OpsMx
OpsMx
OpsMx
  • Home
  • Overview
    • OpsMx Intelligent Software Delivery (ISD) Platform - Spinnaker
      • Overview
      • Orchestration Module - OpsMx Enterprise for Spinnaker (OES)
        • OES Features
          • Automated Workflows
          • Multi-cloud Deployments
          • Safe-Deployment strategies
          • Scalable & Extensible
        • OES Concepts
          • Application Management
          • Application Deployment
      • Data and Intelligence Module - Autopilot
        • Overview
        • Observability
        • Audit and Traceability
        • Continuous Compliance - Policy
          • Policy - Overview
  • Operator Manual
    • Installation and Configuration
      • Quick Installation
        • ISD v4.0
        • ISD v4.0.1
        • ISD v4.0.2
        • ISD v4.0.3
        • ISD v4.0.4
      • Standard Installation
        • ISD v4.0
          • GitOps Based Installation
        • ISD v4.0.1
          • GitOps Based Installation
        • ISD v4.0.2
          • GitOps Based Installation
        • ISD v4.0.3
          • GitOps Based Installation
        • ISD v4.0.4
          • GitOps Based Installation
        • ISD v4.0.4.1
          • GitOps Based Installation
          • Instructions to Update the Parameters in value.yaml
        • ISD v4.0.4.2
          • GitOps Based Installation
          • Enabling Pipeline Insights and Stage Insights in ISD
        • ISD v4.0.4.3
          • GitOps Based Installation
          • Enabling Pipeline Insights and Stage Insights in ISD
          • Instructions to Update the Parameters in value.yaml
        • ISD v2024.06.00
          • GitOps Based Installation
        • ISD v2024.12.00
          • GitOps Based Installation
        • ISD v2025.03.00
          • Enabling Pipeline Insights or Deployment Insights or Stage Insights in ISD
          • GitOps Based Installation
      • Environment setup for OpsMx ISD
      • ISD On-Prem POV Infrastructure requirements
      • ISD On-Prem Production Infrastructure requirements
      • Stormdriver Installation
    • Access Management
      • User Role
      • Feature Visibility
    • SlackOps Interactive Notification
  • User Guide
    • Dashboard
      • Application Dashboard
      • Application Service View
    • Manage Application
      • Create an Application
      • Configure an Application
      • Delete an Application
    • Manage Pipelines
      • Create a Pipeline
      • Add Stage
      • Add Trigger
      • Edit Pipeline
      • Run Pipeline
      • Rename Pipeline
      • Delete Pipeline
      • Disable Pipeline
      • Lock Pipeline
      • View and Restore Pipeline
      • Pipeline level RBAC
      • Add Intelligent Gates to the Pipeline
        • Approval Gate
        • Verification Gate
        • Test Verification Gate
        • Policy Gate
      • Execute pipelines (Run deployments)
        • Rolling Restart for EKS manifest
        • Deployment to Kubernetes namespace with Manifest file
        • Deployment to Kubernetes namespace with Git based Manifest
        • Manual Approval before deployment
        • Blue/Green deployment using Manifest
        • Helm based deployment to Kubernetes namespace
    • Approvals
    • Policy Evaluation
    • Verification History
    • Infrastructure
      • Cluster
    • Integrations
      • Available Integrations
        • Artifact
        • CI
        • Governance
        • Monitoring Tools
        • Notifications
        • Policy
        • SAST/DAST
        • Pub/Sub Subscription Name
        • Verification
      • Used Integrations
        • Artifact
        • SAST / DAST
        • Monitoring Tools
    • Pipeline Templates
    • Cloud Targets
      • Create a new Cloud Target account
      • Cloud Target account operations
    • Environment Mapping
    • Custom Stages
      • ServiceNow
      • Pipeline Promotion
      • JIRA
      • Update PR
      • Custom notification
      • ServiceDesk
      • Ansible
      • Terraform
      • Ansible AWX
    • OpsMx Agent
      • Agent Overview
      • Agent Creation
      • Agent Service Configuration
      • Agent Installation
      • Delete an Agent
      • Agent and Controller Version Compatibility
    • Verification
    • CD Integration
    • Informed Approval
      • Overview
      • Artifactory
      • Bitbucket
      • Bitbucket Server
      • GITHUB
      • Bamboo
      • Jenkins
      • JIRA
      • ServiceNow
      • Aquawave
      • HCL AppScan
      • JFrog Xray
      • Prisma Cloud
      • SonarQube
      • Verification
    • Manage Policy
      • Create Policy
      • Edit Policy
      • Delete Policy
    • Continuous Verification
      • Overview
      • Templates
        • Log Template
        • Metric Template
      • Log Analysis
        • Events and Clusters
        • Cardinality consideration of Error Events
        • Interpreting the cluster graph
        • Interpreting the score
        • Perceived Risk and Sensitivity
        • Canary Threshold Calibration
        • Info-Cluster Scoring
      • Metric Analysis
      • Test Verification
      • Scoring Algorithms
        • Canary Scoring
        • Autonomous Scoring
        • Definite Scoring
        • Comprehensive Scoring
      • Enable integration into CI/CD pipelines
        • Integrate with CI/CD
        • Integrate with Jenkins
      • Continuous Verification Report Details
    • Unified logs report to track issues
    • Observability Plugin
    • Audit
      • Pipeline Execution
      • Pipeline Audit
      • Policy Audit
      • User Audit
    • Insights
      • Delivery Insights
      • Usage Insights
      • Pipeline Insights
      • User Insights
      • Stage Insights
      • Deployment Insights
  • Release Notes
    • OpsMx Enterprise for Spinnaker
      • OES Release Notes for Spinnaker Version v1.33.3
      • OES Release Notes for Spinnaker Version v1.30.1
    • ISD 4.0.x Release Notes
    • OES 3.9.X Release Notes
    • OES 3.8.X Release Notes
    • OES 3.7.X Release Notes
    • OES 3.6.X Release Notes
    • OES 3.5.X Release Notes
    • OES 3.4.X Release Notes
    • OES 3.3.X Release Notes
    • OES 3.2.X Release Notes
    • OES 3.1.X Release Notes
    • OES 3.0.X Release Notes
  • Additional Resources
    • Configuration Changes for 2025.03.00
      • Configuration changes for Opentelemetry with ISD
      • Configuration changes for Kafka Addition
      • Configuration changes for Secure Redis
      • Configuration changes to Disable Auto Pilot
      • Configuration changes for Custom Environment Mapping from Pipeline Name
    • Configuration Changes to Enable / Disable Insights Pages
    • Multi Spinnaker
    • API Reference
    • OpsMx Argo Sandbox Guide
    • Code Labs
      • Red Hat Certified Spinnaker Operator
