Embedded Cluster
Install Dreadnode on a fresh VM with a single command. Bundles Kubernetes, Traefik, and the admin console.
curl -f 'https://replicated.app/embedded/dreadnode/stable' \ -H 'Authorization: <license-id>' -o dreadnode.tgztar -xvzf dreadnode.tgzsudo ./dreadnode install --license license.yamlThree commands: download, extract, install. The installer provisions Kubernetes (k0s),
an ingress controller (Traefik), persistent storage (OpenEBS), and the KOTS Admin Console.
You configure the platform through the Admin Console web UI — no values.yaml to edit.
VM requirements
Section titled “VM requirements”- OS — Ubuntu 22.04 LTS (x86_64)
- CPU — 4 vCPU minimum
- Memory — 8 Gi minimum
- Disk — 40 Gi minimum (SSD recommended)
- Access — root or sudo
The installer runs its own host preflight checks for disk, CPU, memory, and OS before provisioning anything. If your VM doesn’t meet the requirements, the installer tells you before it starts.
Network access
Section titled “Network access”The VM needs outbound HTTPS to three endpoints:
- replicated.app — installer download, license validation, update checks
- proxy.enterprise.dreadnode.io — container image pulls (authenticated via your license)
- updates.enterprise.dreadnode.io — application update metadata
For air-gapped environments, download the airgap bundle from the Replicated portal instead. All images are included in the bundle.
DNS records
Section titled “DNS records”Point two DNS records at the VM’s public IP:
<your-domain>— serves the frontend and APIstorage.<your-domain>— serves the MinIO S3 API
Traefik binds directly to ports 80 and 443 on the host via hostPort, so no load
balancer sits in between.
Download and install
Section titled “Download and install”1. Get your license file. Dreadnode provides a license.yaml file. Place it on
the VM.
2. Download the installer bundle:
curl -f 'https://replicated.app/embedded/dreadnode/stable' \ -H 'Authorization: <license-id>' -o dreadnode.tgzYour license ID is inside the license file (licenseID: field). For Beta channel
releases, replace stable with beta in the URL.
3. Extract and run:
tar -xvzf dreadnode.tgzsudo ./dreadnode install --license license.yamlThe installer prompts for an Admin Console password. Pick something strong — this protects the admin UI at port 8800.
Installation takes 5–10 minutes depending on VM specs and download speed. When it finishes, it prints the Admin Console URL.
Configure via the Admin Console
Section titled “Configure via the Admin Console”Open the Admin Console at http://<vm-ip>:8800 and log in with the password you set
during installation.
The config screen walks through these groups:
Identity — Set your domain (required) and URL scheme (HTTP or HTTPS). The organization display name defaults to your license’s customer name.
Networking & TLS — Ingress class defaults to traefik (correct for Embedded
Cluster). If you chose HTTPS above, enter the name of a kubernetes.io/tls Secret
you’ve created in the install namespace.
Data Stores — PostgreSQL, ClickHouse, and S3/MinIO each default to in-cluster. Switch any to “external” if you want to point at a managed service (RDS, your own ClickHouse, S3 bucket). External mode reveals the connection fields.
Sandbox Runtime — OpenSandbox (on-cluster, default) or E2B (cloud, requires API key).
Logging — Log level and structured JSON toggle.
Resource Sizing — Small (~50 users), medium (~50–200), or large (200+).
After saving the config, click Deploy. The Admin Console installs the Helm chart with your settings and shows deployment progress.
Enable TLS
Section titled “Enable TLS”TLS is optional at first install. To switch from HTTP to HTTPS afterward:
1. Create a TLS Secret. The certificate must cover both <your-domain> and
storage.<your-domain>.
kubectl create secret tls dreadnode-tls \ --cert=/path/to/tls.crt \ --key=/path/to/tls.key \ -n <namespace>2. In the Admin Console config screen, set URL Scheme to HTTPS and enter
dreadnode-tls as the TLS Certificate Secret Name.
3. Click Save config, then Deploy.
Verify the install
Section titled “Verify the install”The Admin Console dashboard shows component status. Wait until everything reports Ready.
Open your domain in a browser:
http(s)://<your-domain>Check the API directly:
curl http(s)://<your-domain>/api/health# {"status":"ok"}First login
Section titled “First login”Create an account at http(s)://<your-domain>/. The first user to sign up is
automatically enrolled in the default organization. Additional users need an invitation.
Upgrades
Section titled “Upgrades”The Admin Console checks for new versions automatically. When an update is available, it appears on the dashboard. Review the release notes, then click Deploy to upgrade.
Database migrations run automatically on the API pod startup. Migrations are forward-only (Alembic), so the Admin Console Rollback button is intentionally disabled.
Reinstall from scratch
Section titled “Reinstall from scratch”If you need a clean slate, remove the application through the Admin Console (Application → Remove), then delete persistent state:
NS=<namespace>
kubectl -n "$NS" delete pvc \ data-dreadnode-postgresql-0 \ data-dreadnode-clickhouse-0 \ data-dreadnode-minio-0
kubectl -n "$NS" delete secret \ dreadnode-postgresql \ dreadnode-clickhouse \ dreadnode-minio \ dreadnode-api-encryptionThen redeploy through the Admin Console.
Admin Console reference
Section titled “Admin Console reference”The Admin Console at http://<vm-ip>:8800 is your ongoing management interface:
- Config — Change domain, TLS, data stores, sandbox provider, resource sizing
- Dashboard — Component health and deployment status
- Version history — Available updates and deploy history
- Troubleshoot — Generate support bundles for diagnostics