Install and Configuration - Overview

Prerequisites

• An available Postgresql server with the ICC service databases. See Database Setup
• The application and ICC valkey instances. See Valkey
• Prometheus server with the PodMonitor and ServiceMonitor CRDs. See Prometheus
• Personal Access Token (PAT) provided by Platformatic.

1. Authenticate with cloud provider

Make sure you have CLUSTER_NAME, REGION, and PROFILE environment variables set.

aws eks update-kubeconfig \
  --name ${CLUSTER_NAME} \
  --region ${REGION} \
  --profile ${PROFILE}

2. Optional: Get default values

If you want to make broader changes to the configuration, download the default values. Otherwise, skip to step 3 for the minimal changes that are required.

This requires logging in with Helm prior to downloading the values. Use the Github PAT for this access.

helm registry login ghcr.io
helm show values oci://ghcr.io/platformatic/helm --version "^3.3.0" > values.yaml

3. Configure

Make any adjustments as necessary. At minimum, the following needs to be configured.

Caution

Check the image tag with the latest. See Latest Releases

Note

The public URL of your application is managed by you and can follow the organization’s standards for DNS hosting, Ingress provisioning, and/or API Gateway setup. The URL used for accessing ICC then needs to be passed to ICC for authentication to work correctly.

cloud: "aws" # or gcp

imagePullSecret:
  name: "image-pull-secret"
  registry: ghcr.io
  # User needs access to Platformatic packages
  # Can also be set from the command line to reduce chance of
  # leaking secrets (see step 4)
  user: ""
  token: ""

services:
  icc:
    image:
      tag: "v2.1.0"
    secrets:
      # Perform database setup first
      PLT_ACTIVITIES_DATABASE_URL: ""
      PLT_CLUSTER_MANAGER_DATABASE_URL: ""
      PLT_COLD_STORAGE_DATABASE_URL: ""
      PLT_COMPLIANCE_DATABASE_URL: ""
      PLT_CONTROL_PLANE_DATABASE_URL: ""
      PLT_CRON_DATABASE_URL: ""
      PLT_SCALER_DATABASE_URL: ""
      PLT_TRAFFICANTE_DATABASE_URL: ""
      PLT_USER_MANAGER_DATABASE_URL: ""

      # Valkey connection string, can contain credentials
      PLT_APPLICATIONS_VALKEY_CONNECTION_STRING: ""
      PLT_ICC_VALKEY_CONNECTION_STRING: ""

      # Enable OAuth access
      PLT_GITHUB_OAUTH_CLIENT_ID: ""
      PLT_GITHUB_OAUTH_CLIENT_SECRET: ""
      PLT_GOOGLE_OAUTH_CLIENT_ID: ""
      PLT_GOOGLE_OAUTH_CLIENT_SECRET: ""

    env:
      # Request Prometheus URL from customer
      PLT_METRICS_PROMETHEUS_URL: ""

      # The public URL of the application, URL for each variable is the same
      # Example using a subdomain
      # VITE_API_BASE_URL: "https://icc.mywebsite.com"
      # VITE_SERVER_URL: "https://icc.mywebsite.com"
      # PLT_MAIN_URL: "https://icc.mywebsite.com"
      #
      # Example using a path
      # VITE_API_BASE_URL: "https://mywebsite.com/icc"
      # VITE_SERVER_URL: "https://mywebsite.com/icc"
      # PLT_MAIN_URL: "https://mywebsite.com/icc"
      VITE_API_BASE_URL: ""
      VITE_SERVER_URL: ""
      PLT_MAIN_URL: ""

      # Enable OAuth access
      VITE_SUPPORTED_LOGINS: "github"

  machinist:
    image:
      tag: "v2.0.0"

Caution

See Login Configuration for more details on the available options in VITE_SUPPORTED_LOGINS.

Caching options

ICC currently supports the OSS, self-hosted version of Valkey or AWS Elasticache. The default installation assumes OSS Valkey. For help installing Valkey, please take a look at our Valkey documentation.

To use Elasticache, please follow our guide which goes into greater detail:

Elasticache

3.1 Login Configuration

Please refer to Login Providers section to configure the login system. Otherwise only the demo login will be available.

4. Install

Install with the updated values.

Optionally, set GH_USER and GH_TOKEN environment variables and uncomment the related lines in the command below.

Caution

You might need to install the CRD required by Prometheus first

helm install platformatic \
  oci://ghcr.io/platformatic/helm \
  --version "^3.3.0" \
  --create-namespace \
  --namespace platformatic \
  --values values.yaml \
  #--set imagePullSecret.user=${GH_USER} \
  #--set imagePullSecret.token=${GH_TOKEN} \
  --set services.icc.secrets.PLT_USER_MANAGER_SESSION_SECRET_KEY="$(openssl rand -base64 32)" \
  --set services.icc.secrets.PLT_ICC_SESSION_SECRET="$(openssl rand -hex 32)" \
  --set services.icc.secrets.PLT_CONTROL_PLANE_SECRET_KEYS="$(openssl rand -hex 32)"

When using Elasticache with a seperate configuration file, add the following flag to the install command.

--values elasticache.yaml

5. Update

We need to be careful with secrets here as overriding them can cause reauthentication of users in ICC.

helm upgrade platformatic \
  oci://ghcr.io/platformatic/helm \
  --version "^3.3.0" \
  --namespace platformatic \
  #--set imagePullSecret.user=${GH_USER} \
  #--set imagePullSecret.token=${GH_TOKEN} \
  --values values.yaml

When using Elasticache with a seperate configuration file, add the following flag to the install command.

--values elasticache.yaml

6. Confirm working

Watch the Platformatic pods spin up

> kubectl --namespace platformatic get pods -w
NAME                         READY   STATUS    RESTARTS   AGE
icc-5564d7d4f9-fqs4s         0/1     Running   0          3s
machinist-7b64c56997-gmfxj   0/1     Running   0          3s
machinist-7b64c56997-gmfxj   1/1     Running   0          10s
icc-5564d7d4f9-fqs4s         1/1     Running   0          40s

Prometheus

Valkey

Database Setup