Skip to main content
The mogenius platform is available as a SaaS option on app.mogenius.com. If you prefer the self-hosted version of mogenius, you can install it with our Helm chart. This way you can run mogenius on your own clusters and even in air-gapped environments.

Prerequisites

  • A Kubernetes cluster with at least 1 CPU and 1 GB of memory available.
  • Credentials for pulling the mogenius images from the container registry (see below).
  • The traefik ingress controller.
  • A working local installation of Helm.
  • A MySQL server (optional).
Running the platform as a self-hosted version requires a subscription. Contact our sales team for more information.

Quickstart

For a quick installation of the mogenius platform with defaults where possible, follow these steps.

Create a Namespace

On the cluster where you’re installing the mogenius platform, create a new namespace mogenius-platform.

Create Secrets

The platform services require a few secrets containing critical credentials that aren’t created by the Helm chart. The following secrets are required for the minimum configuration. Additional secrets can be used when working with more sophisticated Helm chart configurations. 1. Container Registry
After obtaining a subscription for the self-hosted version, you will have received credentials for the container registry where the platform images are stored. In your mogenius-platform namespace create a new secret mo-registry-credentials and store the credentials as type kubernetes.io/dockerconfigjson.
2. Valkey (Redis-compatible)
Create a secret mo-redis-secret with the key REDIS_SECRET. Define a secure password as a value that you store in a safe place (e.g. a vault).
3. Encryption Key
Create a secret mo-platform-shared with the key MO_CORE_NEST__SSH_SYM_ENC_KEY. As a value, use openssl rand -base64 32 or a similar method on your terminal to create a base64-encrypted key.
4. MySQL
Create the secret mo-mysql-secret with the keys MYSQL_PASSWORD and MYSQL_ROOT_PASSWORD. Use secure passwords as values.
5. Admin User
Create the secret mo-platform-user-secret with the following keys and values:
MO_USER_NEST__SYSTEM_ADMIN_EMAIL
The email address to log in with your admin user.
MO_USER_NEST__SYSTEM_ADMIN_PASSWORD
The password for your admin user.
MO_CORE_NEST__SSH_SYM_ENC_KEY
Use the same value that you set in the secret mo-platform-shared.
MO_USER_NEST__JWT_PRIVATE
Create a private key using the following commands and retrieve the value from the text file.
openssl ecparam -genkey -name secp521r1 -noout -out ec512-key-pair.pem
openssl base64 -A -in ec512-key-pair.pem -out ec512-key-pair.txt
MO_USER_NEST__JWT_PUBLIC
Create a public key using the following commands and retrieve the value from the text file.
openssl ec -in ec512-key-pair.pem -pubout -out public.pem
openssl base64 -A -in public.pem -out public.txt
MO_USER_NEST__SESSION_SECRET
Define a secure secret of your choice.

Prepare your values.yaml

The Helm chart supports wide range of values that you can use to configure your installation of the mogenius platform. Skip to values for a full reference of the chart. Below is an example values.yaml for a minimal setup to install the mogenius platform in a development environment. Make sure to review the configuration and ensure that it matches your infrastructure.
values.yaml quickstart example
ingress:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
    traefik.ingress.kubernetes.io/forward-headers: "true"
    traefik.ingress.kubernetes.io/router.middlewares: mogenius-platform-cors-middleware@kubernetescrd
    traefik.ingress.kubernetes.io/secure-headers: "true"
  api_service_url: platform-api.YOURDOMAIN.com
  hostname: mogenius.YOURDOMAIN.com
  k8s_cmd_stream_url: k8s-cmd-stream.YOURDOMAIN.com
  k8s_dispatcher_url: k8s-dispatcher.YOURDOMAIN.com
  k8s_logs_url: k8s-logs.YOURDOMAIN.com
  k8s_websocket_url: k8s-ws.YOURDOMAIN.com
  rootDomain: YOURDOMAIN.com
  socket_service_url: platform-ws.YOURDOMAIN.com
  tls:
  - hosts:
    - mogenius.YOURDOMAIN.com
    - platform-api.YOURDOMAIN.com
    - platform-user.YOURDOMAIN.com
    - platform-ws.YOURDOMAIN.com
    - k8s-ws.YOURDOMAIN.com
    - k8s-logs.YOURDOMAIN.com
    - k8s-cmd-stream.YOURDOMAIN.com
    - k8s-dispatcher.YOURDOMAIN.com
    secretName: mo-platform-tls
  traefik:
    apiVersion: traefik.io/v1alpha1
  user_service_url: platform-user.YOURDOMAIN.com
mo_platform:
  metrics:
    enabled: true
    resources:
      requests:
        cpu: 10m
        memory: 50Mi
mo_platform_api:
  enableAutoRefreshToken: true
  refreshTokenTask: true
mo_platform_user:
  openid:
    enabled: false
mogenius:
  imagePullSecrets:
  - mo-registry-credentials
mysql:
  enabled: true
  ssl: false
storage:
  accessMode: ReadWriteOnce
  className: local-path
This chart configuration deploys the MySQL Docker image as part of the platform deployment. This setup is not recommended for running the mogenius platform in production scenarios. We recommend configuring the mysql values with connection to a high-availability MySQL for use in a production environment.

