Armory Enterprise Compatibility Matrix
This page describes the features and capabilities that Armory supports. Note that although Spinnaker™ is part of Armory Enterprise, what Open Source Spinnaker supports and what Armory supports is not a one-to-one relationship.
Legend
Feature status describes what state the feature is in and where you should install it. For more information, see Release Definitions. You can also click on the feature status badge directly.
The feature as a whole is generally available. There may be newer extended functionality that is in a different state.
The feature is in Early Access.
The feature is an Experiment.
Enterprise availablility
The feature or parts of it are available in Open Source Spinnaker.
The feature or parts of it are available only as part of Armory Enterprise for Spinnaker.
Versions
All supported versions for the Armory version refers to the current minor release and the two previous minor releases. For example, if the current version is 2.21.x, all supported versions include 2.19.x, 2.20.x, and 2.21.x. For third-party software, “all supported versions” refers to actively maintained versions by the provider.
Agent
The Armory Agent is compatible with the Armory Platform and open source Spinnaker. It consists of a lightweight service that you deploy on Kubernetes and a plugin that you install into Spinnaker.
| Armory (Spinnaker) Version | Armory Agent Plugin Version | Armory Agent Version |
|---|---|---|
| 2.23.x (1.23.x) | 0.6.5 | 0.5.6 |
| 2.24.x (1.24.x) | 0.7.4 | 0.5.6 |
| 2.25.x (1.25.x) | 0.8.4 | 0.5.6 |
For a full list of previous releases, see this page.
Application metrics for Canary Analysis
Application metrics can be ingested by Kayenta to perform Canary Analysis or Automated Canary Analysis (ACA). For information about how to enable Canary Analysis, see Configure Automated Canary Deployments in Spinnaker.
The following table lists supported app metric providers:
| Provider | Version | ACA | Armory | Note |
|---|---|---|---|---|
| AWS Cloudwatch | All supported versions | Yes | 2.23.1 or later | |
| Dynatrace | All supported versions | Yes | 2.23.0 or later | |
| Graphite | All supported versions | Yes | All supported versions | |
| New Relic | All supported versions | Yes | All supported versions | |
| Prometheus | All supported versions | Yes | All supported versions | Authentication using a bearer token is supported. |
| SignalFx | All supported versions | Yes | All supported versions | |
| Stackdriver | All supported versions | Yes | All supported versions |
Artifacts
Artifacts are deployable resources.
The following table lists the supported artifact stores:
| Provider | Armory | Notes |
|---|---|---|
| Bitbucket | All supported versions | |
| Container registries | All supported versions | Docker Hub, ECR, and GCR |
| GitHub | All supported versions | |
| Git Repo | All supported versions | GitHub or Bitbucket. Supports using the entire repo as an artifact. |
| Google Cloud Storage | All supported versions | |
| HTTP | All supported versions | |
| Maven | All supported versions | |
| S3 | All supported versions |
As code solutions
Pipelines as Code
Pipelines as Code gives you the ability to manage your pipelines and their templates in source control by creating and maintaining dinghyfiles that contain text representations of pipelines. These files are then ingested by Armory to generate pipelines that your app devs can use to deploy their apps.
Templating languages
To create dinghyfiles, you can use one of the following templating languages:
- HashiCorp Configuration Language (HCL)
- JSON
- YAML
Version control systems
The following table lists the supported version control systems:
| Feature | Version | Armory version | Notes |
|---|---|---|---|
| BitBucket Cloud | All supported versions | ||
| BitBucket Server | Previous two major versions | All supported versions | |
| GitHub | All supported versions | Hosted or cloud |
Features
The following table lists specific features for Pipelines as Code and their supported versions:
| Feature | Armory | Notes |
|---|---|---|
| Fiat service account integration | All supported versions | |
| GitHub status notifications | All supported versions | |
| Local modules for development | All supported versions | |
| Modules | All supported versions | Templatize and re-use pipeline snippets across applications and teams |
| Pull Request Validation | 2.21 or later | |
| Slack notifications | All supported versions | |
| Webhook secret validation | All supported versions |
ARM CLI
The ARM CLI is a tool to render dinghyfiles and modules. Use it to help develop and validate your pipelines locally.
You can find the latest version on Docker Hub.
Pipelines as CRD
PaCRD gives you the ability to manage your pipelines as Kubernetes custom resources.
The following table lists the PaCRD features and their supported versions:
| Feature | Armory | Notes |
|---|---|---|
| Create, modify, and delete pipeline manifests | All supported versions | Working within the same cluster Spinnaker is installed in. |
| Create, modify, and delete application manifests | All supported versions | Working within the same cluster Spinnaker is installed in. |
| Define all stages supported by Spinnaker and Armory | PaCRD version 0.10.x and later | Validation support does not exist for all stages. |
Terraform Integration
The Terraform Integration gives you the ability to use Terraform within your Spinnaker pipelines to create your infrastructure as part of your software delivery pipeline.
