Skip to main content

Self-Hosted Akuity Platform

Pulling the Helm Chart

Obtain a Registry Key

To pull the Helm chart and required images, you will need a key to access the Akuity Platform container registry. This key will be provided to you by Akuity.

Pull the Chart

export DOCKER_PASSWORD=<registry_key>
helm registry login us-docker.pkg.dev -u _json_key_base64 -p $DOCKER_PASSWORD
helm pull oci://us-docker.pkg.dev/akuity/akp-sh/charts/akuity-platform --untar

Parameters

License Key

NameDescriptionValue
licenseKey""

Image Parameters

NameDescriptionValue
image.repositoryImage repository of the Akuity Platformus-docker.pkg.dev/akuity/akp-sh/akuity-platform
image.tagOverrides the image tag (default is the chart version)""
image.secret.createCreates the 'akuity-pullsecrets' secrettrue
image.usernameUsername to the Akuity Platform container registry_json_key_base64
image.passwordPassword to the Akuity Platform container registry""
image.argocd.hostOverrides the Argo CD image hostquay.io/argoproj
image.argocd.repoOverrides the Argo CD image repositoryargocd

Portal Parameters

NameDescriptionValue
portal.urlPublic URL to portal (e.g. https://akuity.example.com)""
portal.imagePullPolicyPortal server image pull policyAlways
portal.autoscaling.enabledEnables horizontal pod autoscaling for the portal servertrue
portal.autoscaling.minReplicasSets the minimum number of replicas3
portal.autoscaling.maxReplicasSets the maximum number of replicas10
portal.autoscaling.targetCPUUtilizationPercentageSets the target CPU utilization percentage80
portal.autoscaling.targetMemoryUtilizationPercentageSets the target memory utilization percentage80
portal.resourcesResources limits and requests for the portal server containers{}
portal.envAdditional environment variables added to the portal server{}
portal.env.MIN_ORGANIZATION_NAME_LENGTHThe minimum length of an organization name that is allowed on the platform, minimum value is 2, defaults to 4 if undefinedundefined
portal.env.MIN_CLUSTER_NAME_LENGTHThe minimum length of a cluster name that is allowed on the platform, minimum value is 2, defaults to 3 if undefinedundefined
portal.env.MIN_INSTANCE_NAME_LENGTHThe minimum length of an Argo CD instance name that is allowed on the platform, minimum value is 2, defaults to 3 if undefinedundefined
portal.topologySpreadConstraintsSets topology spread constraints for the portal server deploymentundefined

Platform controller Parameters

NameDescriptionValue
platformController.imagePullPolicyPlatform controller image pull policyAlways
platformController.resourcesResources limits and requests for the platform controller containers{}
platformController.envAdds additional environment variables to the platform controller configmap{}
platformController.env.ARGOCD_APP_RESYNC_INTERVAL_SECONDSArgo CD Application resync interval in seconds (if 0 or undefined then Argo CD built-in default is used)undefined
platformController.env.AGENT_STATUS_UPDATE_INTERVAL_SECONDSAgent status update interval in seconds (if 0 or undefined then Agent built-in default is used)undefined
platformController.env.SHARED_K3S_DB_CONNECTION_AUTHSet to true for all tenants to use database.user and database.password credentials rather than a personal credentials for each tenant. This might be needed when connecting to the database through RDS Proxy which has a limit of 200 usersundefined

Secret Parameters

NameDescriptionValue
secret.createCreates the 'akuity-platform' Secrettrue
tls.secret.createCreates the 'akuity-platform-tls' Secret used as the Traefik default certificate. Set to false if creating the secret in another way (e.g. cert-manager)true
tls.crtTLS certificate. Can be valid for multiple domains (e.g. https://akuity.example.com, https://*.cd.akuity.example.com, https://*.cdsvcs.akuity.example.com)""
tls.keyTLS private key""
tls.additionalCertificatesList of additional TLS certificates to serve in the form of Kubernetes Secrets. This may be necessary if different certificates are used for different domains (e.g. https://akuity.example.com, https://*.cd.akuity.example.com, https://*.cdsvcs.akuity.example.com)[]

