Version: V2-Next

Post Deployment Steps

Check Cluster Components

After deployment completes, verify that all pods are running:

# Single namespace mode
kubectl get pods -n <instanceSlug>

Check that all Helm releases are deployed:

helm list -n <instanceSlug> -a

Or using helmfile:

helmfile -f deployment/helmfile.yaml status -e local

Check Ingress

Check that ingress resources are created and have addresses assigned:

kubectl get ingress -n <instanceSlug>

Verify linkerd

linkerd viz

You can use linkerd viz to check the status of the service mesh.

If you installed linkerd with the linkerd install command, you can enable the viz extension with:

linkerd viz install | kubectl apply -f -
linkerd viz check

# get stats for all pods in the instance namespace
linkerd viz stat pods -n <instanceslug>

# open linkerd viz dashboard in browser
linkerd viz dashboard

Of course, you can install linkerd viz as helm chart as well. After that you can check the dashboard with port forwarding:

kubectl -n linkerd-viz port-forward svc/web 8084:8084

# open http://localhost:8084/ in browser to access the dashboard

without linkerd viz

If you don't want to use linkerd viz, you can also check the existence of linkerd sidecars with kubectl:

# check if all pods have the linkerd proxy sidecar injected
kubectl -n <instanceslug> get pods -o custom-columns=NAME:.metadata.name,PROXY:.spec.containers[*].name

Access the Platform

Once deployment is verified, access the platform services:

Service	URL
Portal	`https://portal.<domain>`
Keycloak Admin	`https://idm.<domain>/admin`
Keycloak Plattform	`https://idm.<domain>/admin/<namespace>/console/`

Retrieve initial credentials

tip

During installation, two users are created in Keycloak:

Global Admin User – Created in the master realm with the username admin. Do not modify or delete this user, as it is required for managing the platform realm.
Platform Admin User – Created in the platform realm (defined via instanceSlug) with the username specified in global.initialUserEmail, or admin@civitas.local if not set. This is your initial user for logging into the portal and creating additional users. Once other users have been created, this account can be modified, deactivated, or deleted as needed. If deleted, it will not be recreated during subsequent deployments.

Setting the password: If you created the Keycloak SMTP secret with valid credentials, this user will receive an email to set their password. Otherwise, you must set the password manually by logging into Keycloak as the global admin user.

The secrets component auto-generates passwords for services. You can access the admin password with the following command:

kubectl get secret -n <namespace> keycloak-admin-user -o jsonpath='{.data.password}' | base64 --decode

Access Keycloak Admin Console

URL: http://idm.<domain>/admin
Username: admin
Password: see above command to get the password

Access Portal

URL: http://portal.<domain>/
Username: global.initialUserEmail or if not set admin@civitas.local
Password: Your password for this user

Check Cluster Components​

Check Ingress​

Verify linkerd​

linkerd viz​

without linkerd viz​

Access the Platform​

Retrieve initial credentials​

Access Keycloak Admin Console​

Access Portal​