Deploy the Armory Scale Agent Service Using a Helm Chart

Use a Helm chart to deploy the Armory Scale Agent service to your Kubernetes cluster.

Chart overview

  • Exposes all settings for installing the Armory Scale Agent service.
  • Enables you to easily deploy the Armory Scale Agent service with default configuration using a single command.
  • Gives you the ability to customize the service settings in a file or via the command line.

Connecting to Armory Cloud services is enabled by default. Armory Cloud services is required for some features to function and affects how you configure the Armory Scale Agent service installation. If you want to connect to Armory Cloud services, you must include your Armory Cloud client ID and secret. You can disable connecting to Armory Cloud services by setting a gPRC URL instead of providing your Armory Cloud services credentials.

Before you begin

Ensure you have completed the following steps before you install the Armory Scale Agent using the Helm chart:

  1. You have installed the Clouddriver plugin.

  2. You are familiar with Helm and have installed v3.6.3+.

  3. You have added or updated the Armory charts repo in your Kubernetes environment.

    To add the Armory chart repo, execute the following command:

    helm repo add armory-charts http://armory.jfrog.io/artifactory/charts
    

    If you have previously added the chart repo, update it with the following commands:

    helm repo update
    helm upgrade armory-agent armory-charts/agent-k8s-full
    
  4. You are familiar with the various use cases for deploying Scale Agent services to your Kubernetes clusters.

Quickstart

Run one of the following commands:

  1. If you want to connect to Armory Cloud services:

    You must include your Armory Cloud clientId and clientSecret credentials.

    helm install armory-agent armory-charts/agent-k8s-full \
    --create-namespace \
    --namespace=<agent-namespace> \
    --set hub.auth.armory.clientId=<your-clientID>,hub.auth.armory.secret=<your-clientSecret>
    
  2. If you don’t want to connect to Armory Cloud services:

    You must include your gPRC endpoint, such as localhost:9090.

    helm install armory-agent armory-charts/agent-k8s-full \
    --create-namespace \
    --namespace=<agent-namespace> \
    --set config.clouddriver.grpc=<endpoint>
    

Command options:

  • --create-namespace: (Optional) Creates the namespace if not present. See the Helm install docs.
  • --namespace=<agent-namespace>: (Required) The namespace where you install the Armory Scale Agent, which is also the deployment target for your app.

Before you start, make sure:

  1. Each account has a kubeconfig file that grants access to the deployment target cluster. If you use Amazon EKS, you can run the following command:

    aws eks update-kubeconfig --name <target-cluster>
    
  2. Each account has a kubeconfig file and a secret created from that file. For example:

    kubectl create secret generic kubeconfig --from-file=<path>/.kube/config -n <namespace>
    

    See the kubectl create secret generic docs for command details.

Run one of the following commands:

  1. If you want to connect to Armory Cloud services:

    You must set your Armory Cloud clientId and clientSecret credentials.

    You must set your kubeconfig file and secret. <kubeconfig> is the name of the file you used when you created the secret. If you used --from-file=<path>/.kube/config, the value of <kubeconfig> is config.

    helm install armory-agent armory-charts/agent-k8s-full \
    --create-namespace \
    --namespace=<agent-namespace> \
    --set hub.auth.armory.clientId=<your-clientID> \
    ,hub.auth.armory.secret=<your-clientSecret> \
    ,kubeconfigs.<account-name>.file=<kubeconfig> \
    ,kubeconfigs.<account-name>.secret=<secret>
    
  2. If you don’t want to connect to Armory Cloud services:

    You must include your gPRC endpoint, such as localhost:9090.

    You must set your kubeconfig file and secret. <kubeconfig> is the name of the file you used when you created the secret. If you used --from-file=<path>/.kube/config, the value of <kubeconfig> is config.

    helm install armory-agent armory-charts/agent-k8s-full \
    --create-namespace \
    --namespace=<agent-namespace> \
    --set config.clouddriver.grpc=<endpoint> \
    ,kubeconfigs.<account-name>.file=<kubeconfig> \
    ,kubeconfigs.<account-name>.secret=<secret>
    

Command options:

  • --create-namespace: (Optional) Creates the namespace if not present. See the Helm install docs.
  • --namespace=<agent-namespace>: (Required) The namespace where you install the Armory Scale Agent, which is also the deployment target for your app.

