# Installing Connectware (Kubernetes)
This guide walks you through installing Connectware on a Kubernetes cluster using Helm charts. The installation process includes configuring your Helm repository, customizing deployment settings in a `values.yaml` file, and verifying the installation.
## Prerequisites
Before installing Connectware, make sure to meet the following requirements:
* Connectware [license key](https://docs.cybus.io/documentation/installation-and-upgrades/licensing) is available.
* [Helm version 3](https://helm.sh/docs/intro/quickstart/#install-helm) is installed on your system.
* [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) is installed on your system.
* A Kubernetes cluster that meets the [cluster requirements](https://docs.cybus.io/getting-started/system-requirements#kubernetes-cluster-requirements).
* A chosen Kubernetes namespace for the installation (e.g., `cybus`).
* A chosen installation name (e.g., `connectware`).
{% hint style="info" %}
Throughout this guide, command examples use variables like `${NAMESPACE}`, `${INSTALLATION_NAME}`, and `${REPO_NAME}`. Replace these with your actual values. For example, replace `${NAMESPACE}` with `cybus` if that is your chosen namespace.
{% endhint %}
## Overview of the Installation Process
To install Connectware on Kubernetes, you must complete the following steps:
1. [Add the Helm chart repository](#adding-the-helm-chart-repository).
2. [Create a `values.yaml` file](#configuring-the-values.yaml-file).
3. [Install Connectware](#installing-connectware).
4. [Verify the installation](#verifying-the-connectware-installation).
5. [Log into Connectware for the first time](#logging-into-connectware-for-the-first-time).
## Adding the Helm Chart Repository
* To use the Connectware Helm chart repository, add it to your system. This guide uses `cybus` as the repository name.
**Example**
{% code lineNumbers="true" %}
```bash
helm repo add ${REPO_NAME} https://repository.cybus.io/repository/connectware-helm
```
{% endcode %}
## Configuring the values.yaml File
The `values.yaml` file configures your Connectware deployment through Helm. Use it to customize deployment parameters, manage resources, and configure version settings.
This guide focuses on basic Kubernetes configuration and commonly used parameters.
{% hint style="info" %}
We recommend that you store the `values.yaml` file in a version control system.
{% endhint %}
### Creating a Copy of the Default values.yaml File
A Helm chart includes default configuration values. We recommend creating a copy of the default `values.yaml` file named `default-values.yaml` for reference, and a new empty `values.yaml` file for your customizations.
* Extract the default values and store them in `default-values.yaml` via the following command:
**Example**
{% code lineNumbers="true" %}
```bash
helm show values cybus/connectware > default-values.yaml
```
{% endcode %}
### Creating a values.yaml File
After creating the `default-values.yaml` file, create an empty `values.yaml` file for your custom configuration.
* Create and open the file with your preferred editor via the following command. This example uses **vi**. Substitute with your preferred editor:
**Example**
{% code lineNumbers="true" %}
```yaml
vi values.yaml
```
{% endcode %}
### Specifying the License Key
A valid license key is required to install Connectware.
* In the `values.yaml` file, add your license key to the Helm value `global.licensekey`:
**Example**
{% code lineNumbers="true" %}
```yaml
global:
licensekey: cY9HiVZJs8aJHG1NVOiAcrqC_ # example value
```
{% endcode %}
### Specifying the Broker Cluster Secret
You must specify a secret for your broker cluster. This secret secures your broker cluster.
{% hint style="warning" %}
Treat the broker cluster secret with the same care as a password and store it securely.
{% endhint %}
* In the `values.yaml` file, specify the broker cluster secret in the Helm value `global.broker.clusterSecret`:
**Example**
{% code lineNumbers="true" %}
```yaml
global:
licensekey: cY9HiVZJs8aJHG1NVOiAcrqC_ # example value
broker:
clusterSecret: Uhoo:RahShie6goh # example value
```
{% endcode %}
### Allowing Immutable Labels
For new Connectware installations, we recommend that you set best-practice labels on immutable workload objects like StatefulSet volumes.
* In the `values.yaml` file, set `global.setImmutableLabels` to `true`:
**Example**
{% code lineNumbers="true" %}
```yaml
global:
licensekey: cY9HiVZJs8aJHG1NVOiAcrqC_ # example value
broker:
clusterSecret: Uhoo:RahShie6goh # example value
setImmutableLabels: true
```
{% endcode %}
### Configuring DNS Names in Helm Values
{% hint style="info" %}
If you are replacing the external Connectware CA certificate chain and manage `cybus_server.crt` manually, ensure that any DNS name with which you address Connectware or individual components is included. You can skip adding them to `global.ingressDNSNames`.
{% endhint %}
To enable external agents to connect to the Connectware Control Plane, you must configure the `global.ingressDNSNames` through Helm values. This setting defines the hostnames that will be included in the Connectware server certificate's (`cybus_server.crt`) Subject Alternative Names (SAN) section.
* Set the `global.ingressDNSNames` list in your Helm values to include all hostnames used for Connectware access.