Deploy the Helm chart

Run the following command on your cluster to install the Helm chart with your values.yaml.
helm repo add mogenius https://helm.mogenius.com/private
helm install mogenius-platform mogenius/mo-infrastructure -n mogenius-platform -f values.yaml

Access the mogenius web interface

Check the status of the installation and make sure all Pods are starting properly.
kubectl get Pods -n mogenius-platform
When all Pods are Running, access the mogenius platform with the hostname you specified in your Ingress (e.g. mogenius.yourdomain.com). You can log in with the credentials of your admin user.

Next steps

Now that mogenius is up and running you can prepare the platform for your team. Check out the following resources as next steps:

Support

Need help setting up the mogenius platform? Contact us via support@mogenius.com.

Values

Global Settings

KeyTypeDefaultDescription
stagestring"production"Current environment, one of [dev, production]
revisionHistoryLimitint1Global revisionHistoryLimit for all resources
progressDeadlineSecondsint600Deployment progress deadline
secretsobject{}secrets.<secretName>.<secretKey>.<secretValue>
dockersecretsobject{}Docker registry secrets
mogenius.imagePullSecretslist[]List of image pull secrets for mogenius images
global.imagePullSecretslist[]List of image pull secrets for all images
global.serviceMonitor.fallbackScrapeProtocolstring"PrometheusText0.0.4"Fallback scrape protocol for service monitors
global.podLabelsobject{}Global pod labels applied to all pods

Ingress

KeyTypeDefaultDescription
ingress.rootDomainstringnilRoot domain that the platform will be hosted on, e.g. example.com
ingress.ingressClassNamestring"traefik"Ingress class name
ingress.annotationsobjectSee belowAnnotations to be placed on the ingress
ingress.tlslist[]Secret reference for TLS
ingress.hostnamestringnilPlatform hostname e.g. app.example.com
ingress.api_service_urlstringnilAPI hostname e.g. api-app.example.com
ingress.user_service_urlstringnilUser service hostname e.g. user-app.example.com
ingress.socket_service_urlstringnilWebSocket hostname e.g. ws-app.example.com
ingress.k8s_websocket_urlstringnilKubernetes WebSocket hostname e.g. k8s-ws.example.com
ingress.k8s_logs_urlstringnilKubernetes log hostname e.g. k8s-logs.example.com
ingress.k8s_cmd_stream_urlstringnilKubernetes cmd stream hostname e.g. k8s-cmd-stream.example.com
ingress.k8s_dispatcher_urlstringnilKubernetes dispatcher hostname e.g. k8s-dispatcher.example.com
ingress.traefik.apiVersionstring"traefik.containo.us/v1alpha1"The apiVersion that shall be used for traefik resources
Default ingress annotations:
traefik.ingress.kubernetes.io/router.middlewares: mogenius-cors-middleware@kubernetescrd
traefik.ingress.kubernetes.io/forward-headers: "true"
traefik.ingress.kubernetes.io/secure-headers: "true"