Confirm success

Create a pipeline with a Deploy manifest stage. You should see your target cluster available in the Accounts list. Deploy a static manifest.

Set proxy settings

The env parameters are optional and only need to be used if Armory CD is behind an HTTP(S) proxy. If you need to set more than one of the env parameters, you must increment the index value for the parameters. For example: env[0].name="HTTP_PROXY, env[1].name="HTTPS_PROXY", and env[2].name="NO_PROXY".

1
2
3
4
5
6
helm install armory-agent armory-charts/agent-k8s-full \
--create-namespace \
--namespace=<agent-namespace> \
--set env[0].name=”HTTP_PROXY”,env[0].value="<hostname>:<port>" \
,env[1].name=”HTTPS_PROXY”,env[1].value="<hostname>:<port>" \
,env[2].name=”NO_PROXY”,env[2].value="localhost,127.0.0.1,*.spinnaker"

Alternatively, you can create a values.yaml file to include the parameters:

env:
  - name: HTTP_PROXY
    value: <hostname>:<port>
  - name: HTTPS_PROXY
    value: <hostname>:<port>
  - name: NO_PROXY
    value: localhost,127.0.0.1,*.spinnaker

With the file, you can avoid setting individual env parameters in the helm install command. Instead include the --values parameter as part of the Helm install command:

--values=<path>/values.yaml

Set a custom Agent image registry

If you need to download the Armory Scale Agent image from a different registry, you can specify that repository using the following settings:

--set image.repository=<repo-name>,image.imagePullPolicy=IfNotPresent, /
image.imagePullSecrets=<secret>

Alternatively, you can create a values.yaml file to include the settings:

image:
  repository: <repo-name>
  imagePullPolicy: IfNotPresent
  imagePullSecrets: <secret>

Include the --values parameter as part of the Helm install command:

--values=<path>/values.yaml

Custom configuration

If you need greater flexibility, you can override any supported configuration option, either by setting values using the command line or by setting values in an armory-agent.yml file.

Set config values using the command line

You can update configuration options via the command line by using --set config.<option>. For example, if you want to set logging.level to debug, use --set config.logging.level=debug to do that.

Set config in a file

You can also override default settings in your own armory-agent.yml file. For example, if you want to modify the default logging settings, create an armory-agent.yml file with the following content:

logging:
  file: "my-log"
  format: "json"
  level: "debug"

Note that you do not use “config” in the armory-agent file even though you do when setting config using the command line.

Then use the --set-file option in the Helm install command:

1
2
3
4
helm install armory-agent armory-charts/agent-k8s-full \
--create-namespace \
--namespace=<agent-namespace> \
--set-file agentyml=<path-to>/armory-agent.yml

You can pass in an armory-agent.yml file and also override values on the command line:

1
2
3
4
5
helm install armory-agent armory-charts/agent-k8s-full \
--create-namespace \
--namespace=<agent-namespace> \
--set-file agentyml=<path-to>/armory-agent.yml \
--set config.logging.level=debug

The difference between values.yaml and armory-agent.yml

armory-agent.yml: any supported configuration option listed in the Armory Scale Agent Options configuration option section.

values.yaml: environmental values such as proxy settings and image repository.

You can use both files. For example:

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
helm install armory-agent armory-charts/agent-k8s-full \
--create-namespace \
--namespace=<agent-namespace> \
--set-file agentyml=<path-to>/armory-agent.yml \
--values=<path-to>/values.yaml
```

## Examples

### Agent mode

<details><summary><string>Armory Cloud, custom config</strong></summary>

This example installs the Armory Scale Agent service into the "dev" namespace with a connection to Armory Cloud services and the following custom configuration:

- `debug` logging level
- Increase the Armory Scale Agent request retry attempts to 5
- Increase the time (in milliseconds) to wait between retry attempts to 5000
- Enables Prometheus.

