Files
bifrost/docs/deployment-guides/helm/values.mdx
Beyhan Oğur 880f412e2c first commit
2026-04-26 21:52:23 +03:00

719 lines
18 KiB
Plaintext

---
title: "Values Reference"
description: "Complete reference for Bifrost Helm chart values — key parameters, how to supply them, and links to example files"
icon: "sliders"
---
This page covers every top-level parameter group in the Bifrost Helm chart's `values.yaml`, how to supply values via `--set` vs `-f`, and where to find ready-made example files.
<Note>
The full values schema is available at [https://getbifrost.ai/schema](https://getbifrost.ai/schema). All `values.yaml` fields map directly to `config.json` fields generated by the chart.
</Note>
## Supplying Values
### One-liner with `--set`
Good for a single field or quick experiments:
```bash
helm install bifrost bifrost/bifrost \
--set image.tag=v1.4.11 \
--set replicaCount=3 \
--set bifrost.client.initialPoolSize=500
```
### Values file with `-f`
Recommended for anything beyond a couple of fields:
```bash
# Create your values file
cat > my-values.yaml <<'EOF'
image:
tag: "v1.4.11"
replicaCount: 2
bifrost:
encryptionKey: "your-32-byte-encryption-key-here"
client:
initialPoolSize: 500
enableLogging: true
EOF
# Install
helm install bifrost bifrost/bifrost -f my-values.yaml
# Upgrade later
helm upgrade bifrost bifrost/bifrost -f my-values.yaml
# Upgrade and reuse all previously set values, overriding only one field
helm upgrade bifrost bifrost/bifrost \
--reuse-values \
--set replicaCount=5
```
### Multiple values files
Later files override earlier ones — useful for a base + environment-specific overlay:
```bash
helm install bifrost bifrost/bifrost \
-f base-values.yaml \
-f production-overrides.yaml
```
---
## Key Parameters Reference
### Image
| Parameter | Description | Default |
|-----------|-------------|---------|
| `image.repository` | Container image repository | `docker.io/maximhq/bifrost` |
| `image.tag` | **Required.** Image version (e.g. `v1.4.11`) | `""` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `imagePullSecrets` | List of pull secret names for private registries | `[]` |
```bash
# Always specify the tag — the chart will not start without it
helm install bifrost bifrost/bifrost --set image.tag=v1.4.11
```
### Replicas & Autoscaling
| Parameter | Description | Default |
|-----------|-------------|---------|
| `replicaCount` | Static replica count (ignored when HPA is enabled) | `1` |
| `autoscaling.enabled` | Enable Horizontal Pod Autoscaler | `false` |
| `autoscaling.minReplicas` | Minimum replicas | `1` |
| `autoscaling.maxReplicas` | Maximum replicas | `10` |
| `autoscaling.targetCPUUtilizationPercentage` | CPU target for scaling | `80` |
| `autoscaling.targetMemoryUtilizationPercentage` | Memory target for scaling | `80` |
| `autoscaling.behavior.scaleDown.stabilizationWindowSeconds` | Cooldown before scale-down (important for SSE streams) | `300` |
| `autoscaling.behavior.scaleDown.policies[0].value` | Max pods removed per period | `1` |
### Resources
| Parameter | Description | Default |
|-----------|-------------|---------|
| `resources.requests.cpu` | CPU request | `500m` |
| `resources.requests.memory` | Memory request | `512Mi` |
| `resources.limits.cpu` | CPU limit | `2000m` |
| `resources.limits.memory` | Memory limit | `2Gi` |
### Service
| Parameter | Description | Default |
|-----------|-------------|---------|
| `service.type` | `ClusterIP`, `LoadBalancer`, or `NodePort` | `ClusterIP` |
| `service.port` | Service port | `8080` |
### Ingress
| Parameter | Description | Default |
|-----------|-------------|---------|
| `ingress.enabled` | Enable ingress | `false` |
| `ingress.className` | Ingress class (e.g. `nginx`, `traefik`) | `""` |
| `ingress.annotations` | Ingress annotations | `{}` |
| `ingress.hosts` | Host rules | see values.yaml |
| `ingress.tls` | TLS configuration | `[]` |
```yaml
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/proxy-body-size: "100m"
hosts:
- host: bifrost.yourdomain.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: bifrost-tls
hosts:
- bifrost.yourdomain.com
```
### Probes
| Parameter | Description | Default |
|-----------|-------------|---------|
| `livenessProbe.initialDelaySeconds` | Seconds before first liveness check | `30` |
| `livenessProbe.periodSeconds` | Liveness check interval | `30` |
| `readinessProbe.initialDelaySeconds` | Seconds before first readiness check | `10` |
| `readinessProbe.periodSeconds` | Readiness check interval | `10` |
Both probes hit `GET /health`.