Feature Toggles

KeyTypeDefaultDescription
features.sso.enabledbooltrueEnable SSO feature with ingress for SSO wildcard domain
features.sso.ingress.tlslist[]TLS configuration for SSO ingress
features.sso.ingress.annotationsobject{}Annotations for SSO ingress
features.portForwarding.enabledbooltrueEnable port forwarding feature
features.portForwarding.hostnamestring"tunnel.mogenius.com"Hostname for port forwarding
features.portForwarding.ingress.tlslist[]TLS configuration for port forwarding ingress
features.portForwarding.ingress.annotationsobject{}Annotations for port forwarding ingress

Platform Services

mo_platform (Frontend)

KeyTypeDefaultDescription
mo_platform.enabledbooltrueEnable frontend service
mo_platform.replicasint1Number of replicas
mo_platform.image.registrystring"ghcr.io"Image registry
mo_platform.image.repositorystring"mogenius/mo-frontend"Image repository
mo_platform.image.tagstring"v2.8.3"Image tag
mo_platform.imagePullPolicystring"IfNotPresent"Image pull policy
mo_platform.portint8080Service port
mo_platform.resourcesobject{}Resource requests/limits
mo_platform.tolerationsobject{}Pod tolerations
mo_platform.metrics.enabledboolfalseEnable Prometheus metrics exporter for nginx
mo_platform.metrics.portint9113Metrics port
mo_platform.metrics.serviceMonitor.enabledboolfalseEnable ServiceMonitor

mo_platform_api (API Service)

KeyTypeDefaultDescription
mo_platform_api.enabledbooltrueEnable API service
mo_platform_api.replicasint1Number of replicas
mo_platform_api.image.registrystring"ghcr.io"Image registry
mo_platform_api.image.repositorystring"mogenius/mo-platform-api-service"Image repository
mo_platform_api.image.tagstring"v4.4.6"Image tag
mo_platform_api.imagePullPolicystring"IfNotPresent"Image pull policy
mo_platform_api.portint1337HTTP port
mo_platform_api.port_tcpint7000TCP port
mo_platform_api.ws_portint7001WebSocket port
mo_platform_api.ws_log_portint7002WebSocket log port
mo_platform_api.ws_cmd_stream_portint7003WebSocket cmd stream port
mo_platform_api.refreshTokenTaskboolfalseIf set to true will refresh the tokens in the database
mo_platform_api.enableAutoRefreshTokenboolfalseEnable automatic token refresh
mo_platform_api.resourcesobject{}Resource requests/limits
mo_platform_api.tolerationsobject{}Pod tolerations
mo_platform_api.probes.enabledbooltrueEnable health probes
mo_platform_api.probes.portint1337Probe port
mo_platform_api.probes.livenessProbe.pathstring"/core/status"Liveness probe path
mo_platform_api.probes.readinessProbe.pathstring"/core/status"Readiness probe path
mo_platform_api.probes.startupProbe.pathstring"/core/status"Startup probe path
mo_platform_api.sshSymEncKey.secretNamestring"mo-platform-shared"Secret name for SSH symmetric encryption key
mo_platform_api.sshSymEncKey.secretKeystring"MO_CORE_NEST__SSH_SYM_ENC_KEY"Secret key for SSH symmetric encryption key
mo_platform_api.initContainer.image.registrystring"docker.io"Init container image registry
mo_platform_api.initContainer.image.repositorystring"alpine/curl"Init container image repository
mo_platform_api.initContainer.image.tagstring"8.20.0"Init container image tag

mo_platform_user (User Service)

