Istari Platform Installation
Istari Platform installation process consists of two parts:
- Secrets: The Istari Platform requires a few secrets to be created in the Kubernetes cluster. These secrets are used to store sensitive information related to the Istari Platform and its components.
- Istari Platform Helm Chart: The Istari Platform is installed using a Helm chart. The Helm chart contains all the necessary configurations and resources required to deploy the Istari Platform in a Kubernetes cluster.
Secrets
Make sure to replace <customer_istari_fqdn> with the actual domain used for the Istari Digital platform, e.g. istari.customer_domain.com.
Frontend Service Secret
The Istari Platform requires a secret for the frontend service. This secret is used to store sensitive information related to file storage and access. The secret should be created in the Kubernetes cluster where the Istari Platform is deployed.
apiVersion: v1
kind: Secret
metadata:
name: istari-frontend
stringData:
ISTARI_REGISTRY_URL: "https://registry-service.<customer_istari_fqdn>"
VITE_DOCUMENTATION_URL: "https://docs.istaridigital.com"
VITE_DOMAIN: "<customer_istari_fqdn>"
VITE_FILE_AUTH_ENDPOINT: "https://registry-service.<customer_istari_fqdn>"
VITE_FS_URL: "https://registry-service.<customer_istari_fqdn>"
VITE_LOGOUT_REDIRECT_URI: "https://<customer_istari_fqdn>"
VITE_REDIRECT_URI: "https://<customer_istari_fqdn>"
VITE_UI_URL: "https://<customer_istari_fqdn>"
VITE_ZITADEL_AUTHORITY: "https://zitadel.<customer_istari_fqdn>"
ZITADEL_CLOUD_URL: "https://zitadel.<customer_istari_fqdn>"
VITE_CLIENT_ID: "<zitadel_client_id>"
VITE_ZITADEL_CLIENT_ID: "<zitadel_client_id>"
ZITADEL_CLOUD_CLIENT_ID: "<zitadel_client_id>"
# Set VITE_ITAR to "true" if your platform will be hosting ITAR/CUI data
VITE_ITAR: "false"
# Following values are required as is
BASE_URL: ""
ZITADEL_CLOUD_REQUEST_SCOPE: "openid profile email offline_access urn:zitadel:iam:org:project:id:zitadel:aud"
VITE_SENTRY_ENABLED: "false"
VITE_SENTRY_AUTH_TOKEN: ""
VITE_SENTRY_DSN: ""
Make sure to replace <customer_istari_fqdn> with the actual domain used for the Istari Digital platform, e.g. istari.customer_domain.com.
Note the following:
- zitadel_domain is obtained from the Zitadel Install step
- zitadel_client_id is obtained from the Zitadel Install step - Create an OIDC Application for Frontend
You will then create the secret by running the following command:
kubectl apply -f istari-frontend-secret.yaml
Registry Service Secret
What is currently referred to as "fileservice" will be renamed to "registry-service" as part of a future release. In preparation for this we have chosen to use the subdomain registry-service below.
The Istari Platform requires a secret for fileservice. This secret is used to store sensitive information related to file storage and access. The secret should be created in the Kubernetes cluster where the Istari Platform is deployed.
Istari Digital needs to grant access to license holder and license key to the customer. Please reach out to your Istari Digital Customer Success representative if you do not already have these.
