640 lines
15 KiB
Plaintext
640 lines
15 KiB
Plaintext
---
|
|
title: "Quick Start"
|
|
description: "Deploy Bifrost on Kubernetes using the official Helm chart — quickstart for OSS and Enterprise"
|
|
icon: "server"
|
|
---
|
|
|
|
<Note>
|
|
**Latest Chart Version**: [View on Artifact Hub](https://artifacthub.io/packages/helm/bifrost/bifrost)
|
|
</Note>
|
|
|
|
<Tabs>
|
|
|
|
<Tab title="OSS">
|
|
|
|
## Prerequisites
|
|
|
|
- Kubernetes cluster (v1.19+)
|
|
- `kubectl` configured
|
|
- Helm 3.2.0+ installed
|
|
- Persistent Volume provisioner (required for SQLite; optional for Postgres-only)
|
|
|
|
<Note>
|
|
If you use PostgreSQL for Bifrost storage, ensure the database is UTF8 encoded. See [PostgreSQL UTF8 Requirement](../quickstart/gateway/setting-up#postgresql-utf8-requirement).
|
|
</Note>
|
|
|
|
## Step 1 — Add the Helm Repository
|
|
|
|
```bash
|
|
helm repo add bifrost https://maximhq.github.io/bifrost/helm-charts
|
|
helm repo update
|
|
```
|
|
|
|
## Step 2 — Install
|
|
|
|
<Note>
|
|
The Helm chart ships ready-made values files under `helm-charts/bifrost/values-examples/`.
|
|
For example: `sqlite-only.yaml`, `production-ha.yaml`, `external-postgres.yaml`, and `secrets-from-k8s.yaml`.
|
|
See the full list here: https://github.com/maximhq/bifrost/tree/main/helm-charts/bifrost/values-examples
|
|
</Note>
|
|
|
|
<Tabs>
|
|
<Tab title="Minimal (SQLite)">
|
|
|
|
Fastest way to get running. Bifrost deploys as a StatefulSet with a 10Gi PVC for SQLite.
|
|
|
|
```bash
|
|
kubectl create secret generic bifrost-encryption-key \
|
|
--from-literal=encryption-key="$(openssl rand -base64 32)"
|
|
|
|
helm install bifrost bifrost/bifrost \
|
|
--set image.tag=v1.4.11 \
|
|
--set bifrost.encryptionKeySecret.name="bifrost-encryption-key" \
|
|
--set bifrost.encryptionKeySecret.key="encryption-key"
|
|
```
|
|
|
|
</Tab>
|
|
<Tab title="With a Provider Key">
|
|
|
|
Add your first provider key at install time:
|
|
|
|
```bash
|
|
kubectl create secret generic bifrost-encryption-key \
|
|
--from-literal=encryption-key="$(openssl rand -base64 32)"
|
|
|
|
kubectl create secret generic provider-keys \
|
|
--from-literal=openai-api-key='sk-your-key'
|
|
|
|
helm install bifrost bifrost/bifrost \
|
|
--set image.tag=v1.4.11 \
|
|
--set bifrost.encryptionKeySecret.name="bifrost-encryption-key" \
|
|
--set bifrost.encryptionKeySecret.key="encryption-key" \
|
|
--set 'bifrost.providers.openai.keys[0].name=primary' \
|
|
--set 'bifrost.providers.openai.keys[0].value=env.OPENAI_API_KEY' \
|
|
--set 'bifrost.providers.openai.keys[0].weight=1' \
|
|
--set bifrost.providerSecrets.openai.existingSecret="provider-keys" \
|
|
--set bifrost.providerSecrets.openai.key="openai-api-key" \
|
|
--set bifrost.providerSecrets.openai.envVar="OPENAI_API_KEY"
|
|
```
|
|
|
|
</Tab>
|
|
<Tab title="Production (PostgreSQL + HA)">
|
|
|
|
High-availability setup — 3 replicas, PostgreSQL, autoscaling, ingress.
|
|
|
|
```bash
|
|
# 1. Create secrets
|
|
kubectl create secret generic bifrost-encryption-key \
|
|
--from-literal=encryption-key="$(openssl rand -base64 32)"
|
|
|
|
kubectl create secret generic postgres-credentials \
|
|
--from-literal=password="$(openssl rand -base64 32)"
|
|
|
|
kubectl create secret generic provider-keys \
|
|
--from-literal=openai-api-key='sk-...'
