# Installation Helm Chart

A comprehensive Helm chart to deploy [Appmixer](https://www.appmixer.com/) platform and all its dependencies on Kubernetes

***

### 📋 Prerequisites

* **Kubernetes** 1.29+
* **Helm** 3.19+
* **kubectl** configured to access your cluster
* **AWS ECR credentials** (provided by Appmixer)
* **Domain name** for exposing services

#### What Gets Deployed

This chart automatically deploys:

* **Appmixer Services**: engine-api, engine-worker, frontend, backoffice, quota
* **MongoDB** ReplicaSet (3 replicas + arbiter)
* **Redis Sentinel** (3 replicas)
* **RabbitMQ** cluster (3 replicas)
* **Elasticsearch** + **Kibana** (via ECK operator)
* **Logstash** for log processing

***

### 🚀 Installation Guide

#### Step 1: Setup ECR Authentication (Automated)

Appmixer images are hosted in AWS ECR. ECR tokens expire every 12 hours, so we use a CronJob to automatically refresh them.

**1.1. Create ECR Token Refresh CronJob**

Save the following as `ecr-token-refresh.yaml` and **replace placeholders** with credentials provided by Appmixer:

```yaml
apiVersion: v1
kind: Namespace
metadata:
  name: appmixer
---
apiVersion: v1
kind: Secret
metadata:
  name: ecr-credentials
  namespace: appmixer
type: Opaque
stringData:
  AWS_ACCESS_KEY_ID: "YOUR_ACCESS_KEY_ID"
  AWS_SECRET_ACCESS_KEY: "YOUR_SECRET_ACCESS_KEY"
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: ecr-token-refresher
  namespace: appmixer
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: ecr-token-refresher
  namespace: appmixer
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get", "create", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: ecr-token-refresher
  namespace: appmixer
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: ecr-token-refresher
subjects:
- kind: ServiceAccount
  name: ecr-token-refresher
  namespace: appmixer
---
apiVersion: batch/v1
kind: CronJob
metadata:
  name: ecr-token-refresh
  namespace: appmixer
spec:
  schedule: "0 */10 * * *"  # Every 10 hours
  successfulJobsHistoryLimit: 1
  failedJobsHistoryLimit: 1
  jobTemplate:
    spec:
      template:
        spec:
          serviceAccountName: ecr-token-refresher
          restartPolicy: OnFailure
          containers:
          - name: refresh-token
            image: amazon/aws-cli:latest
            envFrom:
            - secretRef:
                name: ecr-credentials
            command:
            - /bin/bash
            - -c
            - |
              set -e
              echo "Installing kubectl..."
              curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
              chmod +x kubectl
              mv kubectl /usr/local/bin/

              echo "Getting ECR login token..."
              TOKEN=$(aws ecr get-login-password --region eu-central-1)

              echo "Creating/updating docker-registry secret..."
              kubectl create secret docker-registry ecr-registry-secret \
                --docker-server=874193467787.dkr.ecr.eu-central-1.amazonaws.com \
                --docker-username=AWS \
                --docker-password="$TOKEN" \
                --namespace=appmixer \
                --dry-run=client -o yaml | kubectl apply -f -

              echo "ECR token refresh completed successfully"
```

**1.2. Deploy the CronJob**

```bash
# Apply the configuration
kubectl apply -f ecr-token-refresh.yaml

# Verify CronJob was created
kubectl get cronjob -n appmixer

# Manually trigger the first run to create the initial secret
kubectl create job --from=cronjob/ecr-token-refresh ecr-token-refresh-manual -n appmixer

# Wait ~30 seconds, then verify the secret was created
kubectl get secret ecr-registry-secret -n appmixer
```

> **Note**: The CronJob runs every 10 hours to ensure the token is always valid (tokens expire after 12 hours).

***

#### Step 2: Install Elasticsearch Operator (ECK)

Appmixer uses Elasticsearch (managed by ECK operator) for logging and monitoring.

> **Note**: Check for the latest ECK version at [Elastic Cloud on Kubernetes Downloads](https://www.elastic.co/downloads/elastic-cloud-kubernetes)

```bash
# Install ECK CRDs
kubectl create -f https://download.elastic.co/downloads/eck/3.3.0/crds.yaml

# Install ECK operator
kubectl apply -f https://download.elastic.co/downloads/eck/3.3.0/operator.yaml

# Verify the operator is running
kubectl get pods -n elastic-system
```

***

#### Step 3: Pull Appmixer Helm Chart

Log in to AWS ECR Helm registry using credentials provided by Appmixer:

```bash
# Login to ECR Helm registry
aws ecr get-login-password --region eu-central-1 | \
  helm registry login --username AWS --password-stdin \
  874193467787.dkr.ecr.eu-central-1.amazonaws.com
```

Pull the Helm chart:

```bash
# Pull latest version
helm pull oci://874193467787.dkr.ecr.eu-central-1.amazonaws.com/appmixer-helm

# OR pull specific version
helm pull oci://874193467787.dkr.ecr.eu-central-1.amazonaws.com/appmixer-helm \
  --version <CHART_VERSION>

# Extract the chart
tar -xzf appmixer-helm-*.tgz
cd appmixer-helm
```

***

#### Step 4: Configure values.yaml

Edit `values.yaml` to match your environment:

**Important settings to review:**

* `ingress.domain` - Your domain name
* `ingress.className` - `nginx`, `alb`, or your ingress controller
* `expose.method` - Choose: `ingress`, `aws-alb`, or `routes` (OpenShift)

***

#### Step 5: Install Appmixer

```bash
# Create namespace for Appmixer (if not using the one from Step 1)
export NAMESPACE=appmixer

# Install the chart
helm upgrade --install appmixer . \
  --namespace $NAMESPACE \
  --create-namespace \
  --timeout 15m

# Watch the deployment
kubectl get pods -n $NAMESPACE -w
```

***

### 🌐 Accessing Appmixer

After installation completes (typically 5-10 minutes), retrieve your access URLs:

#### For Kubernetes Ingress

```bash
kubectl get ingress -n $NAMESPACE
```

#### For OpenShift Routes

```bash
kubectl get routes -n $NAMESPACE
```

#### For AWS ALB

```bash
kubectl get ingress -n $NAMESPACE -o jsonpath='{.items[0].status.loadBalancer.ingress[0].hostname}'
```

#### Default Admin Credentials

If you left `userInit.password` empty, retrieve the auto-generated password:

```bash
kubectl get secret appmixer-secrets -n $NAMESPACE \
  -o jsonpath='{.data.ADMIN_PASSWORD}' | base64 -d
```

Login at: `https://my.your-domain.com` with the email from `userInit.email`

***

### 🔄 Upgrading Appmixer

#### Upgrade to New Version

1. Update `Chart.yaml`:

```yaml
appVersion: "6.3.3"  # Change to desired version
```

2. Apply the upgrade:

```bash
helm upgrade --install appmixer . -n $NAMESPACE
```

#### Update Configuration Only

```bash
# Edit values.yaml, then:
helm upgrade appmixer . -n $NAMESPACE
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.appmixer.com/appmixer-self-managed/installation-helm-chart.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.