apiVersion: v1
kind: Secret
metadata:
name: istari-fileservice
stringData:
FILE_SERVICE_AUTHZED_HOST: "spicedb" # Change to host if setting FILE_SERVICE_AUTHZED_NO_TLS to "false"
FILE_SERVICE_AUTHZED_NO_TLS: "true" # Set this to "false" if you want to require TLS with SpiceDB
FILE_SERVICE_AUTHZED_PORT: "50051" # Change to 443 if setting FILE_SERVICE_AUTHZED_NO_TLS to "false"
FILE_SERVICE_AUTHZED_TOKEN: "<spicedb_preshared_key>"
FILE_SERVICE_CORS_ALLOW_ORIGINS: '["https://<customer_istari_fqdn>", "https://v2.<customer_istari_fqdn>"]'
FILE_SERVICE_DATABASE_URL: "postgresql://registry_service:<password>@<rds_host>:5432/registry_service"
FILE_SERVICE_LICENSE_HOLDER: "<license_holder>"
FILE_SERVICE_LICENSE_KEY: "<license_key>"
FILE_SERVICE_OBJECT_STORE_SCHEME_NAME: "s3" # Set to `wasbs` if using Windows Azure Blob Storage instead of AWS S3
FILE_SERVICE_OBJECT_STORE_ACCESS_KEY: "<AWS_S3_access_key OR Azure_storage_account_name>"
FILE_SERVICE_OBJECT_STORE_SECRET_KEY: "<AWS_S3_secret_key OR Azure_storage_container_access_key>"
FILE_SERVICE_OBJECT_STORE_NAME: "<AWS_S3_bucket OR Azure_storage_container>"
FILE_SERVICE_OBJECT_STORE_ENDPOINT_URL: "https://<AWS_S3_endpoint_url OR Azure_endpoint_url>" # See https://docs.aws.amazon.com/general/latest/gr/s3.html and https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview#standard-endpoints
FILE_SERVICE_OBJECT_STORE_REGION: "<AWS_S3_region>" # Not used with Azure Blob Storage
FILE_SERVICE_ZITADEL_DOMAIN: "https://zitadel.<customer_istari_fqdn>"
FILE_SERVICE_ZITADEL_JWKS_URL: "https://zitadel.<customer_istari_fqdn>/oauth/v2/keys" # Deprecated as of 2025.07.1 release
FILE_SERVICE_ZITADEL_CLIENT_ID: "<zitadel_client_id>"
FILE_SERVICE_ZITADEL_PROJECT_ID: "<zitadel_project_id>"
FILE_SERVICE_ZITADEL_PROJECT_GRANT_ID: "<zitadel_project_grant_id>"
FILE_SERVICE_ZITADEL_SECRET: "<zitadel_secret>"
FILE_SERVICE_ZITADEL_USER_MANAGER_SECRET: "<zitadel_user_manager_secret>"
# Following values are required as is
FILE_SERVICE_HOST: "0.0.0.0"
FILE_SERVICE_PORT: "8000"
FILE_SERVICE_SENTRY_ENABLED: "false"
FILE_SERVICE_USE_SINGLETON_AUTHZED_PERMISSION_MANAGER: "false"
FILE_SERVICE_CORS_ALLOW_ORIGINS is written as a JSON array. Make sure to use double quotes for the JSON array.
Note the following:
customer_istari_fqdnis the domain used for the Istari Digital platform, e.g. `istari.customer_domain.com.zitadel_client_idis obtained from the Zitadel Config stepzitadel_project_idand zitadel_project_grant_id are both obtained from the Zitadel Config stepzitadel_secretis obtained from the Zitadel Config stepzitadel_user_manager_secretis obtained from the Zitadel Config stepAWS_S3_access_keyorAzure_storage_account_nameare obtained from the AWS or Azure Object Store Configuration stepAWS_S3_bucketorAzure_storage_containerare obtained from the AWS or Azure Object Store Configuration stepAWS_S3_endpoint_urlorAzure_endpoint_urlare obtained from the AWS or Azure Object Store Configuration stepAWS_S3_regionis obtained from the Object Store Configuration stepspicedb_preshared_keyis obtained from the SpiceDB Install steppasswordis obtained from the AWS or Azure PostgreSQL Install step and is associated with the DB userregistry_service
You will then create the secret by running the following command:
kubectl apply -f istari-fileservice-secret.yaml
Optional: MCP Secret
By default the Istari Platform Helm chart does not enable MCP functionality. Should you wish to do so you must first create an additional Kubernetes secret named istari-mcp. This file should contain the following, with items in <> replaced with values specific to your install (described below):
apiVersion: v1
kind: Secret
metadata:
name: istari-mcp
stringData:
ISTARI_DIGITAL_MCP_SERVICE_BASE_URL: "https://mcp.<customer_istari_fqdn>"
ISTARI_DIGITAL_ZITADEL_CLIENT_ID: "<zitadel_client_id>"
ISTARI_DIGITAL_ZITADEL_ISSUER: "https://zitadel.<customer_istari_fqdn>"
Note the following:
customer_istari_fqdnis the domain used for the Istari Digital platform, e.g. `istari.customer_domain.com.zitadel_client_idis obtained from the Zitadel Configuration & Secrets - MCP Service Application step.