|
|
```
|
|
|
|
```yaml
|
|
# production.yaml
|
|
image:
|
|
tag: "v1.4.11"
|
|
|
|
replicaCount: 3
|
|
|
|
storage:
|
|
mode: postgres
|
|
|
|
postgresql:
|
|
enabled: true
|
|
auth:
|
|
username: bifrost
|
|
database: bifrost
|
|
existingSecret: "postgres-credentials"
|
|
secretKeys:
|
|
adminPasswordKey: "password"
|
|
primary:
|
|
persistence:
|
|
size: 50Gi
|
|
resources:
|
|
requests:
|
|
cpu: 500m
|
|
memory: 1Gi
|
|
limits:
|
|
cpu: 2000m
|
|
memory: 2Gi
|
|
|
|
autoscaling:
|
|
enabled: true
|
|
minReplicas: 3
|
|
maxReplicas: 10
|
|
targetCPUUtilizationPercentage: 70
|
|
targetMemoryUtilizationPercentage: 80
|
|
|
|
ingress:
|
|
enabled: true
|
|
className: nginx
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
hosts:
|
|
- host: bifrost.yourdomain.com
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- secretName: bifrost-tls
|
|
hosts:
|
|
- bifrost.yourdomain.com
|
|
|
|
resources:
|
|
requests:
|
|
cpu: 500m
|
|
memory: 1Gi
|
|
limits:
|
|
cpu: 2000m
|
|
memory: 2Gi
|
|
|
|
bifrost:
|
|
encryptionKeySecret:
|
|
name: "bifrost-encryption-key"
|
|
key: "encryption-key"
|
|
|
|
client:
|
|
initialPoolSize: 500
|
|
dropExcessRequests: true
|
|
enableLogging: true
|
|
|
|
providers:
|
|
openai:
|
|
keys:
|
|
- name: "openai-primary"
|
|
value: "env.OPENAI_API_KEY"
|
|
weight: 1
|
|
|
|
providerSecrets:
|
|
openai:
|
|
existingSecret: "provider-keys"
|
|
key: "openai-api-key"
|
|
envVar: "OPENAI_API_KEY"
|
|
|
|
plugins:
|
|
telemetry:
|
|
enabled: true
|
|
version: 1
|
|
logging:
|
|
enabled: true
|
|
version: 1
|
|
governance:
|
|
enabled: true
|
|
version: 1
|
|
```
|
|
|
|
```bash
|
|
# 2. Install
|
|
helm install bifrost bifrost/bifrost -f production.yaml
|
|
```
|
|
|
|
</Tab>
|
|
</Tabs>
|
|
|
|
<Note>
|
|
`image.tag` is required — the chart will not start without it. Check [Docker Hub](https://hub.docker.com/r/maximhq/bifrost/tags) for available versions.
|
|
</Note>
|
|
|
|
## Step 3 — Verify
|
|
|
|
```bash
|
|
# Check pods are running
|
|
kubectl get pods -l app.kubernetes.io/name=bifrost
|
|
|
|
# Port forward and hit the health endpoint
|
|
kubectl port-forward svc/bifrost 8080:8080
|
|
curl http://localhost:8080/health
|
|
|
|
# Check Prometheus metrics
|
|
curl http://localhost:8080/metrics
|
|
```
|
|
|
|
## Step 4 — Configure Providers & Plugins
|
|
|
|
```bash
|
|
# Make your first inference call
|
|
curl http://localhost:8080/v1/chat/completions \
|
|
-H "Content-Type: application/json" \
|
|
-d '{
|
|
"model": "gpt-4o-mini",
|
|
"messages": [{"role": "user", "content": "Hello from Bifrost!"}]
|
|
}'
|
|
```
|
|
|
|
Next steps: jump to [Next Steps](#next-steps).
|
|
|
|
</Tab>
|
|
|
|
<Tab title="Enterprise">
|
|
|
|
Enterprise customers receive dedicated container images in a private registry, along with additional features, SLAs, and compliance documentation.
|
|
|
|
<Note>
|
|
[Book a demo](https://calendly.com/maximai/bifrost-demo) to know more about our enterprise features.