KeyTypeDefaultDescription
mo_platform_user.enabledbooltrueEnable user service
mo_platform_user.replicasint1Number of replicas
mo_platform_user.image.registrystring"ghcr.io"Image registry
mo_platform_user.image.repositorystring"mogenius/mo-platform-user"Image repository
mo_platform_user.image.tagstring"v2.0.17"Image tag
mo_platform_user.imagePullPolicystring"IfNotPresent"Image pull policy
mo_platform_user.portint1337HTTP port
mo_platform_user.port_wsint7000WebSocket port
mo_platform_user.resourcesobject{}Resource requests/limits
mo_platform_user.tolerationsobject{}Pod tolerations
mo_platform_user.probes.enabledbooltrueEnable health probes
mo_platform_user.sshSymEncKey.secretNamestring"mo-platform-shared"Secret name for SSH symmetric encryption key
mo_platform_user.sshSymEncKey.secretKeystring"MO_CORE_NEST__SSH_SYM_ENC_KEY"Secret key for SSH symmetric encryption key
OpenID Configuration:
KeyTypeDefaultDescription
mo_platform_user.openid.enabledbooltrueEnable OpenID
mo_platform_user.openid.issuerstring"https://login-dev.mogenius.com"OpenID issuer URL
mo_platform_user.openid.accessTokenLifetimestring"600"Access token lifetime in seconds
mo_platform_user.openid.refreshTokenLifetimestring"7776000"Refresh token lifetime in seconds
mo_platform_user.openid.adminAccessTokenLifetimestring"28800"Admin access token lifetime in seconds
mo_platform_user.openid.provider.github.enabledboolfalseEnable GitHub OAuth
mo_platform_user.openid.provider.gitlab.enabledboolfalseEnable GitLab OAuth
mo_platform_user.openid.provider.google.enabledboolfalseEnable Google OAuth
mo_platform_user.openid.provider.linkedin.enabledboolfalseEnable LinkedIn OAuth
mo_platform_user.openid.provider.microsoft.enabledboolfalseEnable Microsoft OAuth

mo_platform_websocket (WebSocket Service)

KeyTypeDefaultDescription
mo_platform_websocket.enabledbooltrueEnable WebSocket service
mo_platform_websocket.replicasint1Number of replicas
mo_platform_websocket.image.registrystring"ghcr.io"Image registry
mo_platform_websocket.image.repositorystring"mogenius/mo-platform-websocket"Image repository
mo_platform_websocket.image.tagstring"v2.0.7"Image tag
mo_platform_websocket.imagePullPolicystring"IfNotPresent"Image pull policy
mo_platform_websocket.portint1337HTTP port
mo_platform_websocket.port_wsint7000WebSocket port
mo_platform_websocket.resourcesobject{}Resource requests/limits
mo_platform_websocket.tolerationsobject{}Pod tolerations
mo_platform_websocket.sshSymEncKey.secretNamestring"mo-platform-shared"Secret name for SSH symmetric encryption key
mo_platform_websocket.sshSymEncKey.secretKeystring"MO_CORE_NEST__SSH_SYM_ENC_KEY"Secret key for SSH symmetric encryption key

mo_platform_notification (Notification Service)

KeyTypeDefaultDescription
mo_platform_notification.enabledbooltrueEnable notification service
mo_platform_notification.replicasint1Number of replicas
mo_platform_notification.image.registrystring"ghcr.io"Image registry
mo_platform_notification.image.repositorystring"mogenius/mo-platform-notification"Image repository
mo_platform_notification.image.tagstring"v2.0.7"Image tag
mo_platform_notification.imagePullPolicystring"IfNotPresent"Image pull policy
mo_platform_notification.portint7000Service port
mo_platform_notification.email.fromNamestring"Mogenius Team"Email sender name
mo_platform_notification.email.fromAddressstring"no-reply@mogenius.com"Email sender address
mo_platform_notification.resourcesobject{}Resource requests/limits
mo_platform_notification.tolerationsobject{}Pod tolerations
mo_platform_notification.sshSymEncKey.secretNamestring"mo-platform-shared"Secret name for SSH symmetric encryption key
mo_platform_notification.sshSymEncKey.secretKeystring"MO_CORE_NEST__SSH_SYM_ENC_KEY"Secret key for SSH symmetric encryption key

mo_platform_queue (Queue Service)

