Kubernetes

PreviousDocker NextSet Up Kubernetes Cluster on AWS EKS

Last updated 21 days ago

Kubernetes

This guide explains how to install Nected on a Kubernetes cluster using official Helm charts. This method is suitable for staging and production environments that require high availability, scalability, and better operational control.

Pre-requisites:

These requirements are specific to deploying Nected on a Kubernetes cluster using Helm.

Kubernetes Cluster

Ensure you have a functional Kubernetes cluster set up. You can use:

(dev/test only)
(dev/test only)

Cluster access should be available via the kubectl CLI.

Required Packages

Install and configure the following packages:

kubectl – matches your Kubernetes cluster version.
Helm – version v3.x or later.

Domain Setup and Ingress Configuration

Configure four fully qualified domain names (FQDNs) pointing to your ingress controller:

Service

Values Placeholder

Example Domain

UI (Konark)

<<ui-domain>>

app.example.com

Editor

<<editor-domain>>

editor.example.com

Backend API (Nalanda)

<<backend-domain>>

api.example.com

Router (Vidhaan)

<<router-domain>>

router.example.com

Update your DNS provider (e.g., Cloudflare, Route53) to point these domains to your ingress controller’s external IP.

System Specifications

Resource

Minimum (Dev/Test)

Recommended (Prod)

CPU

4 cores

8+ cores

RAM

8 GB

16+ GB

Storage

30 GB

100 GB (SSD/NVMe)

Databases and Caching Services

Proper configuration of these services is required for Nected functionality:

Service

Mandatory

Purpose

Configuration

PostgreSQL

✔️

Stores rules, workflows, metadata

Configure user, password, host, port, database name, connection pooling

Redis

✔️

Caching and internal state management

Configure host, port, TLS if needed; additional Redis clusters if required

Elasticsearch / OpenSearch

Optional

Stores audit and execution logs

Configure ELASTIC_PROVIDER as managed or opensearch in nected-values.yaml

For Dev Environments: Use Nected’s datastore chart if you don’t have PostgreSQL, Redis, or Elasticsearch installed:

Install chart: helm upgrade -i datastore nected/datastore -f datastore-values.yaml

🛠️ Installation Steps

Follow these installation steps to deploy Nected over Kubernetes Cluster:

📦 Add Helm Repo

helm repo add nected <https://nected.github.io/helm-charts>

📄 Download Sample Values Files

🌐 Configure Scheme and Domains

In nected-values.yaml, replace the following placeholders:

Values Placeholder

Replace With

<<scheme>>

http or https

<<ui-domain>>

app.xyz.com

<<editor-domain>>

editor.xyz.com

<<backend-domain>>

api.xyz.com

<<router-domain>>

router.xyz.com

🗄️ Configure PostgreSQL

In temporal-values.yaml:

NECTED_PG_HOST: &pgHost datastore-postgresql
NECTED_PG_USER: &pgUser nected
NECTED_PG_PASSWORD: &pgPassword psqlPass123
NECTED_PG_PORT: &pgPort 5432
NECTED_PG_TLS_ENABLED: &pgTlsEnabled false
NECTED_PG_HOST_VERIFICATIO: &pgHostVerification false

In nected-values.yaml:

NECTED_PG_HOST: &pgHost datastore-postgresql
NECTED_PG_DATABASE: &pgDatabase nected
NECTED_PG_USER: &pgUser nected
NECTED_PG_PASSWORD: &pgPassword psqlPass123
NECTED_PG_PORT: &pgPort "5432"
NECTED_PG_SSL_MODE: &pgSslMode disable

Notes: No changes required if using the Nected-provided datastore.