|
|
</Note>
|
|
|
|
## Prerequisites
|
|
|
|
- Kubernetes cluster (v1.19+)
|
|
- `kubectl` configured
|
|
- Helm 3.2.0+ installed
|
|
- Enterprise registry credentials (provided by Maxim)
|
|
|
|
## Step 1 — Add the Helm Repository
|
|
|
|
```bash
|
|
helm repo add bifrost https://maximhq.github.io/bifrost/helm-charts
|
|
helm repo update
|
|
```
|
|
|
|
## Step 2 — Create Pull Secret
|
|
|
|
Create a Kubernetes image pull secret for our private enterprise registry:
|
|
|
|
<Tabs>
|
|
<Tab title="Google Artifact Registry">
|
|
|
|
```bash
|
|
kubectl create secret docker-registry enterprise-registry-secret \
|
|
--docker-server=us-west1-docker.pkg.dev \
|
|
--docker-username=_json_key \
|
|
--docker-password="$(cat service-account-key.json)" \
|
|
--docker-email=your-email@example.com
|
|
```
|
|
|
|
</Tab>
|
|
<Tab title="AWS ECR">
|
|
|
|
```bash
|
|
kubectl create secret docker-registry enterprise-registry-secret \
|
|
--docker-server=123456789.dkr.ecr.us-east-1.amazonaws.com \
|
|
--docker-username=AWS \
|
|
--docker-password=$(aws ecr get-login-password --region us-east-1)
|
|
```
|
|
|
|
<Note>
|
|
ECR tokens expire after 12 hours. Use the [ECR Credential Helper](https://github.com/awslabs/amazon-ecr-credential-helper) or [ECR Registry Creds operator](https://github.com/upmc-enterprises/registry-creds) for automatic refresh.
|
|
</Note>
|
|
|
|
</Tab>
|
|
<Tab title="Azure ACR">
|
|
|
|
```bash
|
|
kubectl create secret docker-registry enterprise-registry-secret \
|
|
--docker-server=yourregistry.azurecr.io \
|
|
--docker-username=<service-principal-id> \
|
|
--docker-password=<service-principal-password>
|
|
```
|
|
|
|
</Tab>
|
|
<Tab title="Self-Hosted Registry">
|
|
|
|
```bash
|
|
kubectl create secret docker-registry enterprise-registry-secret \
|
|
--docker-server=registry.yourcompany.com \
|
|
--docker-username=<username> \
|
|
--docker-password=<password>
|
|
```
|
|
|
|
</Tab>
|
|
</Tabs>
|
|
|
|
## Step 3 — Create Required Secrets
|
|
|
|
```bash
|
|
# Encryption key
|
|
kubectl create secret generic bifrost-encryption \
|
|
--from-literal=key="$(openssl rand -base64 32)"
|
|
|
|
# Provider API keys
|
|
kubectl create secret generic provider-keys \
|
|
--from-literal=openai-api-key='sk-...' \
|
|
--from-literal=anthropic-api-key='sk-ant-...'
|
|
|
|
# Admin credentials (for dashboard + governance)
|
|
kubectl create secret generic bifrost-admin-credentials \
|
|
--from-literal=username='admin' \
|
|
--from-literal=password='secure-admin-password'
|
|
```
|
|
|
|
## Step 4 — Install
|
|
|
|
```yaml
|
|
# enterprise.yaml
|
|
image:
|
|
# Registry URL provided by Maxim
|
|
repository: us-west1-docker.pkg.dev/bifrost-enterprise/your-org/bifrost
|
|
tag: "latest"
|
|
|
|
imagePullSecrets:
|
|
- name: enterprise-registry-secret
|
|
|
|
replicaCount: 3
|
|
|
|
resources:
|
|
requests:
|
|
cpu: 1000m
|
|
memory: 2Gi
|
|
limits:
|
|
cpu: 4000m
|
|
memory: 8Gi
|
|
|
|
autoscaling:
|
|
enabled: true
|
|
minReplicas: 3
|
|
maxReplicas: 20
|
|
targetCPUUtilizationPercentage: 70
|
|
targetMemoryUtilizationPercentage: 80
|
|
|
|
storage:
|
|
mode: postgres
|
|
|
|