Supported Terraform versions
The following table lists the supported Terraform versions:
| Terraform Versions | Armory | Note |
|---|---|---|
| 0.11.10 - 0.11.14 | All supported versions | |
| 0.12.0 - 0.12.24 | All supported versions | |
| 0.13.4 - 0.13.5 | 2.24.0 or later | |
| 0.14.0 - 0.14.2 | 2.24.0 or later |
Although other Terraform versions may be usable with Armory and the Terraform Integration, only the versions listed here are supported.
Features
The following table lists the Terraform Integration features and their supported versions:
| Feature | Armory | Notes |
|---|---|---|
| Base Terraform Integration | All supported versions | |
| Named Profiles with authorization | All supported versions |
Authentication
The following table lists the supported authentication protocols:
| Identity provider | Armory | Note |
|---|---|---|
| None | All supported versions | Armory recommends having Armory Enterprise only accessible through a VPN if this is turned on. |
| SAML | All supported versions | |
| OAuth 2.0/OIDC | All supported versions | You can use any OAuth 2.0 provider such as Auth0, Azure, GitHub, Google, Okta, OneLogin, or Oracle Cloud. |
| LDAP/Active Directory | All supported versions | |
| x509 | All supported versions |
Authorization
The following table lists the supported authorization methods:
| Provider | Armory | Note |
|---|---|---|
| None | All supported versions | Armory recommends having Armory Enterprise only accessible through a VPN if this is turned on. |
| GitHub Teams | All supported versions | Roles from GitHub are mapped to the Teams under a specific GitHub organization. |
| Google Groups | All supported versions | |
| LDAP/Active Directory | All supported versions | |
| OAuth 2.0/OIDC | All supported versions | Requires the provider to include groups in claims or be a supported third party integration. |
| SAML | All supported versions |
Baking machine images
The following table lists the supported image bakeries:
| Provider | Armory | Notes |
|---|---|---|
| AWS | All supported versions | |
| GCE | All supported versions | |
| Packer | All supported versions | The following lists the included Packer versions:
|
Baking Kubernetes manifests
The following table lists the supported manifest templating engines:
| Provider | Armory | Notes |
|---|---|---|
| Helm 2 | All supported versions | |
| Helm 3 | 2.19.x or later | |
| Kustomize | All supported versions | Kustomize version installed is 3.8.1 |
Browsers
Spinnaker’s UI (Deck) works with most modern browsers.
Build systems
The following table lists the supported CI systems:
| Provider | Version | Armory | Note |
|---|---|---|---|
| GitHub Actions | n/a | All supported versions | Webhook integration |
| Jenkins | All supported versions | All supported versions |
Custom stages
Armory Enterprise includes custom stages that you can use to extend the capabilities of Armory Enterprise. Some of these stages are available out of the box while others are available as plugins to Armory Enterprise.
| Stage | Armory | Notes |
|---|---|---|
| Evaluate Artifacts | 2.24.0 and later | Available as a plugin |
Deployment targets
Armory supports various deployment targets.
Here’s a great chart by Google to help categorize the different targets.
Compute as a Service
| Provider | Deployment strategies | Armory | Notes |
|---|---|---|---|
| Amazon AWS EC2 |
|
All supported versions |
Container as a Service Platforms
These are providers that are manifest based, so Armory applies the manifest and leaves the rollout logic to the platform itself.
| Provider | Version | Armory | Notes |
|---|---|---|---|
| Kubernetes | 1.16 or later | All supported versions | |
| Amazon AWS EKS | All versions | All supported versions | |
| Google GKE | All versions | All supported versions |
| Provider | Deployment strategies | Armory | Notes |
|---|---|---|---|
| Amazon AWS ECS |
|
All supported versions |
Platform as a Service
| Provider | Version | Deployment strategies | Armory | Notes |
|---|---|---|---|---|
| Google Cloud App Engine |
|
All supported versions | ||
| Cloud Foundry | CC API Version: 2.103.0+ and 3.38.0+ |
|
All supported versions |
Serverless
You write the function and use Armory to manage the rollout of iterative versions. These are usually hosted by Cloud Providers.
| Provider | Deployment strategies | Armory | Notes |
|---|---|---|---|
| Amazon AWS Lambda |
|
All supported versions |
Dynamic accounts
Dynamic accounts (external account configurations) for Spinnaker allow you to manage account configuration outside of Spinnaker, including secrets.