Database Parameters

NameDescriptionValue
database.hostDatabase hostname""
database.portDatabase port5432
database.userDatabase username""
database.passwordDatabase password""
database.dbnameDatabase namepostgres
database.dataKey256-bit base64 encoded encryption key used for envelope encryption of sensitive data columns. A random key can be generated with the following command: openssl rand -base64 32. NOTE: loss of this key will result in permanent and irrevocable data loss!""
database.readOnlyHostDatabase read-only hostname. Used for connection load balancing of read requests to read-only database replicas. If omitted, will default to the write hostname.""
database.sslmodeDatabase SSL moderequire

SSO Parameters

Single Sign-On configuration. Either OIDC or auth0 must be configured.

NameDescriptionValue
sso.oidc.enabledEnable OIDC authenticationtrue
sso.oidc.issuerOIDC issuer URL. This value is ignored if dex is enabled and served as a subpath""
sso.oidc.clientIDOIDC client ID. If dex is enabled, value will be used as Dex's client ID""
sso.oidc.clientSecretOIDC client secret. If dex is enabled, value will be used as Dex's client secret""
sso.oidc.scopesOIDC scopes to request (if empty, will use default of: openid,profile,email)""
sso.oidc.logoutURLOIDC logout url""
sso.oidc.insecureSkipTLSVerifySkip TLS verification of the OIDC provider. This will be needed if dex is served as a subpath, and TLS is not yet configured.false
sso.auth0.enabledEnable Auth0 configurationfalse
sso.auth0.domainAuth0 domain (e.g. example.us.auth0.com)""
sso.auth0.audienceAuth0 Audience of the token""
sso.auth0.clientIDAuth0 client id for portal servicenil
sso.auth0.cliClientIDAuth0 client id for CLInil
sso.dex.enabledInstall dexfalse
sso.dex.secret.createCreates the 'dex' Secret whose data values will be mounted as environment variables to the Dex Deploymenttrue
sso.dex.secret.dataSecret data keys and plain-text values to set in the 'dex' Secret. These will be environment variables to dex so they can be referenced in the dex/config.yaml{}
sso.dex.resourcesResources limits and requests for the Dex containers{}
sso.dex.issuerSubPathServe dex as a subpath of the portal URL (e.g. https://akuity.example.com/dex)true
sso.dex.ingress.enabledEnable ingress to dexfalse
sso.dex.ingress.hostHost value to dex ingress""
sso.dex.configAdditional dex/config.yaml configuration. See https://dexidp.io/docs/ for dex documentation. Configuration can reference environment variables in the 'dex' Secret (e.g. $MICROSOFT_CLIENT_SECRET){}

Traefik Parameters

Traefik is a required component of the Akuity Platform.

The Akuity Platform expects a traefik-external ingress class to be present and is installed with Traefik in this section.

NameDescriptionValue
traefik.enabledInstall Traefiktrue
traefik.websecureRedirectRedirect 80 to 443. Only set this to false for testing purposestrue
traefik.autoscaling.enabledEnables horizontal pod autoscaling for Traefiktrue
traefik.autoscaling.minReplicasSets the minimum number of replicas3
traefik.autoscaling.maxReplicasSets the maximum number of replicas20
traefik.autoscaling.targetCPUUtilizationPercentageSets the target CPU utilization percentage80
traefik.autoscaling.targetMemoryUtilizationPercentageSets the target memory utilization percentage80
traefik.replicasIf autoscaling is not enabled, the number of replicas for the Traefik deployment1
traefik.resourcesResources limits and requests for the Traefik containers{}
traefik.topologySpreadConstraintsSets topology spread constraints for the Traefik deploymentundefined

Other Parameters

NameDescriptionValue
agent.insecureSkipTLSVerifySkip TLS verification from agents to Akuity Platformfalse
aws.enabledAdd AWS specific annotations to resourcestrue
instanceValuesArgo CD instance parametersnil
instanceValues.k3sk3s parametersundefined
instanceValues.k3s_proxyk3s proxy parametersundefined
instanceValues.pgpoolpgpool parametersundefined
smtp.hostSMTP host""
smtp.portSMTP port587
smtp.userSMTP username""
smtp.passwordSMTP password""