Guide

Post installation steps

Suggest Edits

Follow the post-installation steps after initial installation.

Get the initial administrator credentials

When the installer job (in the default namespace) has finished you can obtain the initial administrator credentials and sign in to the Console.

Use the following command to get the logs of the installer job:

kubectl logs jobs/apl -n default -f

At the end of the logs you should see the following message:

########################################################################################################################################
#
#  The App Platform console is available at https://console.${domainSuffix}
#
#  Obtain login credentials by using the below commands:
#      kubectl get secret platform-admin-initial-credentials -n keycloak -o jsonpath='{.data.username}' | base64 -d
#      kubectl get secret platform-admin-initial-credentials -n keycloak -o jsonpath='{.data.password}' | base64 -d
#
########################################################################################################################################

Perform the 2 commands to get the initial credentials and use them to sign in to the Console. You will need to change your password at first login.

Add the auto generated CA to your keychain

The generated CA is not trusted on your local machine when installed using Let's Encrypt staging certificates. Here are some options to prevent you from clicking away lots of security warning in your browser:

  1. In the left menu of the console, click on "Download CA"
  2. Double click the downloaded CA.crt or add the CA to your keychain on Mac using the following command:
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/Downloads/ca.crt

On Windows, use PowerShell (running as Administrator) with the Certutil:

certutil.exe -addstore root <downloaded cert path>

Or:

Import-Certificate -FilePath "<downloaded cert path>" -CertStoreLocation Cert:\LocalMachine\Root
# Restart the browser

But you could also run Chrome in insecure mode:

alias chrome-insecure='/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --ignore-certificate-errors --ignore-urlfetcher-cert-requests &> /dev/null'

Add the URL of the Kubernetes API

📘

Adding the URL of the K8s cluster API is required by teams to be able to download the KUBECONFIG

  1. Under Platform in the Console, click on Settings.

  2. Click on Cluster.

  3. Add the full URL of the API server.

  4. Click on Submit.

Configure object storage

Some apps (such as Loki, Harbor, Tempo, and Velero) require the use of object storage. Before you can activate those apps, first configure object storage with your App Platform deployment. Review the table in the activate more apps section to see which apps require object storage.

  1. Navigate to Platform in the main menu and click Settings.

  2. Click on Object Storage to open the object storage settings.

  3. Within the object storage provider field, select your preferred provider:

    • Disabled: Object storage is disabled.
    • Linode: Buckets are created using Linode Object Storage in the specified region (review Object Storage endpoints by region for a list of regions. To use Linode Object Storage on the App Platform, you will need to create a personal access token and enter those credentials. See Manage access keys for instructions.
    • Minio Local (development only, not provided for production systems): Buckets are provisioned using a Minio installation on the App Platform cluster.

  4. Click Submit to save your changes and configure your chosen provider.

Once object storage is configured and an API Token is added, you can then activate the Velero app or any other app that depends on object storage. Once Velero is activated, you can use the Backup self-service feature to create backup schedules to backup Persistent Volumes.

Activate more apps

Akamai App Platform is a composable platform. Activate more Apps based on the required platform capabilities:

CapabilityAppObject storage
Log aggregationLoki and GrafanaOptional
Metric collectionPrometheus and GrafanaNo
Send AlertsPrometheus and Alert managerNo
TracingTempo, OTEL, Loki and GrafanaRequired
Build images from source codeHarborOptional
Scan running containers for vulnerabilitiesTrivyNo
Enforce security policiesKyvernoNo
Database backupsCloudnativePGRequired
Long term retention of Logs, Metrics and TracesThanosRequired

Create teams

Create your first team. Follow the instructions here.

Create users and add them to a team

📘

The option to create users and add them to Teams is not available when installed with OIDC.

Create Users and add them to a Team. Follow the instructions here

Updated 3 days ago