Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
You can install and try Devtron on a high-end machine or on a Cloud VM. If you install it on a laptop/PC, it may start to respond slow, so it is recommended to uninstall Devtron from your system before shutting it down.
2 vCPUs
4GB+ of free memory
20GB+ free disk space
Before we get started and install Devtron, we need to set up the cluster in our servers & install required tools
Add Devtron repository
Install Devtron
Port-forward the devtron-service to access dashboard
To install devtron on Minikube/kind Cluster use the Following commands
To install devtron on k3s Cluster use the Following commands
To access dashboard when using Minikube as Cluster use this command, dashboard will automatically open on default browser.
To access dashboard when using Kind/k3s as Cluster, use this command to port forward the devtron service to port 8000
Dashboard http://127.0.0.1:8000.
For admin login, use the username:admin, and run the following command to get the admin password:
It is preferd to use Cloud VM with 2vCPU+, 4GB+ free Memory, 20GB+ Storage, Compute Optimized VM type & Ubuntu Flavoured OS.
Create Microk8s Cluster
Install devtron
Ensure that the port on which the devtron-service runs is open in the VM's security group or network Security group.
Commad to get the devtron-service Port number
Are you installing Devtron on Minikube, Microk8s, K3s, Kind? See Instructions here
Install Helm.
Add Devtron repository
Install Devtron
This installation will use Minio for storing build logs and cache.
This installation will use AWS s3 buckets for storing build logs and cache. Refer to the AWS specific parameters on the Storage for Logs and Cache page.
This installation will use Azure Blob Storage for storing build logs and cache. Refer to the Azure specific parameters on the Storage for Logs and Cache page.
Append the command with
--set installer.release="vX.X.X"to install a particular version of Devtron. Wherevx.x.xis the release tag.
For those countries/users where Github is blocked, you can use Gitee as the installation source:
If you are planning to use Devtron for production deployments, please refer to our recommended overrides for Devtron Installation.
The install commands start Devtron-operator, which takes about 20 minutes to spin up all of the Devtron microservices one by one. You can use the following command to check the status of the installation:
The command executes with one of the following output messages, indicating the status of the installation:
To check the installer logs, run the following command:
Use the following command to get the dashboard URL:
You will get an output similar to the one shown below:
The hostname aaff16e9760594a92afa0140dbfd99f7-305259315.us-east-1.elb.amazonaws.com as mentioned above is the Loadbalancer URL where you can access the Devtron dashboard.
If you don't see any results or receive a message that says "service doesn't exist," it means Devtron is still installing; please check back in 5 minutes.
Note: You can also do a
CNAMEentry corresponding to your domain/subdomain to point to this Loadbalancer URL to access it at a custom domain.
For admin login, use the username:admin, and run the following command to get the admin password:
Please make sure that you do not have anything inside namespaces devtroncd, devtron-cd, devtron-ci, and devtron-demo as the below steps will clean everything inside these namespaces:
Still facing issues, please reach out to us on Discord.
Are you installing Devtron on Minikube, Microk8s, K3s, Kind? See Instructions here
This page helps you to install Devtron without any integrations. Integrations can be added later using Devtron Stack Manager.
Install Helm if you haven't done that already!
Use the following command to get the dashboard URL:
You will get the result something as shown below:
The hostname aaff16e9760594a92afa0140dbfd99f7-305259315.us-east-1.elb.amazonaws.com as mentioned above is the Loadbalancer URL where you can access the Devtron dashboard.
You can also do a CNAME entry corresponding to your domain/subdomain to point to this Loadbalancer URL to access it at a custom domain.
| Host | Type | Points to |
|---|---|---|
For admin login, use the username as admin, and run the following command to get the admin password:
Please make sure that you do not have anything inside namespaces devtroncd, devtron-cd devtron-ci, and devtron-demo as the below steps will clean everything inside these namespaces
To use the CI/CD capabilities with Devtron, users can Install the CI/CD integration.
Devtron is installed over a Kubernetes cluster and can be installed standalone or along with CI/CD integration:
Devtron with CI/CD: Devtron installation with the CI/CD integration is used to perform CI/CD, security scanning, GitOps, debugging, and observability.
Devtron: The Devtron installation includes functionalities to deploy, observe, manage, and debug existing Helm applications in multiple clusters and deeply integrate with multiple tools using extensions.
The minimum requirements for Devtron and Devtron with CI/CD integration in production and non-production environments include:
Non-production
| Integration | CPU | Memory |
|---|---|---|
Production (assumption based on 5 clusters)
| Integration | CPU | Memory |
|---|---|---|
Refer to the Override Configurations section for more information.
Note: It is NOT recommended to use brustable CPU VMs (T series in AWS, B Series in Azure and E2/N1 in GCP) for Devtron installation.
