# Kubernetes This guide explains how to install Nected on a Kubernetes cluster using official Helm charts. This method is suitable for staging and production environments that require high availability, scalability, and better operational control. ## Pre-requisites: These requirements are specific to deploying Nected on a Kubernetes cluster using Helm. #### Kubernetes Cluster Ensure you have a functional Kubernetes cluster set up. You can use: * [AWS EKS](https://docs.nected.ai/nected-docs/self-hosting/new-installation/kubernetes/set-up-kubernetes-cluster-on-aws-eks) * [Azure AKS](https://learn.microsoft.com/en-us/azure/aks/learn/quick-kubernetes-deploy-cli) * [GKE](https://cloud.google.com/kubernetes-engine/enterprise/docs/setup/overview) * [Minikube](https://minikube.sigs.k8s.io/) (dev/test only) * [Kind](https://kind.sigs.k8s.io/) (dev/test only) Cluster access should be available via the `kubectl` CLI. #### Required Packages Install and configure the following packages: * **kubectl** – matches your Kubernetes cluster version. * **Helm** – version v3.x or later. #### Domain Setup and Ingress Configuration Configure three fully qualified domain names (FQDNs) pointing to your ingress controller: | Service | Values Placeholder | Example Domain | | --------------------- | -------------------- | -------------------- | | UI (Konark) | `<>` | `app.example.com` | | Backend API (Nalanda) | `<>` | `api.example.com` | | Router (Vidhaan) | `<>` | `router.example.com` | Update your DNS provider (e.g., Cloudflare, Route53) to point these domains to your ingress controller’s external IP. #### System Specifications | Resource | Minimum (Dev/Test) | Recommended (Prod) | | -------- | ------------------ | ------------------ | | CPU | 4 cores | 8+ cores | | RAM | 8 GB | 16+ GB | | Storage | 30 GB | 100 GB (SSD/NVMe) | #### Databases and Caching Services Proper configuration of these services is required for Nected functionality: | Service | Mandatory | Purpose | Configuration | | -------------------------- | --------- | ------------------------------------- | --------------------------------------------------------------------------------- | | PostgreSQL | ✔️ | Stores rules, workflows, metadata | Configure user, password, host, port, database name, connection pooling | | Redis | ✔️ | Caching and internal state management | Configure host, port, TLS if needed; additional Redis clusters if required | | Elasticsearch / OpenSearch | Optional | Stores audit and execution logs | Configure `ELASTIC_PROVIDER` as `managed` or `opensearch` in `nected-values.yaml` | {% hint style="success" %} **For Dev Environments:** \ Use Nected’s datastore chart if you don’t have PostgreSQL, Redis, or Elasticsearch installed: * [Datastore values](https://charts.nected.io/values/datastore-values.yaml) * Install chart: `helm upgrade -i datastore nected/datastore -f datastore-values.yaml` {% endhint %} ### 🛠️ Installation Steps Follow these installation steps to deploy Nected over Kubernetes Cluster: #### 📦 Add Helm Repo ``` helm repo add nected ``` #### 📄 Download Sample Values Files * [Temporal values](https://charts.nected.io/values/temporal-values.yaml) * [Nected values](https://charts.nected.io/values/nected-values.yaml) #### 🌐 Configure Scheme and Domains In `nected-values.yaml`, replace the following placeholders: | Values Placeholder | Replace With | | -------------------- | ----------------- | | `<>` | `http` or `https` | | `<>` | `app.xyz.com` | | `<>` | `api.xyz.com` | | `<>` | `router.xyz.com` | #### 🔐 Configure default user credentials In `nected-values.yaml`: ``` NECTED_UI_USER_NAME: &uiUserName dev@nected.ai NECTED_UI_USER_PASSWORD: &uiUserPassword devPass123 ``` #### 🗄️ Configure PostgreSQL 1. In `temporal-values.yaml`: ``` NECTED_PG_HOST: &pgHost datastore-postgresql