Armory Docs – Install Armory Continuous Deployment for Spinnaker in Air-Gapped Environments/continuous-deployment/installation/guide/air-gapped/Recent content in Install Armory Continuous Deployment for Spinnaker in Air-Gapped Environments on Armory DocsHugo -- gohugo.ioContinuous-Deployment: Air-Gapped with the Armory Operator/continuous-deployment/installation/guide/air-gapped/ag-operator/Mon, 01 Jan 0001 00:00:00 +0000/continuous-deployment/installation/guide/air-gapped/ag-operator/ <h2 id="overview">Overview</h2> <p>This guide details how you can host the Armory Continuous Deployment Bill of Materials (BOM) and Docker images, as well as the Armory Operator Docker images, in your air-gapped environment. The steps at a high level are:</p> <ol> <li><a href="#clone-the-spinnaker-kustomize-patches-repo">Clone the <code>spinnaker-kustomize-patches</code> repo</a>, which contains helper scripts as well as Kustomize patches.</li> <li><a href="#deploy-minio-for-storage">Deploy S3-compatible MinIO</a> to store the BOM.</li> <li><a href="#download-the-bom">Download the BOM</a>.</li> <li><a href="#copy-the-bom">Copy the BOM</a> to your MinIO bucket.</li> <li><a href="#host-the-armory-enterprise-docker-images">Host Armory Continuous Deployment Docker images</a> in your private Docker registry.</li> <li><a href="#download-the-armory-operator">Download the Armory Operator</a>.</li> <li><a href="#host-the-armory-operator-docker-images">Host Armory Operator Docker images</a> in your private Docker registry.</li> <li><a href="#update-armory-operator-configuration">Update Armory Operator configuration</a>.</li> <li><a href="#deploy-the-armory-operator">Deploy the Armory Operator</a> in your Kubernetes cluster.</li> </ol> <h2 id="before-you-begin">Before you begin</h2> <ul> <li>You are familiar with the <a href="/continuous-deployment/installation/armory-operator/">Armory Operator</a> and <a href="/continuous-deployment/installation/armory-operator/op-config-kustomize/">configuring Armory Continuous Deployment using Kustomize patches</a>.</li> <li>You have read the <a href="/continuous-deployment/installation/guide/air-gapped/">introduction</a> to air-gapped environments.</li> <li>You have public internet access.</li> <li>You have administrator access to your Kubernetes cluster.</li> <li>You have created two namespaces in Kubernetes: <code>spinnaker</code> and <code>spinnaker-operator</code>.</li> <li>You have access to a private Docker registry with credentials to push images.</li> <li>You have installed the <a href="https://aws.amazon.com/cli/">AWS CLI</a>.</li> <li>You have installed <a href="https://mikefarah.gitbook.io/yq/#install"><code>yq</code></a> <strong>version 4+</strong>. This is used by helper scripts.</li> </ul> <h2 id="clone-the-spinnaker-kustomize-patches-repo">Clone the <code>spinnaker-kustomize-patches</code> repo</h2> <p>Armory maintains the <code>spinnakaker-kustomize-patches</code> <a href="https://github.com/armory/spinnaker-kustomize-patches">repo</a>, which contains common configuration options for Armory Continuous Deployment or Spinnaker as well as helper scripts. The patches in this repo give you a reliable starting point when adding and removing features.</p> <blockquote> <p>Configuration in this repository is meant for Armory Continuous Delivery. To make it compatible with Spinnaker instead, apply the <code>utilities/switch-to-oss.yml</code> patch.</p> </blockquote> <p>To start, create your own copy of the <code>spinnaker-kustomize-patches</code> repository by clicking the <code>Use this template</code> button:</p> <figure> <img src="mages/kustomize-patches-repo-clone.png"/> </figure> <blockquote> <p>If you intend to update your copy from upstream, use <strong>Fork</strong> instead. See <a href="https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-from-a-template">Creating a repository from a template</a> for the difference between <strong>Use this template</strong> and <strong>Fork</strong>.</p> </blockquote> <p>Once created, clone this repository to your local machine.</p> <h2 id="deploy-minio-for-storage">Deploy MinIO for storage</h2> <p>Now that you have cloned the <code>spinnaker-kustomize-patches</code> repo, you need to create a storage bucket to host the BOM. <a href="https://min.io">MinIO</a> is a good choice for the bucket since it&rsquo;s S3 compatible and runs as a pod in Kubernetes. A ready to use MinIO component can be referenced in <code>spinnaker-kustomize-patches/core/persistence/in-cluster</code>.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#6272a4"># Your kustomization.yml file</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#ff79c6">resources</span>: </span></span><span style="display:flex;"><span> - path/to/spinnaker-kustomize-patches/core/persistence/in-cluster/minio.yml </span></span></code></pre></div><p>When you look at the content of the <code>minio.yml</code> manifest, you see that MinIO needs a secret key called <code>minioAccessKey</code>:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">env</span>: </span></span><span style="display:flex;"><span> <span style="color:#6272a4"># MinIO access key and secret key</span> </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">name</span>: MINIO_ACCESS_KEY </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">value</span>: <span style="color:#f1fa8c">&#34;minio&#34;</span> </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">name</span>: MINIO_SECRET_KEY </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">valueFrom</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">secretKeyRef</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">name</span>: minio-secret-key </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">key</span>: minioAccessKey </span></span></code></pre></div><p><code>minioAccessKey</code> is stored in a Kubernetes secret called <code>minio-secret-key</code>. You create the secret by adding a generator to your <code>kustomization.yml</code> file.