KeyTypeDefaultDescription
mo_platform_queue.enabledbooltrueEnable queue service
mo_platform_queue.replicasint1Number of replicas
mo_platform_queue.image.registrystring"ghcr.io"Image registry
mo_platform_queue.image.repositorystring"mogenius/mo-platform-queue"Image repository
mo_platform_queue.image.tagstring"v3.0.4"Image tag
mo_platform_queue.imagePullPolicystring"IfNotPresent"Image pull policy
mo_platform_queue.resourcesobject{}Resource requests/limits
mo_platform_queue.tolerationsobject{}Pod tolerations
mo_platform_queue.sshSymEncKey.secretNamestring"mo-platform-shared"Secret name for SSH symmetric encryption key
mo_platform_queue.sshSymEncKey.secretKeystring"MO_CORE_NEST__SSH_SYM_ENC_KEY"Secret key for SSH symmetric encryption key

mo_platform_message_dispatcher (Message Dispatcher)

KeyTypeDefaultDescription
mo_platform_message_dispatcher.enabledbooltrueEnable message dispatcher
mo_platform_message_dispatcher.replicasint1Number of replicas
mo_platform_message_dispatcher.image.registrystring"ghcr.io"Image registry
mo_platform_message_dispatcher.image.repositorystring"mogenius/mo-platform-message-dispatcher"Image repository
mo_platform_message_dispatcher.image.tagstring"v1.1.4"Image tag
mo_platform_message_dispatcher.imagePullPolicystring"IfNotPresent"Image pull policy
mo_platform_message_dispatcher.listen_hoststring"0.0.0.0"Listen host
mo_platform_message_dispatcher.portint7060Service port
mo_platform_message_dispatcher.resourcesobject{}Resource requests/limits
mo_platform_message_dispatcher.tolerationsobject{}Pod tolerations

Valkey (Redis-compatible Cache)

The platform uses Valkey, an open-source Redis-compatible in-memory data store, for caching and message queuing. The chart deploys multiple Valkey instances for different purposes.

mo_platform_api_valkey

KeyTypeDefaultDescription
mo_platform_api_valkey.enabledbooltrueEnable Valkey for API service
mo_platform_api_valkey.image.registrystring"docker.io"Image registry
mo_platform_api_valkey.image.repositorystring"valkey/valkey"Image repository
mo_platform_api_valkey.image.tagstring"9.1.0"Image tag
mo_platform_api_valkey.imagePullPolicystring"IfNotPresent"Image pull policy
mo_platform_api_valkey.portint6379Service port
mo_platform_api_valkey.hoststring"mo-platform-api-valkey"Service hostname
mo_platform_api_valkey.password.secretNamestring"mo-redis-secret"Secret name for password
mo_platform_api_valkey.password.secretKeystring"REDIS_SECRET"Secret key for password
mo_platform_api_valkey.resourcesobject{}Resource requests/limits
mo_platform_api_valkey.metrics.enabledboolfalseEnable Prometheus metrics exporter
mo_platform_api_valkey.metrics.portint9121Metrics port
mo_platform_api_valkey.metrics.serviceMonitor.enabledboolfalseEnable ServiceMonitor

mo_valkey_shared

Shared Valkey instance used for queue processing and cross-service communication.
KeyTypeDefaultDescription
mo_valkey_shared.enabledbooltrueEnable shared Valkey
mo_valkey_shared.tlsboolfalseEnable TLS
mo_valkey_shared.queue_dbint7Database number for queue
mo_valkey_shared.image.registrystring"docker.io"Image registry
mo_valkey_shared.image.repositorystring"valkey/valkey"Image repository
mo_valkey_shared.image.tagstring"9.1.0"Image tag
mo_valkey_shared.imagePullPolicystring"IfNotPresent"Image pull policy
mo_valkey_shared.portint6379Service port
mo_valkey_shared.hoststring"mo-valkey-shared"Service hostname
mo_valkey_shared.password.secretNamestring"mo-redis-secret"Secret name for password
mo_valkey_shared.password.secretKeystring"REDIS_SECRET"Secret key for password
mo_valkey_shared.resourcesobject{}Resource requests/limits
mo_valkey_shared.strategystring"RollingUpdate"Update strategy
mo_valkey_shared.metrics.enabledboolfalseEnable Prometheus metrics exporter
mo_valkey_shared.metrics.serviceMonitor.enabledboolfalseEnable ServiceMonitor

