Armory-extended Halyard Reference
hal - A tool for configuring, installing, and updating Spinnaker.
If this is your first time using Halyard to install SpinnakerTM, look at the Halyard documentation[https://spinnaker.io/reference/halyard/] to familiarize yourself with the product. If at any point you get stuck using ‘hal’, every command can be suffixed with ‘–help’ for usage information.
Usage
hal [parameters] [subcommands]
Global Parameters
--daemon-endpoint
: If supplied, connect to the daemon at this address.--options
: Get options for the specified field name.-a, --alpha
: Enable alpha halyard features.-c, --color
: Enable terminal color output.-d, --debug
: Show detailed network traffic with halyard daemon.-h, --help
: (Default:false
) Display help text about this command.-l, --log
: Set the log level of the CLI.-o, --output
: Format the CLIs output.-q, --quiet
: Show no task information or messages. When set, ANSI formatting will be disabled, and all prompts will be accepted.
Parameters
--docs
: (Default:false
) Print markdown docs for the hal CLI.--print-bash-completion
: (Default:false
) Print bash command completion. This is used during the installation of Halyard.--ready
: (Default:false
) Check if Halyard is up and running. Will exit with non-zero return code when it isn’t.--version, -v
: (Default:false
) Version of Halyard.
Subcommands
armory
: Armory-specific commands are described here.
hal armory
Armory-specific commands are described here.
Usage
hal armory [subcommands]
Subcommands
diagnostics
: Configure diagnostics reportingdinghy
: Configure Dinghy pipelines as codesecrets
: Configure secrets managementinit
: Runs Armory installer
hal armory diagnostics
Configure diagnostics reporting
Usage
hal armory diagnostics [parameters] [subcommands]
Parameters
--deployment
: If supplied, use this Halyard deployment. This will not create a new deployment.--no-validate
: (Default:false
) Skip validation.
Subcommands
disable
: Disable diagnosticsedit
: Edit diagnostics settingsenable
: Enable diagnostics
hal armory diagnostics disable
Disable diagnostics
Usage
hal armory diagnostics disable [parameters]
Parameters
--deployment
: If supplied, use this Halyard deployment. This will not create a new deployment.--no-validate
: (Default:false
) Skip validation.
hal armory diagnostics edit
Edit diagnostics settings
Usage
hal armory diagnostics edit [parameters]
Parameters
--deployment
: If supplied, use this Halyard deployment. This will not create a new deployment.--no-validate
: (Default:false
) Skip validation.--uuid
: (Required) UUID of the Armory installation
Equivalent SpinnakerService.yml config for Spinnaker Operator
apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
name: spinnaker
spec:
spinnakerConfig:
config:
armory:
diagnostics:
enabled: true # Whether or not diagnostics event reporting is enabled
uuid: abc # UUID of the Armory installation
logging:
enabled: true # Whether or not Spinnaker logs are sent to Armory
endpoint: https://debug.armory.io/v1/logs # Destination URL of Spinnaker logs
hal armory diagnostics enable
Enable diagnostics
Usage
hal armory diagnostics enable [parameters]
Parameters
--deployment
: If supplied, use this Halyard deployment. This will not create a new deployment.--no-validate
: (Default:false
) Skip validation.
hal armory dinghy
Configure Dinghy pipelines as code
Usage
hal armory dinghy [parameters] [subcommands]
Parameters
--deployment
: If supplied, use this Halyard deployment. This will not create a new deployment.--no-validate
: (Default:false
) Skip validation.
Subcommands
disable
: Disable Dinghyedit
: Edit Dinghy settingsenable
: Enable Dinghyslack
: Configure Slack notifications (Halyard >= 1.6.3)
hal armory dinghy disable
Disable Dinghy
Usage
hal armory dinghy disable [parameters]
Parameters
--deployment
: If supplied, use this Halyard deployment. This will not create a new deployment.--no-validate
: (Default:false
) Skip validation.