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">secretGenerator</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">name</span>: minio-secret-key </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">options</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">disableNameSuffixHash</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">literals</span>: </span></span><span style="display:flex;"><span> - minioAccessKey=MyAccessKeyValue </span></span></code></pre></div><p>Consult the <a href="https://kubectl.docs.kubernetes.io/references/kustomize/builtins/">kustomize documentation</a> for more ways to configure secrets.</p> <ol> <li> <p>Deploy MinIO with your infrastructure:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>kubectl apply -k . </span></span></code></pre></div></li> </ol> <h2 id="download-the-bom">Download the BOM</h2> <p>Decide which Armory Continuous Deployment version you want to deploy. Check <a href="/continuous-deployment/release-notes/rn-armory-spinnaker/">Armory Release Notes</a> for the latest supported versions.</p> <p>The <code>spinnaker-kustomize-patches/utilities/airgap</code> directory contains helper scripts for air-gapped environments. Use <code>bomdownloader.sh</code> to download the version of the Armory Continuous Deployment BOM that you require.</p> <p><code>bomdownloader.sh</code> takes two command line parameters in the following order:</p> <ol> <li>Armory Continuous Deployment version; for example, 2.34.</li> <li>The name of your Docker registry; for example, <code>my.jfrog.io/myteam/armory</code>.</li> </ol> <p>The script creates a <code>halconfig</code> folder, downloads the necessary files, and updates the BOM to use the Docker registry you specified. To download the BOM:</p> <ol> <li> <p>Switch to the <code>spinnaker-kustomize-patches</code> directory.</p> </li> <li> <p>Run <code>bomdownloader.sh &lt;armory-version&gt; &lt;docker-registry&gt;</code>. For example, if you want to download the 2.25.0 BOM and your registry is <code>my.jfrog.io/myteam/armory</code>:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>./utilities/airgap/bomdownloader.sh 2.25.0 my.jfrog.io/myteam/armory </span></span></code></pre></div><p>Output is similar to:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>download: s3://halconfig/versions.yml to halconfig/versions.yml </span></span><span style="display:flex;"><span>download: s3://halconfig/bom/2.25.0.yml to halconfig/bom/2.25.0.yml </span></span><span style="display:flex;"><span>download: s3://halconfig/profiles/clouddriver/2.25.3/clouddriver.yml to halconfig/profiles/clouddriver/2.25.3/clouddriver.yml </span></span><span style="display:flex;"><span>... </span></span><span style="display:flex;"><span>Version 2.25.0 is ready to be uploaded to your private bucket. </span></span><span style="display:flex;"><span>For example, with <span style="color:#f1fa8c">&#34;aws cp --recursive&#34;</span> or <span style="color:#f1fa8c">&#34;gsutil cp -m -r ...&#34;</span> </span></span></code></pre></div></li> </ol> <p>Inspecting your file system, you should see the new <code>halconfig</code> folder. For example, if you specified Armory Continuous Deployment v2.25.0, your file system should be:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>halconfig </span></span><span style="display:flex;"><span> ┣ bom </span></span><span style="display:flex;"><span> ┃ ┗ 2.25.0.yml </span></span><span style="display:flex;"><span> ┣ profiles </span></span><span style="display:flex;"><span> ┃ ┣ clouddriver </span></span><span style="display:flex;"><span> ┃ ┣ dinghy </span></span><span style="display:flex;"><span> ┃ ┣ <span style="color:#8be9fd;font-style:italic">echo</span> </span></span><span style="display:flex;"><span> ┃ ┣ fiat </span></span><span style="display:flex;"><span> ┃ ┣ front50 </span></span><span style="display:flex;"><span> ┃ ┣ gate </span></span><span style="display:flex;"><span> ┃ ┣ igor </span></span><span style="display:flex;"><span> ┃ ┣ kayenta </span></span><span style="display:flex;"><span> ┃ ┣ monitoring-daemon </span></span><span style="display:flex;"><span> ┃ ┣ orca </span></span><span style="display:flex;"><span> ┃ ┣ rosco </span></span><span style="display:flex;"><span> ┃ ┗ terraformer </span></span><span style="display:flex;"><span> ┗ versions.yml </span></span></code></pre></div><p>Each subdirectory in the <code>profiles</code> directory contains a <code>&lt;service-name&gt;.yml</code> profile file.</p> <p>If you need to change your Docker registry, you can manually edit the <code>&lt;armory-version&gt;.yml</code> file located under <code>halconfig/bom</code>. Update the value for the key <code>artifactSources.dockerRegistry</code>.