**Example**
If the hostname on which Connectware is running is named `company.io`, set the Helm value to:
{% code lineNumbers="true" %}
```yaml
global:
ingressDNSNames:
- company.io
```
{% endcode %}
#### Hostname Formats
You can include multiple hostnames in the list. The certificate will include all specified names in its SAN section.
The configuration accepts various hostname formats:
* Wildcards (e.g., `*.company.io`)
* Subdomains (e.g., `connectware.company.io`)
* Custom hostnames (e.g., `localhost`)
**Example**
{% code lineNumbers="true" %}
```yaml
global:
ingressDNSNames:
- company.io
- localhost
- *.company.io
- connectware.company.io
- 192.168.100.42
```
{% endcode %}
### Specifying the NATS Streaming Server Cluster Replica Count (Optional)
By default, Connectware uses three nodes for the control connection NATS streaming server cluster that is used for inter-service communication.
You may configure an odd number of nodes to suit your environment:
* **Increase the replica count** (e.g., 5) to improve redundancy. With 5 nodes, the redundancy factor increases from N+1 to N+2.
* **Reduce the replica count** (e.g., 1) for lightweight test environments. Note that a single-node setup provides no redundancy.
* Typical production configurations are 3 (default) or 5 nodes.
{% hint style="warning" %}
The replicas value is essential for the cluster configuration of the stream server and is shared across many Connectware components.
This setting can only be defined during the initial installation of Connectware and cannot be modified afterward. Do not attempt to scale the `nats` StatefulSet.
{% endhint %}
* In the `values.yaml` file, specify the number of NATS nodes in the Helm value `global.nats.replicas`.
**Example**
{% code lineNumbers="true" %}
```yaml
global:
licensekey: cY9HiVZJs8aJHG1NVOiAcrqC_ # example value
nats:
replicas: 5
broker:
clusterSecret: Uhoo:RahShie6goh # example value
setImmutableLabels: true
```
{% endcode %}
### Specifying the Broker Cluster Replica Count (Optional)
By default, Connectware uses three nodes for the broker cluster that moves data. You can specify a custom number of broker nodes. For example, increase the broker nodes to handle higher data loads or decrease the broker nodes for a testing environment.
* In the `values.yaml` file, specify the number of broker nodes in the Helm value `global.broker.replicaCount`.
**Example**
{% code lineNumbers="true" %}
```yaml
global:
licensekey: cY9HiVZJs8aJHG1NVOiAcrqC_ # example value
broker:
clusterSecret: Uhoo:RahShie6goh # example value
replicaCount: 5
setImmutableLabels: true
```
{% endcode %}
### Specifying Which StorageClass Connectware Should Use (Optional)
A broker cluster can contain several Kubernetes StorageClasses. You can specify which StorageClass Connectware should use.
* In the `values.yaml` file, specify the StorageClass in the Helm value `global.storage.storageClassName`.
**Example**
{% code lineNumbers="true" %}
```yaml
global:
licensekey: cY9HiVZJs8aJHG1NVOiAcrqC_ # example value
broker:
clusterSecret: Uhoo:RahShie6goh # example value
setImmutableLabels: true
storage:
storageClassName: gp2 # example value
```
{% endcode %}
There are several configuration parameters to control the StorageClass of each volume that Connectware uses.
### Specifying CPU and Memory Resources (Optional)
By default, Connectware is configured for high-performance systems and according to the guaranteed Quality of Service (QoS) class. However, you can use the Kubernetes resource management values requests and limits to specify the CPU and memory resources that Connectware is allowed to use.
{% hint style="warning" %}
Adjusting CPU and memory resources can impact the performance and availability of Connectware. When you customize the settings for CPU and memory resources, make sure that you monitor the performance and make adjustments if necessary.
{% endhint %}
* In the `values.yaml` file, specify the CPU and memory limits and requests in the Helm value global.podResources. Specify the limits and requests as Kubernetes quantities.
* You can use the default values shipped with Connectware as a starting point. You can find these in your `default-values.yaml` file you created earlier.
**Example**
{% code lineNumbers="true" %}
```yaml
global:
licensekey: cY9HiVZJs8aJHG1NVOiAcrqC_ # example value
broker:
clusterSecret: Uhoo:RahShie6goh # example value
setImmutableLabels: true
podResources:
distributedProtocolMapper:
limits:
cpu: 2000m
memory: 3000Mi
requests:
cpu: 1500m
memory: 1500Mi
```
{% endcode %}
**See also**
* [Quality of service for pods (Kubernetes documentation)](https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed)
* [Kubernetes resource management (Kubernetes documentation)](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
* [Quantities (Kubernetes documentation)](https://kubernetes.io/docs/reference/glossary/?all=true#term-quantity)
## Installing Connectware
Once you've configured your `values.yaml` file, deploy Connectware to your Kubernetes cluster.