      • How to Integrate Vault with Spinnaker
      • How to Create Terraform Custom Job in Spinnaker
      • How to Create Terraform Webhook Stage in Spinnaker
      • How to Create Ansible Custom Job in Spinnaker
      • How to set up Mutual TLS (mTLS) Authentication for Spinnaker Services
      • SSH
      • X.509
    • FAQs
    • Glossary
    • Previous releases
      • ISD 3.12
        • OpsMx Intelligent Software Delivery Platform
          • Overview
          • ISD Architecture
            • ISD Deployment Architecture
          • ISD Installation
            • ISD Installation Configuration
            • Helm Chart based installation
            • ISD Installation on OpenShift
            • ISD Installation Guide
            • Routing Web URLs to ISD services
            • ISD On-Prem POV Infrastructure requirements
            • ISD - Commonly used Commands
            • ISD Service Catalogue
            • Environment setup for OpsMx ISD
          • Life Cycle Management
          • OpsMx ISD Setup
            • Applications
              • Add Applications
              • Services and Pipelines
                • Overview
                • Add services and pipelines
                • Multiple services
              • Group Permissions
              • Edit Applications
              • Delete Application
            • Integrations
              • Available Integrations
            • Spinnaker Setup
            • Cloud Providers
              • Add new cloud provider account
              • Cloud provider account operations
            • OpsMx Agent
              • Agent Overview
              • Agent Installation
              • Agent Service Configuration
              • Agent Service Credentials
              • Agent Service Type
              • Delete an Agent
        • Orchestration Module - OpsMx Enterprise for Spinnaker (OES)
          • OES Features
            • Automated Workflows
            • Multi-cloud Deployments
            • Safe-Deployment strategies
            • Scalable & Extensible
          • OES Concepts
            • Application Management
            • Application Deployment
          • Feature Configuration
            • Application Management
              • Create an Application
              • Configure an Application
              • Delete an Application
            • Pipeline Management
              • Create a Pipeline
              • Add a Stage
              • Add a Trigger
              • Run a Pipeline
              • Pipeline with Parameter
              • Disable a Pipeline
              • Delete a pipeline
              • Edit a Pipeline
              • View and Restore Pipeline
              • Lock a Pipeline
              • Rename a Pipeline
            • Add Trigger Support
            • Configure Artifact Support
              • Google Cloud Storage
              • GitHub
              • GitHub Artifacts Spinnaker
              • GitLab
              • HTTP
            • Configure the Image Bakery
              • Overview
              • Google Compute Engine
            • Secure Spinnaker
              • Secure Spinnaker Installation
              • Authentication
                • Overview
                • SSL
                • Methods
                  • OAuth 2.0
                  • SAML
                  • LDAP
              • Authorization
                • Overview
                • User Role Providers
                  • Google Group
                  • GitHub Teams
                  • LDAP
                  • SAML
                • Service Account
            • Add CI System
              • Overview and Compatible List of CI Systems by Spinnaker
              • Steps to Configure CI Systems
                • Google Cloud Build
                • Jenkins
                • Travis CI
                • Wercker
            • Enable Monitoring
              • Steps to Setup Supported Monitoring Tools
                • Promethues and Grafana
                • Promethues and Kubernetes
            • List of Custom Stages
              • ServiceNow
              • Pipeline Promotion
              • JIRA
              • Update PR
              • Custom notification
              • ServiceDesk
              • Ansible
              • Terraform
            • SlackOps Interactive Notification
            • How to Setup Replication for Minio Storage Service on Openshift
        • Data and Intelligence Module - Autopilot
          • Overview
          • Installing Autopilot
          • Observability
            • Overview
            • Application Dashboard
            • Application Service View
          • Audit and Traceability
            • Overview
            • Application Audit
              • Pipeline Execution
              • Pipeline
              • Policy Audit
          • Insights
            • Delivery Insights
            • Usage Insights
          • Informed Approval
            • Overview
            • Artifactory
            • Bitbucket
            • Bitbucket Server
            • GITHUB
            • Bamboo
            • Jenkins
            • JIRA
            • ServiceNow
            • Aqua Wave
            • HCL AppScan
            • JFrog Xray
            • Prisma Cloud
            • SonarQube
            • Autopilot
          • Continuous Security
            • Audit Trail
            • Access Management
          • Continuous Compliance - Policy
            • Policy Management - Overview
            • Static Policies
            • Runtime Policies
          • Continuous Verification
            • Overview
            • Analysis Setup
              • Templates
                • Log Template
                • Metric Template
            • Log Analysis
              • Events & Clusters
              • Cardinality consideration of Error Events
              • Interpreting the cluster graph
              • Interpreting the score
              • Perceived Risk and Sensitivity
              • Canary Threshold Calibration
              • Contextual Clustering
              • Info-Cluster Scoring
            • Metric Analysis
            • AppDynamics Verification
              • Using AppDynamics Provider for verification
            • Test Verification
              • Analyze Test runs
            • Scoring Algorithms
              • Canary Scoring
              • Autonomous Scoring
              • Definite Scoring
              • Comprehensive Scoring
            • Enable integration into CI/CD pipelines
              • Integrate with CI/CD
              • Integrate with Jenkins
            • Report Details
            • Supervised Learning
        • Quickstart Guide
          • Contents
          • Quick ISD Installation
            • ISD/Spinnaker (OES) 3.12 Quick Installation
