Skip to content


Here are the detailed instructions for installation of the self hosted controller in Azure AKS clusters.

Before Installation

  • Create an instance/node with the specifications described in the requirements.
  • Create wildcard DNS entries for the controller domains mentioned in the requirements, and point their A record to node/load balancer IP addresses.
  • (Optional) Generate a wildcard certificate for the FQDN which is signed by a certificate authority. Alternatively, configure the controller to use self-signed certificates.

Install RADM Services

Download Controller

Download and install the controller installation package.

  • Click here to login and download the controller installation package to the instance.

  • From your home directory, untar the package using the command below

    tar -xf rafay-controller-*.tar.gz


tar -xf rafay-controller-1.13-19-aks.tar.gz

Config YAML File

Copy and edit the config.yaml file.

sudo mv ./radm /usr/bin/
$  cp -rp config.yaml-tmpl config.yaml
$  vi config.yaml

Customize the config.yaml file. The following settings should be updated. Name of the controller.
spec.networking.interface: Interface for controller traffic [optional] 
spec.deployment.ha: true if its HA controller.
spec.repo.*.path: Path of the tar location Generates and uses self  signed certs for incoming core traffic. Wildcard FQDN (* true if DNS is not available. Path for logo to be displayed on UI.
spec.override-config.localprovisioner.basePath: Path for PVC volumes.
spec.override-config.core-registry-path: Path for registry images.
spec.override-config.etcd-path: Path where etcd data is saved. set to true to use external LB.

Create a Copy of Kubeconfig File

Copy the kubeconfig file from the Azure AKS cluster to the node.

az aks get-credentials \
--resource-group <resource_group> \
--name <cluster_name> \
--file ./kubeconfig

Copy the kubeconfig file from the ./kubeconfig directory to the node where you are running the RADM commands to install the controller on the Azure AKS cluster.

For HA Controller (Optional)

The HA controller requires a minimum of three masters to maintain high availability.

Copy Kubeconfig File to Node

Copy the kubeconfig file from the Azure AKS cluster to the node. See Create a Copy of Kubeconfig File to create the kubeconfig file.

Create Database and Secrets

Create a database and secrets in PostgreSQL.

sudo radm database

Install Dependencies

Install the controller dependencies.

sudo radm dependency --config config.yaml --kubeconfig <kube config file>

Install Apps

Install the controller application.

sudo radm application --config config.yaml --kubeconfig <kube config file>

This will bring up all of the controller services. This can take up to 30 minutes for all pods to be ready.

Confirm that all pods are in a running state using kubectl.

kubectl get pods -A --kubeconfig <kube config file>

Accessing the Web Console

Try accessing the self hosted controller https://console.<> to verify that the installation was successful.

  • A screen appears similar to the image below when accessing the UI


  • Click the Sign Up link to create the first Organization of the self hosted controller

  • Register a new account for the organization as below screenshot


  • Try to login to this Organization with the newly registered account on the login screen

Upload Cluster Dependencies

Run the below command to enable support for Kubernetes cluster provisioning from the self hosted controller and upload dependencies for Kubernetes cluster provisioning to the controller.

sudo ./radm cluster --config config.yaml --kubeconfig <aks cluster config file>


sudo ./radm cluster --config config.yaml --kubeconfig aks-config.yaml

Cluster Provisioning

Setup Private CA Certificates

Copy the domain.crt file to /etc/docker/certs.d/ops-console.<>/ca.crt on every cluster node.


sudo mkdir -p /etc/docker/certs.d/ops-console.<>

Execute the following command on the controller node.

kubectl get secret -n istio-system selfsigned-cert-tls-ops-console -o 'go-template={{index .data "ca.crt"}}' | base64 -d

Create the /etc/docker/certs.d/ops-console.<>/ca.crt file on every cluster node and copy the above kubectl output and paste it in to the ca.crt file. Restarting Docker is not required.

Creating Import Cluster

To create an import cluster, follow the steps in the Quickstart Guide.