Configure Armory Halyard

Configure Armory-extended Halyard profiles and storage.

Overview of Armory Halyard

Armory-extended Halyard can be configured via /opt/spinnaker/config/halyard.yml. If you run the Docker image, you can provide your own configuration by mounting the file or directory to the container. If you’re running the Armory Operator, you can also configure the behavior of the internal Halyard by creating a Kubernetes ConfigMap and mounting it to the Halyard container.

halyard:
  halconfig:
    directory: <user's home directory>/.hal

spinnaker:
  artifacts:
    debianRepository:
    dockerRegistry:
    googleImageProject:
  config:
    input:
      bucket: halconfig
      region: us-west-2

Profiles

You can choose a different location for your Armory configuration by changing halyard.halconfig.directory. The Halyard daemon needs to be able to read and write to that location.

Versions

Armory-extended Halyard stores all the versions in a public s3 bucket (halconfig). Sometimes, clients prefer to store the versions in a storage under their control.

Using a different s3 bucket

To use a different s3 bucket, you just need to change these two properties to point to your own bucket:

spinnaker:
  config:
    input:
      bucket: mybucket
      region: us-west-1

Using a private s3 bucket

By default Armory-extended Halyard will access version definitions and bills of materials without using the host’s s3 credentials. You can force it to sign the s3 requests by adding:

spinnaker.config.input.anonymousAccess: false

With that change, you’ll need to pass AWS credentials to Halyard’s daemon - for instance by specifying environment variables:

docker run --name armory-halyard --rm \
    -e AWS_ACCESS_KEY_ID=<AWS account key> \
    -e AWS_SECRET_ACCESS_KEY=<AWS secret key> \
    -v ~/.hal:/home/spinnaker/.hal \
    -v ~/.kube:/home/spinnaker/.kube \
    -it docker.io/armory/halyard-armory:1.11.0

Using a private s3 bucket with assume role

Armory-extended Halyard can be configured to assume a specified role when accessing the bucket:

spinnaker.config.input.assumeRoleArn: <role arn to assume>

Using an s3 compatible storage

If you’re using an s3 compatible storage such as minio, you can override the endpoint:

spinnaker.config.input.endpoint: http://192.168.1.1:9000

You can also enable path-style access with:

spinnaker.config.input.enablePathStyleAccess: true

Last modified February 24, 2021: (8406fa0)