</p> <div class="highlight"><div style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;display:grid;"> <table style="border-spacing:0;padding:0;margin:0;border:0;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;"> <pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;display:grid;"><code><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 1 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 2 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 3 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 4 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 5 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 6 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 7 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 8 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 9 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">10 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">11 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">12 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">13 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">14 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">15 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">16 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">17 </span><span style="background-color:#3d3f4a"><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">18 </span></span></code></pre></td> <td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%"> <pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;display:grid;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">version</span>: <span style="color:#bd93f9">2.25.0</span> </span></span><span style="display:flex;"><span><span style="color:#ff79c6">timestamp</span>: <span style="color:#f1fa8c">&#34;2021-03-25 09:28:32&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#ff79c6">services</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">clouddriver</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">commit</span>: de3aa3f0 </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">version</span>: <span style="color:#bd93f9">2.25.3</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">deck</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">commit</span>: 516bcf0a </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">version</span>: <span style="color:#bd93f9">2.25.3</span> </span></span><span style="display:flex;"><span> ... </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">terraformer</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">commit</span>: 5dcae243 </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">version</span>: <span style="color:#bd93f9">2.25.0</span> </span></span><span style="display:flex;"><span><span style="color:#ff79c6">dependencies</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">redis</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">version</span>: <span style="color:#bd93f9">2</span>:<span style="color:#bd93f9">2.8.4-2</span> </span></span><span style="display:flex;"><span><span style="color:#ff79c6">artifactSources</span>: </span></span><span style="display:flex; background-color:#3d3f4a"><span> <span style="color:#ff79c6">dockerRegistry</span>: my.jfrog.io/myteam/armory</span></span></code></pre></td></tr></table> </div> </div> <h2 id="copy-the-bom">Copy the BOM</h2> <p>With the MinIO pod running, copy your local BOM into your MinIO bucket.</p> <ol> <li> <p>Set environment variables:</p> <p>Update the <code>AWS_SECRET_ACCESS_KEY</code> with the <code>minioAccessKey</code> value you created in the <a href="#deploy-minio-to-host-the-bom">Deploy MinIO to host the BOM</a> section.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#8be9fd;font-style:italic">export</span> <span style="color:#8be9fd;font-style:italic">AWS_ACCESS_KEY_ID</span><span style="color:#ff79c6">=</span>minio </span></span><span style="display:flex;"><span><span style="color:#8be9fd;font-style:italic">export</span> <span style="color:#8be9fd;font-style:italic">AWS_SECRET_ACCESS_KEY</span><span style="color:#ff79c6">=</span>&lt;minioAccessKey&gt; </span></span></code></pre></div></li> <li> <p>Port forward the MinIO service:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>kubectl port-forward svc/minio <span style="color:#bd93f9">9000</span> -n spinnaker </span></span></code></pre></div></li> <li> <p>Copy your local BOM to MinIO:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>aws s3 mb s3://halconfig --endpoint<span style="color:#ff79c6">=</span>http://localhost:9000 </span></span><span style="display:flex;"><span>aws s3 cp --recursive halconfig s3://halconfig --endpoint<span style="color:#ff79c6">=</span>http://localhost:9000 </span></span></code></pre></div></li> </ol> <h2 id="host-the-armory-continuous-deployment-docker-images">Host the Armory Continuous Deployment Docker images</h2> <p>There are two options for hosting the Docker images: 1) configure your Docker registry as a proxy for <code>docker.io/armory</code>; or 2) download the images and push them to your private Docker registry.</p> <h3 id="proxy-to-dockerioarmory">Proxy to <code>docker.io/armory</code></h3> <p>Configure <code>docker.io/armory</code> as a remote repository within your private Docker registry. If you are using JFrog Artifactory, you can follow the instructions in the <a href="https://www.jfrog.com/confluence/display/JFROG/Docker+Registry#DockerRegistry-RemoteDockerRepositories">Remote Docker Repositories</a> section of the JFrog docs.</p> <h3 id="download-images">Download images</h3> <p>You can use the <code>imagedownloader.sh</code> helper script in the <code>spinnaker-kustomize-patches/utilities/airgap</code> directory to download and push the images to your private Docker registry.