Backend provider
The following table lists the supported backends:
| Provider | Version | Armory | Notes |
|---|---|---|---|
| Git | All supported versions | All supported versions | |
| S3 | n/a | All supported versions | |
| Vault | All supported versions | All supported versions |
Supported Spinnaker services
The following table lists the services that support dynamic accounts:
| Service | Account types | Note |
|---|---|---|
| Clouddriver | Cloud provider, artifact | Automatic configuration refreshing is supported for Cloud Foundry and Kubernetes cloud provider accounts only. |
| Echo | Pub/Sub | |
| Igor | CI systems, version control |
External storage
Spinnaker requires an external storage provider for persisting app settings and pipelines. The following table lists the supported storage solutions:
| Provider | Armory | Notes |
|---|---|---|
| Google Cloud Storage | All supported versions | |
| Minio | All supported versions | |
| S3 | All supported versions |
Depending on the service, Spinnaker also uses either Redis, MySQL, or Postgres as a backing store. The following table lists the supported database and the Spinnaker service:
| Database | DB version | Armory | Spinnaker services | Note |
|---|---|---|---|---|
| Redis | All supported versions | All supported versions | All Spinnaker services that require a backing store | The DB versions refer to external Redis instances. Supported only for services that still require Redis for a feature, such as Gate sessions. Redis is not supported as a core persistent storage engine. Although Spinnaker deploys internal Redis instances, do not use these instances for production deployments. Armory recommends only using them for testing and proof-of-concept deployments. |
| MySQL | MySQL 5.7 (or Aurora) | All supported versions | Clouddriver, Front50, Orca | |
| PostgreSQL | PostgreSQL 10.0 or later | 2.24.0 or later | Clouddriver |
Armory recommends using MySQL or PostgreSQL as the backing store when possible for production instances of Spinnaker. For other services, use an external Redis instance for production instances of Spinnaker.
Notifications
The following table lists the supported notification systems:
| Provider | Armory | Notes |
|---|---|---|
| All supported versions | ||
| GitHub | All supported versions | |
| MS Teams | 2.23.2 or later | |
| Slack | All supported versions | |
| PagerDuty | All supported versions |
Observability
The following table lists the supported observabilty providers:
| Provider | Version | Armory | Note |
|---|---|---|---|
| New Relic | All supported versions | All supported versions | |
| Prometheus | All supported versions | All supported versions | Use Grafana for dashboards. |
Pipeline triggers
The following table lists the supported pipeline triggers:
| Provider | Armory | Notes |
|---|---|---|
| AWS Pub/Sub | All supported versions | |
| Cron | All supported versions | |
| Docker | All supported versions | Docker Registry API v2 required |
| Git | All supported versions | |
| GitHub Webhook | All supported versions | |
| Google Pub/Sub | All supported versions | |
| Jenkins Job | All supported versions | |
| Manual | All supported versions | |
| Webhook | All supported versions |
Policy Engine
The Policy Engine gives you the ability to ensure any Spinnaker pipeline meets certain requirements you specify.
OPA requirements
The Policy Engine requires an Open Policy Agent server. This can be deployed in the same cluster as Spinnaker or in an external cluster.
The following table lists the requirements:
| Requirement | Version | Note |
|---|---|---|
| OPA Server | 0.12.x or later | Specifically, the v1 API must be available. When specify the OPA server URL in the Armory configs, include v1 in the URL: http://<your-opa-server>:<port>/v1. |
Supported validations
| Validation | Armory | Note |
|---|---|---|
| Save time validation | All supported versions | If no policies are set, you cannot save any pipelines until you set any policy or turn off save time validation. |
| Runtime validation | All supported versions | If no policies are set, no policy enforcement occurs and pipelines run as they do normally. |
Secret stores
Note
This section applies to secrets in configuration files, not application secrets.The following table lists the supported secret stores for referencing secrets in config files securely:
| Provider | Armory | Notes |
|---|---|---|
| AWS Secrets Manager | All supported versions | |
| Encrypted GCS Bucket | All supported versions | |
| Encrypted S3 Bucket | All supported versions | |
| Kubernetes secrets | All supported versions | Spinnaker Operator based deployments |
| Vault | All supported versions | Armory only |
Spinnaker Operator
Spinnaker Operator and Armory Operator provide Spinnaker users with the ability to install, update, and maintain their clusters via a Kubernetes operator.
| Feature | Version | Armory Version | Notes |
|---|---|---|---|
| Install, update, and maintain Spinnaker clusters | All supported versions | All supported versions | |
| Automatically determine Deck/Gate URL configuration if Ingress objects are defined | 1.1.0 or later | 1.1.1 or later | Ingress objects must be defined in the same namespace where Spinnaker lives. |
| Support definition of all Halyard configuration options | All supported versions | All supported versions | |
| In cluster mode, validate configuration before apply | All supported versions | All supported versions | Does not work when installed in “basic” mode. Does not guarantee a valid configuration, but does check for most common misconfigurations. |
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.