The Validio application is distributed as a Helm chart. The Helm chart is installable on managed Kubernetes clusters.

Validio is available for the following cloud providers:

Google Cloud Platform (GCP): GKE.
Amazon Web Services (AWS): EKS.
Microsoft Azure: AKS.

Prerequisites

📘
Note
Installing Validio on Customer VPC requires knowledge of:

Kubernetes: how to install, configure, and monitor resources on AWS, GCP or Azure.

Helm: how to install and configure helm charts on Kubernetes.

1. Access to docker images using a JSON file provided by Validio. For more information,contact us.

2. Configure a Kubernetes cluster on GCP, AWS or Azure. Considering the following:

All nodes must be in the same AWS availability zone, GCP zone or Azure zone.
Persistent volume provisioning enabled, to create Kubernetes PVC resources.
We also recommended a configured load balance or ingress controller, such as:

3. Install the following:

kubectl CLI tool and set the kubectl context to the destination cluster.
Helm version 3.8.0 or later with Helm OCI support.

Installation

Complete the following steps to install your VOC deployment. Also, you can refer to VPC Deployment Examples.

1. Create namespace

Create the namespace you want to use for your configuration. In our examples, we use validio.

kubectl create namespace validio

2. Add the docker-registry secret

Create a Kubernetes Secret to pull the docker images required by the helm chart. This requires the JSON file provided by Validio.

First, set the VALIDIO_SECRET environment variable to point to your JSON file:

export VALIDIO_SECRET=/home/user/Downloads/validio-secret.json

Then, add the Kubernetes Secret:

kubectl -n validio create secret docker-registry artifact-registry --docker-server=https://europe-docker.pkg.dev --docker-username=_json_key --docker-password="$(cat ${VALIDIO_SECRET})"

3. Install the helm chart

📘
The helm chart installation requires the validio-values.yaml file. For details, refer to configuration and examples.

helm install validio oci://europe-docker.pkg.dev/validio-platform-prod/charts/validio --version [your-validio-version] --namespace validio --values validio-values.yaml

4. Configure the `validio-values.yaml` file

The Helm chart supports the following keys in the validio-values.yaml file:

Key	Default value	Description
`meilisearch.resources.*`	`nil`	Resources for Meilisearch service. Suggested values: memory `1000Mi`, cpu `200m`.
`meilisearch.storage.capacity`	`nil`	Storage capacity for Meilisearch service. Suggested value: `10Gi`
`meilisearch.storage.class`	`nil`	Storage class for Meilisearch service. For example, `premium-rwo` for GCP and `gp2` for AWS. Leave empty to use cloud provider default.
`otel-collector.config.customer`	`nil`	Name of Customer, decide this value together with Validio
`otel-collector.env.http_proxy`	`nil`	Set proxy for`HTTP` requests
`otel-collector.env.https_proxy`	`nil`	Set proxy for`HTTPS` requests
`postgres.resources.*`	`nil`	Resources for Postgres service . Suggested values: memory `4Gi` and cpu `1000m`.
`postgres.storage.capacity`	`nil`	Storage capacity for Postgres service. Suggested value: `50Gi`.
`postgres.storage.class`	`nil`	Storage class for Postgres service. For example, `premium-rwo` for GCP and `gp2` for AWS. Leave empty to use cloud provider default.
`redis.resources.*`	`nil`	Resources for Postgres service. Suggested values: memory `500Mi` and cpu `200m`.
`redis.storage.capacity`	`nil`	Storage capacity for Redis service. Suggested values: `20Gi`.
`redis.storage.class`	`nil`	Storage class for Redis service. For example, `premium-rwo` for GCP and `gp2` for AWS. Leave empty to use cloud provider default.
`seastar.env.http_proxy`	`nil`	Set proxy for`HTTP` requests, will be used by Sentry
`seastar.env.https_proxy`	`nil`	Set proxy for`HTTPS` requests, will be used by Sentry
`seastar.probes.*`	`nil`	Control the Kubernetes Readiness and Liveness probes.
`seastar.resources.*`	`nil`	Resources for Seastar service . Suggested values: memory `1000Mi`, cpu `200m`.
`surface.env.http_proxy`	`nil`	Set proxy for`HTTP` requests, will be used by Sentry
`surface.env.https_proxy`	`nil`	Set proxy for`HTTPS` requests, will be used by Sentry
`surface.ingress.enabled`	`false`	Set to `true` to enable Kubernetes ingress. Note: This requires an ingress controller and that all ingress parameters are set accordingly.
`surface.ingress.host`	`nil`	The ingress hostname. Note: You must also set a DNS name.
`surface.ingress.path`	`/`	Set the ingress path.
`surface.ingress.pathType`	`Prefix`	Set the Ingress path type.
`surface.ingress.annotations`	`nil`	Set the ingress annotations.
`surface.ingress.managedCert`	`false`	Create a `ManagedCertificate` resource for the ingress. Note: For GCP only.
`surface.ingress.tls.enable`	`false`	Enable Ingress TLS, required for use in Azure with cert-manager
`surface.probes.*`	`nil`	Control the Kubernetes Readiness and Liveness probes.
`surface.resources.*`	`nil`	Resources for Surface service. Suggested values: memory `1000Mi`, cpu `200m`.
`tags.metrics`	`nil`	Set to `true` to enable metrics collection using OpenTelemetry Collector
`ve.diver.certificate.enabled`	`false`	Set to `true` to enable custom self signed certificates for outbound communication
`ve.diver.certificate.content`	`nil`	Self-signed certificate content, including header and footer.
`ve.diver.env.http_proxy`	`nil`	Set proxy for HTTP requests when sending notifications to Slack, Microsoft Teams, and Webhook.
`ve.diver.env.https_proxy`	`nil`	Set proxy for HTTPS requests when sending notifications to Slack, Microsoft Teams, and Webhook.
`ve.diver.probes.*`	`nil`	Control the Kubernetes Readiness and Liveness probes.
`ve.diver.resources.*`	`nil`	Resources for Diver service. Suggested values: memory `500Mi`, cpu `200m`.
`ve.ingress.probes.*`	`nil`	Control the Kubernetes Readiness and Liveness probes.
`ve.ingress.resources.*`	`nil`	Resources for Ingress service. Suggested vlaues: memory `1000Mi`, cpu `500m`. Note: This is not a Kubernetes ingress parameter.
`ve.ingress.cache.size`	`1Gi`	Local disk cache for Ingress service. Will be allocated on the host where the pod runs.
`ve.pipelines.probes.*`	`nil`	Control the Kubernetes Readiness and Liveness probes.
`ve.pipelines.resources.*`	`nil`	Resources for Pipelines service. Suggested values: memory `2Gi`, cpu `1000m`.
`ve.pipelines.cache.size`	`1Gi`	Local disk cache for Pipelines service. Will be allocated on the host where the pod runs.