</p> <p>The execution format is:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>./utilities/airgap/imagedownloader.sh &lt;armory-version&gt; </span></span></code></pre></div><p><code>&lt;armory-version&gt;</code> is the version you specified in the <a href="#download-the-bom">Download the BOM</a> section.</p> <p>When you run <code>imagedownloader.sh</code> from the <code>spinnaker-patches-repository</code> directory, the script looks for the downloaded BOM and proceeds to download, tag, and push the images for that particular version to the private Docker registry you specified when you ran <code>bomdownloader.sh</code>.</p> <h2 id="download-the-armory-operator">Download the Armory Operator</h2> <p>Download and unpack the latest Armory Operator release into the <code>spinnaker-kustomize-patches/operator</code> folder. Run the following command from your <code>spinnaker-kustomize-patches/operator</code> directory:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>bash -c <span style="color:#f1fa8c">&#39;curl -L https://github.com/armory-io/spinnaker-operator/releases/latest/download/manifests.tgz | tar -xz&#39;</span> </span></span></code></pre></div><p>You should see the following directory structure in the <code>spinnaker-kustomize-patches/operator</code> folder:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>operator </span></span><span style="display:flex;"><span> ┣ deploy </span></span><span style="display:flex;"><span> ┃ ┣ crds </span></span><span style="display:flex;"><span> ┃ ┣ openshift </span></span><span style="display:flex;"><span> ┃ ┣ operator </span></span><span style="display:flex;"><span> ┃ ┗ spinnaker </span></span><span style="display:flex;"><span> ┣ halyard-local.yml </span></span><span style="display:flex;"><span> ┣ kustomization.yml </span></span><span style="display:flex;"><span> ┣ patch-config.yaml </span></span><span style="display:flex;"><span> ┗ patch-validations.yaml </span></span></code></pre></div><h2 id="host-the-armory-operator-docker-images">Host the Armory Operator Docker images</h2> <p>You can find the <code>operatorimageupdate.sh</code> script in <code>spinnaker-kustomize-patches/utilities/airgap</code>. The script does the following:</p> <ol> <li>Downloads the Armory Operator Docker images and updates their names.</li> <li>Pushes the images to the Docker registry you specify in the command line.</li> <li>Updates the Armory Operator&rsquo;s <code>kustomization.yml</code> with the new image names.</li> </ol> <p>From the <code>spinnaker-kustomize-patches/operator</code> folder, execute the <code>operatorimageupdate.sh</code> script:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>../utilities/airgap/operatorimageupdate.sh &lt;your-docker-registry&gt; </span></span></code></pre></div><h2 id="update-armory-operator-configuration">Update Armory Operator configuration</h2> <h3 id="update-minio-secret-access-key">Update MinIO secret access key</h3> <p>You also need to update Armory Operator configuration to include the secret access key for MinIO. Locate <code>spinnaker-kustomize-patches/operator/patch-config.yml</code> and update the <code>AWS_SECRET_ACCESS_KEY</code> value with the <code>minioAccessKey</code> value you created in the <a href="#deploy-minio-to-host-the-bom">Deploy MinIO to host the BOM</a> section.</p> <div class="highlight"><div style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;display:grid;"> <table style="border-spacing:0;padding:0;margin:0;border:0;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;"> <pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;display:grid;"><code><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 1 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 2 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 3 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 4 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 5 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 6 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 7 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 8 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 9 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">10 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">11 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">12 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">13 </span><span style="background-color:#3d3f4a"><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">14 </span></span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">15 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">16 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">17 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">18 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">19 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">20 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">21 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">22 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">23 </span><span style="background-color:#3d3f4a"><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">24 </span></span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">25 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">26 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">27 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">28 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">29 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">30 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">31 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">32 