Skip to main content
Version: Next 🚧

Install Krateo 3.0.0

This guide walks through installing Krateo 3.0.0 on Kubernetes, with specific instructions for kind, LoadBalancer, Ingress, and OpenShift environments.

Prerequisites​

warning

Secrets must be created before installation. Krateo requires three Kubernetes Secrets in the krateo-system namespace:

  • jwt-sign-key — JWT signing key for platform authentication
  • krateo-db — PostgreSQL connection string
  • krateo-db-user — PostgreSQL username

See Secrets Spec for detailed requirements and examples.

warning

Krateo 3.0.0 uses CloudNativePG. It is strongly recommended to analyze the specific needs of your environment and workload to determine the optimal configuration for the CNPG cluster. Please refer to the CNPG configuration guide for details on customizing the CNPG cluster during installation.

Installation Methods​

Choose the installation method that matches your environment.

Install on kind with NodePort​

NodePort is the simplest method for local development with kind. Services are accessible via the node's IP and a high port number.

Prerequisites​

  • A kind cluster running locally (create one with the provided script)
  • All three secrets created in krateo-system namespace (see Secrets Spec)

Step 1: Create a KIND cluster​

Use the provided script from the repository. This script automates the creation of a KIND cluster with a specific network configuration required for a Krateo 3.0.0 nodeport deployment:

  • Ingress traffic: Ports 80 and 443 are mapped to the cluster.
  • Platform services: Ports 30080 (main platform), 30081 (Portal UI), 30082 (Snowplow), 30083 (AuthN), and 30086 (Events Presenter) are exposed locally.
curl -L https://raw.githubusercontent.com/krateoplatformops/krateo-v2-docs/refs/heads/main/scripts/kind.sh | bash

Step 2: Create secrets​

Before installing Krateo, create the required secrets in krateo-system namespace. See Secrets Spec for examples.

Step 3: Install Krateo​

krateoctl install plan --version 3.0.0 --type nodeport

Review the output, then apply:

krateoctl install apply --version 3.0.0 --type nodeport

Step 4: Access Krateo​

Krateo is available at:

http://localhost:30080

Getting Started Credentials​

After successful installation, Krateo creates two default user accounts with auto-generated passwords stored as Kubernetes Secrets in the krateo-system namespace.

Admin User​

The admin account is the primary administrative user with full platform access.

Retrieve the admin password:

kubectl get secret admin-password -n krateo-system -o jsonpath="{.data.password}" | base64 -d

Login credentials:

  • Username: admin
  • Password: (retrieved from the secret above)

Cyberjoker User​

The cyberjoker account is a test user useful for validating multi-tenancy features and testing different user permissions.

Retrieve the cyberjoker password:

kubectl get secret cyberjoker-password -n krateo-system -o jsonpath="{.data.password}" | base64 -d

Login credentials:

  • Username: cyberjoker
  • Password: (retrieved from the secret above)
tip

Use the cyberjoker account to test multi-tenant scenarios and verify that role-based access control (RBAC) is working correctly across different user contexts.

Troubleshooting​

Secrets not found​

If you see errors about missing secrets:

# Verify secrets exist
kubectl get secrets -n krateo-system

# Create missing secrets if needed (see Secrets Spec)

Pods stuck in pending​

Check resource availability:

kubectl describe pod <pod-name> -n krateo-system
kubectl top nodes
kubectl top pods -n krateo-system

Installation snapshot issues​

Inspect the stored installation state:

kubectl get installation krateoctl -n krateo-system -o yaml

Next Steps​