Version: 0.1

Install

Summary

Konstruct currently supports installation on AWS natively, with support for Civo, Google, Azure, and self-hosted available upon request.

Supported Installs

The Konstruct engineering team is here to provide you with a guided installation of the Konstruct control plane. To receive a Konstruct demo or to arrange for a supported installation schedule time with us.

Installation Guide

This guide provides instructions for installing Konstruct, a comprehensive multi-tenant, multi-cloud Kubernetes management platform.

Prerequisites

Before installing Konstruct, ensure you have:

A Kubernetes cluster (v1.24+)
ArgoCD installed and configured (v2.6+)
NGINX Ingress Controller deployed
Cert-Manager configured with a cluster issuer named letsencrypt-prod
Vault or a compatible secret management solution
Access to the Konstruct Helm repository

A handy way to get these prerequisites is to ensure all components are properly configured before proceeding.

Component Overview

Konstruct Platform 0.1 consists of the following components:

Component	Version	Description
Application Operator	0.1.0-rc.95efd83f	Manages application deployments across clusters
CloudAccount Operator	0.1.0-rc.e749cf8c	Handles cloud provider account integrations
GitAccount Operator	0.1.0-rc.7b8ca3ff	Manages Git provider integrations
SSO Operator	0.1.0-rc.67ef1845	Configures single sign-on across the platform
Team Management Operator	0.1.0-rc.c5fe7472	Manages team access and permissions
WorkloadCluster Operator	0.1.0-rc.e2941335	Provisions and manages workload clusters
Konstruct API	0.1.0-rc.6b699477	Core API server for the platform
Konstruct UI	0.1.0-rc.e6de6ebf	Web interface for platform management
Dex	0.24.0	OIDC provider for authentication

Installation Steps

Step 1: Create Required Namespaces

kubectl create namespace konstruct-system
kubectl create namespace dex
kubectl create namespace argocd  # If not already created

Step 2: Configure Image Pull Secrets

Create a Docker registry secret for pulling Konstruct images:

apiVersion: v1
kind: Secret
metadata:
  name: docker-config
  namespace: konstruct-system
type: kubernetes.io/dockerconfigjson
data:
  .dockerconfigjson: <base64-encoded-docker-config>

Apply the same secret to the dex namespace:

kubectl apply -f docker-config.yaml -n konstruct-system
kubectl apply -f docker-config.yaml -n dex

Step 3: Configure External Secrets (if using Vault)

If you're using Vault with External Secrets Operator, create the required ExternalSecret resources:

# dex-secret.yaml
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: dex-config
  namespace: dex
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault-kv-secret
  target:
    name: dex-config
  dataFrom:
    - extract:
        key: /dex

# docker-config-external-secret.yaml
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: docker-config
  namespace: konstruct-system
spec:
  secretStoreRef:
    name: vault-kv-secret
    kind: ClusterSecretStore
  target:
    name: docker-config
  dataFrom:
    - extract:
        key: /docker-config

Step 4: Deploy Core Operators (Sync Wave 0)

Deploy all operators that have sync-wave 0. These can be deployed in parallel:

# Apply all operator manifests
kubectl apply -f application-operator.yaml
kubectl apply -f cloudaccount-operator.yaml
kubectl apply -f gitaccount-operator.yaml
kubectl apply -f sso-operator.yaml
kubectl apply -f team-management-operator.yaml
kubectl apply -f workloadcluster-operator.yaml
kubectl apply -f dex.yaml

Wait for all operators to be healthy:

kubectl wait --for=condition=Ready pods -n konstruct-system --all --timeout=300s
kubectl wait --for=condition=Ready pods -n dex --all --timeout=300s

Step 5: Deploy API and UI Components (Sync Wave 10)

After the operators are running, deploy the API and UI:

kubectl apply -f konstruct-api.yaml
kubectl apply -f konstruct-ui.yaml

Wait for deployment:

kubectl wait --for=condition=Ready pods -l app=konstruct-api -n konstruct-system --timeout=300s
kubectl wait --for=condition=Ready pods -l app=konstruct-ui -n konstruct-system --timeout=300s

ArgoCD Application Manifests

For automated GitOps deployment, you can use the provided ArgoCD Application manifests. Here's an example for the Application Operator:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: application-operator
  namespace: argocd
  finalizers:
    - resources-finalizer.argocd.argoproj.io
  annotations:
    argocd.argoproj.io/sync-wave: '0'
spec:
  project: default
  source:
    repoURL: europe-west2-docker.pkg.dev/civo-com/charts
    chart: application-operator
    targetRevision: 0.1.0-rc.95efd83f
    helm:
      values: |-
        imagePullSecrets:
          - name: docker-config
        serviceAccount:
          create: true
          annotations:
            eks.amazonaws.com/role-arn: arn:aws:iam::YOUR_ACCOUNT_ID:role/konstruct-mgmt-YOUR_CLUSTER_NAME
  destination:
    name: in-cluster
    namespace: konstruct-system
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true

Configuration Requirements

AWS IAM Role (for EKS clusters)

If deploying on AWS EKS, ensure the Application Operator service account has the appropriate IAM role:

serviceAccount:
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::YOUR_ACCOUNT_ID:role/konstruct-mgmt-YOUR_CLUSTER_NAME

Ingress Configuration

The platform components expose the following endpoints:

Dex: https://dex.YOUR_DOMAIN
Konstruct UI: Configure via Helm values
Konstruct API: Configure via Helm values

Ensure your DNS is configured to point these domains to your ingress controller.

Verification

After installation, verify all components are running:

# Check all pods in konstruct-system namespace
kubectl get pods -n konstruct-system

# Check all pods in dex namespace  
kubectl get pods -n dex

# Verify ArgoCD applications
kubectl get applications -n argocd | grep -E "konstruct|dex|application-operator|cloudaccount-operator"

# Check ingress resources
kubectl get ingress -A | grep -E "konstruct|dex"

Troubleshooting

Common Issues

Image Pull Errors: Ensure docker-config secret is properly configured with credentials for europe-west2-docker.pkg.dev/civo-com/charts

Sync Failures: Check ArgoCD application logs:

kubectl logs -n argocd deployment/argocd-application-controller

Pod Crashes: Review pod logs:

kubectl logs -n konstruct-system <pod-name>

External Secrets Issues: Verify ClusterSecretStore is configured and Vault paths exist:
```
kubectl get clustersecretstore
kubectl describe externalsecret -n konstruct-system
```

Next Steps

After successful installation:

Access the Konstruct UI at your configured ingress URL
Configure SSO integration through Dex
Create your first CloudAccount and GitAccount resources
Deploy your first workload cluster using the WorkloadCluster CRD

Summary​

Supported Installs​

Installation Guide​

Prerequisites​

Component Overview​

Installation Steps​

Step 1: Create Required Namespaces​

Step 2: Configure Image Pull Secrets​

Step 3: Configure External Secrets (if using Vault)​

Step 4: Deploy Core Operators (Sync Wave 0)​

Step 5: Deploy API and UI Components (Sync Wave 10)​

ArgoCD Application Manifests​

Configuration Requirements​

AWS IAM Role (for EKS clusters)​

Ingress Configuration​

Verification​

Troubleshooting​

Common Issues​

Next Steps​