* Run the following command, specifying your installation name and target namespace:
**Example**
{% code lineNumbers="true" %}
```bash
helm install ${INSTALLATION_NAME} cybus/connectware -f ./values.yaml -n ${NAMESPACE} --create-namespace
```
{% endcode %}
**Result:** Connectware deploys to your cluster according to your kubectl configuration.
## Verifying the Connectware Installation
Monitor the Connectware installation progress to ensure everything runs smoothly and identify any potential issues.
### Monitoring the Installation Progress
The installation typically takes a few minutes. Choose one of these monitoring options:
* To monitor the current status of the installation process, enter the following command:
{% code lineNumbers="true" %}
```bash
kubectl get pods -n ${NAMESPACE}
```
{% endcode %}
* To monitor the continuous progress of the installation process, enter the following command. This command refreshes every 5 seconds to reflect the current status:
{% code lineNumbers="true" %}
```bash
while [ True ]; do clear; kubectl get pod -n ${NAMESPACE}; sleep 5; done
```
{% endcode %}
* To stop monitoring the continuous progress of the installation process , press Ctrl+C.
### Pod Stages During Installation
During the Connectware installation, pods progress through these stages:
* Pending
* PodInitializing
* ContainerCreating
* Init:x/x
* Running
When pods reach `Running` status, they complete their startup process before reporting as ready. All pods must reach `Running` status with all containers ready. This is shown when the READY column displays matching numbers (e.g., `1/1`).
**Example**
{% code lineNumbers="true" %}
```bash
kubectl get pod -n ${NAMESPACE}
```
{% endcode %}
| NAME | READY | STATUS | RESTARTS | AGE |
| -------------------------------------- | ----- | ------- | -------- | ----- |
| admin-web-app-7cd8ccfbc5-bvnzx | 1/1 | Running | 0 | 3h44m |
| auth-server-5b8c899958-f9nl4 | 1/1 | Running | 0 | 3m3s |
| broker-0 | 1/1 | Running | 0 | 3h44m |
| broker-1 | 1/1 | Running | 0 | 2m1s |
| connectware-7784b5f4c5-g8krn | 1/1 | Running | 0 | 21s |
| container-manager-558d9c4cbf-m82bz | 1/1 | Running | 0 | 3h44m |
| ingress-controller-6bcf66495c-l5dpk | 1/1 | Running | 0 | 18s |
| postgresql-0 | 1/1 | Running | 0 | 3h44m |
| protocol-mapper-67cfc6c848-qqtx9 | 1/1 | Running | 0 | 3h44m |
| service-manager-f68ccb767-cftps | 1/1 | Running | 0 | 3h44m |
| system-control-server-58f47c69bf-plzt5 | 1/1 | Running | 0 | 3h44m |
| workbench-5c69654659-qwhgc | 1/1 | Running | 0 | 15s |
**Result:** When all pods show `Running` status with matching READY values, Connectware is installed and started. You can now access the [Admin UI](https://docs.cybus.io/getting-started/admin-ui) for additional configuration or verification.
### Troubleshooting Pod Stages
If a pod is in another state than expected or if it is stuck at a certain stage for more than three minutes, there might be an issue.
* To investigate the pod status, enter the following command:
{% code lineNumbers="true" %}
```bash
kubectl describe pod ${PODNAME} -n ${NAMESPACE}
```
{% endcode %}
For help on solving issues, see [Troubleshooting Connectware on Kubernetes](https://docs.cybus.io/documentation/connectware-on-kubernetes/troubleshooting-connectware-on-kubernetes).
## Logging Into Connectware for the First Time
Access the [Admin UI](https://docs.cybus.io/getting-started/admin-ui) through the Kubernetes LoadBalancer Service. In your new Connectware installation, the LoadBalancer is named `connectware`. How to access the LoadBalancer depends on which LoadBalancer provider your cluster offers.
1. Check if your load balancer provider has connected to your Connectware service via the following command:
{% code lineNumbers="true" %}
```bash
kubectl -n ${NAMESPACE} get svc/connectware
```
{% endcode %}
2. Depending on the result, do one of the following:
1. If your IP address or hostname is displayed in the `EXTERNAL-IP` column, you can access the Admin UI through it.
2. If no load balancer provider is available in your cluster, you can add an external load balancer.
3. To verify that the installation was successful, enter the following command to forward the service to your local machine through kubectl:
{% code lineNumbers="true" %}
```bash
kubectl -n ${NAMESPACE} port-forward svc/connectware 10443:443
```
{% endcode %}
4. Access the Admin UI at `https://localhost:10443`. Connectware uses its own PKI infrastructure by default.
5. Accept the certificate warning in your browser.
6. Log in with the default credentials:
* Username: `admin`
* Password: `admin`
{% hint style="danger" %}
Immediately change the default username and password after your first login.
{% endhint %}
7. To change the username and password, see [Changing Usernames](https://docs.cybus.io/user-management/users#changing-usernames) and [Changing User Passwords](https://docs.cybus.io/user-management/users#changing-user-passwords).
8. Navigate to **System** > **Status** and verify all components show **Running** status.
**Result:** Your Connectware installation is ready to use.
For more information about LoadBalancer services, see [LoadBalancer (Kubernetes documentation)](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer).