side menu

Install BRIX Enterprise in Kubernetes

BRIX On-Premises is installed in a Kubernetes cluster. It uses PostgreSQL, MongoDB, Redis database management systems, RabbitMQ service bus, and an S3 compatible object storage (MinIO). For more details, refer to the Architecture article.

Before starting the installation, read the system requirements of BRIX On-Premises Enterprise.

The installation consists of five steps:

  1. Prepare infrastructure (optional).
  2. Download the Helm chart and the configuration file.
  3. Fill out the configuration file.
  4. Install BRIX using helm in a Kubernetes cluster.
  5. Install add-ons for BRIX (optional).

While installing the BRIX application, you can monitor the status of the pods and view their logs.

Step 1: Prepare infrastructure (optional)

By infrastructure we mean the necessary components for the operation of the BRIX On-Premises application.

начало внимание

The client deploys the dependent components independently. All work related to organizing a high-availability local architecture and setting up the high availability of dependent components is also done by the client.

конец внимание

Components necessary for BRIX On-Premises operation:

  • Kubernetes cluster.
  • PostgreSQL.
  • MongoDB.
  • RabbitMQ.
  • Valkey or Redis.
  • S3.

In this article, databases and the S3 storage are installed in the Kubernetes cluster as per the Prepare embedded databases article and use standard connection strings and passwords. This configuration is provided as an example for a trial installation only and is not a recommendation for production use. For a production environment, we recommend hosting PostgreSQL, MongoDB, and S3 on separate external resources.

Requirements for component configuration

Kubernetes

The system is installed using Helm in a Kubernetes cluster, which contains the following components: ingress-nginx controller, coredns, rbac, storageclass. For supported versions of Kubernetes and Helm, see the System requirements for BRIX On-Premises article.

Also, proxying from pods to the external network should be allowed.

Read more about how to deploy a Kubernetes cluster in the Kubernetes section.

Data storage

You can use your existing databases and S3 storage as components for BRIX On-Premises. There is also an option to combine your components with those deployed using the elma365-dbs or elma365-stack charts.

In a production environment, we recommend installing and configuring external PostgreSQL, MongoDB, and S3.

In the next installation steps, you will need to specify the connection strings to the databases and the S3 storage.

If there's a need to deploy all or just the missing components, refer to the articles in the Databases section.

 

High availability

To ensure continuous operation of BRIX on Bare-metal servers, it is necessary to build a high-availability Kubernetes cluster and ensure the operation of the used databases and S3 storage. For more details on building a high-availability environment for BRIX, refer to Prepare infrastructure.

 

Offline installation (Air-gap)

You can install BRIX in a closed-loop environment without direct access to the external container image storage. For this, on a computer with internet access, you need to download the BRIX application images and import them into a local image repository. Read more in Download BRIX images.

You can skip this section if the component configuration requirements are met and there’s no need to deploy components necessary for the operation of BRIX On-Premises.

Step 2: Download the Helm chart and configuration file

Obtain the values-brix365.yaml configuration file for installation via the internet:

  • For the latest version of the system by executing the following command:

helm repo add brix365 https://charts.brix365.com
helm repo update
helm show values brix365/brix365 > values-brix365.yaml

  • For the certain version of the system by executing the helm show values brix365/brix365 command with the --version flag:

helm repo add brix365 https://charts.brix365.com
helm repo update
helm show values brix365/brix365 --version <brix365-chart-version> > values-brix365.yaml

Where <brix365-chart-version> is the system version required.

Obtaining the configuration file for installation in an isolated environment without internet access

  1. On a computer with internet access, download BRIX images and upload them to the local image registry. Read more in the Download BRIX images article.
  2. Download the archive of the latest version of the BRIX On-Premises chart from the brix365 repository by executing the following command:

helm repo add brix365 https://charts.brix365.com
helm repo update
helm pull brix365/brix365

  1. Copy the received chart archive brix365-X.Y.Z.tgz to the server where the installation will take place.
  2. Unpack the obtained chart on the server and copy the default configuration file values.yaml to values-brix365.yaml. To do this, run the following command:

tar -xf brix365-X.Y.Z.tgz
cp brix365/values.yaml values-brix365.yaml

Step 3: Fill out the configuration file

For a quick start of the app, fill out the main parameters:

  • global.host: domain (FQDN) or IP address by which the system will be accessible. The IP address is only valid in limited scenarios, such as when not using Ingress/Nginx with host-based routing and TLS with SNI.
  • global.edition: specify the edition of the BRIX application to be installed.
  • bootstrapCompany.email: administrator’s email.
  • bootstrapCompany.password: administrator’s password.
  • db.psqlUrl: connection string to the PostgreSQL DB.
  • db.mongoUrl: connection string to the MongoDB for the app.
  • db.vahterMongoUrl: connection string to the MongoDB for the authorization server.
  • db.redisUrl: connection string to Valkey or Redis.
  • db.amqpUrl: connection string to RabbitMQ.
  • db.s3.method: request method to S3.
  • db.s3.accesskeyid: S3 username.
  • db.s3.secretaccesskey: password for the S3 user. Use the acceptable characters.
  • db.s3.bucket: S3 bucket.
  • db.s3.backend.address: S3 address.
  • db.s3.backend.region: S3 region.
  • db.s3.ssl.enabled: enabling S3 SSL.

начало примечание

Note

The following characters are acceptable for passwords:

  • Uppercase Latin letters: A to Z.
  • Lowercase Latin letters: a to z.
  • Numbers: 0 to 9.
  • Characters:  -_.

Reserved (unacceptable) characters:

! * ' ( ) ; : @ & = + $ , / ? % # [ ] { }

конец примечание

Fill in the variables in the values-brix365.yaml file by performing the following actions:

  1. Set the FQDN domain or IP address through which the system will be accessible in the global.host parameter.

In the article Prepare embedded databases, on step 1, you should have prepared an S3 MinIO storage, which is accessible via the FQDN domain brix365_server.your_domain. When using the built-in S3 storage accessible by the FQDN, BRIX should be accessible under the same domain name. To do this, in global.host specify brix365_server.your_domain and enable the ingress binding to the domain brix365_server.your_domain. To do this, set the value true for the ingress.hostEnabled parameter.

global:
# domain (FQDN) or IP address where the system will be available
host: 'brix365_server.your_domain'
ingress:
  hostEnabled: true

  1. In the global.edition parameter, specify the BRIX edition: enterprise or standard.
  2. Complete the company creation parameters in the bootstrapCompany section. The company will be created during the BRIX installation.
  3. Set the administrator’s email address in the bootstrapCompany.email parameter. This address will serve as the login for the main administrator.

Начало внимание

The main administrator’s login cannot be changed after the system installation.

Конец внимание

  1. Indicate, according to your security policy, the password for the main administrator’s login in the bootstrapCompany.password parameter. Use the acceptable characters.
  2. Set the company language in the bootstrapCompany.locale parameter, for example, en-US:

bootstrapCompany:
# Admin email
email: "admin@mail.com"
# Admin password
password: "test"
# Installed system language, possible options: "ru-RU", "en-US", "sk-SK"
locale: "en-US"

  1. Set the installed system language in the language.default parameter, for example, en-US:

language:
# Installed system language, possible options: "ru-RU", "en-US", "sk-SK"
default: "en-US"

  1. Fill in the connection strings for the PostgreSQL, MongoDB, RabbitMQ, Valkey or Redis databases. To do this, you need to fill in the following parameters: db.psqlUrl, db.mongoUrl, db.vahterMongoUrl, db.redisUrl, db.amqpUrl.

db:
# Connection string for Postgres DB, format:
postgresql://user:password@hostname:5432/databaseName
psqlUrl: 'postgres://postgres:pgpassword@postgres.brix365-dbs.svc.cluster.local:5432/brix365?sslmode=disable'
# Connection string for read-only Postgres DB, format:
postgresql://user:password@hostname:5432/databaseName
roPsqlUrl: ''
# Connection string for the MongoDB for the application, format:
mongodb://user:password@hostname:27017/databaseName
mongoUrl: 'mongodb://brix365:mongopassword@mongo.brix365-dbs.svc.cluster.local:27017/brix365?ssl=false&replicaSet=rs0&readPreference=secondaryPreferred'
# Connection string for MongoDB for the authorization server, format:
mongodb://user:password@hostname:27017/databaseName
vahterMongoUrl: 'mongodb://brix365:mongopassword@mongo.brix365-dbs.svc.cluster.local:27017/brix365?ssl=false&replicaSet=rs0&readPreference=secondaryPreferred'
# Connection string for Redis, format:
redis://user:password@redis.local:6379/databaseName
redisUrl: 'redis://redis.brix365-dbs.svc.cluster.local:6379/0'
# Connection string for Rabbit, format:
amqp://user:password@hostname:5672/vhost
amqpUrl: 'amqp://brix365:rmqpassword@rabbitmq.brix365-dbs.svc.cluster.local:5672/brix365'

  1. Fill in the parameters for connecting to the S3 file storage:
  • db.s3.method: S3 request method.
  • db.s3.accesskeyid: S3 username.
  • db.s3.secretaccesskey: password for the S3 user. Use the acceptable characters.
  • db.s3.secretaccdb.s3.bucket: S3 bucket.
  • db.s3.backend.address: S3 address.
  • db.s3.backend.region: S3 region.
  • db.s3.ssl.enabled: enable S3 SSL.

db:
 s3:
   method: PUT
   accesskeyid: PZSF73JG72Ksd955JKU1HIA
   secretaccesskey: aFDkj28Jbs2JKbnvJH678MNwiz88zKjsuNBHHs
   bucket: s3brix365
   backend:
     address: brix365_server.your_domain
     region: us-east-1
   ssl:
     enabled: "false"

 

Filling in the connection parameters to a private registry for installation in an isolated environment without internet access

  1. Set the address and path in the global.image.repository parameter.
  2. Indicate the name of the secret with access rights to the private registry in the global.image.pullSecret parameter. The private registry should be manually created and encrypted in Base64 global:

# Address and path for private registry
image:
  repository: registry.example.com/images/brix365
  # Secret with access permissions for the private registry must be created manually,
  encoded in Base64
  pullSecret:
    - name: myRegistryKeySecretName

 
Where format of repository is:

  • registry.example.com: the address.
  • /images/elma365: the path.

 

The configuration file values-brix365.yaml contains a large number of parameters for the BRIX On-Premises application. For a more comprehensive guide on filling in variables in this file, see the Modify BRIX Enterprise parameters article.

Step 4: Install BRIX using helm in the Kubernetes cluster

  1. If a namespace for installing BRIX hasn't yet been created, add it using the command:

kubectl create namespace brix365

Where brix365 is the name of the namespace.

  1. This step is optional. To avoid specifying a namespace in commands in the current session, you can set the default namespace in the Kubernetes context. To do this, use the command:

kubectl config set-context --current --namespace=brix365

  1. In the namespace for BRIX installation, change the value for the Deckhouse security policy to privileged to avoid errors when deploying services. To do this, run the command:

kubectl label namespace brix365 security.deckhouse.io/pod-policy=privileged --overwrite

  1. Install  BRIX Enterprise using the configuration file values-brix365.yaml. If you need to install the application in a separate namespace, specify it in the installation command:

helm upgrade --install brix365 brix365/brix365 \
-f values-brix365.yaml \
--timeout=30m --wait [-n namespace]

To install the BRIX Enterprise application in an isolated environment without internet access, run the following command:

helm upgrade --install brix365 ./brix365 \
-f values-brix365.yaml \
--timeout=30m --wait [-n namespace]

The installation time for the BRIX Enterprise application takes 10-30 minutes. Wait for the update of the BRIX Enterprise application parameters.

  1. Open a browser and navigate to the BRIX Enterprise login page at http://global.host. The global.host parameter was specified in the values-brix365.yaml configuration file in the step of downloading the helm chart and configuration file.
     
    In the given example, the following login page address for the BRIX Enterprise application is used: http://example.com.
    installing-elma365-enterprise-1
  1. Use the administrator’s email address as the login and the password you used in the values-brix365.yaml configuration file for the parameters bootstrapCompany.email and bootstrapCompany.password.
     
    In the given example, the following are used:
  • Login: admin@mail.com.
  • Password: test.
  1. Click the Login to the system button.
    The BRIX application window will open.
  1. Activate the system. For more details, see Activate BRIX On-Premises.

The installation of the BRIX Enterprise edition application has been successfully completed.

начало внимание

Save the values-brix365.yaml configuration file for future updates.

конец внимание

 

Step 5: Install add-ons for the BRIX application (optional)

Under add-ons for the BRIX application, components are understood that extend the functional and infrastructure capabilities of the BRIX application.

Add-ons list:

  • For BRIX Enterprise Kubernetes:
  • For BRIX Standard Kubernetes:
    • Linkerd routing system (Service Mesh).
    • The Security Audit service for system versions lower than 2026.4.

Add-ons are installed as needed, considering the existing infrastructure. Articles in the Install add-on components for BRIX section will help decide whether you should to install an add-on component.

Monitor BRIX application status

 

During BRIX installation, you can use the following commands:

 

  1. To monitor pod status in real time:

kubectl get pods -n brix365 -w

 

This allows you to monitor the statuses of all pods in the brix365 namespace in real time. You can see when pods start, restart, or stop with an error.

 

  1. To view pod logs:

kubectl logs -f <имя_пода> -n brix365

 

Where:

 

  • <pod_name> is the name of the desired pod.
  • -f is the command for monitoring new entries.

 

elma365-enterprise.html change-settings-enterprise.html