Skip to main content

2.32.1 upgrade path

The most important change introduced in Armory version 2.32 is artifact storage. This moves artifacts out of Orca database into the s3 bucket. This change will potentially reduce Orca database load and the execution context coming from the database.  

How to enable the artifact storage

The artifact-store feature is disabled by default. To enable the artifact-store feature the following configuration is required:

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
  name: spinnaker
spec:
  spinnakerConfig:
    profiles:
      spinnaker:
        artifact-store:
        enabled: true
        s3:
          enabled: true
          region: 
          bucket:

The role assigned to the cluster workers node should have write permissions on that bucket. When enabling the artifact-store feature, it is recommended to deploy the services in this order:

Deployment of the artifact-store enabling only for clouddriver & terraformer.

Add the artifact store configuration under clouddriver profile only* Deployment of the artifact-store enabling including orca (add the artifact-store configuration under the orca profile)* Deployment of the artifact-store configuration for Rosco (add the artifact-store configuration under the rosco profile)  

Risks of enabling the artifact storage

If the artifact store is enabled and has to be rolledback youʼd be unable to see those artifacts in the UI. it would JUST show an S3 reference object.  This can impact potential artifact lookups on a previous execution where they are no longer in the pipeline context, but in s3 and on rollback, wouldnʼt be easy to retrieve. Since artifact store is not enabled by default, you can upgrade to 2.32.1 without enabling it and have all the other perf improvements included in this release

Rollback plan

Disable the artifact-store feature for all the services that it is enabled and rollback  

Other important changes

Clouddiver uses kubectl version 1.24 and client.authentication.k8s.io/v1alpha1 has been deprecated and removed. If you have a kubeconfig using v1alpha1 for authentication first update it to v1beta1 to avoid issues. Starting from Armory version 2.32.0 OSS version 1.32.0, the AWS Lambda plugin has been migrated to the OSS codebase. If you are using the AWS Lambda plugin, you will need to disable/remove it when upgrading to Armory version 2.32.0 to avoid compatibility issues. Additionally, the AWS Lambda stages are now enabled using the Deck feature flag feature.lambdaAdditionalStages = true; 

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
  name: spinnaker
spec:
  spinnakerConfig:
    profiles:
      deck:
        settings-local.js: |
          ...
          window.spinnakerSettings.feature.functions = true;
          // Enable the AWS Lambda pipeline stages in Deck using the feature flag
          window.spinnakerSettings.feature.lambdaAdditionalStages = true; 
          ...          
      clouddriver:
        aws:
          enabled: true
          features:
            lambda:
              enabled: true
      ## Remove the AWS Lambda plugin from the Armory CD configuration.
      #gate:
      #  spinnaker:
      #    extensibility:
      #      deck-proxy:
      #        enabled: true
      #        plugins:
      #          Aws.LambdaDeploymentPlugin:
      #            enabled: true
      #            version: 
      #      repositories:
      #        awsLambdaDeploymentPluginRepo:
      #          url: https://raw.githubusercontent.com/spinnaker-plugins/aws-lambda-deployment-plugin-spinnaker/master/plugins.json  
      #orca:
      #  spinnaker:
      #    extensibility:
      #      plugins:
      #        Aws.LambdaDeploymentPlugin:
      #          enabled: true
      #          version: 
      #          extensions:
      #            Aws.LambdaDeploymentStage:
      #              enabled: true
      #      repositories:
      #        awsLambdaDeploymentPluginRepo:
      #          id: awsLambdaDeploymentPluginRepo
      #          url: https://raw.githubusercontent.com/spinnaker-plugins/aws-lambda-deployment-plugin-spinnaker/master/plugins.json

RetrofitError thrown on login

In versions 2.32.0 and 2.32.1 of Spinnaker, there is an issue with x509 authentication that affects certificates without roles. Certificates lacking roles will fail to authenticate in these versions. However, certificates with roles are not affected and will continue to function properly. Users relying on x509 authentication are advised to exercise caution when upgrading to versions 2.32.0 and 2.32.1. It's recommended to wait for version 2.32.2 or a later release, which includes a fix for this issue. Testing the upgrade in a non-production environment is advisable to ensure smooth operation. You can use hotfix with the following image:  armory/gate-armory:2024.03.25.22.27.15.release-2.32.x