hal armory dinghy edit
Edit Dinghy settings
Usage
hal armory dinghy edit [parameters]
Parameters
--autolock-pipelines
: (Default:true
) Lock pipelines in the UI before overwriting on change.--deployment
: If supplied, use this Halyard deployment. This will not create a new deployment.--dinghyfile-name
: (Default:dinghyfile
) Name of the file in application repositories which contains pipelines--fiat-user
: Fiat user to use for Dinghy operations.--github-endpoint
: (Default:https://api.github.com
) Github API endpoint. Useful if you’re using Github Enterprise.--github-token
: (Sensitive data - user will be prompted on standard input) GitHub token.--gitlab-endpoint
: GitLab endpoint.--gitlab-token
: (Sensitive data - user will be prompted on standard input) GitLab token.--no-validate
: (Default:false
) Skip validation.--stash-endpoint
: Stash API endpoint.--stash-token
: (Sensitive data - user will be prompted on standard input) Stash token.--stash-username
: Stash username.--template-org
: (Required) SCM organization or namespace where application and template repositories are located.--template-repo
: (Required) SCM repository where module templates are located.
Equivalent SpinnakerService.yml config for Spinnaker Operator
apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
name: spinnaker
spec:
spinnakerConfig:
config:
armory:
dinghy:
enabled: true # Whether or not dinghy is enabled
templateOrg: abc # SCM organization or namespace where application and template repositories are located
templateRepo: abc # SCM repository where module templates are located
githubToken: abc # GitHub token.
githubEndpoint: https://api.github.com # (Default: https://api.github.com) Github API endpoint. Useful if you’re using Github Enterprise
stashUsername: abc # Stash username
stashToken: abc # Stash token
stashEndpoint: abc # Stash API endpoint
gitlabToken: abc # GitLab token
gitlabEndpoint: abc # GitLab endpoint
dinghyFilename: dinghyfile # (Default: dinghyfile) Name of the file in application repositories which contains pipelines
autoLockPipelines: true # (Default: true) Lock pipelines in the UI before overwriting on change
fiatUser: abc # Fiat user or service account to use for Dinghy operations
notifiers:
slack:
enabled: false # Whether or not Slack notifications are enabled for dinghy events
channel: abc # Slack channel where notifications will be sent to
webhookValidationEnabledProviders: # List of enabled providers for webhook validations
webhookValidations: # Webhook validations list
- enabled: true # true/false flag to enable validation for the repository
versionControlProvider: abc # Version Control provider
organization: abc # Organization for the repository
repo: abc # Repository name
secret: abc # Secret for the Webhook
hal armory dinghy enable
Enable Dinghy
Usage
hal armory dinghy enable [parameters]
Parameters
--deployment
: If supplied, use this Halyard deployment. This will not create a new deployment.--no-validate
: (Default:false
) Skip validation.
hal armory dinghy slack
Configure Dinghy to send processing results to a Slack channel (Halyard >= 1.6.3)
Usage
hal armory dinghy slack [enable|disable]
Parameters
--deployment
: If supplied, use this Halyard deployment. This will not create a new deployment.--no-validate
: (Default:false
) Skip validation.
Subcommands
enable
: Enable Slack notifications/edit Slack channeldisable
: Disable Slack notifications
hal armory dinghy slack enable
Enable Slack notifications from Dinghy (Halyard >= 1.6.3)
Usage
hal armory dinghy slack enable [parameters]
Parameters
--channel
: If supplied, sets the channel notifications will be sent to.--deployment
: If supplied, use this Halyard deployment. This will not create a new deployment.--no-validate
: (Default:false
) Skip validation.
hal armory dinghy slack disable
Disable Slack notifications from Dinghy (Halyard >= 1.6.3)
Usage
hal armory dinghy slack disable [parameters]
Parameters
--deployment
: If supplied, use this Halyard deployment. This will not create a new deployment.--no-validate
: (Default:false
) Skip validation.
hal armory dinghy webhooksecrets [enable | disable]
Enable or disable webhook secrets validation in GitHub. This does not support other providers. If this option is enabled, all GitHub webhooks will be validated. (Halyard >= 1.8.4)
Usage
hal armory dinghy webhooksecrets <provider> [ enable | disable]
hal armory dinghy webhooksecrets edit
Add or edit webhook secrets validation in GitHub. This does not support other providers. (Halyard >= 1.8.4)
Usage
hal armory dinghy webhooksecrets <provider> edit [parameters]
Parameters
--organization
: Organization for the repository.--repo
: Repository name.--secret
: Secret for the Webhook.--enabled
: true or false. If true, then validation will be done. If false, then validation will always pass (bypass validation).
