Installation to Kubernetes cluster

This page provides instructions on installing the Kaa platform to an existing Kubernetes cluster.


Install Docker to your local machine (please, use 17.09 version). This is required to be able to run the Kaa installer locally.

Kaa installation profile

Run kaa-installer docker image:

docker run --rm \
-it \
--entrypoint bash \
-u app \
--name kaa-installer \
-v ${HOME}/.ssh:/home/app/.ssh:ro \
-v ${PWD}:/usr/src/kaa/installer \
-v ${HOME}/.aws:/home/app/.aws:ro \
-v ${HOME}/.kube:/home/app/.kube \
-v ${HOME}/.minikube:${HOME}/.minikube \
-v ${HOME}/.azure:/home/app/.azure \

Output example:

(venv) (k8s: kaa)[OS:none][AWS:default]:/usr/src/kaa/installer

Mounted volumes description:

  • ${PWD}/kaa_installer/output:/usr/src/kaa/installer/output is used for saving terraform state in the local filesystem (installation state, terraform state, terraform vars).
  • ${HOME}/.kube:/home/app/.kube is used for getting the kubeconfig file.

The following steps will be done inside the docker container console.

Verify that the installer container has access to Kubernetes cluster:

kubectl cluster-info

Output example:

Kubernetes master is running at
CoreDNS is running at
kubernetes-dashboard is running at

Create profile values YAML file for the Kaa installer with any name and replace values with your ones:


kaa_license: "${KAAIOT_LICENSE}"
kaa_license_password: "${KAAIOT_LICENSE_PASSWORD}"
monitoring_enabled: true
opendistro_enabled: true
logstash_enabled: true
filebeat_enabled: true


  • KAAIOT_LICENSE - KaaIoT license file content (base64 encoded)
  • KAAIOT_LICENSE_PASSWORD - KaaIoT license file password
  • if you want to install Prometheus and Grafana: monitoring_enabled: true
  • if you want to install ELK stack: opendistro_enabled: true, logstash_enabled: true, filebeat_enabled: true

Kaa installation

Now everything is ready to install the Kaa platform.

envmanager manager --env aws --profile aws.yml --vars-file values.yaml apply

Terraform installation state will be saved to output/aws/.


Open the https://env.<kube_ingress_domain> in your browser.

The default credentials:

tenant_id: 'kaa'  
login: ''  
password: 'admin'

If the web page loads, you have completed the installation of the Kaa platform on an existing Kubernetes cluster.

The KeyCloak web interface will be available at https://auth.<kube_ingress_domain>. The default user and password are admin/admin.

Platform components’ REST API will be served under https://env.<kube_ingress_domain>. For example: https://env.<kube_ingress_domain>/epr/api/v1/endpoints.

Logging and monitoring will be available at https://kibana.<kube_ingress_domain> and https://grafana.<kube_ingress_domain>.

Next steps