postgresql:
|
|
enabled: true
|
|
auth:
|
|
password: "secure-password" # use existingSecret in production
|
|
primary:
|
|
persistence:
|
|
size: 100Gi
|
|
resources:
|
|
requests:
|
|
cpu: 1000m
|
|
memory: 2Gi
|
|
limits:
|
|
cpu: 4000m
|
|
memory: 8Gi
|
|
|
|
vectorStore:
|
|
enabled: true
|
|
type: weaviate
|
|
weaviate:
|
|
enabled: true
|
|
persistence:
|
|
size: 100Gi
|
|
|
|
ingress:
|
|
enabled: true
|
|
className: nginx
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
nginx.ingress.kubernetes.io/proxy-body-size: "100m"
|
|
hosts:
|
|
- host: bifrost.yourcompany.com
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- secretName: bifrost-tls
|
|
hosts:
|
|
- bifrost.yourcompany.com
|
|
|
|
bifrost:
|
|
encryptionKeySecret:
|
|
name: "bifrost-encryption"
|
|
key: "key"
|
|
|
|
client:
|
|
initialPoolSize: 1000
|
|
dropExcessRequests: true
|
|
enableLogging: true
|
|
disableContentLogging: false # set true for HIPAA/compliance
|
|
logRetentionDays: 365
|
|
enforceGovernanceHeader: true
|
|
allowDirectKeys: false
|
|
maxRequestBodySizeMb: 100
|
|
allowedOrigins:
|
|
- "https://yourcompany.com"
|
|
- "https://*.yourcompany.com"
|
|
|
|
providers:
|
|
openai:
|
|
keys:
|
|
- name: "openai-primary"
|
|
value: "env.OPENAI_API_KEY"
|
|
weight: 1
|
|
anthropic:
|
|
keys:
|
|
- name: "anthropic-primary"
|
|
value: "env.ANTHROPIC_API_KEY"
|
|
weight: 1
|
|
|
|
providerSecrets:
|
|
openai:
|
|
existingSecret: "provider-keys"
|
|
key: "openai-api-key"
|
|
envVar: "OPENAI_API_KEY"
|
|
anthropic:
|
|
existingSecret: "provider-keys"
|
|
key: "anthropic-api-key"
|
|
envVar: "ANTHROPIC_API_KEY"
|
|
|
|
governance:
|
|
authConfig:
|
|
isEnabled: true
|
|
disableAuthOnInference: false
|
|
existingSecret: "bifrost-admin-credentials"
|
|
usernameKey: "username"
|
|
passwordKey: "password"
|
|
|
|
plugins:
|
|
telemetry:
|
|
enabled: true
|
|
version: 1
|
|
logging:
|
|
enabled: true
|
|
version: 1
|
|
governance:
|
|
enabled: true
|
|
version: 1
|
|
config:
|
|
is_vk_mandatory: true
|
|
semanticCache:
|
|
enabled: true
|
|
version: 1
|
|
config:
|
|
provider: "openai"
|
|
embedding_model: "text-embedding-3-small"
|
|
dimension: 1536
|
|
threshold: 0.85
|
|
ttl: "1h"
|
|
|
|
affinity:
|
|
podAntiAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: bifrost
|
|
topologyKey: kubernetes.io/hostname
|
|
```
|
|
|
|
```bash
|
|
helm install bifrost bifrost/bifrost -f enterprise.yaml
|
|
```
|
|
|
|
Next steps: jump to [Next Steps](#next-steps).
|
|
|
|
<Note>
|
|
For DB-backed deployments, built-in plugins support a top-level `version` field (for example: `telemetry`, `logging`, `governance`, `semanticCache`, `otel`, `maxim`, `datadog`). Increase this number when you want config from Helm to overwrite an older plugin record in the DB.
|
|
</Note>
|
|
|
|
## Enterprise Support
|
|
|
|
Enterprise customers have access to:
|
|
- Dedicated Slack channel for support
|
|
- Priority bug fixes and feature requests
|
|
- Custom feature development
|
|
- SLA guarantees
|
|
- Compliance documentation (SOC2, HIPAA, etc.)
|
|
|
|
Contact [support@getmaxim.ai](mailto:support@getmaxim.ai) for support.