🧠 Configure Redis

In nected-values.yaml:

NECTED_REDIS_TLS_ENABLED: &redisTlsEnabled "false"
NECTED_REDIS_INSECURE_TLS: &redisInsecureTls "true"
NECTED_REDIS_HOST_PORT: &redisHostPort datastore-redis-master:6379
NECTED_REDIS_HOST: &redisHost datastore-redis-master
NECTED_REDIS_PORT: &redisPort "6379"
NECTED_REDIS_USERNAME: &redisUser ""
NECTED_REDIS_PASSWORD: &redisPassword ""

Notes: No changes required if using the Nected-provided datastore.

🔍 Configure Elasticsearch / OpenSearch

In nected-values.yaml:

NECTED_ELASTIC_ENABLED: &elasticEnabled "true"
# possible values: managed / opensearch
NECTED_ELASTIC_PROVIDER: &elasticProvider managed
NECTED_ELASTIC_HOSTS: &elasticHost <http://elasticsearch-master:9200>
NECTED_ELASTIC_INSECURE_TLS: &elasticInsecureTls "true"
NECTED_ELASTIC_API_KEY: &elasticAPiKey ""
NECTED_ELASTIC_USER: &elasticUser elastic
NECTED_ELASTIC_PASSWORD: &elasticPassword esPass123

Optional: To disable audit logging:

NECTED_ELASTIC_ENABLED: &elasticEnabled "false"

Notes: No changes required if using the Nected-provided datastore.

🔐 Enable Credential Encryption at Rest

Generate a private key and create a Kubernetes secret:

openssl genrsa -f4 -out encryption-at-rest 4096
kubectl create secret generic encryption-at-rest-secret --from-file encryption-at-rest

In nected-values.yaml, uncomment the existingSecretMap block to use the secret.

Install Nected Services

Install Temporal:

helm upgrade -i temporal nected/temporal -f values/temporal-values.yaml

Install Nected:

helm upgrade -i nected nected/nected -f values/nected-values.yaml

Access the Application

Visit the application via your configured <<ui-domain>>. Log in using the default credentials defined in nected-values.yaml:

NECTED_USER_EMAIL: dev@nected.ai
NECTED_USER_PASSWORD: devPass123

Post-installation configuration

Once you have completed the installation process, consider performing the tasks below to configure and manage your Nected instance, enhancing its security and performance, specifically if it's intended for production use.

PreviousDocker NextSet Up Kubernetes Cluster on AWS EKS

Last updated 21 days ago

Pre-requisites:

These requirements are specific to deploying Nected on a Kubernetes cluster using Helm.

Kubernetes Cluster

Ensure you have a functional Kubernetes cluster set up. You can use:

(dev/test only)
(dev/test only)

Cluster access should be available via the kubectl CLI.

Required Packages

Install and configure the following packages:

kubectl – matches your Kubernetes cluster version.
Helm – version v3.x or later.

Domain Setup and Ingress Configuration

Configure four fully qualified domain names (FQDNs) pointing to your ingress controller:

Service

Values Placeholder

Example Domain

UI (Konark)

<<ui-domain>>

app.example.com

Editor

<<editor-domain>>

editor.example.com

Backend API (Nalanda)

<<backend-domain>>

api.example.com

Router (Vidhaan)

<<router-domain>>

router.example.com

Update your DNS provider (e.g., Cloudflare, Route53) to point these domains to your ingress controller’s external IP.

System Specifications

Resource

Minimum (Dev/Test)

Recommended (Prod)

CPU

4 cores

8+ cores

RAM

8 GB

16+ GB

Storage

30 GB

100 GB (SSD/NVMe)

Databases and Caching Services

Proper configuration of these services is required for Nected functionality:

Service

Mandatory

Purpose

Configuration

PostgreSQL

✔️

Stores rules, workflows, metadata

Configure user, password, host, port, database name, connection pooling

Redis

✔️

Caching and internal state management

Configure host, port, TLS if needed; additional Redis clusters if required

Elasticsearch / OpenSearch

Optional

Stores audit and execution logs

Configure ELASTIC_PROVIDER as managed or opensearch in nected-values.yaml

For Dev Environments: Use Nected’s datastore chart if you don’t have PostgreSQL, Redis, or Elasticsearch installed:

Install chart: helm upgrade -i datastore nected/datastore -f datastore-values.yaml

🛠️ Installation Steps

Follow these installation steps to deploy Nected over Kubernetes Cluster:

📦 Add Helm Repo

helm repo add nected <https://nected.github.io/helm-charts>

📄 Download Sample Values Files

🌐 Configure Scheme and Domains

In nected-values.yaml, replace the following placeholders:

Values Placeholder

Replace With

<<scheme>>

http or https

<<ui-domain>>

app.xyz.com

<<editor-domain>>

editor.xyz.com

<<backend-domain>>

api.xyz.com

<<router-domain>>

router.xyz.com

🗄️ Configure PostgreSQL

In temporal-values.yaml:

NECTED_PG_HOST: &pgHost datastore-postgresql
NECTED_PG_USER: &pgUser nected
NECTED_PG_PASSWORD: &pgPassword psqlPass123
NECTED_PG_PORT: &pgPort 5432
NECTED_PG_TLS_ENABLED: &pgTlsEnabled false
NECTED_PG_HOST_VERIFICATIO: &pgHostVerification false

In nected-values.yaml:

NECTED_PG_HOST: &pgHost datastore-postgresql
NECTED_PG_DATABASE: &pgDatabase nected
NECTED_PG_USER: &pgUser nected
NECTED_PG_PASSWORD: &pgPassword psqlPass123
NECTED_PG_PORT: &pgPort "5432"
NECTED_PG_SSL_MODE: &pgSslMode disable

Notes: No changes required if using the Nected-provided datastore.

🧠 Configure Redis

In nected-values.yaml:

NECTED_REDIS_TLS_ENABLED: &redisTlsEnabled "false"
NECTED_REDIS_INSECURE_TLS: &redisInsecureTls "true"
NECTED_REDIS_HOST_PORT: &redisHostPort datastore-redis-master:6379
NECTED_REDIS_HOST: &redisHost datastore-redis-master
NECTED_REDIS_PORT: &redisPort "6379"
NECTED_REDIS_USERNAME: &redisUser ""
NECTED_REDIS_PASSWORD: &redisPassword ""

Notes: No changes required if using the Nected-provided datastore.

🔍 Configure Elasticsearch / OpenSearch

In nected-values.yaml:

NECTED_ELASTIC_ENABLED: &elasticEnabled "true"
# possible values: managed / opensearch
NECTED_ELASTIC_PROVIDER: &elasticProvider managed
NECTED_ELASTIC_HOSTS: &elasticHost <http://elasticsearch-master:9200>
NECTED_ELASTIC_INSECURE_TLS: &elasticInsecureTls "true"
NECTED_ELASTIC_API_KEY: &elasticAPiKey ""
NECTED_ELASTIC_USER: &elasticUser elastic
NECTED_ELASTIC_PASSWORD: &elasticPassword esPass123

Optional: To disable audit logging:

NECTED_ELASTIC_ENABLED: &elasticEnabled "false"

Notes: No changes required if using the Nected-provided datastore.

🔐 Enable Credential Encryption at Rest

Generate a private key and create a Kubernetes secret:

openssl genrsa -f4 -out encryption-at-rest 4096
kubectl create secret generic encryption-at-rest-secret --from-file encryption-at-rest

In nected-values.yaml, uncomment the existingSecretMap block to use the secret.

Install Nected Services

Install Temporal:

helm upgrade -i temporal nected/temporal -f values/temporal-values.yaml

Install Nected:

helm upgrade -i nected nected/nected -f values/nected-values.yaml

Access the Application

Visit the application via your configured <<ui-domain>>. Log in using the default credentials defined in nected-values.yaml:

NECTED_USER_EMAIL: dev@nected.ai
NECTED_USER_PASSWORD: devPass123