Create a Kubernetes cluster (preferably K8s 1.16 or higher) if you haven't done that already!
Refer to the Creating a Production grade EKS cluster using EKSCTL article to set up a cluster in the production environment.
In certain cases, you may want to override default configurations provided by Devtron. For example, for deployments or statefulsets you may want to change the memory or CPU requests or limit or add node affinity or taint tolerance. Say, for ingress, you may want to add annotations or host. Samples are available inside the directory.
To modify a particular object, it looks in namespace devtroncd for the corresponding configmap as mentioned in the mapping below:
| component | configmap name | purpose |
|---|
apiVersion, kind, metadata.name in the multiline string is used to match the object which needs to be modified. In this particular case it will look for apiVersion: extensions/v1beta1, kind: Ingress and metadata.name: devtron-ingress and will apply changes mentioned inside update: as per the example inside the metadata: it will add annotations owner: app1 and inside spec.rules.http.host it will add http://change-me.
Once we have made these changes in our local system we need to apply them to a Kubernetes cluster on which Devtron is installed currently using the below command:
Run the following command to make these changes take effect:
Our changes would have been propagated to Devtron after 20-30 minutes.
The overall resources required for the recommended production overrides are:
The production overrides can be applied as pre-devtron installation as well as post-devtron installation in the respective namespace.
If you want to install a new Devtron instance for production-ready deployments, this is the best option for you.
Create the namespace and apply the overrides files as stated above:
After files are applied, you are ready to install your Devtron instance with production-ready resources.
If you have an existing Devtron instance and want to migrate it for production-ready deployments, this is the right option for you.
In the existing namespace, apply the production overrides as we do it above.
| Status | Description |
|---|---|
| Host | Type | Points to |
|---|---|---|
Let's take an example to understand how to override specific values. Say, you want to override annotations and host in the ingress, i.e., you want to change devtronIngress, copy the file . This file contains a configmap to modify devtronIngress as mentioned above. Please note the structure of this configmap, data should have the key override with a multiline string as a value.
In case you want to change multiple objects, for eg in argocd you want to change the config of argocd-dex-server as well as argocd-redis then follow the example in .
To use Devtron for production deployments, use our recommended production overrides located in . This configuration should be enough for handling up to 200 microservices.
| Name | Value |
|---|
devtron.yourdomain.com
CNAME
aaff16e9760594a92afa0140dbfd99f7-305259315.us-east-1.elb.amazonaws.com
Downloaded
The installer has downloaded all the manifests, and the installation is in progress.
Applied
The installer has successfully applied all the manifests, and the installation is complete.
devtron.yourdomain.com
CNAME
aaff16e9760594a92afa0140dbfd99f7-305259315.us-east-1.elb.amazonaws.com
cpu | 6 |
memory | 13GB |
argocd | argocd-override-cm | GitOps |
clair | clair-override-cm | container vulnerability db |
clair | clair-config-override-cm | Clair configuration |
dashboard | dashboard-override-cm | UI for Devtron |
gitSensor | git-sensor-override-cm | microservice for Git interaction |
guard | guard-override-cm | validating webhook to block images with security violations |
postgresql | postgresql-override-cm | db store of Devtron |
imageScanner | image-scanner-override-cm | image scanner for vulnerability |
kubewatch | kubewatch-override-cm | watches changes in ci and cd running in different clusters |
lens | lens-override-cm | deployment metrics analysis |
natsOperator | nats-operator-override-cm | operator for nats |
natsServer | nats-server-override-cm | nats server |
natsStreaming | nats-streaming-override-cm | nats streaming server |
notifier | notifier-override-cm | sends notification related to CI and CD |
devtron | devtron-override-cm | core engine of Devtron |
devtronIngress | devtron-ingress-override-cm | ingress configuration to expose Devtron |
workflow | workflow-override-cm | component to run CI workload |
externalSecret | external-secret-override-cm | manage secret through external stores like vault/AWS secret store |
grafana | grafana-override-cm | Grafana config for dashboard |
rollout | rollout-override-cm | manages blue-green and canary deployments |
minio | minio-override-cm | default store for CI logs and image cache |
minioStorage | minio-storage-override-cm | db config for minio |
Devtron with CI/CD
2
6 GB
Devtron
1
1 GB
Devtron with CI/CD
6
13 GB
Devtron
2
3 GB
After Devtron is installed, Devtron is accessible through service devtron-service. If you want to access devtron through ingress, edit devtron-service and change the loadbalancer to ClusterIP. You can do this using kubectl patch command like :
After that create ingress by applying the ingress yaml file. You can use this yaml file to create ingress to access devtron:
You can access devtron from any host after applying this yaml. For k8s versions <1.19, apply this yaml:
Optionally you also can access devtron through a specific host like :
Once ingress setup for devtron is done and you want to run Devtron over https, you need to add different annotations for different ingress controllers and load balancers.
