first commit
This commit is contained in:
718
docs/deployment-guides/helm/values.mdx
Normal file
718
docs/deployment-guides/helm/values.mdx
Normal file
@@ -0,0 +1,718 @@
|
||||
---
|
||||
title: "Values Reference"
|
||||
description: "Complete reference for Bifrost Helm chart values — key parameters, how to supply them, and links to example files"
|
||||
icon: "sliders"
|
||||
---
|
||||
|
||||
This page covers every top-level parameter group in the Bifrost Helm chart's `values.yaml`, how to supply values via `--set` vs `-f`, and where to find ready-made example files.
|
||||
|
||||
<Note>
|
||||
The full values schema is available at [https://getbifrost.ai/schema](https://getbifrost.ai/schema). All `values.yaml` fields map directly to `config.json` fields generated by the chart.
|
||||
</Note>
|
||||
|
||||
## Supplying Values
|
||||
|
||||
### One-liner with `--set`
|
||||
|
||||
Good for a single field or quick experiments:
|
||||
|
||||
```bash
|
||||
helm install bifrost bifrost/bifrost \
|
||||
--set image.tag=v1.4.11 \
|
||||
--set replicaCount=3 \
|
||||
--set bifrost.client.initialPoolSize=500
|
||||
```
|
||||
|
||||
### Values file with `-f`
|
||||
|
||||
Recommended for anything beyond a couple of fields:
|
||||
|
||||
```bash
|
||||
# Create your values file
|
||||
cat > my-values.yaml <<'EOF'
|
||||
image:
|
||||
tag: "v1.4.11"
|
||||
|
||||
replicaCount: 2
|
||||
|
||||
bifrost:
|
||||
encryptionKey: "your-32-byte-encryption-key-here"
|
||||
client:
|
||||
initialPoolSize: 500
|
||||
enableLogging: true
|
||||
EOF
|
||||
|
||||
# Install
|
||||
helm install bifrost bifrost/bifrost -f my-values.yaml
|
||||
|
||||
# Upgrade later
|
||||
helm upgrade bifrost bifrost/bifrost -f my-values.yaml
|
||||
|
||||
# Upgrade and reuse all previously set values, overriding only one field
|
||||
helm upgrade bifrost bifrost/bifrost \
|
||||
--reuse-values \
|
||||
--set replicaCount=5
|
||||
```
|
||||
|
||||
### Multiple values files
|
||||
|
||||
Later files override earlier ones — useful for a base + environment-specific overlay:
|
||||
|
||||
```bash
|
||||
helm install bifrost bifrost/bifrost \
|
||||
-f base-values.yaml \
|
||||
-f production-overrides.yaml
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Key Parameters Reference
|
||||
|
||||
### Image
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|-----------|-------------|---------|
|
||||
| `image.repository` | Container image repository | `docker.io/maximhq/bifrost` |
|
||||
| `image.tag` | **Required.** Image version (e.g. `v1.4.11`) | `""` |
|
||||
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
|
||||
| `imagePullSecrets` | List of pull secret names for private registries | `[]` |
|
||||
|
||||
```bash
|
||||
# Always specify the tag — the chart will not start without it
|
||||
helm install bifrost bifrost/bifrost --set image.tag=v1.4.11
|
||||
```
|
||||
|
||||
### Replicas & Autoscaling
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|-----------|-------------|---------|
|
||||
| `replicaCount` | Static replica count (ignored when HPA is enabled) | `1` |
|
||||
| `autoscaling.enabled` | Enable Horizontal Pod Autoscaler | `false` |
|
||||
| `autoscaling.minReplicas` | Minimum replicas | `1` |
|
||||
| `autoscaling.maxReplicas` | Maximum replicas | `10` |
|
||||
| `autoscaling.targetCPUUtilizationPercentage` | CPU target for scaling | `80` |
|
||||
| `autoscaling.targetMemoryUtilizationPercentage` | Memory target for scaling | `80` |
|
||||
| `autoscaling.behavior.scaleDown.stabilizationWindowSeconds` | Cooldown before scale-down (important for SSE streams) | `300` |
|
||||
| `autoscaling.behavior.scaleDown.policies[0].value` | Max pods removed per period | `1` |
|
||||
|
||||
### Resources
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|-----------|-------------|---------|
|
||||
| `resources.requests.cpu` | CPU request | `500m` |
|
||||
| `resources.requests.memory` | Memory request | `512Mi` |
|
||||
| `resources.limits.cpu` | CPU limit | `2000m` |
|
||||
| `resources.limits.memory` | Memory limit | `2Gi` |
|
||||
|
||||
### Service
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|-----------|-------------|---------|
|
||||
| `service.type` | `ClusterIP`, `LoadBalancer`, or `NodePort` | `ClusterIP` |
|
||||
| `service.port` | Service port | `8080` |
|
||||
|
||||
### Ingress
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|-----------|-------------|---------|
|
||||
| `ingress.enabled` | Enable ingress | `false` |
|
||||
| `ingress.className` | Ingress class (e.g. `nginx`, `traefik`) | `""` |
|
||||
| `ingress.annotations` | Ingress annotations | `{}` |
|
||||
| `ingress.hosts` | Host rules | see values.yaml |
|
||||
| `ingress.tls` | TLS configuration | `[]` |
|
||||
|
||||
```yaml
|
||||
ingress:
|
||||
enabled: true
|
||||
className: nginx
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "100m"
|
||||
hosts:
|
||||
- host: bifrost.yourdomain.com
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- secretName: bifrost-tls
|
||||
hosts:
|
||||
- bifrost.yourdomain.com
|
||||
```
|
||||
|
||||
### Probes
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|-----------|-------------|---------|
|
||||
| `livenessProbe.initialDelaySeconds` | Seconds before first liveness check | `30` |
|
||||
| `livenessProbe.periodSeconds` | Liveness check interval | `30` |
|
||||
| `readinessProbe.initialDelaySeconds` | Seconds before first readiness check | `10` |
|
||||
| `readinessProbe.periodSeconds` | Readiness check interval | `10` |
|
||||
|
||||
Both probes hit `GET /health`.
|
||||
|
||||
### Graceful Shutdown
|
||||
|
||||
Bifrost supports long-lived SSE streaming connections. The default `preStop` hook and termination grace period let in-flight streams finish before the pod is killed:
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|-----------|-------------|---------|
|
||||
| `terminationGracePeriodSeconds` | Total grace period | `60` |
|
||||
| `lifecycle.preStop.exec.command` | Sleep before SIGTERM so load balancer drains | `["sh", "-c", "sleep 15"]` |
|
||||
|
||||
Increase `terminationGracePeriodSeconds` if your typical stream responses take longer than 45 seconds.
|
||||
|
||||
### Service Account
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|-----------|-------------|---------|
|
||||
| `serviceAccount.create` | Create a dedicated service account | `true` |
|
||||
| `serviceAccount.annotations` | Annotations (e.g. for IRSA, Workload Identity) | `{}` |
|
||||
| `serviceAccount.name` | Override the generated name | `""` |
|
||||
|
||||
### Pod Scheduling
|
||||
|
||||
```yaml
|
||||
# Spread replicas across nodes
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: bifrost
|
||||
topologyKey: kubernetes.io/hostname
|
||||
|
||||
# Pin to specific node pool
|
||||
nodeSelector:
|
||||
node-type: ai-workload
|
||||
|
||||
# Tolerate GPU taints
|
||||
tolerations:
|
||||
- key: "gpu"
|
||||
operator: "Equal"
|
||||
value: "true"
|
||||
effect: "NoSchedule"
|
||||
```
|
||||
|
||||
### Extra Environment Variables
|
||||
|
||||
Three ways to inject env vars:
|
||||
|
||||
```yaml
|
||||
# Inline key/value pairs
|
||||
env:
|
||||
- name: HTTP_PROXY
|
||||
value: "http://proxy.corp.example.com:3128"
|
||||
|
||||
# Map syntax (appended after env)
|
||||
extraEnv:
|
||||
NO_PROXY: "169.254.169.254,10.0.0.0/8"
|
||||
|
||||
# Bulk-load from existing Secrets or ConfigMaps
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: my-corp-secrets
|
||||
- configMapRef:
|
||||
name: my-app-config
|
||||
```
|
||||
|
||||
### Init Containers
|
||||
|
||||
```yaml
|
||||
initContainers:
|
||||
- name: wait-for-db
|
||||
image: busybox:1.35
|
||||
command: ["sh", "-c", "until nc -z postgres-svc 5432; do sleep 2; done"]
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Values Examples
|
||||
|
||||
The chart ships ready-made example files under [`helm-charts/bifrost/values-examples/`](https://github.com/maximhq/bifrost/tree/main/helm-charts/bifrost/values-examples):
|
||||
|
||||
| File | Use case |
|
||||
|------|----------|
|
||||
| `sqlite-only.yaml` | Minimal local/dev setup |
|
||||
| `postgres-only.yaml` | Single-store Postgres |
|
||||
| `production-ha.yaml` | HA: 3 replicas, Postgres, Weaviate, HPA, Ingress |
|
||||
| `providers-and-virtual-keys.yaml` | All 23 providers + 7 virtual key patterns |
|
||||
| `secrets-from-k8s.yaml` | All sensitive values from Kubernetes Secrets |
|
||||
| `external-postgres.yaml` | Point at an existing Postgres instance |
|
||||
| `postgres-redis.yaml` | Postgres + Redis vector store |
|
||||
| `postgres-weaviate.yaml` | Postgres + Weaviate vector store |
|
||||
| `postgres-qdrant.yaml` | Postgres + Qdrant vector store |
|
||||
| `semantic-cache-secret-example.yaml` | Semantic cache with secret injection |
|
||||
| `mixed-backend.yaml` | Config store = postgres, logs store = sqlite |
|
||||
|
||||
Install from an example file directly:
|
||||
|
||||
```bash
|
||||
helm install bifrost bifrost/bifrost \
|
||||
-f https://raw.githubusercontent.com/maximhq/bifrost/main/helm-charts/bifrost/values-examples/production-ha.yaml \
|
||||
--set image.tag=v1.4.11
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Helm Operations
|
||||
|
||||
### View current values
|
||||
|
||||
```bash
|
||||
helm get values bifrost
|
||||
```
|
||||
|
||||
### Diff before upgrading (requires helm-diff plugin)
|
||||
|
||||
```bash
|
||||
helm diff upgrade bifrost bifrost/bifrost -f my-values.yaml
|
||||
```
|
||||
|
||||
### Rollback
|
||||
|
||||
```bash
|
||||
helm history bifrost
|
||||
helm rollback bifrost # to previous revision
|
||||
helm rollback bifrost 2 # to revision 2
|
||||
```
|
||||
|
||||
### Uninstall
|
||||
|
||||
```bash
|
||||
helm uninstall bifrost
|
||||
|
||||
# Also remove PVCs (deletes all data)
|
||||
kubectl delete pvc -l app.kubernetes.io/instance=bifrost
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## All Key Parameters
|
||||
|
||||
A quick-reference table of the most commonly used top-level parameters:
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|-----------|-------------|---------|
|
||||
| `image.tag` | **Required.** Bifrost image version (e.g., `v1.4.11`) | `""` |
|
||||
| `replicaCount` | Number of replicas | `1` |
|
||||
| `storage.mode` | Storage backend (`sqlite` or `postgres`) | `sqlite` |
|
||||
| `storage.persistence.size` | PVC size for SQLite | `10Gi` |
|
||||
| `postgresql.enabled` | Deploy embedded PostgreSQL | `false` |
|
||||
| `vectorStore.enabled` | Enable vector store | `false` |
|
||||
| `vectorStore.type` | Vector store type (`weaviate`, `redis`, `qdrant`) | `none` |
|
||||
| `bifrost.encryptionKey` | Optional encryption key (use `encryptionKeySecret` in production). If omitted, data is stored in plaintext. | `""` |
|
||||
| `ingress.enabled` | Enable ingress | `false` |
|
||||
| `autoscaling.enabled` | Enable HPA | `false` |
|
||||
|
||||
### Secret Reference Parameters
|
||||
|
||||
Use existing Kubernetes Secrets instead of plain-text values. Every sensitive field in the chart has a corresponding `existingSecret` / `secretRef` alternative:
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|-----------|-------------|---------|
|
||||
| `bifrost.encryptionKeySecret.name` | Secret name for encryption key | `""` |
|
||||
| `bifrost.encryptionKeySecret.key` | Key within the secret | `"encryption-key"` |
|
||||
| `postgresql.external.existingSecret` | Secret name for PostgreSQL password | `""` |
|
||||
| `postgresql.external.passwordKey` | Key within the secret | `"password"` |
|
||||
| `vectorStore.redis.external.existingSecret` | Secret name for Redis password | `""` |
|
||||
| `vectorStore.redis.external.passwordKey` | Key within the secret | `"password"` |
|
||||
| `vectorStore.weaviate.external.existingSecret` | Secret name for Weaviate API key | `""` |
|
||||
| `vectorStore.weaviate.external.apiKeyKey` | Key within the secret | `"api-key"` |
|
||||
| `vectorStore.qdrant.external.existingSecret` | Secret name for Qdrant API key | `""` |
|
||||
| `vectorStore.qdrant.external.apiKeyKey` | Key within the secret | `"api-key"` |
|
||||
| `bifrost.plugins.maxim.secretRef.name` | Secret name for Maxim API key | `""` |
|
||||
| `bifrost.plugins.maxim.secretRef.key` | Key within the secret | `"api-key"` |
|
||||
| `bifrost.providerSecrets.<provider>.existingSecret` | Secret name for provider API key | `""` |
|
||||
| `bifrost.providerSecrets.<provider>.key` | Key within the secret | `"api-key"` |
|
||||
| `bifrost.providerSecrets.<provider>.envVar` | Environment variable name to inject | `""` |
|
||||
|
||||
---
|
||||
|
||||
## Advanced Configuration
|
||||
|
||||
### Comprehensive Example
|
||||
|
||||
A production-ready values file combining the most common settings:
|
||||
|
||||
```yaml
|
||||
# my-values.yaml
|
||||
image:
|
||||
tag: "v1.4.11"
|
||||
|
||||
replicaCount: 3
|
||||
|
||||
storage:
|
||||
mode: postgres
|
||||
|
||||
postgresql:
|
||||
enabled: true
|
||||
auth:
|
||||
password: "secure-password" # use existingSecret in production
|
||||
|
||||
autoscaling:
|
||||
enabled: true
|
||||
minReplicas: 3
|
||||
maxReplicas: 10
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
className: nginx
|
||||
hosts:
|
||||
- host: bifrost.example.com
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
|
||||
bifrost:
|
||||
encryptionKeySecret:
|
||||
name: "bifrost-encryption"
|
||||
key: "key"
|
||||
providers:
|
||||
openai:
|
||||
keys:
|
||||
- name: "primary"
|
||||
value: "env.OPENAI_API_KEY"
|
||||
weight: 1
|
||||
providerSecrets:
|
||||
openai:
|
||||
existingSecret: "provider-api-keys"
|
||||
key: "openai-api-key"
|
||||
envVar: "OPENAI_API_KEY"
|
||||
```
|
||||
|
||||
```bash
|
||||
helm install bifrost bifrost/bifrost -f my-values.yaml
|
||||
```
|
||||
|
||||
### Node Affinity & Scheduling
|
||||
|
||||
Deploy to specific nodes and spread replicas across hosts:
|
||||
|
||||
```yaml
|
||||
nodeSelector:
|
||||
node-type: ai-workload
|
||||
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: bifrost
|
||||
topologyKey: kubernetes.io/hostname
|
||||
|
||||
tolerations:
|
||||
- key: "gpu"
|
||||
operator: "Equal"
|
||||
value: "true"
|
||||
effect: "NoSchedule"
|
||||
```
|
||||
|
||||
### Deployment & Pod Annotations
|
||||
|
||||
Useful for tooling like [Keel](https://keel.sh) for automatic image updates or Datadog APM injection:
|
||||
|
||||
```yaml
|
||||
deploymentAnnotations:
|
||||
keel.sh/policy: force
|
||||
keel.sh/trigger: poll
|
||||
|
||||
podAnnotations:
|
||||
ad.datadoghq.com/bifrost.logs: '[{"source":"bifrost","service":"bifrost"}]'
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Common Patterns
|
||||
|
||||
Ready-made values files for the most common deployment scenarios. Each pattern builds on the [quickstart](/deployment-guides/helm).
|
||||
|
||||
<Tabs>
|
||||
<Tab title="Development">
|
||||
|
||||
Simple setup for local testing. SQLite, single replica, no autoscaling.
|
||||
|
||||
```bash
|
||||
helm install bifrost bifrost/bifrost \
|
||||
--set image.tag=v1.4.11 \
|
||||
--set 'bifrost.providers.openai.keys[0].name=dev-key' \
|
||||
--set 'bifrost.providers.openai.keys[0].value=sk-your-key' \
|
||||
--set 'bifrost.providers.openai.keys[0].weight=1'
|
||||
```
|
||||
|
||||
```bash
|
||||
# Access
|
||||
kubectl port-forward svc/bifrost 8080:8080
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab title="Multi-Provider">
|
||||
|
||||
Multiple LLM providers with weighted load balancing.
|
||||
|
||||
```bash
|
||||
kubectl create secret generic provider-keys \
|
||||
--from-literal=openai-api-key='sk-...' \
|
||||
--from-literal=anthropic-api-key='sk-ant-...' \
|
||||
--from-literal=gemini-api-key='your-gemini-key'
|
||||
```
|
||||
|
||||
```yaml
|
||||
# multi-provider.yaml
|
||||
image:
|
||||
tag: "v1.4.11"
|
||||
|
||||
bifrost:
|
||||
encryptionKey: "your-encryption-key"
|
||||
|
||||
client:
|
||||
enableLogging: true
|
||||
allowDirectKeys: false
|
||||
|
||||
providers:
|
||||
openai:
|
||||
keys:
|
||||
- name: "openai-primary"
|
||||
value: "env.OPENAI_API_KEY"
|
||||
weight: 2 # 50% of traffic
|
||||
anthropic:
|
||||
keys:
|
||||
- name: "anthropic-primary"
|
||||
value: "env.ANTHROPIC_API_KEY"
|
||||
weight: 1 # 25%
|
||||
gemini:
|
||||
keys:
|
||||
- name: "gemini-primary"
|
||||
value: "env.GEMINI_API_KEY"
|
||||
weight: 1 # 25%
|
||||
|
||||
providerSecrets:
|
||||
openai:
|
||||
existingSecret: "provider-keys"
|
||||
key: "openai-api-key"
|
||||
envVar: "OPENAI_API_KEY"
|
||||
anthropic:
|
||||
existingSecret: "provider-keys"
|
||||
key: "anthropic-api-key"
|
||||
envVar: "ANTHROPIC_API_KEY"
|
||||
gemini:
|
||||
existingSecret: "provider-keys"
|
||||
key: "gemini-api-key"
|
||||
envVar: "GEMINI_API_KEY"
|
||||
|
||||
plugins:
|
||||
telemetry:
|
||||
enabled: true
|
||||
logging:
|
||||
enabled: true
|
||||
```
|
||||
|
||||
```bash
|
||||
helm install bifrost bifrost/bifrost -f multi-provider.yaml
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab title="External Database">
|
||||
|
||||
Use an existing PostgreSQL instance — RDS, Cloud SQL, Azure Database, or self-managed.
|
||||
|
||||
```bash
|
||||
kubectl create secret generic postgres-credentials \
|
||||
--from-literal=password='your-external-postgres-password'
|
||||
```
|
||||
|
||||
```yaml
|
||||
# external-db.yaml
|
||||
image:
|
||||
tag: "v1.4.11"
|
||||
|
||||
storage:
|
||||
mode: postgres
|
||||
|
||||
postgresql:
|
||||
enabled: false
|
||||
external:
|
||||
enabled: true
|
||||
host: "your-rds-endpoint.us-east-1.rds.amazonaws.com"
|
||||
port: 5432
|
||||
user: "bifrost"
|
||||
database: "bifrost"
|
||||
sslMode: "require"
|
||||
existingSecret: "postgres-credentials"
|
||||
passwordKey: "password"
|
||||
|
||||
bifrost:
|
||||
encryptionKey: "your-encryption-key"
|
||||
|
||||
providers:
|
||||
openai:
|
||||
keys:
|
||||
- name: "openai-primary"
|
||||
value: "sk-..."
|
||||
weight: 1
|
||||
```
|
||||
|
||||
```bash
|
||||
helm install bifrost bifrost/bifrost -f external-db.yaml
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab title="AI Workloads">
|
||||
|
||||
Semantic response caching for high-volume AI inference.
|
||||
|
||||
```bash
|
||||
kubectl create secret generic bifrost-encryption \
|
||||
--from-literal=key='your-32-byte-encryption-key'
|
||||
|
||||
kubectl create secret generic provider-keys \
|
||||
--from-literal=openai-api-key='sk-your-key'
|
||||
```
|
||||
|
||||
```yaml
|
||||
# ai-workload.yaml
|
||||
image:
|
||||
tag: "v1.4.11"
|
||||
|
||||
storage:
|
||||
mode: postgres
|
||||
|
||||
postgresql:
|
||||
enabled: true
|
||||
auth:
|
||||
password: "secure-password"
|
||||
primary:
|
||||
persistence:
|
||||
size: 50Gi
|
||||
|
||||
vectorStore:
|
||||
enabled: true
|
||||
type: weaviate
|
||||
weaviate:
|
||||
enabled: true
|
||||
persistence:
|
||||
size: 50Gi
|
||||
|
||||
bifrost:
|
||||
encryptionKeySecret:
|
||||
name: "bifrost-encryption"
|
||||
key: "key"
|
||||
|
||||
providers:
|
||||
openai:
|
||||
keys:
|
||||
- name: "openai-primary"
|
||||
value: "env.OPENAI_API_KEY"
|
||||
weight: 1
|
||||
|
||||
providerSecrets:
|
||||
openai:
|
||||
existingSecret: "provider-keys"
|
||||
key: "openai-api-key"
|
||||
envVar: "OPENAI_API_KEY"
|
||||
|
||||
plugins:
|
||||
semanticCache:
|
||||
enabled: true
|
||||
config:
|
||||
provider: "openai"
|
||||
keys:
|
||||
- value: "env.OPENAI_API_KEY"
|
||||
weight: 1
|
||||
embedding_model: "text-embedding-3-small"
|
||||
dimension: 1536
|
||||
threshold: 0.85
|
||||
ttl: "1h"
|
||||
cache_by_model: true
|
||||
cache_by_provider: true
|
||||
```
|
||||
|
||||
```bash
|
||||
helm install bifrost bifrost/bifrost -f ai-workload.yaml
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab title="Kubernetes Secrets Only">
|
||||
|
||||
Zero credentials in values files — all sensitive data in Kubernetes Secrets.
|
||||
|
||||
```bash
|
||||
kubectl create secret generic postgres-credentials \
|
||||
--from-literal=password='your-postgres-password'
|
||||
|
||||
kubectl create secret generic bifrost-encryption \
|
||||
--from-literal=key='your-encryption-key'
|
||||
|
||||
kubectl create secret generic provider-keys \
|
||||
--from-literal=openai-api-key='sk-...' \
|
||||
--from-literal=anthropic-api-key='sk-ant-...'
|
||||
|
||||
kubectl create secret generic qdrant-credentials \
|
||||
--from-literal=api-key='your-qdrant-api-key'
|
||||
```
|
||||
|
||||
```yaml
|
||||
# secrets-only.yaml
|
||||
image:
|
||||
tag: "v1.4.11"
|
||||
|
||||
storage:
|
||||
mode: postgres
|
||||
|
||||
postgresql:
|
||||
enabled: false
|
||||
external:
|
||||
enabled: true
|
||||
host: "postgres.example.com"
|
||||
port: 5432
|
||||
user: "bifrost"
|
||||
database: "bifrost"
|
||||
sslMode: "require"
|
||||
existingSecret: "postgres-credentials"
|
||||
passwordKey: "password"
|
||||
|
||||
vectorStore:
|
||||
enabled: true
|
||||
type: qdrant
|
||||
qdrant:
|
||||
enabled: false
|
||||
external:
|
||||
enabled: true
|
||||
host: "qdrant.example.com"
|
||||
port: 6334
|
||||
existingSecret: "qdrant-credentials"
|
||||
apiKeyKey: "api-key"
|
||||
|
||||
bifrost:
|
||||
encryptionKeySecret:
|
||||
name: "bifrost-encryption"
|
||||
key: "key"
|
||||
|
||||
providers:
|
||||
openai:
|
||||
keys:
|
||||
- name: "openai-primary"
|
||||
value: "env.OPENAI_API_KEY"
|
||||
weight: 1
|
||||
anthropic:
|
||||
keys:
|
||||
- name: "anthropic-primary"
|
||||
value: "env.ANTHROPIC_API_KEY"
|
||||
weight: 1
|
||||
|
||||
providerSecrets:
|
||||
openai:
|
||||
existingSecret: "provider-keys"
|
||||
key: "openai-api-key"
|
||||
envVar: "OPENAI_API_KEY"
|
||||
anthropic:
|
||||
existingSecret: "provider-keys"
|
||||
key: "anthropic-api-key"
|
||||
envVar: "ANTHROPIC_API_KEY"
|
||||
```
|
||||
|
||||
```bash
|
||||
helm install bifrost bifrost/bifrost -f secrets-only.yaml
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
Reference in New Issue
Block a user