You will then create the secret by running the following command:
kubectl apply -f istari-mcp-secret.yaml
Docker pull secret
The Istari Platform requires a docker pull secret to pull the Istari Digital images from the Istari Digital Artifactory. The docker pull secret should be created in the Kubernetes cluster where the Istari Platform is deployed.
ISTARI_ARTIFACTORY_USERNAME=
ISTARI_ARTIFACTORY_PASSWORD=
kubectl create secret docker-registry docker-pull-secret \
--docker-server="istaridigital.jfrog.io" \
--docker-email="${ISTARI_ARTIFACTORY_USERNAME}" \
--docker-username="${ISTARI_ARTIFACTORY_USERNAME}" \
--docker-password="${ISTARI_ARTIFACTORY_PASSWORD}"
Make sure to to set the env vars ISTARI_ARTIFACTORY_USERNAME and ISTARI_ARTIFACTORY_PASSWORD with your actual credentials for the Istari Digital Artifactory.
Alternatively, if using a private repository, customers will need to create a Docker registry secret in Kubernetes for the custom container registry (e.g., a private repository on Docker Hub, GitHub Container Registry, ECR, Harbor, etc.).
DOCKER_SERVER=
DOCKER_USERNAME=
DOCKER_PASSWORD=
kubectl create secret docker-registry docker-pull-secret \
--docker-server="${DOCKER_SERVER}" \
--docker-email="${DOCKER_USERNAME}" \
--docker-username="${DOCKER_USERNAME}" \
--docker-password="${DOCKER_PASSWORD}"
Verify the secrets
Make sure to verify that the required secrets were created successfully and are listed in the output of the above command.
kubectl describe secret istari-frontend
kubectl describe secret istari-fileservice
kubectl describe secret docker-pull-secret
Istari Platform Helm Chart
The Istari Platform is installed using a Helm chart. The Helm chart contains all the necessary configurations and resources required to deploy the Istari Platform in a Kubernetes cluster.
Download Helm Chart
- Istari Digital needs to grant access to the Istari Digital Artifactory to allow customers to pull the Istari Digital helm chart.
- The customer should have a
usernameand apasswordat the end of this step. Use these to set the values for the env varsISTARI_ARTIFACTORY_USERNAMEandISTARI_ARTIFACTORY_PASSWORDbelow. - Above access is required to be able to pull the Istari Digital helm chart and is needed for creating the
docker pull secretfor EKS in the next steps.
To download the Istari Digital Helm chart in .tgz format, run the following command:
ISTARI_ARTIFACTORY_USERNAME=
ISTARI_ARTIFACTORY_PASSWORD=
helm pull oci://istaridigital.jfrog.io/customer-charts/istari-platform --version 3.0.0 --username ${ISTARI_ARTIFACTORY_USERNAME} --password ${ISTARI_ARTIFACTORY_PASSWORD}
Make sure to set the env vars ISTARI_ARTIFACTORY_USERNAME and ISTARI_ARTIFACTORY_PASSWORD with your actual credentials for the Istari Digital Artifactory.