In case of nginx ingress controller, add following annotations under service.annotations under nginx ingress controller to run devtron over https.
(i) Amazon Web Services (AWS)
If you are using AWS cloud, add the following annotations under service.annotations under nginx ingress controller.
(ii) Digital Ocean
If you are using Digital Ocean cloud, add the following annotations under service.annotations under nginx ingress controller.
In case of AWS application load balancer, add following annotations under ingress.annotations to run devtron over https.
In case of AWS application load balancer, the following annotations need to be added under ingress.annotations to run devtron over https.
For an Ingress resource to be observed by AGIC (Application Gateway Ingress Controller) must be annotated with kubernetes.io/ingress.class: azure/application-gateway. Only then AGIC will work with the Ingress resource in question.
Note: Make sure NOT to use port 80 with HTTPS and port 443 with HTTP on the Pods.
Configure Secrets
For helm installation this section referes to secrets section of values.yaml. For kubectl based installation it refers to kind: secret in install/devtron-operator-configs.yaml.
Configure the following properties:
| Parameter | Description | Default |
|---|---|---|
Configure ConfigMaps
For helm installation this section refers to configs section of values.yaml. For kubectl based installation it refers to kind: ConfigMap in install/devtron-operator-configs.yaml.
Configure the following properties:
| Parameter | Description | Default |
|---|---|---|
Configure Overrides
For helm installation this section refers to customOverrides section of values.yaml. In this section you can override values of devtron-cm which you want to keep persistent. For example:
You can configure the following properties:
While installing Devtron and using the AWS-S3 bucket for storing the logs and caches, the below parameters are to be used in the ConfigMap.
NOTE: For using the S3 bucket it is important to add the S3 permission policy to the IAM role attached to the nodes of the cluster.
While installing Devtron using Azure Blob Storage for storing logs and caches, the below parameters will be used in the ConfigMap.
To convert string to base64 use the following command:
Note:
Ensure that the cluster has read and write access to the S3 buckets/Azure Blob storage container mentioned in DEFAULT_CACHE_BUCKET, DEFAULT_BUILD_LOGS_BUCKET or AZURE_BLOB_CONTAINER_CI_LOG, or AZURE_BLOB_CONTAINER_CI_CACHE.
Ensure that the cluster has read access to AWS secrets backends (SSM & secrets manager).
The following tables contain parameters and their details for Secrets and ConfigMaps that are configured during the installation of Devtron. While installing Devtron using kubectl the following parameters can be tweaked in devtron-operator-configs.yaml file. If the installation is proceeded using helm3, the values can be tweaked in values.yaml file.
We can use the --set flag to override the default values when installing with Helm. For example, to update POSTGRESQL_PASSWORD and BLOB_STORAGE_PROVIDER, use the install command as:
| Parameter | Description | Default |
|---|---|---|
| Parameter | Description | Default |
|---|---|---|
| Parameter | Description | Default |
|---|---|---|
| Parameter | Description | Default | Necessity |
|---|---|---|---|
| Parameter | Description | Default | Necessity |
|---|---|---|---|
| Parameter | Description |
|---|---|
POSTGRESQL_PASSWORD
Using this parameter the auto-generated password for Postgres can be edited as per requirement(Used by Devtron to store the app information)
WEBHOOK_TOKEN
If you want to continue using Jenkins for CI then provide this for authentication of requests should be base64 encoded
BASE_URL_SCHEME
Either of HTTP or HTTPS (required)
HTTP
BASE_URL
URL without scheme and trailing slash, this is the domain pointing to the cluster on which the Devtron platform is being installed. For example, if you have directed domain devtron.example.com to the cluster and the ingress controller is listening on port 32080 then URL will be devtron.example.com:32080 (required)
change-me
DEX_CONFIG
dex config if you want to integrate login with SSO (optional) for more information check Argocd documentation
EXTERNAL_SECRET_AMAZON_REGION
AWS region for the secret manager to pick (required)
