Installation Overview
KNIME Business Hub is deployed using Argo CD and the App-of-Apps pattern. This page explains how the installation is structured and what you need to prepare.
Detailed installation instructions are provided by your KNIME representative
This page gives a conceptual overview of how an Argo CD-based installation works. Step-by-step instructions, including the Argo CD project setup, required secrets, and environment-specific configuration, are delivered as part of a dedicated configuration repository. Contact your KNIME representative if you have not received access yet.
How It Works
A top-level Helm chart generates Argo CD Application resources and a ConfigMap called business-hub-metadata, which is used to display the application version in the KNIME Business Hub UI and in support bundles. Each child Application pulls its own Helm chart from the KNIME chart registry and applies it to the cluster.
This means:
- KNIME maintains the chart versions, default values, and sync configuration.
- You (the customer) maintain your environment-specific overrides in a
local-values.yamlfile.
Argo CD continuously reconciles the live cluster state against the declared configuration. Any drift from the desired state is automatically corrected.
Argo CD Setup
The detailed steps for setting up the Argo CD project, creating the required secrets, and applying the initial configuration are provided by your KNIME representative in the configuration repository.
Configuration Areas
Before installation, your IT team needs to prepare several environment-specific values. The sections below describe the key areas at a conceptual level. For specific configuration details and the expected file structure, refer to the configuration repository provided by your Cloud Operations team.
DNS
KNIME Business Hub requires DNS entries for the following subdomains of your chosen base domain:
| Subdomain | Purpose |
|---|---|
hub.<base-domain> | Main web application |
apps.<base-domain> | Data applications |
api.<base-domain> | REST API |
auth.<base-domain> | Authentication service |
ws.<base-domain> | WebSocket connections |
TLS and Certificates
TLS is configurable and applies globally across all services when enabled. If your organization uses a custom certificate authority (CA), a CA bundle can be provided via a ConfigMap.
Ingress
KNIME Business Hub uses Istio as its ingress and service mesh layer. The Istio Ingress Gateway is configured as part of the installation. Load balancer type and node port settings can be adjusted in your local-values.yaml.
If you already have an Istio Ingress Gateway running in the cluster, KNIME Business Hub deploys its own gateway alongside it. The two gateways operate independently and do not interfere with each other. If the existing gateway is no longer needed, it can be disabled separately.
Workload Security
KNIME Business Hub workloads run with a restrictive security context by default, aligned with the CIS Benchmark for Kubernetes. This includes dropping all Linux capabilities, running as a non-root user, using a read-only root filesystem, and disabling privilege escalation. Settings can be customized via values overrides for most services.
Some components require exceptions to this security policy. Contact your KNIME representative for details.
Node Scheduling
All KNIME Business Hub workloads are designed to be scheduled onto available Kubernetes node(s) by their core or execution role:
- Core workloads — API, auth, catalog, webapp, message brokers, and other platform services.
- Execution workloads — Executors and execution-related services.
To use dedicated node pools, label and taint your nodes:
bash
kubectl label nodes <node-name> hub.knime.com/role=core
kubectl taint nodes <node-name> hub.knime.com/role=core:NoSchedule
kubectl label nodes <node-name> hub.knime.com/role=execution
kubectl taint nodes <node-name> hub.knime.com/role=execution:NoScheduleNode affinity, tolerations, and a global nodeSelector can all be configured in your local-values.yaml. Refer to the configuration repository provided by your Cloud Operations team for the full scheduling configuration structure.