Configure Armory Enterprise Using Kustomize

This guide describes how to configure Armory Enterprise or Spinnaker using Kustomize patches.

This guide is for both the Armory Operator and the Spinnaker Operator. Armory Enterprise and Spinnaker configuration is the same except for features only in Armory Enterprise. Those features are marked Proprietary.

Why use Kustomize patches for Spinnaker configuration

Even though you can configure Armory Enterprise or Spinnaker in a single manifest file, the advantage of using Kustomize patch files is readability, consistency across environments, and maintainability.

How Kustomize works

Kustomize uses patch files to build a deployment file by overwriting sections of the spinnakerservice.yml manifest file. You declare your patch files in a kustomization.yml file, which kubectl and Kustomize and use to build the Armory Enterprise or Spinnaker manifest file.

You can put each manifest config section in its own file. For example, if you create a profiles-patch.yml patch with configuration for various services, you are telling Kustomize to overwrite the profiles section of the spinnakerservice.yml manifest with the contents of profiles-patch.yml. Kustomize is flexible, though, so you could instead create a separate patch file for each service (profiles-clouddriver-patch.yml, profiles-gate-patch.yml, profiles-deck-patch.yml, etc.), and then declare those patches in the kustomization.yml file.

Kustomize is part of kubectl, so you do not need to install Kustomize locally to build and verify your manifest file. You can run kubectl kustomize <path-to-kustomization.yml>. This prints out the contents of the manifest file that Kustomize builds using your kustomization.yml file.

kubectl versions up to and including v1.20 come bundled with Kustomize v2.0.3. kubectl 1.21 comes bundled with Kustomize v4.0.5. Using Kustomize patches has been tested with kubectl v1.19.x. and standalone Kustomize v2 and v3. You may see a panic error if you use the spinnaker-kustomize-patches repo with Kustomize v4.0+ or kubectl v1.21+.

Kustomize resources

You should familiarize yourself with Kustomize before you create patch files to configure Armory Enterprise.

Kubernetes requirements

Spinnaker Kustomize patches repo

Armory maintains the spinnakaker-kustomize-patches repo, which contains common configuration options for Armory Enterprise or Spinnaker as well as helper scripts. The patches in this repo give you a reliable starting point when adding and removing features.

All of the patches in the repo are for configuring Armory Enterprise. To use the patches to configure open source Spinnaker, you must change spinnaker.armory.io in the apiVersion field to spinnaker.io. This field is on the first line in a patch file.

To start, create your own copy of the spinnaker-kustomize-patches repository by clicking the Use this template button:

button

If you intend to update your copy from upstream, use Fork instead. See Creating a repository from a template for the difference between Use this template and Fork.

Once created, clone this repository to your local machine.

Configure Armory Enterprise

Follow these steps to configure Armory Enterprise:

  1. Choose a kustomization.yml file.
  2. (Optional) If you are deploying open source Spinnaker, change the apiVersion in each patch file.
  3. Set the Armory Enterprise (or Spinnaker) version.
  4. Verify the content of each resource file.
  5. Verify the configuration contents of each patch file.

Choose a kustomization file

Before you begin configuring Armory Enterprise, you need to choose or create a kustomization.yml file. The kustomization.yml specifies the namespace for Armory Enterprise, a list of Kubernetes resources, and a list of patch files to merge into the spinnakerservice.yml manifest file. For example, the recipes/kustomization-quickstart.yml file contains the following:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

# Namespace where spinnaker and all its infrastructure will be installed.
# NOTE: If changed, also change it in all ClusterRoleBinding namespace references.
namespace: spinnaker

resources:
  - spinnakerservice.yml             # (Mandatory). Base spinnaker manifest
  - infrastructure/minio.yml         # Self hosted minio, a S3 compatible data store
  - infrastructure/redis.yml
  - accounts/kubernetes/spin-sa.yml  # Kubernetes service account needed by patch-kube.yml

patchesStrategicMerge:
  - persistence/patch-minio.yml   # (Mandatory). Persistence to store spinnaker applications and pipelines
  - persistence/patch-redis.yml
  - expose/patch-lb.yml                 # Automatically expose spinnaker
  - accounts/kubernetes/patch-kube.yml  # Kubernetes accounts
  - accounts/docker/patch-dockerhub.yml # Docker accounts

  • The resources section contains links to files that define Kubernetes resources: Minio, Redis, and a Kubernetes Service Account.

  • The patchesStrategicMerge section contains links to files that contain partial or complete resource definitions. Kustomize uses these patch files to overwrite sections of the spinnakerservice.yml file.

spinnaker-kustomize-patches/kustomization.yml is a symlink that points to spinnaker-kustomize-patches/recipes/kustomization-minimum.yml. There are multiple kustomization examples in the recipes directory. Choose the one that most closely resembles your use case and link to it. Alternately, you can delete the symlink, move your desired Kustomization file from recipes to the top-level directory, and rename the file to kustomization.yml.

Change the apiVersion

This step is required only if you are deploying open source Spinnaker.

The first line in each patch file defines the apiVersion:

apiVersion: spinnaker.armory.io/v1alpha2

Change spinnaker.armory.io to spinnaker.io if you are deploying open source Spinnaker.

Set the Armory Enterprise version

In spinnaker-kustomize-patches/core_config/patch-version.yml, set the Armory Enterprise version or Spinnaker version that you want to deploy, such as 2.26.0 (Armory Enterprise) or 1.25.3 (Spinnaker).

kind: SpinnakerService
metadata:
  name: spinnaker
spec:
  spinnakerConfig:
    # ------- Main config section, equivalent to "~/.hal/config" from Halyard
    config:
      version: 2.26.0

Add core_config/patch-version.yml to your kustomization.yml file in the patchesStrategicMerge section.

Verify resources

Read each file linked to in the resources section to make sure that the Kubernetes resource as configured works with your environment.

Verify patches

Read each file linked to in the patchesStrategicMerge section. You may need to update each patch configuration with values specific to you and your environment. For example, the kustomization-quickstart.yml file described in the Choose a kustomization file section links to accounts/docker/patch-dockerhub.yml. You need to update that patch file with your own DockerHub credentials.

Explore the patches in various folders to see if there are any that you want to use. Remember to list additional patches in the patchesStrategicMerge section of your kustomization.yml file.

Secrets

If you want to store Spinnaker secrets in Kubernetes, store secret literals in secrets/secrets.env and secret files in secrets/files .

Deploy Armory Enterprise

Once you have configured your patch files, you can deploy Armory Enterprise.

  1. Create the spinnaker namespace:

    kubectl create ns spinnaker

    If you want to use a different namespace, you must update the namespace value in your kustomization.yml file.

  2. (Optional) Verify the Kustomize build output:

    kubectl kustomize <path-to-kustomization.yml>

    This prints out the contents of the manifest file that Kustomize built based on your kustomization.yml file.

  3. Apply the manifest:

    kubectl apply -k <path-to-kustomization.yml>

  4. Watch the install progress and see the pods being created:

    kubectl -n spinnaker get spinsvc spinnaker -w

Help resources

What’s next


Last modified May 17, 2021: (d6c91cc)