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">33 </span></code></pre></td> <td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%"> <pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;display:grid;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">apiVersion</span>: apps/v1 </span></span><span style="display:flex;"><span><span style="color:#ff79c6">kind</span>: Deployment </span></span><span style="display:flex;"><span><span style="color:#ff79c6">metadata</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">name</span>: spinnaker-operator </span></span><span style="display:flex;"><span><span style="color:#ff79c6">spec</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">template</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">spec</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">containers</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">name</span>: spinnaker-operator </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">env</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">name</span>: AWS_ACCESS_KEY_ID <span style="color:#6272a4"># you can choose to use a secret for these values</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">value</span>: minio </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">name</span>: AWS_SECRET_ACCESS_KEY <span style="color:#6272a4"># you can choose to use a secret for these values</span> </span></span><span style="display:flex; background-color:#3d3f4a"><span> <span style="color:#ff79c6">value</span>: changeme </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">volumeMounts</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">mountPath</span>: /opt/spinnaker/config/halyard.yml </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">name</span>: operator-config </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">subPath</span>: halyard-local.yml </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">name</span>: halyard </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">env</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">name</span>: AWS_ACCESS_KEY_ID <span style="color:#6272a4"># you can choose to use a secret for these values</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">value</span>: minio </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">name</span>: AWS_SECRET_ACCESS_KEY <span style="color:#6272a4"># you can choose to use a secret for these values</span> </span></span><span style="display:flex; background-color:#3d3f4a"><span> <span style="color:#ff79c6">value</span>: changeme </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">volumeMounts</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">mountPath</span>: /opt/spinnaker/config/halyard-local.yml </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">name</span>: operator-config </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">subPath</span>: halyard-local.yml </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">volumes</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">configMap</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">defaultMode</span>: <span style="color:#bd93f9">420</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">name</span>: operator-config </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">name</span>: operator-config</span></span></code></pre></td></tr></table> </div> </div> <h3 id="update-halyard-configuration">Update Halyard configuration</h3> <p>The Armory Operator uses its own Halyard installation to deploy and manage Armory Continuous Deployment. You need to configure the new BOM location in <code>spinnaker-kustomize-patches/operator/halyard-local.yml</code>. Update your <code>halyard-local.yml</code> to match the content of the highlighted lines in the following example:</p> <div class="highlight"><div style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;display:grid;"> <table style="border-spacing:0;padding:0;margin:0;border:0;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;"> <pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;display:grid;"><code><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 1 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 2 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 3 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 4 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 5 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 6 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 7 </span><span style="background-color:#3d3f4a"><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 8 </span></span><span style="background-color:#3d3f4a"><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 9 </span></span><span style="background-color:#3d3f4a"><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">10 </span></span><span style="background-color:#3d3f4a"><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">11 </span></span><span style="background-color:#3d3f4a"><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">12 </span></span><span style="background-color:#3d3f4a"><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">13 </span></span><span style="background-color:#3d3f4a"><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">14 </span></span></code></pre></td> <td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%"> <pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;display:grid;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">halyard</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">halconfig</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">directory</span>: /home/spinnaker/.hal </span></span><span style="display:flex;"><span><span style="color:#ff79c6">spinnaker</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">config</span>: </span></span><span style="display:flex;"><span> <span style="color:#6272a4"># This section is used in air-gapped environments to specify an alternate location for the Bill Of Materials (BOM).