|
|
|
|
</Tab>
|
|
|
|
</Tabs>
|
|
|
|
---
|
|
|
|
## Operations
|
|
|
|
### Upgrade
|
|
|
|
```bash
|
|
helm repo update
|
|
|
|
# Upgrade reusing all existing values
|
|
helm upgrade bifrost bifrost/bifrost --reuse-values
|
|
|
|
# Upgrade with new values
|
|
helm upgrade bifrost bifrost/bifrost -f your-values.yaml
|
|
|
|
# Upgrade and override a single field
|
|
helm upgrade bifrost bifrost/bifrost \
|
|
--reuse-values \
|
|
--set image.tag=v1.4.11
|
|
```
|
|
|
|
### Rollback
|
|
|
|
```bash
|
|
helm history bifrost
|
|
helm rollback bifrost # to previous revision
|
|
helm rollback bifrost 2 # to specific revision
|
|
```
|
|
|
|
### Scale
|
|
|
|
```bash
|
|
kubectl scale deployment bifrost --replicas=5
|
|
|
|
# Or via Helm
|
|
helm upgrade bifrost bifrost/bifrost \
|
|
--reuse-values \
|
|
--set replicaCount=5
|
|
```
|
|
|
|
### Uninstall
|
|
|
|
```bash
|
|
helm uninstall bifrost
|
|
|
|
# Also remove PVCs (permanently deletes all data)
|
|
kubectl delete pvc -l app.kubernetes.io/instance=bifrost
|
|
```
|
|
|
|
---
|
|
|
|
## Monitoring
|
|
|
|
### Prometheus Metrics
|
|
|
|
Bifrost exposes Prometheus metrics at `/metrics`.
|
|
|
|
Enable ServiceMonitor for automatic scraping:
|
|
|
|
```yaml
|
|
serviceMonitor:
|
|
enabled: true
|
|
interval: 30s
|
|
scrapeTimeout: 10s
|
|
```
|
|
|
|
### Health Checks
|
|
|
|
Check pod health:
|
|
|
|
```bash
|
|
# View pod status
|
|
kubectl get pods -l app.kubernetes.io/name=bifrost
|
|
|
|
# Check logs
|
|
kubectl logs -l app.kubernetes.io/name=bifrost --tail=100
|
|
|
|
# Describe pod
|
|
kubectl describe pod -l app.kubernetes.io/name=bifrost
|
|
```
|
|
|
|
### Metrics Endpoints
|
|
|
|
```bash
|
|
# Port forward
|
|
kubectl port-forward svc/bifrost 8080:8080
|
|
|
|
# Check metrics
|
|
curl http://localhost:8080/metrics
|
|
|
|
# Check health
|
|
curl http://localhost:8080/health
|
|
```
|
|
|
|
---
|
|
|
|
## Configuration Guides
|
|
|
|
<CardGroup cols={3}>
|
|
<Card title="Values Reference" icon="sliders" href="/deployment-guides/helm/values">
|
|
All parameters, secret references, advanced config, example patterns
|
|
</Card>
|
|
<Card title="Client Configuration" icon="gear" href="/deployment-guides/helm/client">
|
|
Pool size, logging, CORS, header filtering, compat shims, MCP settings
|
|
</Card>
|
|
<Card title="Provider Setup" icon="plug" href="/deployment-guides/helm/providers">
|
|
OpenAI, Anthropic, Azure, Bedrock, Vertex, Groq, self-hosted
|
|
</Card>
|
|
<Card title="Storage" icon="database" href="/deployment-guides/helm/storage">
|
|
SQLite, PostgreSQL, object storage for logs, vector stores
|
|
</Card>
|
|
<Card title="Plugins" icon="puzzle-piece" href="/deployment-guides/helm/plugins">
|
|
Telemetry, logging, semantic cache, OTel, Datadog, governance
|
|
</Card>
|
|
<Card title="Governance" icon="shield" href="/deployment-guides/helm/governance">
|
|
Budgets, rate limits, virtual keys, routing rules
|
|
</Card>
|
|
<Card title="Cluster Mode" icon="network-wired" href="/deployment-guides/helm/cluster">
|
|
Multi-replica HA, gossip, peer discovery
|
|
</Card>
|
|
<Card title="Troubleshooting" icon="wrench" href="/deployment-guides/helm/troubleshooting">
|
|
Pod startup, database, ingress, PVC, secrets, performance
|
|
</Card>
|
|
</CardGroup>
|
|
|
|
---
|
|
|
|
## Resources
|
|
|
|
- [Helm Chart Repository](https://github.com/maximhq/bifrost/tree/main/helm-charts)
|
|
- [Artifact Hub](https://artifacthub.io/packages/helm/bifrost/bifrost)
|
|
- [Example Configurations](https://github.com/maximhq/bifrost/tree/main/helm-charts/bifrost/values-examples)
|
|
- [GitHub Issues](https://github.com/maximhq/bifrost/issues)
|
|
|
|
## Next Steps
|
|
|
|
1. Configure [provider keys](/providers/supported-providers/overview)
|
|
2. Enable [plugins](/plugins/getting-started)
|
|
3. Set up [observability](/features/observability/default)
|
|
4. Configure [governance](/features/governance/virtual-keys)
|