```bash
helm install armory-agent armory-charts/agent-k8s-full \
--create-namespace \
--namespace=dev \
--set hub.auth.armory.clientId=clientID123,hub.auth.armory.secret=s3cret \
,config.logging.level=debug,config.kubernetes.retries.maxRetries=5 \
,config.kubernetes.retries.backOffMs=5000,config.prometheus.enabled=true
```

The same custom configuration in an `armory-agent.yml` file:

```yaml
logging:
  level: "debug"
kubernetes:
  retries:
    maxRetries: 5
    backOffMs: 5000
prometheus:
  enabled: true
```

Install the Armory Scale Agent with configuration in a file:

```bash
helm install armory-agent armory-charts/agent-k8s-full \
--create-namespace \
--namespace=dev \
--set hub.auth.armory.clientId=clientID123,hub.auth.armory.secret=s3cret
--set-file agentyml=/Users/armory/armory-agent.yml
```

</details>

<details><summary><string>Local gPRC, private image registry, proxy</strong></summary>

This example installs the Armory Scale Agent service into the "dev" namespace with a local gPRC endpoint (no Armory Cloud services connection), pulls the image from a private registry, and configures proxy settings.

```bash
helm install armory-agent armory-charts/agent-k8s-full \
--create-namespace \
--namespace=dev \
--set config.clouddriver.grpc=spin-clouddriver-grpc:9091 \
,image.repository=private-reg/agent-k8s \
,image.imagePullPolicy=IfNotPresent \
,image.imagePullSecrets=regcred \
,env[0].name=”HTTP_PROXY”,env[0].value="corp.proxy.com:8080" \
,env[1].name=”HTTPS_PROXY”,env[1].value="corp.proxy.com:443" \
,env[2].name=”NO_PROXY”,env[2].value="localhost,127.0.0.1,*.spinnaker"

```

The same custom configuration in a `values.yaml` file:

```yaml
image:
  repository: private-reg/agent-k8s
  imagePullPolicy: IfNotPresent
  imagePullSecrets: regcred

env:
  - name: HTTP_PROXY
    value: corp.proxy.com:8080
  - name: HTTPS_PROXY
    value: corp.proxy.com:443
  - name: NO_PROXY
    value: localhost,127.0.0.1,*.spinnaker
```

Install the Armory Scale Agent with configuration in a file:

```bash
helm install armory-agent armory-charts/agent-k8s-full \
--create-namespace \
--namespace=dev \
--values=/Users/armory/values.yaml
--set config.clouddriver.grpc=spin-clouddriver-grpc:9091
```

</details>

<details><summary><string>Agent and environment config in files</strong></summary>

This example installs the Armory Scale Agent service into the "dev" namespace with a connection to Armory Cloud services and the following custom Agent configuration:
- `debug` logging level
- Increase the Armory Scale Agent request retry attempts to 5
- Increase the time (in milliseconds) to wait between retry attempts to 5000
- Enables Prometheus.

Agent configuration in an `armory-agent.yml` file:

```yaml
logging:
  level: "debug"
kubernetes:
  retries:
    maxRetries: 5
    backOffMs: 5000
prometheus:
  enabled: true
```

Additionally, a `values.yaml` file contains custom repository and proxy settings:

```yaml
image:
  repository: private-reg/agent-k8s
  imagePullPolicy: IfNotPresent
  imagePullSecrets: regcred

env:
  - name: HTTP_PROXY
    value: corp.proxy.com:8080
  - name: HTTPS_PROXY
    value: corp.proxy.com:443
  - name: NO_PROXY
    value: localhost,127.0.0.1,*.spinnaker
```


Install command:

```bash
helm install armory-agent armory-charts/agent-k8s-full \
--create-namespace \
--namespace=dev \
--set hub.auth.armory.clientId=clientID123,hub.auth.armory.secret=s3cret
--set-file agentyml=/Users/armory/armory-agent.yml
--vaues=/Users/amory/values.yaml
```

</details>

### Infrastructure mode


<details><summary><string>Armory Cloud, custom config</strong></summary>

This example installs the Armory Scale Agent service into the "dev" namespace with a connection to Armory Cloud services and the following custom configuration:
- `debug` logging level
- Increase the Armory Scale Agent request retry attempts to 5
- Increase the time (in milliseconds) to wait between retry attempts to 5000
- Enables Prometheus.

Create the namespace:

```bash
kubectl create namespace dev
```

Create the secret:

```bash
kubectl create secret generic kubeconfig --from-file=/User/armory/.kube/config -n dev
```

Install the Armory Scale Agent:

```bash
helm install armory-agent armory-charts/agent-k8s-full \
--namespace=dev \
--set hub.auth.armory.clientId=clientID123,hub.auth.armory.secret=s3cret \
,kubeconfigs.account1.file=config \
,kubeconfigs.account1.secret=s3cr3t \
,config.logging.level=debug,config.kubernetes.retries.maxRetries=5 \
,config.kubernetes.retries.backOffMs=5000,config.prometheus.enabled=true
```

The same custom configuration in an `armory-agent.yml` file:

```yaml
logging:
  level: "debug"
kubernetes:
  retries:
    maxRetries: 5
    backOffMs: 5000
prometheus:
  enabled: true
```

Install the Armory Scale Agent with configuration in a file:

```bash
helm install armory-agent armory-charts/agent-k8s-full \
--namespace=dev \
--set hub.auth.armory.clientId=clientID123,hub.auth.armory.secret=s3cret \
,kubeconfigs.account1.file=config \
,kubeconfigs.account1.secret=s3cr3t \
--set-file agentyml=/Users/armory/armory-agent.yml
```

</details>



<details><summary><string>Local gPRC, private image registry, proxy</strong></summary>

This example installs the Armory Scale Agent service into the "dev" namespace with a local gPRC endpoint (no Armory Cloud services connection), pulls the image from a private registry, and configures proxy settings.

Create the namespace:

```bash
kubectl create namespace dev
```

Create the secret:

```bash
kubectl create secret generic kubeconfig --from-file=/User/armory/.kube/config -n dev
```

Install the Armory Scale Agent:

```bash
helm install armory-agent armory-charts/agent-k8s-full \
--namespace=dev \
--set config.clouddriver.grpc=spin-clouddriver-grpc:9091 \
,kubeconfigs.account1.file=config \
,kubeconfigs.account1.secret=s3cr3t \
,image.repository=private-reg/agent-k8s \
,image.imagePullPolicy=IfNotPresent \
,image.imagePullSecrets=regcred \
,env[0].name=”HTTP_PROXY”,env[0].value="corp.proxy.com:8080" \
,env[1].name=”HTTPS_PROXY”,env[1].value="corp.proxy.com:443" \
,env[2].name=”NO_PROXY”,env[2].value="localhost,127.0.0.1,*.spinnaker"
```

The same custom configuration in a `values.yaml` file:

```yaml
image:
  repository: private-reg/agent-k8s
  imagePullPolicy: IfNotPresent
  imagePullSecrets: regcred

env:
  - name: HTTP_PROXY
    value: corp.proxy.com:8080
  - name: HTTPS_PROXY
    value: corp.proxy.com:443
  - name: NO_PROXY
    value: localhost,127.0.0.1,*.spinnaker
```

Install the Armory Scale Agent with configuration in a file:

```bash
helm install armory-agent armory-charts/agent-k8s-full \
--namespace=dev \
--values=/Users/armory/values.yaml
--set config.clouddriver.grpc=spin-clouddriver-grpc:9091 \
,kubeconfigs.account1.file=config \
,kubeconfigs.account1.secret=s3cr3t
```

</details>

## Uninstall

```bash
helm uninstall <release-name> --namespace=<agent-namespace>
```

- `<release-name>`: (Reqired) the Armory Scale Agent service release, such as 1.0.73.
- `<agent-namespace>`: (Required) The namespace where you installed the Armory Scale Agent.

## What's next

* <a href="/plugins/scale-agent/troubleshooting/"}>Troubleshoot the Armory Scale Agent Service and Plugin</a> page if you run into issues.
* Learn how to <a href="/plugins/scale-agent/tasks/service-monitor/"}>Integrate Prometheus</a>. Agent CPU usage is low, but the amount of memory depends on the size of the cluster the Armory Scale Agent is monitoring. The gRPC buffer consumes about 4MB of memory.
* <a href="/plugins/scale-agent/tasks/configure-mtls/"}>Configure Mutual TLS Authentication</a>
* Read about <a href="/plugins/scale-agent/concepts/service-permissions/"}>Kubernetes Permissions for the Armory Scale Agent</a>
</br>
</br>

Last modified September 5, 2023: (17d76bcd)