            • Helm based Installation
          • Setup & Configure ISD product
            • ISD Installation Configuration
            • Routing Web URLs to ISD services
            • ISD On-Prem POV Infrastructure requirements
          • Manage Applications
            • Create an Application
            • Configure an Application
            • Delete an Application
          • Manage Pipelines
            • Create a Pipeline
            • Edit a Pipeline
            • Add Intelligent Gates to the Pipeline
              • Add Approval Gate
              • Add Verification Gate
              • Add Test Verification Gate
              • Add Policy Gate
            • Run deployments (Execute pipelines)
              • Deployment to Kubernetes namespace with Manifest file
              • Deployment to Kubernetes namespace with Git based Manifest
              • Manual Approval before deployment
              • Blue/Green deployment using Manifest
              • Helm based deployment to Kubernetes namespace
          • Configure Integrations
            • Add Integrations
            • Edit and Delete Integrations
          • Manage Deployment Accounts
            • Add Deployment Accounts
            • Edit Deployment Accounts
            • Delete Deployment Accounts
          • Manage Policy
            • Create Policy
            • Edit Policy
            • Delete Policy
          • Configure & Setup Spinnaker with ISD
          • Agent Configuration
            • Add a New Agent
            • Configure an Agent
            • Delete an Agent
        • Trial User Guide
          • User Guide
          • SaaS Trial Usage: Instruction Video
          • Copy of Trial User Guide
        • Codelabs
          • Red Hat Certified Spinnaker Operator
          • How to Integrate Vault with Spinnaker
          • How to Create Terraform Custom Job in Spinnaker
          • How to Create Terraform Webhook Stage in Spinnaker
          • How to Create Ansible Custom Job in Spinnaker
          • How to set up Mutual TLS (mTLS) Authentication for Spinnaker Services
          • SSH
          • X.509
        • API Reference
        • FAQs
        • Glossary
        • Release Notes
          • ISD 3.12.x Release Notes
          • ISD 3.11.x Release Notes
          • ISD 3.10.x Release Notes
          • OES 3.9.X Release Notes
          • OES 3.8.X Release Notes
          • OES 3.7.X Release Notes
          • OES 3.6.X Release Notes
          • OES 3.5.X Release Notes
          • OES 3.4.X Release Notes
          • OES 3.3.X Release Notes
          • OES 3.2.X Release Notes
          • OES 3.1.X Release Notes
          • OES 3.0.X Release Notes
        • Upgrade
          • Upgrade from 3.11.x to 3.12.x
          • Upgrade from 3.11.x to 3.11.2
          • Upgrade from 3.11.x to 3.11.1
          • Upgrade from 3.10.x to 3.11
          • Upgrade from 3.9.x to 3.10
          • Upgrade from 3.9.x to 3.9.5
          • Upgrading to OES 3.7
      • ISD 3.10
        • OpsMx Intelligent Software Delivery Platform
          • Overview
          • ISD Architecture
            • ISD Deployment Architecture
          • ISD Installation
            • ISD Installation Configuration
            • Helm Chart based installation - Detailed
            • ISD Installation on OpenShift
          • Life Cycle Management
          • OpsMx ISD Setup
            • Applications
              • Add Applications
              • Services and Pipelines
                • Overview
                • Add services and pipelines
                • Multiple services
              • Group Permissions
              • Edit Applications
              • Delete Application
            • Integrations
              • Available Integrations
            • Spinnaker Setup
            • Cloud Providers
              • Add new cloud provider account
              • Cloud provider account operations
            • OpsMx Agent
              • Agent Overview
              • Agent Installation
              • Agent Service Configuration
              • Agent Service Credentials
              • Agent Service Type
              • Deleting an Agent
        • Orchestration Module - OpsMx Enterprise for Spinnaker (OES)
          • Overview
            • Automated Workflows
            • Multi-cloud Deployments
            • Safe-Deployment strategies
            • Scalable & Extensible
          • Additional Feature Configuration
            • Configure Artifact Support
              • Overview
              • Google Cloud Storage
              • GitHub
              • GitHub Artifacts Spinnaker
              • GitLab
              • HTTP
            • Configure the Image Bakery
              • Overview
              • Google Compute Engine
            • Secure Spinnaker
              • Secure Spinnaker Installation
              • Authentication
                • Overview
                • SSL
                • Methods
                  • OAuth 2.0
                  • SAML
                  • LDAP
                  • X.509
              • Authorization
                • Overview
                • User Role Providers
                  • Google Group
                  • GitHub Teams
                  • LDAP
                  • SAML
                • Service Account
            • Setup Triggers
              • Google Cloud Pub/Sub
              • GitHub WebHook
            • Add CI System
              • Overview and Compatible List of CI Systems by Spinnaker
              • Steps to Configure CI Systems
                • Google Cloud Build
                • Jenkins
                • Travis CI
                • Wercker
            • Enable Monitoring
              • Overview
              • Steps to Setup Supported Monitoring Tools
                • Datadog
                • Promethues and Grafana
                • Promethues and Kubernetes
                • Stackdriver
            • Steps to Setup Canary Support
            • Additional Features Setup
              • Productionize Spinnaker
                • Overview
                • Configure Caching
                  • Configure Scaling
                    • Steps to Scale Orca
                    • Steps to Scale Clouddriver
                  • Configure Persistence
                    • Steps to Setup Set up Orca to use SQL
                  • Steps to Externalize Redis
                  • Steps to Configure Spinnaker’s Usage for Redis
              • Configure Notifications
                • Email
                • HipChat
                • Slack
                • SMS via Twilio
              • Configure User Data(Metadata)
            • Configure Script Stage
            • How to Setup Replication for Minio Storage Service on Openshift
