Quick Start: Spinnaker and the Armory Scale Agent

This guide shows you how to use the Spinnaker Operator and Kustomize to install Spinnaker and the Scale Agent in the same Kubernetes cluster and namespace for testing the Scale Agent’s features.

Quick start overview

In this guide, you deploy a basic instance of Spinnaker 1.28+ and the corresponding Scale Agent plugin and service. You can evaluate:

Dynamic accounts for dynamically adding and managing Kubernetes accounts
Automated scanning for newly created accounts in Clouddriver and migrating those accounts to Scale Agent management
Intercepting and processing requests sent to Clouddriver’s <GATE-URL>/credentials endpoint

Objectives

Meet the requirements listed in the Before you begin section.
Learn the options for migrating Clouddriver accounts to the Scale Agent.
Deploy the Spinnaker Operator.
Get the spinnaker-kustomize-patches repo.
Configure Spinnaker.
Deploy Spinnaker and the Scale Agent.

Since this guide is for installing the Armory Scale Agent in a test environment, it does not include mTLS configuration. The Scale Agent service and plugin do not communicate securely.

Before you begin

You are familiar with Kubernetes Operators, which use custom resources to manage applications and their components.
You understand the concept of managing Kubernetes resources using manifests.
You have read how Armory’s operators deploy Spinnaker or Armory CD.
You have a cluster with at least least 4 cores and 16 GB of RAM available.

Options for migrating Kubernetes accounts

In Spinnaker, you can configure Kubernetes accounts in multiple places:

Clouddriver configuration files: clouddriver.yml, clouddriver-local.yml, spinnaker.yml, spinnaker-local.yml
Clouddriver database: clouddriver.accounts table
Spring Cloud Config Server reading accounts from Git, Vault, or another supported backend
Plugins

You have the following options for migrating accounts to the Scale Agent:

You can configure the Scale Agent service to manage specific accounts by adding those accounts to a ConfigMap. This approach means you should remove the accounts from the Clouddriver credential source before you deploy the service.
You can dynamically migrate accounts after the service has been deployed. This requires kubectl access to the cluster so you can port-forward the endpoint to your local machine.

This guide shows you how to statically add an account to the Scale Agent service configuration before deployment.

Deploy the Spinnaker Operator

Decide which Spinnaker Operator release you need based on the Kubernetes version you are using.

Kubernetes Version	Spinnaker Operator Version	Spinnaker Version
1.22+	1.3+	1.27+
1.21	1.2.5	1.27+

Fetch the Spinnaker Operator.

Replace <release-version> with a specific version or use latest to fetch the latest release.

mkdir -p spinnaker-operator && cd spinnaker-operator
bash -c 'curl -L https://github.com/armory/spinnaker-operator/releases/<release-version>/download/manifests.tgz | tar -xz'

From the root of your spinnaker-operator directory, install the Spinnaker Operator CRDs cluster-wide.
```
kubectl apply -f deploy/crds/
```

Install the Spinnaker Operator in namespace spinnaker.

kubectl create ns spinnaker
kubectl -n spinnaker apply -f deploy/operator/cluster

Verify that the Spinnaker Operator is running before you deploy Spinnaker.

kubectl get pods -n spinnaker | grep operator

Output is similar to:

spinnaker-operator-79599cbf55-js5pg   2/2     Running   0          159m

Get the spinnaker-kustomize-patches repo

Armory maintains the spinnakaker-kustomize-patches repo, which contains common configuration options for Armory Continuous Deployment or Spinnaker as well as helper scripts. The patches in this repo give you a reliable starting point when adding and removing features.

Configuration in this repository is meant for Armory Continuous Delivery. To make it compatible with Spinnaker instead, apply the utilities/switch-to-oss.yml patch.

To start, create your own copy of the spinnaker-kustomize-patches repository by clicking the Use this template button:

If you intend to update your copy from upstream, use Fork instead. See Creating a repository from a template for the difference between Use this template and Fork.

Once created, clone this repository to your local machine.

Configure Spinnaker

You can find the recipe for deploying Spinnaker and the Scale Agent in recipes/kustomization-oss-agent.yml.

