Install Armory Enterpriese for Spinnaker in Lightweight Kubernetes using the Armory Operator

Use the Armory Operator to deploy Spinnaker or Armory Enterprise for Spinnaker in a Lightweight Kubernetes (K3s) instance running on an AWS EC2 virtual machine. This environment is for proofs of concept and development.

Armory Enterprise requires a license. For more information, contact Armory.

Overview of installing Armory for proofs of concept work

This guide walks you through using the Armory Operator to install Armory in a Lightweight Kubernetes (K3s) instance running on an AWS EC2 instance. The environment is for POCs and development only. It is not meant for production environments.

See the Install on Kubernetes guide for how to install Armory using the Armory Operator in a regular Kubernetes installation.

If you want to install open source SpinnakerTM, use the open source Spinnaker Operator instead of the Armory Operator.

Prerequisites for installing Armory

Create an AWS EC2 instance

  • Requirements:

    • Ubuntu Server 18.04 LTS (HVM), SSD Volume Type; 64-bit (x86)
    • Minimum 2 vCPUs
    • Minimum 8 GB of memory
    • Minimum of 50 GB of storage
    • Public IP

Install K3s

SSH into your VM and run the following command to install the latest version of K3s:

curl -sfL https://get.k3s.io | sh -s - --write-kubeconfig-mode 644

Output is similar to:

[INFO]  Finding release for channel stable
[INFO]  Using v1.18.6+k3s1 as release
[INFO]  Downloading hash https://github.com/rancher/k3s/releases/download/v1.18.6+k3s1/sha256sum-amd64.txt
[INFO]  Downloading binary https://github.com/rancher/k3s/releases/download/v1.18.6+k3s1/k3s
[INFO]  Verifying binary download
[INFO]  Installing k3s to /usr/local/bin/k3s
[INFO]  Creating /usr/local/bin/kubectl symlink to k3s
[INFO]  Creating /usr/local/bin/crictl symlink to k3s
[INFO]  Creating /usr/local/bin/ctr symlink to k3s
[INFO]  Creating killall script /usr/local/bin/k3s-killall.sh
[INFO]  Creating uninstall script /usr/local/bin/k3s-uninstall.sh
[INFO]  env: Creating environment file /etc/systemd/system/k3s.service.env
[INFO]  systemd: Creating service file /etc/systemd/system/k3s.service
[INFO]  systemd: Enabling k3s unit
Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service.
[INFO]  systemd: Starting k3

Create an S3 bucket

Spinnaker’s Front50 service needs access to an S3 bucket, so create an S3 bucket with a globally unique name. See the Creating a bucket page in the Amazon Simple Storage Service docs for how to create a bucket and naming constraints.

On the Configure options screen, select Versioning and Default encryption.

 Create bucket - configure options

On the Set permissions screen, select Block all public access.

Create your bucket.

Create an IAM Role

Create an IAM Role that you will attach to your EC2 instance. Calls to S3 use this role to get credentials for the requests. You can read more about IAM Roles in AWS’ AWS Identity and Access Management guide.

  1. From the Services menu, select IAM in the Security, Identity, & Compliance section.

     Select IAM

  2. Select the Roles section.

     Select Roles section

  3. Press the Create role button.

     Press Create role

  4. AWS Service is highlighted. Select EC2. Then press the Next: Permissions button.

     Select EC2

  5. In the Filter policies field, type “s3” and press enter. This action displays polices for S3. Select AmazonS3FullAccess. Then press the Next: Tags button.

     Select AmazonS3FullAccess

  6. You can optionally add tags to your Role. Press the Next: Review button to move to the Review screen. Type in a name for your role in the Role name field and then press the Create role button.

     Role review

Attach your IAM Role to your EC2 instance

  1. Navigate to the EC2 services screen and then access your running instance. Select your instance. From the Actions menu, select Instance Settings and then Attach/Replace IAM Role.

     Attach Replace IAM Role

  2. Select the IAM role you created in the previous section. The press Apply.

     Select IAM Role

Install the Armory Operator

Install the Armory Operator in basic mode, which installs Armory into a single namespace. This mode does not perform pre-flight checks before applying a manifest.

  1. SSH into your EC2 VM and download the Armory Operator files:

    mkdir -p spinnaker-operator && cd spinnaker-operator
    bash -c 'curl -L https://github.com/armory-io/spinnaker-operator/releases/latest/download/manifests.tgz | tar -xz'
    
  2. Install the Custom Resource Definitions (CRDs):

    kubectl apply -f deploy/crds/
    
  3. Create the spinnaker-operator namespace:

    kubectl create ns spinnaker-operator
    
  4. Install the Armory Operator on K3s:

    kubectl -n spinnaker-operator apply -f deploy/operator/basic
    

    You can verify successful installation by executing:

    kubectl -n spinnaker-operator get pods
    

    Terminal output is similar to:

    NAME                                  READY   STATUS    RESTARTS   AGE
    spinnaker-operator-589ccc6fd4-56wlc   2/2     Running   0          4m28s
    

Modify the Armory manifest

Edit the SpinnakerService.yml manifest file located in the ~/spinnaker-operator/deploy/spinnaker/basic directory.