        • Data and Intelligence Module - Autopilot
          • Overview
          • Installing Autopilot
          • Observability
            • Overview
            • Application Dashboard
            • Application Service View
          • Audit and Traceability
            • Overview
            • Application Audit
              • Pipeline Execution
              • Pipeline Changes
            • Policy Audit
          • Insights
            • Overview
            • Delivery Insights
            • Usage Insights
          • Informed Approval
            • Overview
            • JIRA
            • GIT
            • JENKINS
            • AUTOPILOT
            • SONARQUBE
          • Continuous Security
            • Overview
            • Security
            • Access Management
          • Continuous Compliance - Policy
            • Policy Management - Overview
            • Static Policies
            • Runtime Policies
          • Continuous Verification
            • Overview
            • Analysis Setup
              • Templates
                • Log Template
                • Metric Template
            • Log Analysis
              • Events & Clusters
              • Cardinality consideration of Error Events
              • Interpreting the cluster graph
              • Interpreting the score
              • Perceived Risk and Sensitivity
              • Canary Threshold Calibration
              • Contextual Clustering
              • Info-Cluster Scoring
            • Metric Analysis
            • Test Verification
              • Analyze Test runs
            • Scoring Algorithms
              • Canary Scoring
              • Definite Scoring
              • Comprehensive Scoring
              • Autonomous Scoring
            • Enable integration into CI/CD pipelines
              • Integrate with CI/CD
              • Integrate with Jenkins
              • Integrate with Spinnaker (ACA and Canary)
            • Report Details
            • Supervised Learning
      • Spinnaker
        • Spinnaker Concepts
        • Spinnaker Architecture
        • Spinnaker Installation
        • Spinnaker Application
        • Spinnaker Pipeline
        • Cloud & Storage Providers
        • Continuous Integration Providers
        • Trigger Support
        • Authentication and Authorization
        • Caching Agents
        • Configure Caching Agents
        • Configure Slack notifications
        • Integrate Jira with Spinnaker
        • Continuous Deployment to Kubernetes using GitHub triggered Spinnaker pipelines
        • Configure GitHub OAuth
        • Add CI System
          • Overview and Compatible List of CI Systems by Spinnaker
          • Steps to Configure CI Systems
            • Google Cloud Build
            • Jenkins
            • Travis CI
            • Wercker
    • Spinnaker Reference
      • Spinnaker Concepts
      • Spinnaker Architecture
      • Spinnaker Installation
        • Halyard Installation
        • Configure cloud provider
        • Choose your Environment
          • Local Git installation
        • Configure Storage Service
        • Deploy Spinnaker
      • Spinnaker Application
      • Spinnaker Pipeline
      • Cloud & Storage Providers
      • Continuous Integration Providers
      • Trigger Support
      • Authentication and Authorization
      • Caching Agents
      • Configure Caching Agents
      • Configure Slack notifications
      • Integrate Jira with Spinnaker
      • Continuous Deployment to Kubernetes using GitHub triggered Spinnaker pipelines
      • Configure GitHub OAuth
    • Troubleshooting
      • Troubleshooting ISD GitOps Installation Issues
    • Rollback Instructions
      • Revert the GitHub Commit
    • Database
      • Periodic Backup and Recovery of ISD DB
      • Periodic Cleanup of Historic Data in ISD Database
    • Upgrade
      • Upgrade to 2025.03.00
      • Upgrade to 2024.12.00
      • Upgrade to 2024.06.00
      • Upgrade 4.0.3.1 to 4.0.4.3
      • Upgrade from 4.0.4.1 to 4.0.4.2
      • Upgrade from 4.0.4 to 4.0.4.1
      • Upgrade from 4.0.3 to 4.0.4
      • Upgrade from 4.0.3 to 4.0.3.1
      • Upgrade from 4.0.2 to 4.0.3
      • Upgrade from 3.12.x to 4.0.3
        • Changes from 3.12 to 4.0.3 branch
      • Upgrade from 4.0.1 to 4.0.2
      • Upgrade from 3.12.x to 4.0.2
      • Upgrade from 3.12.x to 4.0
      • Upgrade from 3.11.x to 3.12.x
      • Upgrade from 3.11 to 3.11.x
      • Upgrade from 3.10.x to 3.11
      • Upgrade from 3.9.x to 3.10
      • Upgrade from 3.9.x to 3.9.5
      • Upgrading to OES 3.7
  • OpsMx Intelligent Software Delivery (ISD) Platform - Argo
    • Overview
    • Intelligent Software Delivery (ISD) for Argo
    • OpsMx Enterprise for Argo(OEA)
    • Getting Started
      • Platform Installation
      • Getting started with Automated Analysis
      • Automated Analysis User Guide
      • Trial Sandbox User Guide
    • Operator Manual
      • ISD-Argo Standard Installation
        • ISD-Argo Installation with Argo CD and Argo Rollouts
        • ISD-Argo Platform Standard Installation
        • Additional Argo Installation
      • Access Management
      • Configure Authentication Providers through ISD UI
      • Slack Interactive Notification
    • User Guide
      • Application Dashboard
      • Manage Application
        • Create Application
        • Edit Application
        • Sync Application
        • Deploy Application
        • Sync Application Status
        • History and Rollback
        • Refresh Application
        • Delete Application
      • Delivery Verification
        • OpsMx Provider Configmap
        • Templates
          • Create Log Template in ISD UI
          • Create Metric Template in ISD UI
          • Create Log Template in Git
          • Create Metric Template in Git
        • Analysis Template
        • Deployments
        • Analysis History
        • Log Analysis
        • Metric Analysis
        • Interval Analysis
        • Scoring Algorithms
          • Canary Scoring
          • Autonomous Scoring
          • Definite Scoring
          • Comprehensive Scoring
        • Argo Rollouts analysis with ISD and NewRelic
        • Argo Rollouts analysis with ISD and Prometheus
        • Argo Rollouts analysis with ISD and Stackdriver
        • Argo Rollouts analysis with ISD and Elasticsearch
        • Deployments
      • Integrations
        • Available Integrations
      • Notification
      • Argo CD Integration
        • Argo CD Integration with ISD
        • Mapping of host URL with agent-grpc service
      • Insights
      • Audit
        • Deployments Audit
        • System Audit
      • Opsmx Agent
        • Agent Overview
        • Agent Creation
        • Agent Configuration and Installation
