System Requirements for Armory Enterprise
The requirements described on this page are meant as a minimum starting point for installing Armory Enterprise. You may need to increase the resources based on the number of applications, pipelines, and executions. Work with your IT organization to make sure that the requirements are met.
Installation targets
This section defines where you can run Armory Enterprise, not where you can deploy your applications. For information about where you can deploy applications to, see the Product Compatibility Matrix.
Armory Enterprise can be installed on any certified Kubernetes cluster that meets the following version requirements:
- Minimum version: 1.16
- Maximum version: 1.20
You install Armory Enterprise using the Armory Operator (a Kubernetes operator), which has the following requirements:
- You must be able to apply Kubernetes manifests and CRDs, either directly using
kubectl
commands from your machine or another method. - By default, the Operator pulls images from a public registry. If you cannot pull images from public registries, see Air-Gapped with the Armory Operator.
Note that Armory does not produce marketplace specific images that can be used by different certified Kubernetes offerings.
The Kubernetes cluster itself must meet the following requirements:
- You have administrator rights to install the Custom Resource Definition (CRD) for the Armory Operator.
- If you are managing your own Kubernetes cluster (not EKS or OpenShift), be sure:
- You have enabled admission controllers in Kubernetes (
-enable-admission-plugins
). - You have
ValidatingAdmissionWebhook
enabled inkube-apiserver
. Alternatively, you can pass the--disable-admission-controller
parameter to the to thedeployment.yaml
file that deploys the Operator.
- You have enabled admission controllers in Kubernetes (
If you do not have a cluster already, consult guides for Amazon EKSor the equivalent for your Kubernetes provider.
Browsers
The UI for Armory Enterprise works best on Firefox or Chromium-based browsers.
External storage
Armory Enterprise requires external storage for storing metadata and history.
Bucket storage
You need an S3-compatible object store, such as an S3 bucket or Minio, for persisting your application settings and pipelines. The account you use to install and run Armory Enterprise needs read/write access to the buckets.
RDBMS (SQL)
Depending on the service, Armory Enterprise also uses either Redis, MySQL, or Postgres as a backing store. The following table lists the supported database and the service:
Database | DB version | Armory | Services | Note |
---|---|---|---|---|
Redis | All supported versions | All supported versions | All Armory Enterprise services that require a backing store | The DB versions refer to external Redis instances. Supported only for services that still require Redis for a feature, such as Gate sessions. Redis is not supported as a core persistent storage engine. Although Armory Enterprise deploys internal Redis instances, do not use these instances for production deployments. Armory recommends only using them for testing and proof-of-concept deployments. For AWS ElastiCache for Redis, the instance type should minimally be set to cache.m5.large . |
MySQL | 5.7; AWS Aurora | All supported versions | Clouddriver, Front50, Orca | For AWS RDS, the instance type should minimally be set to db.r5 . |
PostgreSQL | 10+ | 2.24.0 or later | Clouddriver | For AWS RDS, the instance type should minimally be set to db.r5 . |
Armory recommends using MySQL or PostgreSQL as the backing store when possible for production instances of Armory Enterprise. For other services, use an external Redis instance for production instances of Armory Enterprise.
Hardware requirements
Armory recommends a minimum of 3 nodes that match the following profile:
- CPUS: 8
- Memory (GiB): 32
kubectl
To install and manage Armory Enterprise, Armory recommends using the Armory Operator with Kustomize and tailoring the Kustomize files to meet the requirements of your instance and environment. This installation method supports the following versions of kubectl
: 1.16 to 1.19.
It is possible to use the Operator to install Armory Enterprise without the Kustomize repo. In that case, any actively maintained version of kubectl
is supported.
Networking
Pods in your Kubernetes cluster must be able to communicate with each other without restrictions.
Additionally, the ports for the API gateway (the Gate service) and the UI (the Deck service) need to be exposed. All interactions with Armory Enterprise go through these two services.
Gate ports
- 8084
- 8085 when secured by x509
Deck port
- 9000
Security
Armory Enterprise needs to be able to assume roles in the accounts that it deploys applications to. For example, Armory Enterprise needs the sts:AssumeRole
permission for AWS. Elevated access (equivalent to the level of PowerUser access in AWS) is helpful so that Armory Enterprise can cache data from deployment target accounts and deploy without errors.
In addition to the security requirements that Armory Enterprise needs to run, Armory recommends securing your installation by using a secret store for sensitive values in your configs as well as configuring authentication and authorization.
Feedback
Was this page helpful?
Thank you for letting us know!
Sorry to hear that. Please tell us how we can improve.
Last modified July 20, 2021: (406dfb5)