Skip to main content

Getting Started

This tutorial guides you through setting up and configuring a self-hosted Mission Control environment.

Prerequisites

To install and run Mission Control you need the following:

  • Kubernetes 1.26+ with an Ingress Controller
  • cert-manager.io or an existing TLS secret for ingress
  • 1 - 2 CPUs and 6-8GB of Memory (2-4GB if using an external DB)
  • Persistent Volumes with 20GB+ of storage or an external postgres database
  • (Optional) prometheus operator
  • (Optional) SMTP Server (For sending notifications and invites)

  1. Choose a routable DOMAIN for Mission Control

    See Ingress for more options on configuring the ingress including generating certs with cert-manager

    See Local Testing for testing using a kind or minikube without a routable domain

  2. Install Mission Control

    tip

    If you are installing on EKS and plan to scrape AWS resources use the method described in EKS instead

    apiVersion: v1
    kind: Namespace
    metadata:
    name: mission-control
    ---
    apiVersion: source.toolkit.fluxcd.io/v1
    kind: HelmRepository
    metadata:
    name: flanksource
    namespace: mission-control
    spec:
    interval: 5m0s
    url: https://flanksource.github.io/charts
    ---
    apiVersion: helm.toolkit.fluxcd.io/v2
    kind: HelmRelease
    metadata:
    name: mission-control
    namespace: mission-control
    spec:
    chart:
    spec:
    chart: mission-control
    sourceRef:
    kind: HelmRepository
    name: flanksource
    namespace: mission-control
    interval: 1m
    values:
    global.ui.host: DOMAIN
    See values.yaml

  3. Login @ https://DOMAIN/

    The default username is admin@local and the password can be retrieved with:

    kubectl get secret  mission-control-admin-password \
    -n mission-control \
    --template='{{.data.password | base64decode}}'

Optional Steps

3Configure Email (SMTP)

An SMTP server is required for sending notifications, approvals, user invites and password resets.

The format of connection_uri is smtp|smtps://USER:PASS@host:PORT[?param=value]

Use smtps for implicit TLS sessions or smtp for explicit StartTLS/cleartext sessions.

ParameterDescriptionDefault
disable_starttlsWhen using smtp scheme, set to true to allow cleartext sessions or false to enforce StartTLSfalse
skip_ssl_verifySet to true to allow self-signed TLS certificates or false to enforce certificate verification. Applies to both implicit and explicit TLS sessionsfalse
values.yaml
kratos:
kratos:
config:
courier:
smtp:
connection_uri: # smtp://user:pass@localhost:25
from_address: noreply@
from_name: Mission Control
# These headers will be passed in the SMTP conversation
# e.g. when using the AWS SES SMTP interface for cross-account sending.
headers: {}
# Identifier used in the SMTP HELO/EHLO command.
# Some SMTP relays require a unique identifier.
local_name: ""

See also HTTP Webhooks for sending emails.

4Single Sign On

See SSO

5External Database

See Database to configure an external database such as AWS RDS or Google Cloud SQL, or to optimize the bundled PostgreSQL settings.