Plugin Configuration Options

This guide contains a detailed list of Armory Agent plugin configuration options for Clouddriver.

Proprietary

Setting Type Default Description
kubesvc.cluster string none Type of clustering.
local: don’t try to coordinate with other Clouddriver instances
redis: use Redis to coordinate via pubsub. Use redis if you plan to use multiple Clouddriver instances.
local will be deprecated in a future release.
kubesvc.loadBalancer string none Pick a different account load balancing algorithm. Only implementation so far is the “MN algorithm” that does hides Agent connections from other clouddriver instances and assigns account to the least busy connected Clouddriver while never unassigning an account from a still connected instance unless it dies or stops being connected to that account.
kubesvc.cache.cacheStreamingPoolCoreSize
kubesvc.cache.cacheStreamingPoolMaxSize
integer 10/100 Thread pool sizing to write to cache. Each thread handles events for a single account at a time. It doesn’t need to be greater than the number of agents. More threads means faster response. If Kubernetes accounts are very busy, you can set max size to number of Kubernetes accounts / number of Clouddriver instances.
kubesvc.cache.onDemandQuickWaitMs integer 10000 How long to wait for a recache operation.
kubesvc.cache.eventsCleanupFrequencySeconds integer 7200 (2h) How long to keep Kubernetes events cached for.
kubesvc.cache.accountCleanupFrequencySeconds integer 600 (10m) How long to keep accounts that are no longer connected to any Agent
kubesvc.cache.cleanDataWithUnusedAccounts boolean true When cleaning an old account, also clean its associated data
kubesvc.disableV2Provider boolean false If you don’t need the V2 provider account, set that to true to speed up caching deserialization.
kubesvc.runtime.defaults.onlySpinnakerManaged boolean false Same meaning as V2 provider. Should Spinnaker cache manifests that are not deployed by Spinnaker?
kubesvc.runtime.defaults.customResources[].kubernetesKind
kubesvc.runtime.defaults.customResources[].spinnakerKind
kubesvc.runtime.defaults.customResources[].deployPriority
kubesvc.runtime.defaults.customResources[].versioned
kubesvc.runtime.defaults.customResources[].namespaced
string
string
number as string (“100”)
boolean
boolean
none
none
“100”
false
false
Same meaning as V2 provider. Customize behavior of Spinnaker for an unknown (to Spinnaker) resource.

- kubernetesKind in the format <kind>.<api group>
- spinnakerKind is one of the Spinnaker kinds
- deployPriority will determine in which order Spinnaker will deploy a resource if multiple manifests are to be deployed in an operation.
- versioned should Spinnaker version new resource or just update them?
- namespaced is barely used with kubesvc. TODO: remove
kubesvc.runtime.accounts[string].onlySpinnakerManaged
kubesvc.runtime.accounts[string].customResources[]…
Same as above but per account. This takes priority over default runtime settings. Default values are used if not populated for the account.

Format is a map (account name → props), e.g.
kubesvc.runtime.accounts:
prod:
onlySpinnakerManaged: true
kubesvc.grpc.server.address string * Address to bind the gRPC server to
kubesvc.grpc.server.port int 9091 Port to bind the gRPC server to
kubesvc.grpc.server.healthServiceEnabled boolean true Enable gRPC healthcheck service
kubesvc.grpc.server.maxInboundMessageSize data size 4MB Maximum size of a gRPC message. It should be at least as big as the biggest Kubernetes object manifest you can expect.
kubesvc.grpc.server.security.enabled boolean false Enable transport level security
kubesvc.grpc.server.security.certificateChain string none Reference to the server’s certificate chain.
kubesvc.grpc.server.security.privateKey string none Reference to the private key of the server.
kubesvc.grpc.server.security.privateKeyPassword string none Reference to private key password if password protected. You can use secret management to store the password.
kubesvc.grpc.server.security.clientAuth string NONE NONE: no client certificate verification, OPTIONAL: verify client certificates if presented, REQUIRE: require client to present certificates and verify it
kubesvc.grpc.server.security.ciphers list(string) [] By default, use the systems default ciphers.
kubesvc.grpc.server.security.trustCertCollection string none By default, use the systems default truststore (cacerts). Otherwise, reference to a truststore to validate clients.
kubesvc.grpc.server.security.protocols string none By default, use the systems default protocols. Otherwise, list of protocols accepted (TLSv1.1, TLSv1.2, etc.
kubesvc.operations.retry.maxRetries
kubesvc.operations.retry.backoffMs
int
long
5
2000
When an operation is to be sent to an account, Clouddriver will attempt to find a connected agent. If it cannot (e.g. restart of an agent, re-balancing, network issue), the operation will be retried up to retry - 1 times with backoffMs wait time b/w each try.
kubesvc.heartbeat.initialDelay
kubesvc.heartbeat.period
kubesvc.heartbeat.periodUnit
long
long
timeUnit
0
30
SECONDS
How often each Clouddriver node reports its assingments as recent. Set the heartbeat period to a value less than kubesvc.cache.accountCleanupFrequencySeconds to prevent losing account cache.
kubesvc.credentials.poller.reloadFrequencyMs long 30000 2.23.0+ 1.23.0+ How often the plugin will refresh account credentials to clouddriver in case credentials.poller.enabled is disabled. Otherwise the standard properties of credentials.poller.enabled and credentials.poller.types.kubernetes.reloadFrequencyMs are respected

Last modified March 29, 2021: (062739f)