Skip to main content

Installation

Install and configure a self-hosted (self-managed) Primary Site.

Prerequisites

  • Kubernetes cluster, version 1.29 or later
  • Kubectl - Kubernetes command line tool
  • Helm - Kubernetes package manager, version 3.12 or later

To deploy your Primary Site in the cloud, create an account with a supported provider (AWS, Azure, or GCP) or choose to self-host Kubernetes with an S3-compatible object store like MinIO

info

We've tested the S3-compatible setup with MinIO. Other compatible services may work. Object creation events are required to process files from your inbox.

Provision storage buckets, a Kubernetes cluster, and cloud credentials before installing the Primary Site. There are no region restrictions if your cloud provider supports these resources.

Foxglove provides a set of Terraform examples to help with these initial provisioning steps in a supported cloud provider.

On AWS, you can use the AWS Terraform examples to provision your buckets and cluster. An example cost estimate is provided here. Pricing will vary based on your specific data storage needs and access patterns.

This process should take about an hour, depending on your infrastructure configuration.

Create storage buckets

Create two storage buckets for your Primary Site:

  • inbox – For all file uploads
  • lake – For processed and indexed versions of all files added to inbox

Create Kubernetes cluster

Create a Kubernetes cluster to run your site workloads (for example, processing inbox data, servicing data access requests from the lake) – we recommend doing this in the same region as your storage buckets, to reduce access latency and cost.

Create a foxglove namespace in your cluster:

kubectl create namespace foxglove

Configure cloud credentials

Create a service account with read and write access to the storage buckets. The Kubernetes workloads will use this service account.

See Configure cloud credentials for details on how to provide this credential to the deployment. This section also covers configuration of S3-compatible object storage.

Create secret with site token

Find your Primary Site token on the "Sites" settings page.

Install a Secret named foxglove-site-token into the foxglove namespace containing your site token:

kubectl create secret generic foxglove-site-token --from-literal=FOXGLOVE_SITE_TOKEN="fox_st_..." --namespace foxglove

There are multiple other ways to create secrets that may be preferable. See Create a Secret for more info.

Install the release

Install your Primary Site using Helm.

Prepare a values file

Create a values.yaml file to configure the installation. Include a storageProvider (aws, azure, google_cloud, or s3_compatible) and the names of your lake and inbox buckets:

globals:
  lake:
    storageProvider: google_cloud
    bucketName: foxglove-lake
  inbox:
    storageProvider: google_cloud
    bucketName: foxglove-inbox

Install

Helm will install the Primary Site deployment to your current Kubernetes context.

helm repo add foxglove https://helm-charts.foxglove.dev
helm repo update
helm upgrade --install foxglove-primary-site foxglove/primary-site \
    --values ./values.yaml  \
    --namespace foxglove \
    --create-namespace

View info about the deployment:

helm list -n foxglove

Ingress for data streaming

The deployment installs an Ingress, exposing a stream service HTTP endpoint to stream available data from your lake bucket.

To reach the ingress from outside the cluster, assign a DNS name and HTTPS endpoint. Ensure that the HTTP endpoint is reachable from your organization’s network or any network needing access to the site data. This does not necessarily need to be exposed to the public internet; for example, if all clients will stream data from within a VPN.

note

How to assign a DNS name and HTTPS endpoint to the ingress is specific to your organization and cloud environment.

You can configure the ingress using your values file. Below are the default values.

ingress:
  enabled: true
  className:
  annotations: {}

To completely disable the Ingress, set ingress.enabled to false. However, you must provide an Ingress for the site to function.

Some cloud providers require configuring annotations for HTTPS certificates. Here's an example values file for AWS.

ingress:
  annotations:
    kubernetes.io/ingress.class: "alb"
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/backend-protocol: HTTP
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-1:xxxxxxxxxxxx:certificate/EXAMPLE-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Configure Foxglove

Once the site's ingress public URL is known, you can configure it on a Site page, linked from the "Sites" settings page.

Under Site URL, enter the HTTPS URL you've assigned to the Ingress.

Bucket push notification

The site inbox processor needs to know when new files are uploaded to the inbox bucket. To notify of new uploads, configure a push notification to Foxglove inbox-notifications endpoint.

Configuring a push notification for new file uploads is specific to your cloud provider (or S3-compatible service).

The Foxglove AWS Terraform examples for cloud providers configure these resources for you. For manual setup, or for more information, see the documentation below.

tip

Org admins can find the inbox notification endpoint on the Sites settings page.

Support

For additional support contact us at [email protected].