You can find detailed configuration information in the Armory Operator Configuration guide.

Update Armory version and S3 bucket name

Update the spec.spinnakerConfig.config.version value to the version of Armory you want to deploy. Check the Release Notes if you are unsure which version to install. Choose v2.20.4, v2.20.5 or v2.21+ if you want to deploy plugins.

Additionally, replace myBucket (spec.spinnakerConfig.config.persistentStorage.s3.bucket) with the name of the s3 bucket you created in Create an S3 Bucket.

Before editing:

kind: SpinnakerService
metadata:
  name: spinnaker
spec:
  # spec.spinnakerConfig - This section is how to specify configuration spinnaker
  spinnakerConfig:
    # spec.spinnakerConfig.config - This section contains the contents of a deployment found in a halconfig .deploymentConfigurations[0]
    config:
      version: 2.15.1   # the version of Spinnaker to be deployed
      persistentStorage:
        persistentStoreType: s3
        s3:
          bucket: mybucket
          rootFolder: front50

This example shows the config if your bucket is named my-s3-bucket and you want to install Armory 2.21.1::

kind: SpinnakerService
metadata:
  name: spinnaker
spec:
  # spec.spinnakerConfig - This section is how to specify configuration spinnaker
  spinnakerConfig:
    # spec.spinnakerConfig.config - This section contains the contents of a deployment found in a halconfig .deploymentConfigurations[0]
    config:
      version: 2.21.1   # the version of Spinnaker to be deployed
      persistentStorage:
        persistentStoreType: s3
        s3:
          bucket: my-s3-bucket
          rootFolder: front50

Modifications for running on K3s

Create a spec.spinnakerConfig.config.security section like the example below, replacing <your-vm-ip> with the public IP address of your EC2 instance. The security section is at the same level as the persistentStorage section.

kind: SpinnakerService
metadata:
  name: spinnaker
spec:
  # spec.spinnakerConfig - This section is how to specify configuration spinnaker
  spinnakerConfig:
    # spec.spinnakerConfig.config - This section contains the contents of a deployment found in a halconfig .deploymentConfigurations[0]
    config:
      version: 2.21.1   # the version of Spinnaker to be deployed
      persistentStorage:
        persistentStoreType: s3
        s3:
          bucket: my-s3-bucket
          rootFolder: front50
      security:
        apiSecurity: # Gate
          overrideBaseUrl: <your-vm-ip>:8084
        uiSecurity: # Deck
          overrideBaseUrl: <your-vm-ip>:9000

Find the expose.service.overrides section at the bottom of the file. Add configuration for Deck and Gate.

expose:
  type: service  # Kubernetes LoadBalancer type (service/ingress), note: only "service" is supported for now
  service:
    type: LoadBalancer
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
    # provide an override to the exposing KubernetesService
  overrides:
    deck:
      publicPort: 9000
    gate:
      publicPort: 8084

Spacing is very important in YAML files. Make sure that the spacing is correct in the SpinnakerService.yml file and that there are no tabs instead of spaces. Incorrect spacing or tabs cause errors when you install Spinnaker.

Show complete SpinnakerService.yml file

Install Armory

Because you installed the Armory Operator in basic mode, you must install Armory into the same spinnaker-operator namespace. Use kubectl apply to deploy the Armory manifest:

kubectl -n spinnaker-operator apply -f deploy/spinnaker/basic/SpinnakerService.yml

You can watch the installation progress by executing:

kubectl -n spinnaker-operator get spinsvc spinnaker -w

You can verify pod status by executing:

 kubectl -n spinnaker-operator get pods

Upgrade Armory

Upgrade Armory by changing the version value in SpinnakerService.yml and using kubectl to apply the manifest.

Delete Armory

Since you installed Armory in the same namespace as the Armory Operator, do not delete the spinnaker-operator namespace unless you want to delete the Armory Operator as well.

You can use the kubectl delete command to delete Armory:

kubectl -n spinnaker-operator delete spinnakerservice spinnaker

Troubleshooting

You can access the Armory Operator logs by executing:

kubectl -n spinnaker-operator logs deploy/spinnaker-operator -c spinnaker-operator

Operator uses Halyard, so you can access the Halyard logs by executing:

kubectl -n spinnaker-operator logs deploy/spinnaker-operator -c halyard

Last modified April 13, 2021: (ce19b17)