Nexeed
    • Introduction
    • Getting started
      • Getting access
      • Login
      • Main screen
      • Welcome dashboard
      • Detecting process anomalies
      • Analyzing data and detecting event sequences
      • Analyzing KPIs
    • How-tos
      • Monitors on production lines
        • Configuring the automatic login in the Nexeed Industrial Application System
        • Configuring the automatic login to the identity provider with the Windows user
        • Setting cookies in the browser
        • Configuring the automatic logout in the Nexeed Industrial Application System
        • Configuring the command line parameters in the browser
        • Known limitations and troubleshooting
      • Try out the APIs
    • Integration guide
      • Underlying concepts
        • Underlying concepts
        • Onboarding
        • Security
        • Communication
      • Integration journey
      • Overview of APIs
    • Operations manual
      • Release
      • System architecture and interfaces
      • System requirements
        • Cluster requirements
        • Database requirements
        • Support for service meshes
      • Migration from previous Nexeed IAS versions
      • Setup and configuration
        • Deployment process
        • Deployment with Helm
        • Advanced configuration
        • Integrations with external secret management solutions
        • Context paths
        • Service accounts and authorizations
        • Validation tests
        • Setup click once
        • Database user setup and configuration
      • Start and shutdown
      • Regular operations
        • User management & authentication
        • How to add additional tenants
        • How to access the cluster and pods
        • Automatic module role assignments in customer tenants
        • User credentials rotation - database and messaging secrets
      • Failure handling
        • Failure handling guidelines
        • Ansible operator troubleshooting
        • How to reach BCI for unresolved issues
      • Backup and restore
      • Logging and monitoring
        • The concept and conventions
        • ELK stack
        • ELK configurations aspects for beats
        • Proxy setup for ELK
        • Health endpoints configurations
      • Known limitations
      • Supporting functions
      • Security recommendations
        • Kubernetes
        • Security Best Practices for Databases
        • Certificates
        • Threat detection tools
    • Infrastructure manual
      • Release
      • System architecture and interfaces
        • RabbitMQ version support
      • System requirements
      • Migration from previous Nexeed infrastructure versions
      • Setup and configuration
        • Deployment process of the Nexeed infrastructure Helm chart
        • Deployment with Helm
      • Start and shutdown
      • Regular operations
        • RabbitMQ
          • User management & authentication
          • Disk size change
          • Upgrade performance with high performant disk type
          • Pod management policy
      • Failure handling
        • Connection failures
        • Data safety on the RabbitMQ side
        • Fix RabbitMQ cluster partitions
        • Delete unsynchronized RabbitMQ queues
        • How to reach BCI for unresolved issues
      • Backup and restore
      • Logging and monitoring
      • Known limitations
    • Glossary
    • Further information and contact
Industrial Application System
  • Industrial Application System
  • Core Services
    • Block Management
    • Deviation Processor
    • ID Builder
    • Multitenant Access Control
    • Notification Service
    • Ticket Management
    • Web Portal
  • Shopfloor Management
    • Andon Live
    • Global Production Overview
    • KPI Reporting
    • Operational Routines
    • Shift Book
    • Shopfloor Management Administration
  • Product & Quality
    • Product Setup Management
    • Part Traceability
    • Process Quality
    • Setup Specs
  • Execution
    • Line Control
    • Material Management
    • Order Management
    • Packaging Control
    • Rework Control
  • Intralogistics
    • AGV Control Center
    • Stock Management
    • Transport Management
  • Machine & Equipment
    • Condition Monitoring
    • Device Portal
    • Maintenance Management
    • Tool Management
  • Enterprise & Shopfloor Integration
    • Archiving Bridge
    • Data Publisher
    • Direct Data Link
    • Engineering UI
    • ERP Connectivity
    • Gateway
    • Information Router
    • Master Data Management
    • Orchestrator

Nexeed Learning Portal
  • Industrial Application System
  • Infrastructure manual
  • Setup and configuration
  • Deployment with Helm
preview 2025.03.00

Deployment with Helm

This section explains the new installation and upgrade process of the nexeed-infra Helm chart.

Prerequisites

The following prerequisites must be in place:

  • Kubernetes Cluster installed and configured (K3s, kind, aks, eks etc.)

  • Installation of the kubernetes manifests from ias chart, that the following has been installed:

    • namespaces

    • CRDs

    • cluster role or the availability of kubernetes cluster admin for Nexeed IAS application deployment

  • Access to Kubernetes API with a non-kubernetes admin user for deployment of namespaced-scoped objects

  • Helm binary installed (version >= 3.15)

  • Access to BCIDockerRegistry or a mirror of it, which provides modules' images for deployment

  • The nexeed-infra HelmUmbrellaChart artifact for the specific version (which can also be retrieved from BCIDockerRegistry)

Custom values file

It is required to have the custom-values-infra.yaml file to deploy the nexeed-infra Helm chart.