</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">input</span>: </span></span><span style="display:flex; background-color:#3d3f4a"><span> <span style="color:#ff79c6">gcs</span>: </span></span><span style="display:flex; background-color:#3d3f4a"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">false</span> <span style="color:#6272a4"># If the BOM is stored in a GCS bucket, switch this to true.</span> </span></span><span style="display:flex; background-color:#3d3f4a"><span> <span style="color:#ff79c6">bucket</span>: halconfig <span style="color:#6272a4"># Name of the bucket where the BOM is located.</span> </span></span><span style="display:flex; background-color:#3d3f4a"><span> <span style="color:#6272a4">#region: us-west-2 # Bucket region; region does not matter for MinIO.</span> </span></span><span style="display:flex; background-color:#3d3f4a"><span> <span style="color:#ff79c6">enablePathStyleAccess</span>: <span style="color:#ff79c6">true</span> <span style="color:#6272a4"># If you are using a platform that does not support PathStyleAccess, such as MinIO, switch this to true (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro).</span> </span></span><span style="display:flex; background-color:#3d3f4a"><span> <span style="color:#ff79c6">endpoint</span>: http://minio.spinnaker:9000 </span></span><span style="display:flex; background-color:#3d3f4a"><span> <span style="color:#ff79c6">anonymousAccess</span>: <span style="color:#ff79c6">false</span></span></span></code></pre></td></tr></table> </div> </div> <h2 id="deploy-the-armory-operator">Deploy the Armory Operator</h2> <p>Now that you have updated <code>halyard-local.yml</code> and <code>patch-config.yml</code>, you can deploy the Armory Operator using its <code>kustomization.yml</code> file. By default, the Armory Operator deploys to the <code>spinnaker-operator</code> namespace. From the <code>spinnaker-kustomize-patches/operator</code> directory, execute:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>kubectl apply -k . </span></span></code></pre></div><p>After the Armory Operator pod is running, verify that the S3-compatible MinIO bucket is properly configured and that the bucket contains the BOM.</p> <p>The following example uses version 2.25.0 and a private Docker registry called <code>my.jfrog.io/myteam/armory</code>.</p> <ol> <li> <p>Run the following to access the Halyard container running in the <code>spinnaker-operator</code> pod:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>kubectl <span style="color:#8be9fd;font-style:italic">exec</span> -ti deploy/spinnaker-operator -c halyard -- bash </span></span></code></pre></div></li> <li> <p>Verify that the bucket is properly configured by running:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>aws s3 ls --endpoint<span style="color:#ff79c6">=</span>http://minio.spinnaker:9000 s3://halconfig/ </span></span></code></pre></div></li> <li> <p>Inspect the contents of the BOM for the version you downloaded in <a href="#download-the-bom">Download the BOM</a>:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>hal version bom &lt;version-number&gt; </span></span></code></pre></div><p>If you run the command passing in <code>2.25.0</code>, output is similar to:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>+ Get BOM <span style="color:#ff79c6">for</span> 2.25.0 </span></span><span style="display:flex;"><span>Success </span></span><span style="display:flex;"><span>version: 2.25.0 </span></span><span style="display:flex;"><span>timestamp: <span style="color:#f1fa8c">&#39;2021-03-25 09:28:32&#39;</span> </span></span><span style="display:flex;"><span>services: </span></span><span style="display:flex;"><span> echo: </span></span><span style="display:flex;"><span> version: 2.25.2 </span></span><span style="display:flex;"><span> commit: 3a098acc </span></span><span style="display:flex;"><span> clouddriver: </span></span><span style="display:flex;"><span> version: 2.25.3 </span></span><span style="display:flex;"><span> commit: de3aa3f0 </span></span><span style="display:flex;"><span>... </span></span><span style="display:flex;"><span>dependencies: </span></span><span style="display:flex;"><span> redis: </span></span><span style="display:flex;"><span> version: 2:2.8.4-2 </span></span><span style="display:flex;"><span>artifactSources: </span></span><span style="display:flex;"><span> dockerRegistry: my.jfrog.io/myteam/armory </span></span></code></pre></div></li> </ol> <h2 id="help-resources">Help resources</h2> <p>Contact <a href="https://support.armory.io/">Armory Support</a> or use the <a href="https://join.slack.com/t/spinnakerteam/shared_invite/zt-7juwxmx0-nQ4Ud4pJcbuPykX3SXwQrg">Spinnaker Slack</a> <code>#armory</code> channel.</p> <h2 id="whats-next">What&rsquo;s next</h2> <p><a href="/continuous-deployment/installation/armory-operator/op-config-kustomize/#configure-armory-enterprise">Configure and deploy Armory Continuous Deployment using Kustomize patches</a>.</p>