Skip to content

Installation

Prerequisites and Guidelines

  • Installation into dedicated kubernetes cluster or namespace is recommended to limit access to Kriten resources for administrators only:
  • No other workloads beside Kriten running in cluster/namespace.
  • Kubernetes and Helm access restricted to cluster/namespace for administrators only.
  • Kubernetes 1.21+
  • Helm v3+

Helm install

The Chart can be installed by adding the helm repo to your system.

Kriten can be installed along with local PostgreSQL database (recommended for Dev and UAT environments) or with external PostgreSQL database (recommended for production use).

Kriten supports local authenticator and Microsoft AD authenticator at same time. If no Microsoft AD authenticator enabled and configured, only local authentication will take place.

Helm install with values.yaml modified for target configuration:

Add helm repo

helm repo add kriten https://kriten-io.github.io/kriten-charts/
helm repo update

Copy values.yaml (if necessary) and edit myvalues.yaml

helm show values kriten/kriten > myvalues.yaml

Install

helm install -f myvalues.yaml kriten kriten/kriten -n kriten --create-namespace

or

helm install kriten kriten/kriten -n kriten --create-namespace

MacBook Install

Install kubectl: Install and Set Up kubectl on macOS

Install Helm: Installing Helm

Install Docker Desktop: Install Docker Desktop on Mac

In Docker Desktop settings, enable Kubernetes from the settings page.

When Docker Desktop has restarted, you should have a config file in $HOME/.kube Check that you have the docker-desktop context and switch to it, and check kubectl is working:

kubectl config get-contexts
kubectl config use-context docker-desktop
Switched to context "docker-desktop".

kubectl get nodes
NAME             STATUS   ROLES           AGE    VERSION
docker-desktop   Ready    control-plane   7m4s   v1.32.2

Add the Kriten helm repo:

helm repo add kriten https://kriten-io.github.io/kriten-charts/
helm repo update

Add nodeports:

kubectl apply -n kriten -f - <<EOF
apiVersion: v1
kind: Service
metadata:  
  name: kriten-nodeport
spec:
  selector:    
    app: kriten
  type: NodePort
  ports:  
  - name: http
    port: 80
    targetPort: 8080
    nodePort: 30040
---
apiVersion: v1
kind: Service
metadata:  
  name: kriten-frontend-nodeport
spec:
  selector:    
    app: kriten-frontend
  type: NodePort
  ports:  
  - name: http
    port: 80
    targetPort: 80
    nodePort: 30050
EOF

Set an environment variable to the IP address of your macbook:

export IP_ADDRESS=<your_ip_address>

Use helm to install Kriten and the frontend:

helm install kriten kriten/kriten -n kriten \
--set frontend.enabled=true \
--set frontend.backendAddress=$IP_ADDRESS':30040'  \
--set frontend.image.repository=kubecodeio/kriten-frontend \
--set frontend.image.tag="latest" \
--namespace kriten --create-namespace

You should now be able to connect to the Kriten API:

curl -c ./token.txt -X POST 'http://'$IP_ADDRESS':30040/api/v1/login' \
--header 'Content-Type: application/json' \
--data '{
  "username": "root",
  "password": "root",
  "provider": "local"
}' 

Which returns a token:

{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InJvb3QiLCJ1c2VyX2lkIjoiODJkOTg4NGItZmIxZC00MmQ4LTgxM2MtZTJlYjY1ZDllYmMzIiwicHJvdmlkZXIiOiJsb2NhbCIsImV4cCI6MTc0MTQ1OTkwMn0.zerwoMCIYHM4qE5k3h2rw9chwtWhrr2568zh2_1x5SY"}

Browse to "http://"$IP_ADDRESS":30050".

Helm Chart Parameters

Parameter Description Default
ingress.enabled Ingress configuration enabled false
ingress.className Ingress class name "nginx"
ingress.hosts[0].host Ingress host name "example.com"
frontend.enabled Set to true to install GUI false
frontend.backendAddress URL for the backend ingress "example.com"
replicaCount Number of desired Kriten pods 1
image.repository Kriten Docker image repository "kubecodeio/kriten"
image.tag Kriten Docker image tag "latest"
image.pullPolicy Pull policy for Kriten Docker image "IfNotPresent"
imagePullSecrets Kubernetes secrets to pull container images from private repository ["name": "dockerhub]
name Kriten deployment name "kriten"
namespace Namespace for Kriten "kriten"
serviceAccount.create Specifies whether a service account should be created for Kriten true
serviceAccount.annotations Annotations to add to the service account {}
serviceAccount.name The name of the service account to use, if not set and create true, a name is generated using the fullname template ""
service.type Kriten k8s service type ClusterIP
service.port Kriten k8s service port 80
ldap.enabled LDAP/AD authenticator enabled false
ldap.binUser LDAP/AD bind account name ""
ldap.bindPass LDAP/AD bind account password ""
ldap.fqdn LDAP/AD service IP or FQDN ""
ldap.port LDAP/AD access TCP port (389 or 639 for TLS) 389
ldap.baseDN LDAP/AD base DN ""
jwt.key Private key or secret to sign issued JWT ""
jwt.expiry_seconds JWT expiry in seconds 3600
postgresql.install PostgreSQL installed as part of Kriten installation if set to true, or use external if false true
postgresql.host PostgreSQL Host for internal or external depending on postgresql.install parameter "kriten-community-postgresql"
postgresql.port PostgreSQL TCP port 5432
postgresql.image.registry PostgreSQL Docker image registry docker.io
postgresql.image.repository PostgreSQL Docker image repository bitnami/postgresql
postgresql.image.tag PostgreSQL image tag "16"
postgresql.auth.username PostgreSQL username kriten
postgresql.auth.password PostgreSQL password kriten
postgresql.auth.database PostgreSQL database name kriten
postgresql.persistence.enabled PostgreSQL database persistnce storage enabled true