        • Edit and Delete Agent
    • Release Notes
      • ISD 4.1 - Release Notes (ISD for Argo)
    • Additional Resources
      • Troubleshooting
        • Troubleshooting ISD Argo Installation Issues
        • Troubleshooting connectivity issues between Argo CD and ISD
      • Upgrade
        • Upgrade ISD-Argo with Argo CD and Argo Rollouts from v4.1.2 to v4.1.3
        • Upgrade ISD-Argo Platform from v4.1.2 to v4.1.3
        • Upgrade ISD-Argo with Argo CD and Argo Rollouts from v4.1.1 to v4.1.2
        • Upgrade ISD-Argo Platform from v4.1.1 to v4.1.2
        • Upgrade Additional Argo from v4.1.1 to v4.1.2
      • Configuration Changes
        • Configuration Changes for 2025.01.00
        • Configuration Changes for 2024.08.00
          • Configuration for System Audit
          • Configuration for Notification
        • Configuration Changes for 4.1.9
        • Configuration Changes for 4.1.8
        • Steps to Generate Token for Agent/Controller v5.x
        • SAML 2 Configuration
        • Controller and Agent Changes for 4.1.7
      • Configuring Application Synchronization (Refresh) Duration
      • Environment setup for ISD-Argo
      • Create API token in Argo CD
      • Create new account for Argo CD with API key and RBAC permissions
      • ISD agent-grpc external IP
      • Previous releases
        • Install Instructions: ISD-Argo v4.1.2
          • ISD-Argo Installation with Argo CD and Argo Rollouts
          • ISD-Argo Platform Standard Installation
          • Additional Argo Installation
        • ISD-Argo v4.1.1
          • Overview
          • Intelligent Software Delivery (ISD) for Argo
          • OpsMx Enterprise for Argo(OEA)
          • Getting Started
            • ISD-Argo Quick Installation
          • Operator Manual
            • Installation and Configuration
              • Installation via curl command
                • ISD-Argo Full Installation via curl command
                • Autopilot Installation via curl command
                • Worker OEA Installation via curl command
              • ISD-Argo Standard Installation
                • ISD-Argo Full Installation
                • ISD-Argo Rollouts Installation
                • Autopilot Installation
                • Worker OEA Installation
              • ISD-Argo On-Prem POV Infrastructure Requirements
              • ISD-Argo On-Prem Production Infrastructure Requirements
              • Environment setup for ISD-Argo
              • Mapping of host URL with agent-grpc service
            • Access Management
            • Slack Interactive Notification
          • User Guide
            • Application Dashboard
            • Manage Application
              • Create Application
              • Edit Application
              • Sync Application
              • Deploy Application
              • Sync Application Status
              • History and Rollback
              • Refresh Application
              • Delete Application
            • Delivery Verification
              • OpsMx Provider Configmap
              • Templates
                • Create Log Template in ISD UI
                • Create Metric Template in ISD UI
                • Create Log Template in Git
                • Create Metric Template in Git
              • Analysis Template
              • Analysis History
              • Log Analysis
              • Metric Analysis
              • Interval Analysis
              • Scoring Algorithms
                • Canary Scoring
                • Autonomous Scoring
                • Definite Scoring
                • Comprehensive Scoring
            • Integrations
              • Available Integrations
            • CD Integration
            • Insights
            • Deployments Audit
            • Opsmx Agent
              • Agent Overview
              • Agent Creation
              • Agent Configuration and Installation
              • Edit and Delete Agent
      • Best Practices for setting up Verification
      • Worker OEA Installation
  • OpsMx Delivery Shield Platform
    • Delivery Shield Overview
    • Getting Started
      • Delivery Shield Feature Overview
      • Installing Delivery Shield
      • Integration with Kubernetes Cluster
        • Integrating Kube Detector
        • Enable Deployment Firewall in Target Clusters
      • Integrating Registry in Delivery Shield
        • ACR
        • ECR
        • GCR
      • Integrating CI and CD tools in Delivery Shield
        • GitHub
        • GitLab
        • Bitbucket
        • Jenkins
        • ArgoCD
        • Spinnaker
        • Quay
        • Docker
        • Google Artifact Registry
        • JFrog Artifactory
        • Sysdig
      • Integrating Security Scanning tools in Delivery Shield
        • Grype
        • VirusTotal
        • Kubescape
        • Snyk
        • Trivy
        • Semgrep
        • Codacy
        • Sonarqube
        • ZAP
        • JFrog Xray
      • Integrating Cloud Service Providers in Delivery Shield
        • AWS
        • ScouteSuite
      • Integrating Other tools in Delivery Shield
        • ChatGPT
        • Slack
        • JIRA
        • MobSF
        • TFsec
        • Custom Policy Source
      • Support Matrix
    • User Guide
      • View Security Posture
        • Organization Security Posture
        • Application Security Posture
          • View Version History
          • Context Graph
        • View Open Security Issues
        • View Current Deployments
        • View Deployment History
      • Manage Policies
        • Global Policies
        • Application Policies
      • Vulnerability Management
      • License Scan
      • Artifact Security
        • Deployed Artifacts
        • Generated Artifacts
        • Plugin Artifacts
        • Mobile Artifacts
      • Global Risk Management
        • OSS Risk
        • Cloud Security
          • Compute
          • Network
          • Security
      • Adhoc Scan
      • Managing Audit
        • Exceptions
      • Deployment Firewall
      • Delivery Bill of Materials (DBOM)
      • Software Bill of Materials (SBOM)
      • Compare Environments using Smart Diff
      • Manage Teams and Access
      • Managing Clusters
      • Compliance Automation
        • NIST 800-53
        • FedRAMP
        • OpenSSF ScoreCard
        • OWASP Top 10 CI CD Security Risks
        • NSA CISA Top 10
        • MITRE-ATT&CK
        • CIS Benchmark Kubernetes
      • AI Powered Features
        • Rules Genie
        • Security Issues Genie
    • Release Notes
    • Additional Resources
      • Whitelisting API Calls for Self-Hosted Delivery Shield
Powered by GitBook
On this page
  • Prerequisites
  • Autopilot Installation Steps
  • Integrate Autopilot with Open Source Spinnaker