Minimal Helm Chart Installation
The Istari Platform can be installed using the following command:
helm upgrade --install istari istari-platform-3.0.0.tgz
Verify the Istari Platform installation
Deployments
kubectl get deployments
The output should look like this:
NAME READY UP-TO-DATE AVAILABLE AGE
istari-fileservice 1/1 2 2 1m
istari-frontend 1/1 2 2 1m
Services
kubectl get services
The output should look like this:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istari-fileservice ClusterIP 172.20.1.1 <none> 80/TCP 1m
istari-frontend ClusterIP 172.20.1.2 <none> 80/TCP 1m
Pods
kubectl get pods
The output should look like this:
NAME READY STATUS RESTARTS AGE
istari-fileservice-5676c75c54-4d4sw 1/1 Running 0 1m
istari-fileservice-5676c75c54-m29jc 1/1 Running 0 1m
istari-frontend-7c4597c78b-45mhn 1/1 Running 0 1m
istari-frontend-7c4597c78b-86whn 1/1 Running 0 1m
DNS Routes
Set up Routes records so that:
- Setup
<customer_istari_fqdn>route to theistari-frontendservice on port 80. - Setup
registry-service.<customer_istari_fqdn>route to theistari-fileserviceservice on port 80.
Istari Platform Helm Chart Configuration
Although the Istari Platform can be installed using the minimal Helm chart installation command, it is possible to use a custom istari-values.yaml file to configure the Istari Platform according to your needs.
The default values for the Istari Platform Helm chart are available in the Appendix: Helm Chart Default Values. It is recommended to only add the options you wish to override the defaults for in an istari-values.yaml file.
The following are a number of scenarios where you might wish to override these defaults, and examples of how you would accomplish this by modifying your istari-values.yaml file.
Scenario 1: Istari Platform with Model Context Protocol (MCP) Service enabled
This configuration enables the MCP Service, and requires multiple steps.
Create MCP Secret
If you have not already done so, create the istari-mcp secret using these instructions.
Verify MCP Secret
You may verify that the istari-mcp secret was successfully created using this command:
kubectl describe secret istari-mcp
Update istari-values.yaml
Add the following values to your istari-values.yaml file to enable.
# Istari Platform with MCP Service
mcp:
enabled: true
# # Uncomment the following and update with necessary values if self-hosting the docker image
# registry: "istaridigital.jfrog.io/main-docker-local"
# image: "mcp-service"
Install the Istari Platform
Then, install/upgrade the Istari Platform Helm chart with the custom istari-values.yaml file:
helm upgrade --install -f istari-values.yaml istari istari-platform-3.0.0.tgz
Set Up DNS & Route
Then set up a route so that the subdomain mcp.<customer_istari_fqdn> forwards traffic to the istari-mcp service on port 80.
Your LLM will need to be able to connect to the Istari Platform and new MCP subdomain on port 443. Please update security groups and/or any other network configuration accordingly as needed.
Scenario 2: Support for Self-Signed TLS Certs
This is a newly added feature which is still in beta mode.
By default the Istari Platform uses Red Hat's list of trusted public Certificate Issuers when determining whether a TLS cert is valid. If instead using self-signed certs issued from a private Certificate Issuer, it is possible to use the Helm chart to update the Istari Platform containers so that they trust one or more of these. You will need a PEM-encoded trust bundle, which should not contain secret information and is typically provided alongside the self-signed private TLS cert.
Begin by adding the following example to your istari-values.yaml file and then replace everything from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- with the complete contents of your trust bundle, which will contain one or more certificates. This contented must be indented and be located directly below the trustedCertBundle: |- line in order to work properly, as in the original example.
# Trusted certificate bundle for when using a self-signed certificate.
# This is a PEM-encoded certificate bundle. AWS, Azure, and GCP root certs will also automatically be trusted.
trustedCertBundle: |-
-----BEGIN CERTIFICATE-----
MIID1z...
