Basic installation#

After you have verified the installation requirements and completed the pre-install checklist, you are ready to install the cluster. All of these instructions below will be run from the administration server.

  1. Since we will be performing nearly all of our work in the custom namespace, it is best to modify the default kubectl context to point to the new namespace:

    kubectl config set-context --current --namespace=<NAMESPACE>

    The remainder of these instructions assume this change has been made.

  2. Open and unpack the Helm chart archive provided to you by Anaconda, and cd into the root directory of this archive. The key files and directories you will find here include:

    • Anaconda-Enterprise/: the chart directory

    • values.yaml: the overrides file that you will be editing to configure the application.

    • INSTALL.{md,pdf}. A version of these instructions

  3. If you need a pull secret to access the Docker registry, create it now. Verify the presence of the pull secret by running:

    kubectl describe secret <PULL_SECRET_NAME>
  4. Edit the file ./values.yaml with your preferred text editor. It is heavily commented, so it should be clear what parameters should be added or changed. At minimum, you will need to provide:

    • hostname: The fully qualified domain name (FQDN) of the host

    • serviceAccountName: The name of the service account with the necessary permissions to install and run the platform

    • uid: The UID under which the containers will be run

    • storage.pvc: the name of the persistent volume for the anaconda-storage function

    • persistence.pvc: The name of the persistent volume for the anaconda-persistence function

    • image.server: The address of the Docker image registry

    • image.pullSecrets: information about any pull secrets required to authenticate to the Docker registry:

      • an empty value, which indicates that no pull secret is required;

      • a string containing the name of a single secret; or

      • a list of strings, with one secret name per entry

    • dnsServer: if necessary, the FQDN of the internal cluster DNS server. Currently this is only needs changing for OpenShift. Simply uncommenting the line provided in the file is sufficient.

    • ingress.className: the name of the IngressClass resource used by your preferred ingress controller. If you are installing the Anaconda-supplied ingress, the provided default is fine.

    • OPTIONAL keycloak.truststore: For LDAPS, this is the path to your truststore such as /etc/secrets/certs/ldaps.jks

    • OPTIONAL keycloak.truststore_password: Password of the truststore

    • OPTIONAL keycloak.truststore_secret: Name of the secret you created containing the truststore

    For convenience, we have included a copy of the unmodified values.yaml file on this page.

  5. Run helm install to commence installation:

    helm install --values ./values.yaml anaconda-enterprise ./Anaconda-Enterprise/


    The current version of Anaconda Enterprise requires the release name anaconda-enterprise. Do not change this value above.

    The installation process can take several minutes, depending upon the performance characteristics of your storage, cluster, and Docker registry. You can monitor the progress with the following command:

    watch kubectl get pods

    Wait for all of the pods to get to the Running or Completed state. If a particular pod is behaving in an unexpected manner, you can investigate the cause using commands such as:

    kubectl logs POD-NAME
    kubectl describe pod POD-NAME

    If you need to uninstall Anaconda Enterprise, use the command:

    helm uninstall anaconda-enterprise

    This will remove any of the resources that were installed by the application, but will not remove anything that you had created prior to the helm install command, such as persisent volumes.


    If you are installing the Anaconda-supplied ingress, you can expect it to enter a CrashLoopBackoff state until the SSL certificate generation task has completed. This is expected behavior. Once the preliminary certificates are generated, the next automatic restart of the ingress should proceed without incident.

  6. If you chose to install the Anaconda-supplied ingress, you will now need to determine its assigned IP address, and create your DNS records for the cluster. Do determine this address, run the command:

    kubectl get svc anaconda-enterprise-nginx.ingress

    The IP address will be provided in the External IP column. Create your DNS records for your FQDN and for its wildcard—e.g., and *

    Once these DNS changes have propagated, you can proceed to the next step.

  7. Now you can try to connect to Anaconda Enterprise with your browser. Note however that your browser may initially refuse to connect due to the use of our generated, self-signed SSL certificates. You should temporarily permit your browser to proceed anyway. You will also have to do the same every time you start a new session or deployment, so it is best to comlpete the next step as soon as possible.

  8. Follow the directions in this section to update the SSL certificates.

Congratulations! At this point, the basic installation of AE5 is complete. You can now begin to perform additional post-installation steps.