Skip to content

Enterprise Installation

Sextant is Kubernetes-native. In other words, one installs Sextant into a Kubernetes cluster.


Use of Sextant is governed by a Subscription Agreement or an Evaluation Agreement. If you aren't a subscriber then you can sign up for an evaluation here.


You will need the up-to-date versions of the following tools installed:


These instructions focus on Amazon EKS and use the official EKS CLI eksctl but Sextant can be deployed just as easily on a Kubernetes cluster on-prem or provisioned in Azure, GCP or a specialist cloud provider such as Equinix Metal.

Create Cluster

If you have an existing four-node cluster, you can use this. Otherwise, create an Amazon EKS cluster by using the following command substituting <CLUSTER_NAME> and <REGION>:

eksctl create cluster \
  --name <CLUSTER_NAME> \
  --region <REGION_NAME> \
  --node-type m5.large \
  --nodes 4 \
  --with-oidc \


By specifying 4 nodes this cluster can also be added to Sextant as a target cluster for Sawtooth or Besu deployments.

Alternatively, use AKS, GKE, or similar.

Prepare Cluster

Step 1: Create Namespace

Create namespace sextant for Sextant and switch to this -

kubectl create namespace sextant
kubectl config set-context --current --namespace=sextant

Step 2: Create Kubernetes image pull secret

To install Sextant, you will need to access BTP's official docker image registry.

Once you have acquired the credentials for this registry from BTP you can create the image pull secret btp-lic for the Sextant helm chart to use upon install.

kubectl create secret docker-registry btp-lic \
--docker-server= --docker-username=<your-name> \
--docker-password='<your-password>' --docker-email=<your-email>

For more information on this command, see here.

Install Sextant

Step 1: Create values.yaml

Assuming you have created the docker registry secret btp-lic as above, next you need to create a values.yaml file enabling image pull secrets and specifying this secret:

edition: enterprise
  enabled: true
    - name: btp-lic
    enabled: true


By enabling persistence in the example above you will ensure that state is preserved even if you restart or delete/reinstall Sextant with the same name in the same namespace.

Step 2: Add or Update BTP Helm Charts Repo

Add the BTP helm charts repo:

helm repo add btp-stable

Note that if you have done this previously you should make sure you have the most up-to-date BTP helm charts repo using this command:

helm repo update

Step 3: Deploy Sextant

Then run this helm command to install Sextant:

helm install -f values.yaml sextant btp-stable/sextant

The output should look something like this:

NAME: sextant
LAST DEPLOYED: Mon Jan  3 14:32:33 2022
NAMESPACE: sextant
STATUS: deployed
1. Get the initial Sextant application username and password by running this command
  kubectl describe pod/sextant-0 --namespace sextant-aws | grep INITIAL_

2. Get the application URL by running these commands:
  export POD_NAME=$(kubectl get pods -l "" -o jsonpath="{.items[0]}")
  echo "Visit to use your application"
  kubectl port-forward $POD_NAME 8080:80

Save Admin Credentials

Obtain the initial Sextant application username and password by running this command:

kubectl describe pod/sextant-0 | grep INITIAL_

Make a note of the username and password for admin access to Sextant. You will need these to log in to Sextant.


These details will persist even if you restart or delete/reinstall Sextant with the same name in the same namespace since we enabled postgres persistence.

Set up Access to Sextant

Follow these instructions to set up access to Sextant either via portforward or a more permanent solution such as a load balancer or an ingress controller.

Log in to Sextant

Once you have set up access to Sextant then you can log in using your saved username and password and start using it yourself or set up user access for members of your team.

Instructions on how to do this can be found here.