hal armory dinghy webhooksecrets list
List webhook secrets validations for GitHub. This does not support other providers. (Halyard >= 1.8.4)
Usage
hal armory dinghy webhooksecrets <provider> list [parameters]
Parameters
--organization
: Organization for the repository.--repo
: Repository name.--secret
: Secret for the webhook.--enabled
: true or false.
hal armory dinghy webhooksecrets delete
Delete webhook secrets validations for GitHub. This does not support other providers. Provide at least one parameter for the command to delete the webhook secrets. (Halyard >= 1.8.4)
Usage
hal armory dinghy webhooksecrets <provider> delete [parameters]
Parameters
--organization
: Organization for the repository.--repo
: Repository name.--secret
: Secret for the Webhook.--enabled
: true/false value.--all
: Deletes all Webhook validation records. This param should be used alone.
hal armory init
Runs Armory installer
Usage
hal armory init [parameters]
Parameters
--allow-small
: Passed to armory-install. Don’t stop installation if cluster does not have enough resources--deployment
: If supplied, use this Halyard deployment. This will not create a new deployment.--edge
: Passed to armory-install. Set if you want to run on the latest version--no-diagnostics
: Turns off all diagnostics--no-validate
: (Default:false
) Skip validation.--path
: The path to where armory-install is already installed
hal armory secrets
Configure secrets management
Usage
hal armory secrets [subcommands] [parameters]
Parameters
--deployment
: If supplied, use this Halyard deployment. This will not create a new deployment.--no-validate
: (Default:false
) Skip validation.
Subcommands
vault
: Configure secrets management with Vault
hal armory secrets vault
Configure settings for secrets management with Vault in the Spinnaker services. See our documentation for configuring Halyard itself to use Vault.
Usage
hal armory secrets vault [subcommands] [parameters]
Parameters
--deployment
: If supplied, use this Halyard deployment. This will not create a new deployment.--no-validate
: (Default:false
) Skip validation.
Subcommands
disable
: Disable secret engineedit
: Edit secrets settingsenable
: Enable secret engine
hal armory secrets vault disable
Disable Vault secret engine
Usage
hal armory secrets vault disable [parameters]
Parameters
--deployment
: If supplied, use this Halyard deployment. This will not create a new deployment.--no-validate
: (Default:false
) Skip validation.
hal armory secrets vault edit
Edit Vault secret engine settings
Usage
hal armory secrets vault edit [parameters]
Parameters
--auth-method
: (Required) Method used to authenticate with the Vault endpoint. Must be eitherKUBERNETES
for Kubernetes service account auth orTOKEN
for Vault token auth. TheTOKEN
method will require aVAULT_TOKEN
environment variable set for Halyard and the services.--deployment
: If supplied, use this Halyard deployment. This will not create a new deployment.--no-validate
: (Default:false
) Skip validation.--path
: (Default:kubernetes
) (Applies toKUBERNETES
authentication method) Path of the kubernetes authentication backend mount.--role
: (Applies toKUBERNETES
authentication method) Name of the role against which the login is being attempted.--url
: (Required) URL of the Vault endpoint from Spinnaker services.
Equivalent SpinnakerService.yml config for Spinnaker Operator
apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
name: spinnaker
spec:
spinnakerConfig:
config:
armory:
secrets:
vault:
enabled: true # Whether or not Vault secrets are enabled
url: abc # URL of the Vault endpoint from Spinnaker services
path: kubernetes # (Default: kubernetes) (Applies to KUBERNETES authentication method) Path of the kubernetes authentication backend mount
role: spinnaker # (Applies to KUBERNETES authentication method) Name of the role against which the login is being attempted
authMethod: KUBERNETES # Method used to authenticate with the Vault endpoint. Must be either KUBERNETES for Kubernetes service account auth or TOKEN for Vault token auth. The TOKEN method will require a VAULT_TOKEN environment variable set for Operator and the services.
hal armory secrets vault enable
Enable Vault secret engine
Usage
hal armory secrets vault enable [parameters]
Parameters
--deployment
: If supplied, use this Halyard deployment. This will not create a new deployment.--no-validate
: (Default:false
) Skip validation.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.