The minimal custom-values-infra.yaml file is layed out below:

# custom-values-infra.yaml
global:
  targetDeployment: <platform_name>
  imageCredentials:
    docker-registry-secret:
      registry: <registry_hostname>
      email: <registry_login_email>
      username: <username>
      password: <password>
  embeddedRabbitMQAdminPassword: <rabbitmq_admin_password>
  nexeedHost: <hostname>
  nexeedCACerts: |
    <CACertChain>
  modules:
    rabbitmq:
      enabled: true
      contextPath: <optional>
      loadBalancer:
        enabled: <true/false>

        # if enabled: true, the following parameters are required
        ## For Azure platform
        ip: <load_balancer_ip>
        azure:
          public_ip_resource_group: <resource_group_name>
        sourceRanges:
          - <whitelisted_ip1_ranges_in_cidr>
          - <whitelisted_ip2_ranges_in_cidr>

The explanation of the minimal parameters under global:

  1. targetDeployment: the target platform deployment, i.e. azure, k3s, etc

  2. imageCredential block: the credential for the Container image registry

  3. embeddedRabbitMQAdminPassword: The admin password for RabbitMQ admin portal, should be the same as the one in the ias chart

  4. nexeedHost: the primary hostname for the targeting ias deployment, should be the same as the one in the ias chart

  5. nexeedCACerts: should be the same as the ias chart

  6. modules: the block of the middleware components this chart manages

Module: RabbitMQ

This section explains the RabbitMQ chart available parameters.

global.modules.rabbitmq section:

  1. enabled: true or false - Enables or disables the RabbitMQ cluster

  2. contextPath: default to rabbitmq - The URL context path of the RabbitMQ management portal

  3. loadBalancer: The loadBalancer section states if a cloud-provided loadbalancer is needed.

    • loadBalancer.enabled: true or false (default) - If false then only Kubernetes service resource will be used.

  4. The other platform specific parameters under loadBalancer are not needed if set to false.

  1. When global.targetDeployment is set to azure, then it is targeting Azure platform.

  2. When Kubernetes service is used, the RabbitMQ cluster is only visible within the Kubernetes cluster.

The following parameters under loadBalancer are valid for Azure platform:

  1. ip: The IP address string of the Azure loadbalancer for the RabbitMQ cluster

  2. sourceRange: List of the whitelisted inbound IP sources in CIDR range format for accessing this RabbitMQ cluster

  3. azure: The Azure specific parameters

    • public_ip_resource_group: The resource group name of the public IP address for the RabbitMQ cluster

rabbitmq.local section:

  1. extraPlugins: it is a list of extra plugins to be enabled in Rabbitmq instances

If rabbitmq_prometheus is added to the extraPlugins list, the chart also exposes prometheus metrics via ingress controller with a configuration similar with the one for the management plugin (under same subdomain or contextpath). The prometheus metrics will be available on the same context path as the management plugin, i.e. /rabbitmq/node0/metrics, /rabbitmq/node1/metrics and so on, one entry for each rabbitmq instance.

Deploy to Kubernetes

You may deploy the nexeed-infra Helm chart by the following steps:

  1. Login to the registry that hosts the nexeed-infra (one time setup): helm registry login <registry_host> --username <username> --password <password>

  2. Download the nexeed-infra Helm chart: helm pull oci://<registry_host>/nexeed-infra/helmchart/nexeed-infra --version <version>

  3. Extract the downloaded tgz file: tar xvzf nexeed-infra-<version>.tgz

  4. Change directory to the nexeed-infra folder cd nexeed-infra

  5. Connect to your Kubernetes cluster by updating your <home>/.kube/config file

  6. Assuming the custom-values-infra.yaml is written, then perform the command for installation or upgrade: helm upgrade -i -n infra --create-namespace nexeed-infra -f <path_to_custom-values-infra.yaml> .

  7. Wait until the enabled services are up and running

  8. Continue with the ias chart deployment

The RabbitMQ StatefulSet will be deployed, the size of the cluster will automatically adjust based on available nodes.

Add the cluster info to IAS chart

Now you should add the RabbitMQ information to the main ias chart in their custom-values.yaml file.

See RMQCustomValueRemote for reference.

Contents

© Robert Bosch Manufacturing Solutions GmbH 2023-2025, all rights reserved

Changelog Corporate information Legal notice Data protection notice Third party licenses