Skip to content

Commit

Permalink
apply @aimeeu's updates
Browse files Browse the repository at this point in the history
  • Loading branch information
Alex Fornuto committed May 3, 2021
1 parent 16a1221 commit 2dcae43
Showing 1 changed file with 30 additions and 191 deletions.
221 changes: 30 additions & 191 deletions content/en/docs/installation/guide/install-on-k8s.md
Original file line number Diff line number Diff line change
Expand Up @@ -267,213 +267,52 @@ The command returns the namespaces in the EKS cluster.
{{< tabs name="install-steps" >}}
{{% tab name="Armory Operator" %}}

### Install CRDs and Operator
You need Kubernetes `ClusterRole` authority to install the Operator in `cluster` mode.

First, download the latest release.
You can find the Operator's deployment configuration in `spinnaker-operator/deploy/operator/cluster` after you download and unpack the archive. You don't need to update any configuration values.

```bash
$ bash -c 'curl -L https://github.com/armory-io/spinnaker-operator/releases/latest/download/manifests.tgz | tar -xz'
```

Install Armory CRDs:

```bash
$ kubectl apply -f deploy/crds/
```

Create a namespace for Operator. In this guide you use `spinnaker-operator`, but the namespace can have any name, provided that you update the namespace name in the `role_binding.yaml` file.
1. Get the latest Operator release:

```bash
kubectl create namespace spinnaker-operator
```

Install Operator manifests:

```bash
$ kubectl apply -n spinnaker-operator -f deploy/operator/cluster
```
**Armory Operator** ![Proprietary](/images/proprietary.svg)

After installation, you can verify that Operator is running with the following command:
```bash
mkdir -p spinnaker-operator && cd spinnaker-operator
bash -c 'curl -L https://github.com/armory-io/spinnaker-operator/releases/latest/download/manifests.tgz | tar -xz'
```

```bash
$ kubectl -n spinnaker-operator get pods
```
1. Install or update CRDs across the cluster:

The command returns output similar to the following if the pod for Operator is running:
```bash
kubectl apply -f deploy/crds/
```

```
NAMESPACE READY STATUS RESTARTS AGE
spinnaker-operator-7cd659654b-4vktl 2/2 Running 0 6s
```
1. Create the namespace for the Operator:

### Install Armory
In `cluster` mode, if you want to use a namespace other than `spinnaker-operator`, you need to edit the namespace in `deploy/operator/kustomize/role_binding.yaml`.

First, create the namespace where Armory will be installed. In this guide you use `spinnaker`, but it can have any name:
```bash
kubectl create ns spinnaker-operator
```

```bash
kubectl create namespace spinnaker
```
1. Install the Operator:

You define and configure Armory in a YAML file and use `kubectl` to create the service. Copy the contents below to a configuration file called `spinnakerservice.yml`. The code creates a Kubernetes `ServiceAccount` with permissions only to the namespace where Armory is installed. Applying this file creates a base Armory installation with one Kubernetes target account, which enables Armory to deploy to the same namespace where it is installed.
```bash
kubectl -n spinnaker-operator apply -f deploy/operator/kustomize
```

Note the values that you need to modify:
1. Verify that the Operator is running:

- Armory `version`: Use the version of Armory that you want to deploy, which can be found [here]({{< ref "rn-armory-spinnaker#list-of-stable-armory-releases" >}}).
- S3 `bucket`: Use the name of the S3 bucket created above.
- S3 `region`: Region where the S3 bucket is located.
- S3 `accessKeyId`: Optional, set when using IAM user credentials to authenticate to the S3 bucket.
- S3 `secretAccessKey`: Optional, set when using IAM user credentials to authenticate to the S3 bucket.
- metadata `name`: Change if you're installing Armory to a namespace other than `spinnaker`.
```bash
kubectl -n spinnaker-operator get pods
```

```yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
name: spin-role
rules:
- apiGroups:
- ""
resources:
- pods
- services
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- namespaces
verbs:
- '*'
- apiGroups:
- batch
- extensions
resources:
- jobs
verbs:
- '*'
- apiGroups:
- apps
- extensions
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- apps
resourceNames:
- spinnaker-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- metrics.k8s.io
resources:
- pods
verbs:
- '*'
- apiGroups:
- apps
resourceNames:
- spinnaker-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- spinnaker.io
resources:
- '*'
- spinnakeraccounts
verbs:
- '*'
- apiGroups:
- spinnaker.armory.io
resources:
- '*'
- spinnakerservices
verbs:
- '*'
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: spin-sa
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: spin-role-binding
subjects:
- kind: ServiceAccount
name: spin-sa
roleRef:
kind: Role
name: spin-role
apiGroup: rbac.authorization.k8s.io
---
apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
name: spinnaker
spec:
spinnakerConfig:
config:
version: 2.17.1 # Replace with desired version of Armory to deploy
persistentStorage:
persistentStoreType: s3
s3:
bucket: spinnaker-abcxyz # Replace with the name of the S3 bucket created previously
region: us-west-2 # Replace with correct bucket's region
accessKeyId: XYZ # (Optional, set only when using an IAM user to authenticate to the bucket instead of an IAM role)
secretAccessKey: XYZ # (Optional, set only when using an IAM user to authenticate to the bucket instead of an IAM role)
rootFolder: front50
features:
artifacts: true
providers:
kubernetes:
accounts:
- name: spinnaker
cacheThreads: 1
cachingPolicies: []
configureImagePullSecrets: true
customResources: []
dockerRegistries: []
kinds: []
namespaces:
- spinnaker # Name of the namespace where Armory is installed
oAuthScopes: []
omitKinds: []
omitNamespaces: []
onlySpinnakerManaged: false
permissions: {}
providerVersion: V2
requiredGroupMembership: []
serviceAccount: true
enabled: true
primaryAccount: spinnaker
service-settings:
clouddriver:
kubernetes:
serviceAccountName: spin-sa
```
The command returns output similar to the following if the pod for the Operator is running:

Deploy the manifest with the following command:
```
NAMESPACE READY STATUS RESTARTS AGE
spinnaker-operator-7cd659654b-4vktl 2/2 Running 0 6s
```

```bash
kubectl -n spinnaker apply -f spinnakerservice.yml
```
{{% /tab %}}
{{% tab name="Halyard" %}}

Expand Down

0 comments on commit 2dcae43

Please sign in to comment.