PROMETHEUS_URL
URL of Prometheus where all cluster data is stored; if this is wrong, you will not be able to see application metrics like CPU, RAM, HTTP status code, latency, and throughput (required)
CI_NODE_LABEL_SELECTOR
Labels for a particular nodegroup which you want to use for running CIs
CI_NODE_TAINTS_KEY
Key for toleration if nodegroup chosen for CIs have some taints
CI_NODE_TAINTS_VALUE
Value for toleration if nodegroup chosen for CIs have some taints
DEFAULT_CACHE_BUCKET
AWS bucket to store docker cache, it should be created beforehand (required)
DEFAULT_BUILD_LOGS_BUCKET
AWS bucket to store build logs, it should be created beforehand (required)
DEFAULT_CACHE_BUCKET_REGION
AWS region of S3 bucket to store cache (required)
DEFAULT_CD_LOGS_BUCKET_REGION
AWS region of S3 bucket to store CD logs (required)
AZURE_ACCOUNT_NAME
Account name for AZURE Blob Storage
AZURE_BLOB_CONTAINER_CI_LOG
AZURE Blob storage container for storing ci-logs after running the CI pipeline
AZURE_BLOB_CONTAINER_CI_CACHE
AZURE Blob storage container for storing ci cache after running the CI pipeline
ACD_PASSWORD
ArgoCD Password for CD Workflow
Auto-Generated
Optional
AZURE_ACCOUNT_KEY
Account key to access Azure objects such as BLOB_CONTAINER_CI_LOG or CI_CACHE
""
Mandatory (If using Azure)
GRAFANA_PASSWORD
Password for Grafana to display graphs
Auto-Generated
Optional
POSTGRESQL_PASSWORD
Password for your Postgresql database that will be used to access the database
Auto-Generated
Optional
AZURE_ACCOUNT_NAME
Azure account name which you will use
""
Mandatory (If using Azure)
AZURE_BLOB_CONTAINER_CI_LOG
Name of container created for storing CI_LOG
ci-log-container
Optional
AZURE_BLOB_CONTAINER_CI_CACHE
Name of container created for storing CI_CACHE
ci-cache-container
Optional
BLOB_STORAGE_PROVIDER
Cloud provider name which you will use
MINIO
Mandatory (If using any cloud other than MINIO), MINIO/AZURE/S3
DEFAULT_BUILD_LOGS_BUCKET
S3 Bucket name used for storing Build Logs
devtron-ci-log
Mandatory (If using AWS)
DEFAULT_CD_LOGS_BUCKET_REGION
Region of S3 Bucket where CD Logs are being stored
us-east-1
Mandatory (If using AWS)
DEFAULT_CACHE_BUCKET
S3 Bucket name used for storing CACHE (Do not include s3://)
devtron-ci-cache
Mandatory (If using AWS)
DEFAULT_CACHE_BUCKET_REGION
S3 Bucket region where Cache is being stored
us-east-1
Mandatory (If using AWS)
EXTERNAL_SECRET_AMAZON_REGION
Region where the cluster is setup for Devtron installation
""
Mandatory (If using AWS)
ENABLE_INGRESS
To enable Ingress (True/False)
False
Optional
INGRESS_ANNOTATIONS
Annotations for ingress
""
Optional
PROMETHEUS_URL
Existing Prometheus URL if it is installed
""
Optional
CI_NODE_LABEL_SELECTOR
Label of CI worker node
""
Optional
CI_NODE_TAINTS_KEY
Taint key name of CI worker node
""
Optional
CI_NODE_TAINTS_VALUE
Value of taint key of CI node
""
Optional
CI_DEFAULT_ADDRESS_POOL_BASE_CIDR
CIDR ranges used to allocate subnets in each IP address pool for CI
""
Optional
CI_DEFAULT_ADDRESS_POOL_SIZE
The subnet size to allocate from the base pool for CI
""
Optional
CD_NODE_LABEL_SELECTOR
Label of CD node
kubernetes.io/os=linux
Optional
CD_NODE_TAINTS_KEY
Taint key name of CD node
dedicated
Optional
CD_NODE_TAINTS_VALUE
Value of taint key of CD node
ci
Optional
CD_LIMIT_CI_CPU
CPU limit for pre and post CD Pod
0.5
Optional
CD_LIMIT_CI_MEM
Memory limit for pre and post CD Pod
3G
Optional
CD_REQ_CI_CPU
CPU request for CI Pod
0.5
Optional
CD_REQ_CI_MEM
Memory request for CI Pod
1G
Optional
CD_DEFAULT_ADDRESS_POOL_BASE_CIDR
CIDR ranges used to allocate subnets in each IP address pool for CD
""
Optional
CD_DEFAULT_ADDRESS_POOL_SIZE
The subnet size to allocate from the base pool for CD
""
Optional
GITOPS_REPO_PREFIX
Prefix for Gitops repository
devtron
Optional
RECOMMEND_SECURITY_SCANNING
If True, security scanning is enabled by default for a new build pipeline. Users can however turn it off in the new or existing pipelines.
FORCE_SECURITY_SCANNING
If set to True, security scanning is forcefully enabled by default for a new build pipeline. Users can not turn it off for new as well as for existing build pipelines. Old pipelines that have security scanning disabled will remain unchanged and image scanning should be enabled manually for them.
HIDE_DISCORD
Hides discord chatbot from the dashboard.