All Kaa services, including TSA, are distributed as Helm charts. You can run these charts using Kubernetes.


These steps should be done once for your entire Kaa cluster in Kubernetes.

  1. Install Kubernetes.

  2. Install Helm client.

  3. Create a Kaa license secret (remember to put in your Kaa license key file contents and password):

    export HISTCONTROL=ignorespace # Prevent saving your key password in the shell history; note the leading space in the next line
     cat << EOF > /tmp/kaa-licence.yaml
    apiVersion: v1
      file: < your licence key file contents, base64-encoded >
      password: < your licence key password >
    kind: Secret
      name: license
      type: Opaque
    kubectl create -f /tmp/kaa-licence.yaml
  1. Specify the image pull secret for the official KaaIoT docker registry. To define this secret, use your KaaID credentials:
export HISTCONTROL=ignorespace  # Prevent saving your credentials in the shell history; note the leading space in the next line
 export KAAID_EMAIL=<your KaaID email, eg.> KAAID_PASSWORD=<your KaaID password>
kubectl create secret docker-registry kaaid --docker-username=$KAAID_EMAIL --docker-email=$KAAID_EMAIL --docker-password=$KAAID_PASSWORD
  1. Add the KaaIoT Helm repository:
helm repo add kaa-museum


Once you have completed the preparation steps, everything is ready for deploying TSA on your Kubernetes cluster. To deploy the service, run the following command (observe the reference to the previously created license secret):

helm install --set global.license.secretName=license kaa-museum/tsa --name kaa-tsa

Check that pods are running:

kubectl get pods

Once the service initialization is complete, you should observe the output similar to the below:

NAME                                          READY   STATUS             RESTARTS   AGE
kaa-tsa                       1/1     Running            0          2m

Local installation

Build main binary file:

go build -installsuffix 'static' -ldflags "-w -X main.version=1.0.0-SNAPSHOT" -o tsa .

Build docker image in you local registry:

docker build  -f Dockerfile --build-arg app_name=tsa -t tsa:1.0.0-SNAPSHOT .

Push image to any remote hub (fore example docker hub):

docker push tsa:1.0.0-SNAPSHOT

Change deployment container image to your remote image link (../../charts/tsa/templates/deploymats.yaml):

          image: "<image remote path>"

Install helm chart from ./charts/tsa directory:

helm install --set global.license.secretName=license kaa-tsa .

if you want use custom values and configs:

helm install --set global.license.secretName=license kaa-museum/tsa --set-string config="$(cat <path to you local config file>)" kaa-tsa . -f <path to you local values file>

Check that pods are running:

kubectl get pods

Environment variables

The table below summarizes the variables supported by the TSA Docker image and provides default values along with descriptions.

Variable name Default value Description  
APP_CONFIG_PATH "/srv/tsa/service-config.yml" Path to the service configuration YAML file inside container. In case of running in Kubernetes, consider using K8s Volumes for externalization.  
NATS_URLS "nats://nats:4222" NATS connection URLs. May include connection credentials, e.g. "nats://derek:pass@localhost:4222".  
ELASTICSEARCH_URL "" Elastic connection URL.  
ELASTICSEARCH_USERNAME "" Elastic connection username.  
ELASTICSEARCH_PASSWORD "" Elastic connection password.  
KAA_LICENSE_CERT_PATH "/run/license/license.p12" Path to the Kaa platform license certificate file in PKCS #12 format.  
KAA_LICENSE_CERT_PASSWORD "" License certificate password. Required.  
SERVICE_DEBUG false Enables debug level logging.  

Some of the listed above settings can also be controlled via the configuration options. When set, environment variables take precedence over corresponding configuration file settings.