...
-----END CERTIFICATE-----
You may then install Istari Platform Helm chart with the custom istari-values.yaml file using the following command:
helm upgrade --install -f istari-values.yaml istari istari-platform-3.0.0.tgz
Scenario 3: Istari Platform with HPA enabled
This configuration enables Horizontal Pod Autoscaling (HPA) for both the file service and frontend service. The HPA will automatically scale the number of replicas based on CPU and memory utilization.
# Istari Platform with HPA enabled
fileservice:
autoscaling:
enabled: true
minReplicas: 1
maxReplicas: 2
averageCPUUtilization: 80
averageMemoryValue: 80
frontend:
autoscaling:
enabled: true
minReplicas: 1
maxReplicas: 2
averageCPUUtilization: 80
averageMemoryValue: 80
Install/Upgrade the Istari Platform Helm chart with the custom istari-values.yaml file
helm upgrade --install -f istari-values.yaml istari istari-platform-3.0.0.tgz
Scenario 4: Taints and Tolerations with Pod Affinity
This configuration sets up taints and tolerations for the Istari Platform. It also sets up pod affinity to ensure that the Istari Platform pods are scheduled on the same node.
# Istari Platform with Taints and Tolerations
fileservice:
tolerations:
- key: "istari.k8s.io/role"
operator: "Equal"
value: "main"
effect: "NoSchedule"
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: istari.k8s.io/role
operator: In
values:
- main
topologyKey: "kubernetes.io/hostname"
frontend:
tolerations:
- key: "istari.k8s.io/role"
operator: "Equal"
value: "main"
effect: "NoSchedule"
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: istari.k8s.io/role
operator: In
values:
- main
topologyKey: "kubernetes.io/hostname"
Install/Upgrade the Istari Platform Helm chart with the custom istari-values.yaml file
helm upgrade --install -f istari-values.yaml istari istari-platform-3.0.0.tgz
Scenario 5: Istari Platform with Node Selector
This configuration sets up node selectors for the Istari Platform. The Istari Platform pods will be scheduled on nodes with the specified labels.
# Istari Platform with Node Selector
fileservice:
nodeSelector:
istari.k8s.io/role: main
frontend:
nodeSelector:
istari.k8s.io/role: main
Install/Upgrade the Istari Platform Helm chart with the custom istari-values.yaml file
helm upgrade --install -f istari-values.yaml istari istari-platform-3.0.0.tgz
Scenario 6: Istari Platform with Custom Resource Requests and Limits
This configuration sets up custom resource requests and limits for the Istari Platform. The Istari Platform pods will be scheduled with the specified resource requests and limits.
# Istari Platform with Custom Resource Requests and Limits
fileservice:
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "200m"
memory: "256Mi"
frontend:
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "200m"
memory: "256Mi"
Install/Upgrade the Istari Platform Helm chart with the custom istari-values.yaml file
helm upgrade --install -f istari-values.yaml istari istari-platform-3.0.0.tgz
Scenario 7: Istari Platform with Custom Environment Variables
This configuration sets up custom environment variables for the Istari Platform. The Istari Platform pods will be started with the specified environment variables.
# Istari Platform with Custom Environment Variables
fileservice:
env:
- name: LOGS_LEVEL
value: DEBUG
frontend:
env:
- name: LOGS_LEVEL
value: DEBUG
Install/Upgrade the Istari Platform Helm chart with the custom istari-values.yaml file
helm upgrade --install -f istari-values.yaml istari istari-platform-3.0.0.tgz
Scenario 8: Istari Platform with Custom Service Annotations
This configuration sets up custom service annotations for the Istari Platform. The Istari Platform services will be started with the specified service annotations.