### Graceful Shutdown
Bifrost supports long-lived SSE streaming connections. The default `preStop` hook and termination grace period let in-flight streams finish before the pod is killed:
| Parameter | Description | Default |
|-----------|-------------|---------|
| `terminationGracePeriodSeconds` | Total grace period | `60` |
| `lifecycle.preStop.exec.command` | Sleep before SIGTERM so load balancer drains | `["sh", "-c", "sleep 15"]` |
Increase `terminationGracePeriodSeconds` if your typical stream responses take longer than 45 seconds.
### Service Account
| Parameter | Description | Default |
|-----------|-------------|---------|
| `serviceAccount.create` | Create a dedicated service account | `true` |
| `serviceAccount.annotations` | Annotations (e.g. for IRSA, Workload Identity) | `{}` |
| `serviceAccount.name` | Override the generated name | `""` |
### Pod Scheduling
```yaml
# Spread replicas across nodes
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: bifrost
topologyKey: kubernetes.io/hostname
# Pin to specific node pool
nodeSelector:
node-type: ai-workload
# Tolerate GPU taints
tolerations:
- key: "gpu"
operator: "Equal"
value: "true"
effect: "NoSchedule"
```
### Extra Environment Variables
Three ways to inject env vars:
```yaml
# Inline key/value pairs
env:
- name: HTTP_PROXY
value: "http://proxy.corp.example.com:3128"
# Map syntax (appended after env)
extraEnv:
NO_PROXY: "169.254.169.254,10.0.0.0/8"
# Bulk-load from existing Secrets or ConfigMaps
envFrom:
- secretRef:
name: my-corp-secrets
- configMapRef:
name: my-app-config
```
### Init Containers
```yaml
initContainers:
- name: wait-for-db
image: busybox:1.35
command: ["sh", "-c", "until nc -z postgres-svc 5432; do sleep 2; done"]
```
---
## Values Examples
The chart ships ready-made example files under [`helm-charts/bifrost/values-examples/`](https://github.com/maximhq/bifrost/tree/main/helm-charts/bifrost/values-examples):
| File | Use case |
|------|----------|
| `sqlite-only.yaml` | Minimal local/dev setup |
| `postgres-only.yaml` | Single-store Postgres |
| `production-ha.yaml` | HA: 3 replicas, Postgres, Weaviate, HPA, Ingress |
| `providers-and-virtual-keys.yaml` | All 23 providers + 7 virtual key patterns |
| `secrets-from-k8s.yaml` | All sensitive values from Kubernetes Secrets |
| `external-postgres.yaml` | Point at an existing Postgres instance |
| `postgres-redis.yaml` | Postgres + Redis vector store |
| `postgres-weaviate.yaml` | Postgres + Weaviate vector store |
| `postgres-qdrant.yaml` | Postgres + Qdrant vector store |
| `semantic-cache-secret-example.yaml` | Semantic cache with secret injection |
| `mixed-backend.yaml` | Config store = postgres, logs store = sqlite |
Install from an example file directly:
```bash
helm install bifrost bifrost/bifrost \
-f https://raw.githubusercontent.com/maximhq/bifrost/main/helm-charts/bifrost/values-examples/production-ha.yaml \
--set image.tag=v1.4.11
```
---
## Helm Operations
### View current values
```bash
helm get values bifrost
```
### Diff before upgrading (requires helm-diff plugin)
```bash
helm diff upgrade bifrost bifrost/bifrost -f my-values.yaml
```
### Rollback
```bash
helm history bifrost
helm rollback bifrost # to previous revision
helm rollback bifrost 2 # to revision 2
```
### Uninstall
```bash
helm uninstall bifrost
# Also remove PVCs (deletes all data)
kubectl delete pvc -l app.kubernetes.io/instance=bifrost
```
---
## All Key Parameters
A quick-reference table of the most commonly used top-level parameters:
| Parameter | Description | Default |
|-----------|-------------|---------|
| `image.tag` | **Required.** Bifrost image version (e.g., `v1.4.11`) | `""` |
| `replicaCount` | Number of replicas | `1` |
| `storage.mode` | Storage backend (`sqlite` or `postgres`) | `sqlite` |
| `storage.persistence.size` | PVC size for SQLite | `10Gi` |
| `postgresql.enabled` | Deploy embedded PostgreSQL | `false` |
| `vectorStore.enabled` | Enable vector store | `false` |