If the default value is false or true, the value type is bool. For all others, the value type is String.

All <service>.resources.* keys supports both CPU and Memory resources, specified only as <service>.resource.*.

Available keys for each service:

<service>:
  resources:
    limits:
      cpu: <value>
      memory: <value>
    requests:
      cpu: <value>
      memory: <value>

📘
Note
The following are memory and CPU recommendations:

Set a limit for memory use with <service>.resources.limits.memory.

Only set requests for CPU resources with <service>.resources.requests.cpu.

For more information, refer to Kubernetes resources documentation.

If you have special requirements for Kuberneres pod placements, like using affinity, tolerations or nodeSelector that is possible on all our services. Here is an example of how it would be done:

<service>:
  nodeSelector:
    <label>: "<value>"
  tolerations:
    - key: <key>
      operator: Equal
      value: "<value>"
      effect: NoSchedule

Most services also supports controlling the Kubernetes Liveness and Readiness probes. They are specified above in the table as <service>.probes.*. Available keys are listed below, note that they are enabled by default and the commented values are the default values, so no need to make any changes if you are happy with the default values.

<service>:
  probes:
    liveness:
      enabled: true
      # failureThreshold: 3
      # initialDelaySeconds: 0
      # periodSeconds: 10
      # successThreshold: 1
      # terminationGracePeriodSeconds: 30
      # timeoutSeconds: 1
    readiness:
      enabled: true
      # failureThreshold: 3
      # initialDelaySeconds: 0
      # periodSeconds: 10
      # successThreshold: 1
      # terminationGracePeriodSeconds: 30
      # timeoutSeconds: 1

Sign in to the Validio platform

The first time you sign in to the Validio platform, you must use the admin credentials created in the Kubernetes Secret.

🚧
Caution
Do not change or update anything in the Kubernetes Secret. You can change the password in the Validio platform.

kubectl -n validio get secrets validio-postgres -o=jsonpath='{.data.validio_app_auth_password}' | base64 -d ; echo

Access your Validio platform:

In your browser, navigate to the hostname specified in the surface.ingress.host key. For example, https://validio.example.com/

If you did not configure an ingress, use port-forward to forward the Validio platform to your localhost:

kubectl -n validio port-forward svc/validio-surface 8889

Then, you can find it on http://localhost:8889/

Prerequisites

Note

Installation

1. Create namespace

2. Add the docker-registry secret

3. Install the helm chart

4. Configure the validio-values.yaml file

Note

Sign in to the Validio platform

Caution

4. Configure the `validio-values.yaml` file