kubernetes.accounts[].metrics boolean false When true, sends pod metrics back to Armory Continuous Deployment every 20s.
kubernetes.accounts[].name string none, required Name of the Kubernetes cluster in Armory Continuous Deployment.
kubernetes.accounts[].namespaces []string empty 0.4.0+ Whitelist of namespaces to monitor.
This comes at a greater cost of multiplying the resources by the number of namespaces.
kubernetes.accounts[].noProxy boolean false 0.3.1+ Ignore the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables when connecting to that Kubernetes cluster.
kubernetes.accounts[].oAuthScopes []string empty List of OAuth scope when authenticating with gcp provider
Cluster access for kubectl.
kubernetes.accounts[].omitKinds []string empty List of kinds not to cache.
kubernetes.accounts[].omitNamespaces []string empty Blacklist of namespaces
This comes at a greater cost of multiplying the resources by the number of namespaces.
kubernetes.accounts[].onlyNamespacedResources boolean false 0.4.0+ If true, the Agent ignores non-namespaced resources; namespaces must be whitelisted with namespaces setting and CRDs with customResourceDefinitons.
kubernetes.accounts[].onlySpinnakerManaged boolean false Only return Armory Continuous Deployment managed resources
NOT IMPLEMENTED in the Agent but added to the plugin see kubesvc.runtime.defaults.onlySpinnakerManaged.
kubernetes.accounts[].permissions list empty List of permissions (currently READ or WRITE) with a list of authorized roles. For more information, see Permissions format.
kubernetes.accounts[].maxResumableResourceAgeMs integer 300000 (5m) When connecting to Armory Continuous Deployment, the Agent asks Clouddriver for the latest resource version known per resource that is not older than that setting.

The resource version is used to resume the watch without first doing a list - saving memory and time. There’s no guarantee that the resource version is still known. If not “remembered” by the Kubernetes API server, a list call is used. Kubernetes API Concepts
kubernetes.accounts[].serviceAccount boolean false If true and the Agent runs in Kubernetes - use the current service account to call to the current API server. In that mode, you don’t need to provide a kubeconfig file.
kubernetes.accounts[].skipManifestDefaults boolean false By default the Agent sets the latest defaults values on the manifests it applies. If set to true or ServerSideApply is disabled, the Agent sends manifests as is to the Kubernetes API.
kubernetes.accounts[].skipServerSideApply boolean false By default the Agent deploys manifests using ServerSideApply. If set to true, the Agent uses the last-applied kubectl client side annotation. Used for troubleshooting.
kubernetes.retries.enabled boolean true Optional. Enable or disable retries when the Agent makes a failed request to the Kubernetes API server.
kubernetes.retries.maxRetries integer 3 Optional. The number of times that the Agent will try the same request if it fails.
kubernetes.retries.backOffMs integer 3000 Optional. How much time (in milliseconds) to wait between retry attempts.
kubernetes.retries.retryAnyError boolean false Optional. If true, Agent will retry when encountering any error from the Kubernetes API server. If false, Agent will only retry if the error contains any item from retryableErrors.
kubernetes.retries.retryableErrors string - timeout
- deadline exceeded
Optional. If the error from the Kubernetes API server contains any item from this list, the request will be retried. Requires retryAnyError to be false.
logging.file string stdout if not defined File to save logs to.
logging.format string text Format for the Agent logs. Can be text or json
logging.level string INFO Log level. Can be any of (case insensitive):
panic, fatal , error, warn (or warning), info, debug, trace.
logging.multiWrite boolean false When set to true, logs will be printed to stdout and saved to a file simultaneously.
logging.maxSizeMb integer 1 Max size of each log file.
logging.maxAgeDays integer 10 How many days to keep the log file backup.
logging.maxBackups integer 10 Max number of log file backups.
logging.localTime boolean true when set to true the timestamps will have local time, otherwise UTC.
logging.compress boolean false when set to true files are compressed as tar gz.
pprof.enabled boolean false Enable pprof endpoint. Useful for troubleshooting, slowness, memory leaks, and more!
pprof README.
pprof.port integer 6060 Port on which to respond to pprof requests.
prometheus.enabled boolean false Enable Prometheus handler.
prometheus.port integer 8008 Port to expose Prometheus metrics on. Responds to both /metrics (standard) and /prometheus_metrics (Armory Continuous Deployment default). string localhost Hostname of the server health check.
server.port integer 8082 Port of the server health check.
server.ssl.enabled, server.ssl.certFile, server.ssl.keyFile, server.ssl.keyPassword, server.ssl.caCertFile, server.ssl.keyFilePassword, server.ssl.clientAuth Various options to control TLS config. Don’t bother, it’s just for the health endpoint.
secrets.vault.* object none Vault configuration.
tasks.totalBudget integer 0 If > 0, limits the number of tasks that can be started. Tasks have different cost. Watches are considered free because they are part of the normal operations of the Agent.
tasks.budgetPerAccount integer 0 Same as totalBudget but per account. If both settings are provided, they’re both checked.
tasks.queueCheckFrequencyMs integer 2000 Frequency at which the Agent checks for new tasks to launch. Once launched a task is not stopped until explicitly requested (account unregistered or connection to Armory Continuous Deployment lost).
timeoutSeconds integer 0 0.5.12+ The maximum length of time to wait before giving up on a server request. A value of zero means no timeout.

Last modified March 3, 2023: (2d06908)