| `vectorStore.type` | Vector store type (`weaviate`, `redis`, `qdrant`) | `none` |
| `bifrost.encryptionKey` | Optional encryption key (use `encryptionKeySecret` in production). If omitted, data is stored in plaintext. | `""` |
| `ingress.enabled` | Enable ingress | `false` |
| `autoscaling.enabled` | Enable HPA | `false` |
### Secret Reference Parameters
Use existing Kubernetes Secrets instead of plain-text values. Every sensitive field in the chart has a corresponding `existingSecret` / `secretRef` alternative:
| Parameter | Description | Default |
|-----------|-------------|---------|
| `bifrost.encryptionKeySecret.name` | Secret name for encryption key | `""` |
| `bifrost.encryptionKeySecret.key` | Key within the secret | `"encryption-key"` |
| `postgresql.external.existingSecret` | Secret name for PostgreSQL password | `""` |
| `postgresql.external.passwordKey` | Key within the secret | `"password"` |
| `vectorStore.redis.external.existingSecret` | Secret name for Redis password | `""` |
| `vectorStore.redis.external.passwordKey` | Key within the secret | `"password"` |
| `vectorStore.weaviate.external.existingSecret` | Secret name for Weaviate API key | `""` |
| `vectorStore.weaviate.external.apiKeyKey` | Key within the secret | `"api-key"` |
| `vectorStore.qdrant.external.existingSecret` | Secret name for Qdrant API key | `""` |
| `vectorStore.qdrant.external.apiKeyKey` | Key within the secret | `"api-key"` |
| `bifrost.plugins.maxim.secretRef.name` | Secret name for Maxim API key | `""` |
| `bifrost.plugins.maxim.secretRef.key` | Key within the secret | `"api-key"` |
| `bifrost.providerSecrets.<provider>.existingSecret` | Secret name for provider API key | `""` |
| `bifrost.providerSecrets.<provider>.key` | Key within the secret | `"api-key"` |
| `bifrost.providerSecrets.<provider>.envVar` | Environment variable name to inject | `""` |
---
## Advanced Configuration
### Comprehensive Example
A production-ready values file combining the most common settings:
```yaml
# my-values.yaml
image:
tag: "v1.4.11"
replicaCount: 3
storage:
mode: postgres
postgresql:
enabled: true
auth:
password: "secure-password" # use existingSecret in production
autoscaling:
enabled: true
minReplicas: 3
maxReplicas: 10
ingress:
enabled: true
className: nginx
hosts:
- host: bifrost.example.com
paths:
- path: /
pathType: Prefix
bifrost:
encryptionKeySecret:
name: "bifrost-encryption"
key: "key"
providers:
openai:
keys:
- name: "primary"
value: "env.OPENAI_API_KEY"
weight: 1
providerSecrets:
openai:
existingSecret: "provider-api-keys"
key: "openai-api-key"
envVar: "OPENAI_API_KEY"
```
```bash
helm install bifrost bifrost/bifrost -f my-values.yaml
```
### Node Affinity & Scheduling
Deploy to specific nodes and spread replicas across hosts:
```yaml
nodeSelector:
node-type: ai-workload
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: bifrost
topologyKey: kubernetes.io/hostname
tolerations:
- key: "gpu"
operator: "Equal"
value: "true"
effect: "NoSchedule"
```
### Deployment & Pod Annotations
Useful for tooling like [Keel](https://keel.sh) for automatic image updates or Datadog APM injection:
```yaml
deploymentAnnotations:
keel.sh/policy: force
keel.sh/trigger: poll
podAnnotations:
ad.datadoghq.com/bifrost.logs: '[{"source":"bifrost","service":"bifrost"}]'
```
---
## Common Patterns
Ready-made values files for the most common deployment scenarios. Each pattern builds on the [quickstart](/deployment-guides/helm).
<Tabs>
<Tab title="Development">
Simple setup for local testing. SQLite, single replica, no autoscaling.
```bash
helm install bifrost bifrost/bifrost \
--set image.tag=v1.4.11 \
--set 'bifrost.providers.openai.keys[0].name=dev-key' \
--set 'bifrost.providers.openai.keys[0].value=sk-your-key' \
--set 'bifrost.providers.openai.keys[0].weight=1'
```
```bash
# Access
kubectl port-forward svc/bifrost 8080:8080
```
</Tab>
<Tab title="Multi-Provider">
Multiple LLM providers with weighted load balancing.