NECTED_PG_USER: &pgUser nected NECTED_PG_PASSWORD: &pgPassword psqlPass123 NECTED_PG_PORT: &pgPort 5432 NECTED_PG_TLS_ENABLED: &pgTlsEnabled false NECTED_PG_HOST_VERIFICATIO: &pgHostVerification false ``` 2. In `nected-values.yaml`: ``` NECTED_PG_HOST: &pgHost datastore-postgresql NECTED_PG_DATABASE: &pgDatabase nected NECTED_PG_USER: &pgUser nected NECTED_PG_PASSWORD: &pgPassword psqlPass123 NECTED_PG_PORT: &pgPort "5432" NECTED_PG_SSL_MODE: &pgSslMode disable ``` **Azure PostgreSQL Flexible Server** 1. Go to the Azure Portal, Navigate to your PostgreSQL Flexible Server instance. 2. Open “Server Parameters”, In the left-side menu under Settings, click “Server Parameters”. 3. Find the azure.extensions parameter, Search for azure.extensions using the search bar. 4. Add btree\_gin to the list, If btree\_gin is not already listed, append it to the existing list. Example: hstore,pg\_trgm,btree\_gin 5. Click Save, This change will not restart the server—it takes effect immediately. Create the Extension in Your Database. 6. After enabling it in parameters:
``` CREATE EXTENSION IF NOT EXISTS btree_gin; ``` {% hint style="info" %} **Notes**: No changes required if using the Nected-provided datastore. {% endhint %} #### 🧠 Configure Redis In `nected-values.yaml`: ``` NECTED_REDIS_TLS_ENABLED: &redisTlsEnabled "false" NECTED_REDIS_INSECURE_TLS: &redisInsecureTls "true" NECTED_REDIS_HOST_PORT: &redisHostPort datastore-redis-master:6379 NECTED_REDIS_HOST: &redisHost datastore-redis-master NECTED_REDIS_PORT: &redisPort "6379" NECTED_REDIS_USERNAME: &redisUser "" NECTED_REDIS_PASSWORD: &redisPassword "" ``` **Notes**: No changes required if using the Nected-provided datastore. #### 🔍 Configure Elasticsearch / OpenSearch In `nected-values.yaml`: ``` NECTED_ELASTIC_ENABLED: &elasticEnabled "true" # possible values: managed / opensearch NECTED_ELASTIC_PROVIDER: &elasticProvider managed NECTED_ELASTIC_HOSTS: &elasticHost NECTED_ELASTIC_INSECURE_TLS: &elasticInsecureTls "true" NECTED_ELASTIC_API_KEY: &elasticAPiKey "" NECTED_ELASTIC_USER: &elasticUser elastic NECTED_ELASTIC_PASSWORD: &elasticPassword esPass123 ``` **Optional**: To disable audit logging: ``` NECTED_ELASTIC_ENABLED: &elasticEnabled "false" ``` **Notes**: No changes required if using the Nected-provided datastore. {% hint style="warning" %} The step below, "**Enable Credential Encryption at Rest",** is now **deprecated**. And users don't have to perform this step. As the **helm-chart** will auto-create the `encryption-at-rest-secret` secret, which will be used to encrypt sensitive data in the database. {% endhint %}
Enable Credential Encryption at Rest (Deprecated) 1. Generate a private key and create a Kubernetes secret: ``` openssl genrsa -f4 -out encryption-at-rest 4096 kubectl create secret generic encryption-at-rest-secret --from-file encryption-at-rest ``` 2. In `nected-values.yaml`, uncomment the `existingSecretMap` block to use the secret.
#### Install Nected Services 1. Install **Temporal**: ``` helm upgrade -i temporal nected/temporal -f values/temporal-values.yaml ``` 2. Install **Nected**: ``` helm upgrade -i nected nected/nected -f values/nected-values.yaml ``` #### Access the Application Visit the application via your configured `<>`. Log in using the default credentials defined in `nected-values.yaml`: ``` NECTED_USER_EMAIL: dev@nected.ai NECTED_USER_PASSWORD: devPass123 ``` ### **Post-installation configuration** Once you have completed the installation process, consider performing the tasks below to configure and manage your Nected instance, enhancing its security and performance, specifically if it's intended for production use.
Cover image
Additional ConfigurationsConfigure database, environment variables, monitoring, logging, and scaling recommendations.MI.pngadditional-configuration