Plugin Configuration Options
This guide contains a detailed list of Armory Agent plugin configuration options for Clouddriver.
Setting | Type | Default | Description |
---|---|---|---|
kubesvc.cluster |
string | none | Type of clustering.local : don’t try to coordinate with other Clouddriver instancesredis : use Redis to coordinate via pubsub. Use redis if you plan to use multiple Clouddriver instances.local will be deprecated in a future release. |
kubesvc.loadBalancer |
string | none | Pick a different account load balancing algorithm. Only implementation so far is the “MN algorithm” that does hides Agent connections from other clouddriver instances and assigns account to the least busy connected Clouddriver while never unassigning an account from a still connected instance unless it dies or stops being connected to that account. |
kubesvc.cache.cacheStreamingPoolCoreSize kubesvc.cache.cacheStreamingPoolMaxSize |
integer | 10/100 | Thread pool sizing to write to cache. Each thread handles events for a single account at a time. It doesn’t need to be greater than the number of agents. More threads means faster response. If Kubernetes accounts are very busy, you can set max size to number of Kubernetes accounts / number of Clouddriver instances . |
kubesvc.cache.onDemandQuickWaitMs |
integer | 10000 | How long to wait for a recache operation. |
kubesvc.cache.eventsCleanupFrequencySeconds |
integer | 7200 (2h) | How long to keep Kubernetes events cached for. |
kubesvc.cache.accountCleanupFrequencySeconds |
integer | 600 (10m) | How long to keep accounts that are no longer connected to any Agent |
kubesvc.cache.cleanDataWithUnusedAccounts |
boolean | true | When cleaning an old account, also clean its associated data |
kubesvc.disableV2Provider |
boolean | false | If you don’t need the V2 provider account, set that to true to speed up caching deserialization. |
kubesvc.runtime.defaults.onlySpinnakerManaged |
boolean | false | Same meaning as V2 provider. Should Spinnaker cache manifests that are not deployed by Spinnaker? |
kubesvc.runtime.defaults.customResources[].kubernetesKind kubesvc.runtime.defaults.customResources[].spinnakerKind kubesvc.runtime.defaults.customResources[].deployPriority kubesvc.runtime.defaults.customResources[].versioned kubesvc.runtime.defaults.customResources[].namespaced |
string string number as string (“100”) boolean boolean |
none none “100” false false |
Same meaning as V2 provider. Customize behavior of Spinnaker for an unknown (to Spinnaker) resource. - kubernetesKind in the format <kind>.<api group> - spinnakerKind is one of the Spinnaker kinds- deployPriority will determine in which order Spinnaker will deploy a resource if multiple manifests are to be deployed in an operation.- versioned should Spinnaker version new resource or just update them?- namespaced is barely used with kubesvc. TODO: remove |
kubesvc.runtime.accounts[string].onlySpinnakerManaged kubesvc.runtime.accounts[string].customResources[]… |
Same as above but per account. This takes priority over default runtime settings. Default values are used if not populated for the account. Format is a map (account name → props), e.g. kubesvc.runtime.accounts: prod: onlySpinnakerManaged: true |
||
kubesvc.grpc.server.address |
string | * |
Address to bind the gRPC server to |
kubesvc.grpc.server.port |
int | 9091 |
Port to bind the gRPC server to |
kubesvc.grpc.server.healthServiceEnabled |
boolean | true |
Enable gRPC healthcheck service |
kubesvc.grpc.server.maxInboundMessageSize |
data size | 4MB |
Maximum size of a gRPC message. It should be at least as big as the biggest Kubernetes object manifest you can expect. |
kubesvc.grpc.server.security.enabled |
boolean | false |
Enable transport level security |
kubesvc.grpc.server.security.certificateChain |
string | none | Reference to the server’s certificate chain. |
kubesvc.grpc.server.security.privateKey |
string | none | Reference to the private key of the server. |
kubesvc.grpc.server.security.privateKeyPassword |
string | none | Reference to private key password if password protected. You can use secret management to store the password. |
kubesvc.grpc.server.security.clientAuth |
string | NONE |
NONE : no client certificate verification, OPTIONAL : verify client certificates if presented, REQUIRE : require client to present certificates and verify it |
kubesvc.grpc.server.security.ciphers |
list(string) | [] |
By default, use the systems default ciphers. |
kubesvc.grpc.server.security.trustCertCollection |
string | none | By default, use the systems default truststore (cacerts). Otherwise, reference to a truststore to validate clients. |
kubesvc.grpc.server.security.protocols |
string | none | By default, use the systems default protocols. Otherwise, list of protocols accepted (TLSv1.1 , TLSv1.2 , etc. |
kubesvc.operations.retry.maxRetries kubesvc.operations.retry.backoffMs |
int long |
5 2000 |
When an operation is to be sent to an account, Clouddriver will attempt to find a connected agent. If it cannot (e.g. restart of an agent, re-balancing, network issue), the operation will be retried up to retry - 1 times with backoffMs wait time b/w each try. |
kubesvc.heartbeat.initialDelay kubesvc.heartbeat.period kubesvc.heartbeat.periodUnit |
long long timeUnit |
0 30 SECONDS |
How often each Clouddriver node reports its assingments as recent. Set the heartbeat period to a value less than kubesvc.cache.accountCleanupFrequencySeconds to prevent losing account cache. |
kubesvc.credentials.poller.reloadFrequencyMs |
long | 30000 | 2.23.0+ 1.23.0+ How often the plugin will refresh account credentials to clouddriver in case credentials.poller.enabled is disabled. Otherwise the standard properties of credentials.poller.enabled and credentials.poller.types.kubernetes.reloadFrequencyMs are respected |
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified March 29, 2021: (062739f)