#-------------------------------------------------------------------------------
# Minimum Starting Point Recipe with Armory Scale Agent.
#
# Self contained Spinnaker installation with no external dependencies and no
# additional configuration needed. This is intended as a starting point for any
# kubernetes cluster. Not for production use.
#
# Features:
# - Spinnaker Operator
# - One Kubernetes account (Spinnaker's own cluster) using the Scale Agent
# - Spinnaker authentication disabled
# - Self hosted minio as a persistent storage
# - Self hosted redis backend for caching and temporal storage of services
#-------------------------------------------------------------------------------
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

namespace: spinnaker

resources:
  - infrastructure/mysql.yml           # (Optional, not for production use). MySQL server needed if using SQL backend in Spinnaker

components:  
  - core/base                             # Defines base configuration across the cluster
  - core/persistence/in-cluster           # Enables persistence using MinIO in-cluster
  - targets/kubernetes/scale-agent        # Enables the plugin version of the Scale Agent

patchesStrategicMerge:
  - core/patches/oss-version.yml          # Sets the OSS version to use  
  - persistence/patch-sql-clouddriver.yml # setup clouddriver to use SQL for storage

transformers:
  - utilities/unique-service-account.yml  # Ensures that ServiceAccounts are unique  

# This patch ensures that the correct OSS apiVersion is used.
patches:
  - target:
      kind: SpinnakerService
    path: utilities/switch-to-oss.yml

The resources section contains files that install apps that you want Spinnaker to use, such as MySQL.
The components section contains paths to directories that define collections of Kubernetes resources. This section contains a link to the targets/kubernetes/scale-agent directory, which contains the Scale Agent installation files.
The patchesStrategicMerge section contains links to files that contain partial resource definitions. Kustomize uses these patch files to overwrite sections of components or resources, such as the SpinnakerService definition.
The patches section is a list of files that Kustomize executes to add or replace fields on resources. The utilities/switch-to-oss.yml patch instructs Kustomize to replace apiVersion: spinnaker.armory.io/v1alpha2 with apiVersion: spinnaker.io/v1alpha2 in the SpinnakerService manifest.
The transformers section contains links to files that define Kustomize transformers.

What this recipe does

Configures MinIO as the persistent storage provider (instead of Redis or cloud storage)
Installs MySQL and configures Clouddriver to use MySQL
Enables Clouddriver Account Management
Installs the plugin
Creates a ServiceAccount, ClusterRole, and ClusterRoleBinding for the Scale Agent service
Deploys the service

What this recipe does not do

Publicly expose Spinnaker services
Configure mTLS; communication between the plugin and service is not secure

Spinnaker version

To change the Spinnaker version, update spec.spinnakerConfig.config.version in core/patches/oss-version.yml.

If you chose a Spinnaker version earlier than 1.28, you should modify the targets/kubernetes/scale-agent/plugin-config file to disable Clouddriver Account Management as in the following example:

spec:
  spinnakerConfig:
    profiles:
      clouddriver:
        account:
          storage:
            enabled: false # This enables Clouddriver Account Management; requires Armory CD 2.28+ or Spinnaker 1.28+

Configure your Kubernetes account

You should configure a Kubernetes account or accounts for the Scale Agent service to manage. You do this in targets/kubernetes/scale-agent/armory-agent.yml.

Add your Kubernetes accounts to the kubernetes.accounts section. For example:

kubernetes:
  accounts:
    - kubeconfigFile: /kubeconfigfiles/kubeconfig
      name: agent-demo

Deploy Spinnaker

Execute all commands from the root of spinnaker-kustomize-patches.

Set the kustomize recipe.

The kustomization.yml file in the project root is a symlink to recipes/kustomization-all.yml. Update to point to recipes/kustomization-oss-agent.yml.
```
ln -vfns ./recipes/kustomization-oss-agent.yml kustomization.yml
```
(Optional) Verify the Kustomize build output.
```
kubectl kustomize kustomization.yml
```
This prints out the contents of the manifest file that Kustomize built based on your kustomization file.
Apply the manifest.
```
kubectl apply -k .
```

Verify the installation.

kubectl -n spinnaker get spinsvc && echo "" && kubectl -n spinnaker get pods

You can also access the Clouddriver log to verify that the plugin is running and communicating with the service.

kubectl -n spinnaker logs deployment/spin-clouddriver | grep -E "Start plugin|Starting Kubesvc plugin|Registering agent with"

Confirm success

If you haven’t publicly exposed Spinnaker based on your cloud provider’s guides, you should port-forward in order to access the Spinnaker UI and API:

# port-forward for the UI
kubectl port-forward svc/spin-deck 9000:9000 -n spinnaker
# port-forward for the API
kubectl port-forward svc/spin-gate 8084:8084 -n spinnaker

Create a pipeline with a Deploy manifest stage. You should see your target cluster available in the Accounts list. Deploy a static manifest.

What’s next

Dynamic Accounts Architecture and Features
Migrate Clouddriver Kubernetes Accounts to the Armory Scale Agent
Troubleshoot the Armory Scale Agent Service and Plugin page if you run into issues.

Feedback

Was this page helpful?

Thank you for letting us know!

Sorry to hear that. Please tell us how we can improve.

Last modified March 3, 2023: (2d069084)