# Istari Platform with Custom Service Annotations
fileservice:
serviceAnnotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
frontend:
serviceAnnotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
Install/Upgrade the Istari Platform Helm chart with the custom istari-values.yaml file
helm upgrade --install -f istari-values.yaml istari istari-platform-3.0.0.tgz
Scenario 9: Istari Platform with Custom Pod Annotations
This configuration sets up custom pod annotations for the Istari Platform. The Istari Platform pods will be started with the specified pod annotations.
# Istari Platform with Custom Pod Annotations
fileservice:
podAnnotations:
iam.amazonaws.com/role: "istari-fileservice-role"
frontend:
podAnnotations:
iam.amazonaws.com/role: "istari-frontend-role"
Install/Upgrade the Istari Platform Helm chart with the custom istari-values.yaml file
helm upgrade --install -f istari-values.yaml istari istari-platform-3.0.0.tgz
Appendix: Helm Chart Default Values
The following are all configurable options for the istari-platform Helm chart and their default values. It is recommended to only include the options you will override the defaults for in your istari-values.yaml file in order to make future upgrades easier.
These values are also available by extracting the contents of the istari-platform .tgz file from the Download Helm Chart step, which contains a README.md file documenting the values as well as the values themselves in a values.yaml file.
# Default values for the istari-platform Helm chart.
# This is a YAML-formatted file.
# -- Override the value used for the label 'app.kubernetes.io/name', which defaults to the chart name (istari-platform).
nameOverride: ""
# -- Override the prefix used for resource names, which defaults to the chart name (istari-platform).
fullnameOverride: "istari"
imagePullSecrets:
- name: "docker-pull-secret"
# -- Additional labels to add to all resources of all services
commonLabels: {}
# -- Optional: Trusted certificate bundle for when using a self-signed certificate. This is a PEM-encoded certificate bundle. AWS, Azure, and GCP root certs will also automatically be trusted.
trustedCertBundle: ""
# # Example:
# trustedCertBundle: |-
# -----BEGIN CERTIFICATE-----
# MIID1z...
# ...
# -----END CERTIFICATE-----
# -----BEGIN CERTIFICATE-----
# MIIEvj...
# ...
# -----END CERTIFICATE-----
# Default values for Fileservice.
fileservice:
# -- Enable / Disable the whole deployment
enabled: true
# -- Registry URL for images. The combination of registry, image, and tag will be used to pull the image.
registry: "istaridigital.jfrog.io/customer-docker"
# -- Image name. The combination of registry, image, and tag will be used to pull the image.
image: "fileservice2"
# -- Image tag. The combination of registry, image, and tag will be used to pull the image.
tag: "8.7.7"
# -- Image pull policy
imagePullPolicy: "IfNotPresent"
# -- Secret name. The secret should contain the environment variables required by the service.
secretName: "istari-fileservice"
# -- Extra secrets to mount in the pod. The secrets should contain the environment variables required by the service.
extraEnvSecrets: []
# -- Replica count
replicaCount: 1
# -- Restart policy
restartPolicy: "Always"
# -- Additional labels to add to all of this service's resources
commonLabels: {}
# -- Service Type. Available options are ClusterIP, NodePort, LoadBalancer, ExternalName.
serviceType: "ClusterIP"
# -- Additional annotations to apply to the service, note the following annotations for duplicate keys.
serviceAnnotations: {}
# -- Prometheus autodiscovery annotations. If true, the following annotations will be added to the service
# prometheus.io/scrape: "true"
# prometheus.io/port: "8000"
# prometheus.io/path: "/stats/prometheus"
prometheusAutodiscoveryAnnotations: true # if true, the following annotations will be added to the service
# -- Additional annotations to add to the deployment
deploymentAnnotations: {}
# -- Additional annotations to add to pods
podAnnotations: {}
# -- Additional labels to add to pods
podLabels: {}
# -- Pod security context
podSecurityContext: {}
# -- Primary container's security context
containerSecurityContext: {}
# -- Additional annotations to apply to the service account
serviceAccountAnnotations: {}
# Environment variables
###############################
# example:
# env:
# - name: FILE_SERVICE_LOG_LEVEL
# value: DEBUG
###############################
# If you are using secrets, you can use the following format:
# env:
# - name: FILE_SERVICE_LOG_LEVEL
# valueFrom:
# secretKeyRef:
# name: istari-fileservice
# key: FILE_SERVICE_LOG_LEVEL
env: []
# Autoscaling -- set autoscaling (HPA) parameters
autoscaling:
# -- Enable/Disable autoscaling
enabled: false
# -- Minimum number of replicas
minReplicas: 1
# -- Maximum number of replicas
maxReplicas: 2
# -- Average CPU utilization percentage. Unset to disable.
averageCPUUtilization: 80
# -- Average Memory value. Unset to disable.
averageMemoryValue: 80
# Resources -- set resources
resources: {}
# -- Pod Volumes
volumes: []
# -- Volume Mounts for pod containers
volumeMounts: []
# -- Tolerations.
# Example:
#
# ```
# tolerations:
# - "effect": "NoSchedule"
# "key": "istari.k8s.io/role"
# "operator": "Equal"
# "value": "main"
# ```
tolerations: []
# -- Node selector
nodeSelector: {}
# -- Affinity
affinity: {}
# Default values for Frontend.
frontend:
# -- Enable / Disable the whole deployment
enabled: true
# -- Registry URL for images. The combination of registry, image, and tag will be used to pull the image.
registry: "istaridigital.jfrog.io/customer-docker"
# -- Image name. The combination of registry, image, and tag will be used to pull the image.
image: "frontend-service"
# -- Image tag. The combination of registry, image, and tag will be used to pull the image.
tag: "8.7.7"
# -- Image pull policy
imagePullPolicy: IfNotPresent
# -- Secret name. The secret should contain the environment variables required by the service.
secretName: "istari-frontend"
# -- Extra secrets to mount in the pod. The secrets should contain the environment variables required by the service.
extraEnvSecrets: []
# -- Replica count
replicaCount: 1
# -- Restart policy
restartPolicy: "Always"
# -- Additional labels to add to all of this service's resources
commonLabels: {}
# -- Service Type. Available options are ClusterIP, NodePort, LoadBalancer, ExternalName.
serviceType: "ClusterIP"
# -- Additional annotations to apply to the service, note the following annotations for duplicate keys.
serviceAnnotations: {}
# -- Additional annotations to add to the deployment
deploymentAnnotations: {}
# -- Additional annotations to add to pods
podAnnotations: {}
# -- Additional labels to add to pods
podLabels: {}
# -- Pod security context
podSecurityContext:
fsGroup: 2000
# -- Primary container's security context
containerSecurityContext:
capabilities:
drop:
- ALL
runAsUser: 1000
runAsNonRoot: true
readOnlyRootFilesystem: false
# -- Additional annotations to apply to the service account
serviceAccountAnnotations: {}
# Environment variables
###############################
# This has the same schema as the standard `env:` block in a pod's container's definition. For example:
# env:
# - name: VITE_DOCUMENTATION_URL
# value: "https://docs.istaridigital.com"
###############################
# If you are using secrets, you can use the following format:
# env:
# - name: VITE_DOCUMENTATION_URL
# valueFrom:
# secretKeyRef:
# name: istari-frontend
# key: VITE_DOCUMENTATION_URL
env: []
# Autoscaling -- set autoscaling (HPA) parameters
autoscaling:
# -- Enable/Disable autoscaling
enabled: false
# -- Minimum number of replicas
minReplicas: 1
# -- Maximum number of replicas
maxReplicas: 3
# -- Average CPU utilization percentage. Unset to disable.
averageCPUUtilization: 80
# -- Average Memory value. Unset to disable.
averageMemoryValue: 80
# Resources -- set resources
resources: {}
# -- Tolerations.
# Example:
#
# ```
# tolerations:
# - "effect": "NoSchedule"
# "key": "istari.k8s.io/role"
# "operator": "Equal"
# "value": "main"
# ```
# -- Pod Volumes
volumes: []
# -- Volume Mounts for pod containers
volumeMounts: []
# -- Tolerations.
# Example:
#
# ```
# tolerations:
# - "effect": "NoSchedule"
# "key": "istari.k8s.io/role"
# "operator": "Equal"
# "value": "main"
# ```
tolerations: []
# -- Node selector
nodeSelector: {}
# -- Affinity
affinity: {}
# Default values for MCP Service.
mcp:
# -- Enable / Disable the whole deployment
enabled: false
# -- Registry URL for images. The combination of registry, image, and tag will be used to pull the image.
registry: "istaridigital.jfrog.io/customer-docker"
# -- Image name. The combination of registry, image, and tag will be used to pull the image.
image: "mcp-service"
# -- Image tag. The combination of registry, image, and tag will be used to pull the image.
tag: "0.1.19"
# -- Image pull policy
imagePullPolicy: IfNotPresent
# -- Secret name. The secret should contain the environment variables required by the service.
# Note that a ConfigMap is also automatically created & used with the correct value for ISTARI_DIGITAL_REGISTRY_SERVICE_URL
secretName: istari-mcp
# -- Extra secrets to mount in the pod. The secrets should contain the environment variables required by the service.
extraEnvSecrets: []
# -- Replica count
replicaCount: 2
# -- Restart policy
restartPolicy: "Always"
# -- Additional labels to add to all of this service's resources
commonLabels: {}
# -- Service Type. Available options are ClusterIP, NodePort, LoadBalancer, ExternalName.
serviceType: "ClusterIP"
# -- Additional annotations to apply to the service, note the following annotations for duplicate keys.
serviceAnnotations: {}
# -- Additional annotations to add to the deployment
deploymentAnnotations: {}
# -- Additional annotations to add to pods
podAnnotations: {}
# -- Additional labels to add to pods
podLabels: {}
# -- Pod security context
podSecurityContext:
fsGroup: 1001
# -- Primary container's security context
containerSecurityContext:
capabilities:
drop:
- ALL
runAsUser: 1001
runAsNonRoot: true
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
# -- Additional annotations to apply to the service account
serviceAccountAnnotations: {}
# Environment variables
###############################
# This has the same schema as the standard `env:` block in a pod's container's definition. For example:
# env:
# - name: ISTARI_DIGITAL_LOG_LEVEL
# value: DEBUG
###############################
# If you are using secrets, you can use the following format:
# env:
# - name: ISTARI_DIGITAL_LOG_LEVEL
# valueFrom:
# secretKeyRef:
# name: istari-mcp
# key: ISTARI_DIGITAL_LOG_LEVEL
env: []
# Autoscaling -- set autoscaling (HPA) parameters
autoscaling:
# -- Enable/Disable autoscaling
enabled: false
# -- Minimum number of replicas
minReplicas: 1
# -- Maximum number of replicas
maxReplicas: 3
# -- Average CPU utilization percentage. Unset to disable.
averageCPUUtilization: 80
# -- Average Memory value. Unset to disable.
averageMemoryValue: 80
# Resources -- set resources
resources: {}
# -- Tolerations.
# Example:
#
# ```
# tolerations:
# - "effect": "NoSchedule"
# "key": "istari.k8s.io/role"
# "operator": "Equal"
# "value": "main"
# ```
# -- Pod Volumes
volumes: []
# -- Volume Mounts for pod containers
volumeMounts: []
# -- Tolerations.
# Example:
#
# ```
# tolerations:
# - "effect": "NoSchedule"
# "key": "istari.k8s.io/role"
# "operator": "Equal"
# "value": "main"
# ```
tolerations: []
# -- Node selector
nodeSelector: {}
# -- Affinity
affinity: {}