Skip to Content
LakerunnerManual Install (Helm)

Manual Install (Helm)

This page covers installing Lakerunner yourself with Helm. A POC via the Helm chart is supported for a local or throwaway cluster.

We recommend the operator for every install — including production. The operator-managed install brings up Lakerunner and the Cardinal UI as a single unit and handles automatic upgrades, health monitoring, and clean removal for you — driven from app.cardinalhq.io . A manual Helm install means you own upgrades and monitoring yourself, so keep it to POCs.

For production or advanced installs (external S3 + Postgres at scale, air-gapped clusters, custom HA), use the operator and contact sales — we’ll help you size and harden the deployment.

Quick start (local cluster)

The fastest manual path — deploy Lakerunner on a local Kubernetes cluster with no cloud account required.

Quick Start

Up and running in minutes

Get Lakerunner deployed on a local Kubernetes cluster — no cloud account required.

Prerequisites

Kubernetes 1.33+or kind, minikube, etc.
Helm 3.14+Install guide
1

Sign up for a Cardinal account

Create your free account at app.cardinalhq.io.

2

Download your Lakerunner Trial license

After signing in, download your trial license from the Cardinal dashboard.

3

Create the namespace

bash
kubectl create namespace lakerunner
4

Install using Helm

Use the configuration wizard to generate a values.yaml tailored to your environment, then install:

bash
helm install lakerunner oci://public.ecr.aws/cardinalhq.io/lakerunner \
  --values values.yaml \
  --namespace lakerunner
5

Verify the installation

Wait for all pods to become ready:

bash
kubectl get pods -n lakerunner -w
6

Access Grafana

If Grafana was included in your installation, port-forward it to your local machine:

bash
kubectl port-forward -n lakerunner svc/grafana 3000:3000

Open http://localhost:3000 in your browser. Lakerunner's data source is pre-configured, but you won't see any data yet — that comes in the next step.

7

Send data

Install OpenTelemetry Collectors to monitor your cluster and write telemetry to S3.

Generate data from your real applications, or use the OTel Demo Application to produce realistic logs, metrics, and traces right away.

Configuration wizard

Use the interactive wizard below to generate a values.yaml for your deployment. Select your installation type and fill in the required details.

🔒 Privacy First: This wizard runs entirely in your browser. No data is sent to any server.

Installation Type

Organization Settings

Lakerunner is multi-tenant. Each tenant is an organization, and the collector and API key are used by that organization.

Click "Generate" to make a random ID, or enter one you have previously used.
Collector name is required and cannot be "default"
This will be used by Grafana and other tools to query telemetry for this organization.

Optional Components

Pre-configured Grafana with Lakerunner datasources

Cloud Provider

Credentials will be provided by EKS via IAM Roles for Service Accounts (IRSA) or EKS Pod Identity. Ensure your cluster and service account are configured appropriately.

PostgreSQL - Lakerunner DB

lakerunner

PostgreSQL - Config DB

lakerunner

License

A valid license is required for Lakerunner to operate. Contact support@cardinalhq.com to obtain one.

Paste your license string (starts with b64: or z64:)

Scaling

Lakerunner uses internal autoscaling from 1 pod up to the max you set here.

ServiceMax Pods
Log Processing
Metric Processing
Trace Processing

Ingestion

Choose how S3 object notifications are ingested. HTTP provides a webhook endpoint. SQS polls from an AWS SQS queue.

Recommend at least 2 for production

Generated values.yaml

Please complete all required fields (marked with *) above to generate your values.yaml configuration.

For the complete list of configuration options, see the full values.yaml reference on GitHub .

Post-installation

Verify the installation

After installation, verify all pods are running:

kubectl get pods -n lakerunner -l app.kubernetes.io/name=lakerunner

Access Grafana

Configure an Ingress or use port-forwarding to access Grafana:

kubectl port-forward -n lakerunner svc/grafana 3000:3000

Deploying on OpenShift

The chart renders cleanly under the restricted-v2 SCC with two adjustments. Add the following to the values.yaml produced by the wizard above:

1. Let the SCC assign UIDs

OpenShift’s restricted-v2 SCC rejects pods whose runAsUser/runAsGroup/fsGroup fall outside the namespace’s assigned UID range — it wants to inject them from the range itself. Null the fields so the chart emits only runAsNonRoot: true:

global: podSecurityContext: runAsNonRoot: true runAsUser: null runAsGroup: null fsGroup: null grafana: podSecurityContext: runAsNonRoot: true runAsUser: null runAsGroup: null fsGroup: null

The SCC fills in runAsUser, runAsGroup, and fsGroup. All other hardening from global.containerSecurityContext (no-privilege-escalation, drop ALL, RuntimeDefault seccomp, read-only rootfs) stays in effect.

2. Grafana needs an SCC that permits UID 472

The upstream grafana/grafana image expects UID 472 to own /var/lib/grafana. Because that UID almost never falls inside a namespace’s restricted-v2 range, Grafana needs either a custom SCC or an OpenShift-compatible image. The simplest path is:

oc adm policy add-scc-to-user nonroot-v2 -z <release>-lakerunner -n <namespace>

…and then keep Grafana’s defaults (UID 472). If you prefer to avoid the SCC grant, swap grafana.image.repository for an image that supports random UIDs.

3. Perch needs elevated RBAC

The Perch component ships with a ClusterRole that includes patch on apps/deployments cluster-wide — this is its legitimate function (cross-namespace deployment management), but it counts as a privileged grant. On clusters with strict RBAC review you may need admin approval or an oc adm policy add-role-to-user edit against the chart’s ServiceAccount.

4. Ingress / Routes

The chart uses standard networking.k8s.io/v1 Ingress resources. They work with the OpenShift HAProxy router out of the box; no nginx-specific annotations are emitted.

Upgrading

To upgrade an existing installation:

helm upgrade lakerunner oci://public.ecr.aws/cardinalhq.io/lakerunner \ --values values.yaml \ --namespace lakerunner

Uninstalling

To remove Lakerunner:

helm uninstall lakerunner --namespace lakerunner

Note: This does not delete your data in the cloud storage bucket.

Reach out to support@cardinalhq.io for support or to ask questions not answered in our documentation.

Last updated on