Was this helpful?

  1. Additional Resources
  2. Previous releases
  3. ISD 3.12
  4. Data and Intelligence Module - Autopilot

Installing Autopilot

PreviousOverviewNextObservability

Last updated 3 years ago

Was this helpful?

If you are already using Open Source Spinnaker, then Autopilot can get seamlessly integrated with your Open Source Spinnaker and you get the all the benefits of Autopilot product. The following section defines the procedure for installing Autopilot as a standalone module to work with Open Source Spinnaker.

If you are installing Autopilot along with ISD, then refer the detailed installation procedure .

Refer the below installation procedure only if you are installing Autopilot as an independent module and want to integrate it with Open Source Spinnaker

Prerequisites

  1. Have access to public repositories in docker.io and quay.io

  2. Have the following tools installed - wget, kubectl, helm

  3. Have access to a Kubernetes cluster with at least 2 nodes, each node having 8 CPU and 32 GB RAM

  4. Have the NGINX Ingress Controller installed in the cluster. If it is not already installation, then you can install the same using the following instructions

    $ kubectl create ns ingress-nginx

    $ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx

    $ helm repo update

    $ helm install ingress-nginx ingress-nginx/ingress-nginx -n ingress-nginx

    $ kubectl get svc -n ingress-nginx

  5. Have “cert-manager” already available in the cluster. If it is not already available, then you can install it using the following instructions

    $ kubectl create namespace cert-manager

    $ helm repo add jetstack https://charts.jetstack.io

    $ helm repo update

    $ helm install cert-manager jetstack/cert-manager --set installCRDs=true -n cert-manager

  6. In the Kubernetes cluster, have 3 Persistent Volumes of size 10GB each

  7. Two DNS records pointing to the IP of the Ingress Controller for the following:

    • “Autopilot UI”, Eg. autopilot.opsmx.net

    • “Autopilot Gate”, Eg. autopilot-gate.opsmx.net

Autopilot Installation Steps

Following are the steps to install Autopilot.

