Installation Helm Chart

A comprehensive Helm chart to deploy Appmixer platform and all its dependencies on Kubernetes

📋 Prerequisites

Kubernetes 1.29+
Helm 3.19+
kubectl configured to access your cluster
AWS ECR credentials (provided by Appmixer)
Domain name for exposing services

What Gets Deployed

This chart automatically deploys:

Appmixer Services: engine-api, engine-worker, frontend, backoffice, quota
MongoDB ReplicaSet (3 replicas + arbiter)
Redis Sentinel (3 replicas)
RabbitMQ cluster (3 replicas)
Elasticsearch + Kibana (via ECK operator)
Logstash for log processing

🚀 Installation Guide

Step 1: Setup ECR Authentication (Automated)

Appmixer images are hosted in AWS ECR. ECR tokens expire every 12 hours, so we use a CronJob to automatically refresh them.

1.1. Create ECR Token Refresh CronJob

Save the following as ecr-token-refresh.yaml and replace placeholders with credentials provided by Appmixer:

apiVersion: v1
kind: Namespace
metadata:
  name: appmixer
---
apiVersion: v1
kind: Secret
metadata:
  name: ecr-credentials
  namespace: appmixer
type: Opaque
stringData:
  AWS_ACCESS_KEY_ID: "YOUR_ACCESS_KEY_ID"
  AWS_SECRET_ACCESS_KEY: "YOUR_SECRET_ACCESS_KEY"
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: ecr-token-refresher
  namespace: appmixer
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: ecr-token-refresher
  namespace: appmixer
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get", "create", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: ecr-token-refresher
  namespace: appmixer
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: ecr-token-refresher
subjects:
- kind: ServiceAccount
  name: ecr-token-refresher
  namespace: appmixer
---
apiVersion: batch/v1
kind: CronJob
metadata:
  name: ecr-token-refresh
  namespace: appmixer
spec:
  schedule: "0 */10 * * *"  # Every 10 hours
  successfulJobsHistoryLimit: 1
  failedJobsHistoryLimit: 1
  jobTemplate:
    spec:
      template:
        spec:
          serviceAccountName: ecr-token-refresher
          restartPolicy: OnFailure
          containers:
          - name: refresh-token
            image: amazon/aws-cli:latest
            envFrom:
            - secretRef:
                name: ecr-credentials
            command:
            - /bin/bash
            - -c
            - |
              set -e
              echo "Installing kubectl..."
              curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
              chmod +x kubectl
              mv kubectl /usr/local/bin/

              echo "Getting ECR login token..."
              TOKEN=$(aws ecr get-login-password --region eu-central-1)

              echo "Creating/updating docker-registry secret..."
              kubectl create secret docker-registry ecr-registry-secret \
                --docker-server=874193467787.dkr.ecr.eu-central-1.amazonaws.com \
                --docker-username=AWS \
                --docker-password="$TOKEN" \
                --namespace=appmixer \
                --dry-run=client -o yaml | kubectl apply -f -

              echo "ECR token refresh completed successfully"

1.2. Deploy the CronJob

# Apply the configuration
kubectl apply -f ecr-token-refresh.yaml

# Verify CronJob was created
kubectl get cronjob -n appmixer

# Manually trigger the first run to create the initial secret
kubectl create job --from=cronjob/ecr-token-refresh ecr-token-refresh-manual -n appmixer

# Wait ~30 seconds, then verify the secret was created
kubectl get secret ecr-registry-secret -n appmixer

Note: The CronJob runs every 10 hours to ensure the token is always valid (tokens expire after 12 hours).

Step 2: Install Elasticsearch Operator (ECK)

Appmixer uses Elasticsearch (managed by ECK operator) for logging and monitoring.

Note: Check for the latest ECK version at Elastic Cloud on Kubernetes Downloads

# Install ECK CRDs
kubectl create -f https://download.elastic.co/downloads/eck/3.3.0/crds.yaml

# Install ECK operator
kubectl apply -f https://download.elastic.co/downloads/eck/3.3.0/operator.yaml

# Verify the operator is running
kubectl get pods -n elastic-system

Step 3: Pull Appmixer Helm Chart

# Login to ECR Helm registry
aws ecr get-login-password --region eu-central-1 | \
  helm registry login --username AWS --password-stdin \
  874193467787.dkr.ecr.eu-central-1.amazonaws.com

Pull the Helm chart:

# Pull latest version
helm pull oci://874193467787.dkr.ecr.eu-central-1.amazonaws.com/appmixer-helm

# OR pull specific version
helm pull oci://874193467787.dkr.ecr.eu-central-1.amazonaws.com/appmixer-helm \
  --version <CHART_VERSION>

# Extract the chart
tar -xzf appmixer-helm-*.tgz
cd appmixer-helm

Step 4: Configure values.yaml

Edit values.yaml to match your environment:

Important settings to review:

ingress.domain - Your domain name
ingress.className - nginx, alb, or your ingress controller
expose.method - Choose: ingress, aws-alb, or routes (OpenShift)

Step 5: Install Appmixer

# Create namespace for Appmixer (if not using the one from Step 1)
export NAMESPACE=appmixer

# Install the chart
helm upgrade --install appmixer . \
  --namespace $NAMESPACE \
  --create-namespace \
  --timeout 15m

# Watch the deployment
kubectl get pods -n $NAMESPACE -w

🌐 Accessing Appmixer

After installation completes (typically 5-10 minutes), retrieve your access URLs:

For Kubernetes Ingress

kubectl get ingress -n $NAMESPACE

For OpenShift Routes

kubectl get routes -n $NAMESPACE

For AWS ALB

kubectl get ingress -n $NAMESPACE -o jsonpath='{.items[0].status.loadBalancer.ingress[0].hostname}'

Default Admin Credentials

If you left userInit.password empty, retrieve the auto-generated password:

kubectl get secret appmixer-secrets -n $NAMESPACE \
  -o jsonpath='{.data.ADMIN_PASSWORD}' | base64 -d

🔄 Upgrading Appmixer

Upgrade to New Version

Update Chart.yaml:

appVersion: "6.3.3"  # Change to desired version

Apply the upgrade:

helm upgrade --install appmixer . -n $NAMESPACE

Update Configuration Only

# Edit values.yaml, then:
helm upgrade appmixer . -n $NAMESPACE

PreviousInstallation Docker Compose NextInstallation AWS ECS

Last updated 5 days ago

Was this helpful?

hashtag📋 Prerequisites

hashtagWhat Gets Deployed

hashtag🚀 Installation Guide

hashtagStep 1: Setup ECR Authentication (Automated)

hashtagStep 2: Install Elasticsearch Operator (ECK)

hashtagStep 3: Pull Appmixer Helm Chart

hashtagStep 4: Configure values.yaml

hashtagStep 5: Install Appmixer

hashtag🌐 Accessing Appmixer

hashtagFor Kubernetes Ingress

hashtagFor OpenShift Routes

hashtagFor AWS ALB

hashtagDefault Admin Credentials

hashtag🔄 Upgrading Appmixer

hashtagUpgrade to New Version

hashtagUpdate Configuration Only