```bash
kubectl create secret generic provider-keys \
--from-literal=openai-api-key='sk-...' \
--from-literal=anthropic-api-key='sk-ant-...' \
--from-literal=gemini-api-key='your-gemini-key'
```
```yaml
# multi-provider.yaml
image:
tag: "v1.4.11"
bifrost:
encryptionKey: "your-encryption-key"
client:
enableLogging: true
allowDirectKeys: false
providers:
openai:
keys:
- name: "openai-primary"
value: "env.OPENAI_API_KEY"
weight: 2 # 50% of traffic
anthropic:
keys:
- name: "anthropic-primary"
value: "env.ANTHROPIC_API_KEY"
weight: 1 # 25%
gemini:
keys:
- name: "gemini-primary"
value: "env.GEMINI_API_KEY"
weight: 1 # 25%
providerSecrets:
openai:
existingSecret: "provider-keys"
key: "openai-api-key"
envVar: "OPENAI_API_KEY"
anthropic:
existingSecret: "provider-keys"
key: "anthropic-api-key"
envVar: "ANTHROPIC_API_KEY"
gemini:
existingSecret: "provider-keys"
key: "gemini-api-key"
envVar: "GEMINI_API_KEY"
plugins:
telemetry:
enabled: true
logging:
enabled: true
```
```bash
helm install bifrost bifrost/bifrost -f multi-provider.yaml
```
</Tab>
<Tab title="External Database">
Use an existing PostgreSQL instance — RDS, Cloud SQL, Azure Database, or self-managed.
```bash
kubectl create secret generic postgres-credentials \
--from-literal=password='your-external-postgres-password'
```
```yaml
# external-db.yaml
image:
tag: "v1.4.11"
storage:
mode: postgres
postgresql:
enabled: false
external:
enabled: true
host: "your-rds-endpoint.us-east-1.rds.amazonaws.com"
port: 5432
user: "bifrost"
database: "bifrost"
sslMode: "require"
existingSecret: "postgres-credentials"
passwordKey: "password"
bifrost:
encryptionKey: "your-encryption-key"
providers:
openai:
keys:
- name: "openai-primary"
value: "sk-..."
weight: 1
```
```bash
helm install bifrost bifrost/bifrost -f external-db.yaml
```
</Tab>
<Tab title="AI Workloads">
Semantic response caching for high-volume AI inference.
```bash
kubectl create secret generic bifrost-encryption \
--from-literal=key='your-32-byte-encryption-key'
kubectl create secret generic provider-keys \
--from-literal=openai-api-key='sk-your-key'
```
```yaml
# ai-workload.yaml
image:
tag: "v1.4.11"
storage:
mode: postgres
postgresql:
enabled: true
auth:
password: "secure-password"
primary:
persistence:
size: 50Gi
vectorStore:
enabled: true
type: weaviate
weaviate:
enabled: true
persistence:
size: 50Gi
bifrost:
encryptionKeySecret:
name: "bifrost-encryption"
key: "key"
providers:
openai:
keys:
- name: "openai-primary"
value: "env.OPENAI_API_KEY"
weight: 1
providerSecrets:
openai:
existingSecret: "provider-keys"
key: "openai-api-key"
envVar: "OPENAI_API_KEY"
plugins:
semanticCache:
enabled: true
config:
provider: "openai"
keys:
- value: "env.OPENAI_API_KEY"
weight: 1
embedding_model: "text-embedding-3-small"
dimension: 1536
threshold: 0.85
ttl: "1h"
cache_by_model: true
cache_by_provider: true
```
```bash
helm install bifrost bifrost/bifrost -f ai-workload.yaml
```
</Tab>
<Tab title="Kubernetes Secrets Only">
Zero credentials in values files — all sensitive data in Kubernetes Secrets.
```bash
kubectl create secret generic postgres-credentials \
--from-literal=password='your-postgres-password'
kubectl create secret generic bifrost-encryption \
--from-literal=key='your-encryption-key'
kubectl create secret generic provider-keys \
--from-literal=openai-api-key='sk-...' \
--from-literal=anthropic-api-key='sk-ant-...'
kubectl create secret generic qdrant-credentials \
--from-literal=api-key='your-qdrant-api-key'
```
```yaml
# secrets-only.yaml
image:
tag: "v1.4.11"
storage:
mode: postgres
postgresql:
enabled: false
external:
enabled: true
host: "postgres.example.com"
port: 5432
user: "bifrost"
database: "bifrost"
sslMode: "require"
existingSecret: "postgres-credentials"
passwordKey: "password"
vectorStore:
enabled: true
type: qdrant
qdrant:
enabled: false
external:
enabled: true
host: "qdrant.example.com"
port: 6334
existingSecret: "qdrant-credentials"
apiKeyKey: "api-key"
bifrost:
encryptionKeySecret:
name: "bifrost-encryption"
key: "key"
providers:
openai:
keys:
- name: "openai-primary"
value: "env.OPENAI_API_KEY"
weight: 1
anthropic:
keys:
- name: "anthropic-primary"
value: "env.ANTHROPIC_API_KEY"
weight: 1
providerSecrets:
openai:
existingSecret: "provider-keys"
key: "openai-api-key"
envVar: "OPENAI_API_KEY"
anthropic:
existingSecret: "provider-keys"
key: "anthropic-api-key"
envVar: "ANTHROPIC_API_KEY"
```
```bash
helm install bifrost bifrost/bifrost -f secrets-only.yaml
```
</Tab>
</Tabs>