  1. Download yaml file from the Enterprise Spinnaker repository in the GitHub

  2. Update Autopilot UI and Autopilot Gate entries

    #Autopilot UI URL configuration

    oesUI:

    host: << AUTOPILOT UI URL Example autopilot.opsmx.net >>

    #Autopilot Gate URL configuration

    oesGate:

    host: << AUTOPILOT GATE URL Example autopilot-gate.opsmx.net >>

  3. Update Spinnaker Deck URL in dashboard section of values-APforOSS.yaml

    #Dashboard Service

    dashboard:

    config:

    spinnakerLink: <<SPINNAKER DECK URL Example spinaker.opsmx.net>>

  4. Authentication:

    • Using LDAP

      Make changes in the ldap section in values-APforOSS.yaml

      #ldap configuration used in oes-gate, oes-platform and spinnaker gate for authentication and authorization

      #Change the below settings based on your LDAP server

      Ldap:

      enabled: true

      url: << LDAP URL: Example: ldaps://xxx.opsmx.com:636 >>

      managerDn: cn=manager,dc=opsmx,dc=com

      managerPassword: manager123

      groupSearchBase: ou=groups,dc=opsmx,dc=com

      groupSearchFilter: member={0}

      groupRoleAttributes: cn

      userDnPattern: uid={0},ou=users,dc=opsmx,dc=com

      Note:

      managerDn: The Distinguished Name (DN) used to log into the Directory Service and to search for user accounts.

      manager-password: The password for the manager account specified in the managerDn property.

      groupSearchBase: The DN of the LDAP object where the search for the user account's groups begins.

      groupSearchFilter: The LDAP query string used to find the user account's group objects. The default is “(member={0})”. (In some LDAP implementations the name is memberof.). The {0} is a required value. It is a token that represents the user account that is being validated

      groupRoleAttributes: The field name to use as the Security role name for the group object DN

      userDnPattern: The field name to tell the authenticator how to find a user in LDAP

    • Using SAML 2.0

      Make changes in the saml section in values-APforOSS.yaml

      saml:

      enabled: true

      userSource: gate # Groups will be obtained from SAML

      keyStore: /opt/spinnaker/saml/oessaml.jks # The key in this secret must be oessamljks

      keyStorePassword: changeit

      keyStoreAliasName: saml

      metadataUrl: /opt/spinnaker/saml/oesmetadata.xml # The key in this secret must be oesmetadataxml

      redirectProtocol: https

      redirectHostname: << AUTOPILOT GATE URL Example autopilot-gate.opsmx.net >>

      redirectBasePath: /

      issuerId: << Unique Issuer Id Example opsmx.test >>

      jksSecretName: oessamljks

      metadataSecretName: oesmetadataxml

    • Using OAuth 2.0

      Autopilot supports OAuth 2.0 for authentication with GitHub organizations. Consult the GitHub OAuth 2.0 documentation and register a new OAuth 2.0 application to obtain a client ID and client secret. Make changes in the oauth2 section in values-APforOSS.yaml

      oauth2:

      enabled: true

      client:

      clientId: #CLIENT_ID

      clientSecret: #CLIENT_SECRET_ID

      accessTokenUri: https://github.com/login/oauth/access_token

      userAuthorizationUri: https://github.com/login/oauth/authorize

      scope: user-email

      resource:

      userInfoUri: https://api.github.com/user

      userInfoMapping:

      email: email

      firstName: firstname

      lastName: name

      username: login

      provider: GITHUB

  5. Specify the user groups from the authentication system; these groups will have Super Administrator privileges in Autopilot. Specify userSource for the specific authorization type.

    platform:

    config:

    #These groups will have superAdmin privileges in Autopilot adminGroups: admin

    #Source of groups for Authorization

    #Support sources: LDAP, FILE, GATE. In general, use "gate" for SAML

    userSource: ldap

  6. Specify Spinnaker Gate URL. When the Authentication type is X509, set the corresponding flag to true.

    sapor:

    config:

    spinnakerImages: OSS

    spinnaker:

    #true if authentication is enabled in Spinnaker authnEnabled: true

    #encryption key is needed for sapor to startup

    encrupt:

    enabled:false

  7. Add opsmx helm chart using the command

    $ helm repo add opsmx https://helmcharts.opsmx.com/

    $ helm repo update

    Create a namespace for installing Autopilot

    $ kubectl create namespace autopilot

    Begin the installation using the following command

    $ helm install myautopilot opsmx/oes -f values-APforOSS.yaml -n autopilot --timeout 60m

  8. Run the following command to get the URLs

    $kubectl get ingress -n autopilot

    IP addresses should be linked to URLs in the DNS server

Integrate Autopilot with Open Source Spinnaker

After installing Autopilot, there are few changes in your Open Source Spinnaker configuration to integrate it with Autopilot. Following are the changes:

  1. Before editing yaml files in Spinnaker, first ensure their persistence. If they are not persistent already, follow these steps.