mo_websocket_valkey

KeyTypeDefaultDescription
mo_websocket_valkey.enabledbooltrueEnable Valkey for WebSocket service
mo_websocket_valkey.image.registrystring"docker.io"Image registry
mo_websocket_valkey.image.repositorystring"valkey/valkey"Image repository
mo_websocket_valkey.image.tagstring"9.1.0"Image tag
mo_websocket_valkey.portint6379Service port
mo_websocket_valkey.hoststring"mo-websocket-valkey"Service hostname
mo_websocket_valkey.password.secretNamestring"mo-redis-secret"Secret name for password
mo_websocket_valkey.password.secretKeystring"REDIS_SECRET"Secret key for password
mo_websocket_valkey.resourcesobject{}Resource requests/limits
mo_websocket_valkey.metrics.enabledboolfalseEnable Prometheus metrics exporter

mo_user_valkey

KeyTypeDefaultDescription
mo_user_valkey.enabledbooltrueEnable Valkey for user service
mo_user_valkey.image.registrystring"docker.io"Image registry
mo_user_valkey.image.repositorystring"valkey/valkey"Image repository
mo_user_valkey.image.tagstring"9.1.0"Image tag
mo_user_valkey.portint6379Service port
mo_user_valkey.hoststring"mo-user-valkey"Service hostname
mo_user_valkey.password.secretNamestring"mo-redis-secret"Secret name for password
mo_user_valkey.password.secretKeystring"REDIS_SECRET"Secret key for password
mo_user_valkey.resourcesobject{}Resource requests/limits
mo_user_valkey.metrics.enabledboolfalseEnable Prometheus metrics exporter

mo_message_dispatcher_valkey

KeyTypeDefaultDescription
mo_message_dispatcher_valkey.enabledbooltrueEnable Valkey for message dispatcher
mo_message_dispatcher_valkey.image.registrystring"docker.io"Image registry
mo_message_dispatcher_valkey.image.repositorystring"valkey/valkey"Image repository
mo_message_dispatcher_valkey.image.tagstring"9.1.0"Image tag
mo_message_dispatcher_valkey.portint6379Service port
mo_message_dispatcher_valkey.hoststring"mo-message-dispatcher-valkey"Service hostname
mo_message_dispatcher_valkey.tlsboolfalseEnable TLS
mo_message_dispatcher_valkey.password.secretNamestring"mo-redis-secret"Secret name for password
mo_message_dispatcher_valkey.password.secretKeystring"REDIS_SECRET"Secret key for password
mo_message_dispatcher_valkey.resourcesobject{}Resource requests/limits
mo_message_dispatcher_valkey.metrics.enabledboolfalseEnable Prometheus metrics exporter

MySQL

KeyTypeDefaultDescription
mysql.enabledboolfalseEnable MySQL deployment (use external MySQL for production)
mysql.replicasint1Number of replicas
mysql.image.registrystring"docker.io"Image registry
mysql.image.repositorystring"mysql"Image repository
mysql.image.tagstring"8.4.10"Image tag
mysql.imagePullPolicystring"IfNotPresent"Image pull policy
mysql.portint3306Service port
mysql.hoststring"mysql"Service hostname
mysql.databasestring"platform"Database name
mysql.userstring"platform_user"Database user
mysql.password.secretNamestring"mo-mysql-secret"Secret name for password
mysql.password.secretKeystring"MYSQL_PASSWORD"Secret key for password
mysql.root_password.secretNamestring"mo-mysql-secret"Secret name for root password
mysql.root_password.secretKeystring"MYSQL_ROOT_PASSWORD"Secret key for root password
mysql.sslboolfalseEnable SSL
mysql.sslRejectUnauthorizedbooltrueReject unauthorized SSL connections
mysql.allow_empty_root_passwordint0Allow empty root password (0 = no)
mysql.subpathstring"{{ tpl .Release.Namespace }}-mysql-storage"Storage subpath
mysql.mountpointstring"/var/lib/mysql"Data mount point
mysql.storage.capacitystring"50Gi"Storage capacity
mysql.resourcesobject{}Resource requests/limits
mysql.tolerationsobject{}Pod tolerations

Storage

KeyTypeDefaultDescription
storage.classNamestring"default"Storage class name
storage.accessModestring"ReadWriteMany"Access mode