    Example:

    $ kubectl edit cm ossspin-spinnaker-halyard-init-script

    Where ossspin is the name of the spinnaker instance. Change it as per your instance name. The following lines need to be commented out, followed by save.

    # rm -rf /tmp/spinnaker/.hal/default/service-settings

    # cp /tmp/service-settings/*/tmp/spinnaker/.hal/default/service-settings

    # rm -rf /tmp/spinnaker/.hal/default/profiles

    # cp /tmp/additionalProfileConfigMaps/*/tmp/spinnaker/.hal/default/profiles/

  2. Enable echo events in OSS Spinnaker. Get a shell to the Spinnaker halyard pod.

    Example:

    kubectl exec -it oes-spinnaker-halyard-0 -n oss-spin -- /bin/bash

    Go to location: ~/.hal/default/profiles edit the file echo-local.yml;

    Create a new file if not available

    $ vi echo-local.yml

    Update/Add the following lines, with the correct "Autopilot Gate" URL.

    rest:

    enabled: true

    endpoints:

    -

    wrap: false

    url: << AUTOPILOT GATE URL

    Example https://autopilot-gate.opsmx.net >>/auditservice/v1/echo/events/data

    -

    wrap: false

    url: << AUTOPILOT GATE URL

    Example https://autopilot-gate.opsmx.net >>/oes/echo

  3. Enable Custom Plugins in Spinnaker. Get a shell to the Spinnaker halyard pod.

    Example:

    $kubectl exec -it spinnaker-halyard-0 -n oss-spin -- /bin/bash

    Go to location: ~/.hal/default/profiles

    $ cd ~/.hal/default/profiles

    Edit the file orca-local.yml (create a new file if not available)

    $ vi orca-local.yml

    Update/Add the following lines

    spinnaker:

    extensibility:

    plugins:

    Opsmx.VerificationGatePlugin:

    enabled: true

    version: 1.0.1

    config:

    Opsmx.VisibilityApprovalPlugin:

    enabled: true

    version: 1.0.1

    config:

    Opsmx.TestVerificationGatePlugin:

    enabled: true

    version: 1.0.1

    config:

    Opsmx.PolicyGatePlugin:

    enabled: true

    version: 1.0.1

    config:

    repositories:

    opsmx-repo:

    id: opsmx-repo

    Edit the file gate-local.yml (create a new file if not available)

    $ vi gate-local.yml

    Update/add the following lines

    spinnaker:

    extensibility:

    plugins:

    deck-proxy:

    enabled: true

    plugins:

    Opsmx.VerificationGatePlugin:

    enabled: true

    version: 1.0.1

    Opsmx.TestVerificationGatePlugin:

    enabled: true

    version: 1.0.1

    Opsmx.PolicyGatePlugin:

    enabled: true

    version: 1.0.1

    Opsmx.VisibilityApprovalPlugin:

    enabled: true

    version: 1.0.1

    plugins-root-path: /opt/gate/plugins

    repositories:

    opsmx-repo:

    url: https://raw.githubusercontent.com/OpsMx/spinnakerPluginRepository/v3.10.0/plugins.json

    Edit the file front50-local.yml (create a new file if not available)

    $ vi front50-local.yml

    Update/add the following lines

    spinnaker:

    extensibility:

    plugins:

    Opsmx.StaticPolicyPlugin:

    enabled: true

    version: "1.0.1"

    config: null

    repositories:

    opsmx-repo:

    id: "opsmx-repo"

    url: "https://raw.githubusercontent.com/OpsMx/spinnakerPluginRepository/v3.10.0.staticpolicy/plugins.json"

    policy:

    opa:

    enabled: true

    url: << AUTOPILOT GATE URL Example https://autopilot-gate.opsmx.net >>

  4. Run Hal deploy apply command to reflect the changes

    $ hal deploy apply

  5. Configure Spinnaker in Autopilot UI Once Spinnaker and OES are installed successfully, we need to configure Spinnaker in Autopilot UI.

    Navigate to Setup → Spinnaker → Add Spinnaker.

    The following fields need to be provided:

    • Spinnaker Name: User defined name of Spinnaker Instance

    • Spinnaker Gate URL: The Gate URL of the Spinnaker instance

    • Authentication Type: Mechanism with which Autopilot communicates to Spinnaker.

    • Mention, LDAP, for Basic Authentication (username with password) or X509, for 2 Factor Authentication systems.

    Using the LDAP Mechanism

    Provide the username and password of the user who has the access to all the pipelines in the encrypted base64 format using this command,

    echo -ne “username:password” | base64 -w0

    Using the x509 Mechanism

    • For Autopilot to communicate with Spinnaker using x509, we need a client p12 key.

    • Using the client.p12 key and password, we can configure Autopilot to communicate with Spinnaker on the x509 port.

    • Assuming that we have client tls certificate and key, we can generate a p12 using the following command,

    $ openssl pkcs12 -export -clcerts -in x509lb.crt -inkey x509lb.key -out x509lb.p12 -name gate509lb -password pass:changeit

$ wget

url:

To Enable x509 method of Authentication for Spinnaker, please refer to the steps in

here
https://raw.githubusercontent.com/OpsMx/enterprise-spinnaker/oes3.10/charts/oes/values-APforOSS.yaml
https://raw.githubusercontent.com/OpsMx/spinnakerPluginRepository/v3.10.0/plugins.json
https://spinnaker.io/setup/security/authentication/x509/