A Helm chart for Obot
To install the chart with the release name obot:
helm repo add obot https://charts.obot.ai
helm install obot obot/obot
This chart defaults to the enterprise version of Obot. To install this version, you must create an imagePullSecret and configure that in the chart.
If you want to use the open-source version of Obot instead, set image.repository to ghcr.io/obot-platform/obot.
| Key | Type | Default | Description |
|---|---|---|---|
| config.AWS_ACCESS_KEY_ID | string | "" |
An AWS access key with permissions for AWS KMS, used for encryption |
| config.AWS_REGION | string | "" |
An AWS region, used to access AWS KMS |
| config.AWS_SECRET_ACCESS_KEY | string | "" |
An AWS secret access key with permissions for AWS KMS, used for encryption |
| config.GITHUB_AUTH_TOKEN | string | "" |
A github PAT, used to authenticate tool pulls to avoid github ratelimiting |
| config.KINM_DB_CONNECTIONS | string | "5" |
Advanced - the number of connections in the database pool for kinm |
| config.NAH_THREADINESS | string | "10000" |
Advanced - sets the number of concurrent threads that can run in the Obot controller |
| config.OBOT_BOOTSTRAP_TOKEN | string | "" |
Sets a bootstrap token. If authentication is enabled, one will be autogenerated for you if this is not set. |
| config.OBOT_GCP_KMS_KEY_URI | string | "" |
The URI of a Google Cloud KMS key, used for encryption |
| config.OBOT_SERVER_AUDIT_LOGS_COMPRESS_FILE | bool | true |
Whether to compress audit log files |
| config.OBOT_SERVER_AUDIT_LOGS_MODE | string | "off" |
Configures the storage backend for audit logs in Obot. Can be ‘off’, ‘disk’, or ‘s3’ |
| config.OBOT_SERVER_AUDIT_LOGS_STORE_S3BUCKET | string | "" |
The name of the S3 bucket to store audit logs in. Only used if config.OBOT_SERVER_AUDIT_LOGS_MODE is ‘s3’ |
| config.OBOT_SERVER_AUDIT_LOGS_STORE_S3ENDPOINT | string | "" |
If config.OBOT_SERVER_AUDIT_LOGS_MODE is ‘s3’ and you are not using AWS S3, this needs to be set to the S3 api endpoint of your provider. |
| config.OBOT_SERVER_AUDIT_LOGS_USE_PATH_STYLE | bool | false |
Whether to use path style for S3 |
| config.OBOT_SERVER_AUTH_ADMIN_EMAILS | string | "" |
A comma separated list of email addresses that will have the Admin role in Obot. |
| config.OBOT_SERVER_DISALLOW_LOCALHOST_MCP | string | "" |
disallow MCP servers that try to connect to localhost. Defaults to false. |
| config.OBOT_SERVER_DSN | string | "" |
The DSN for your database. For example: postgres:// |
| config.OBOT_SERVER_ENABLE_AUTHENTICATION | bool | true |
Enables authentication for Obot |
| config.OBOT_SERVER_ENCRYPTION_CONFIG_FILE | string | "" |
The path to a file containing the encryption configuration. Only used if config.OBOT_SERVER_ENCRYPTION_PROVIDER is ‘custom’ |
| config.OBOT_SERVER_ENCRYPTION_KEY | string | "" |
The key to use for encryption. Only used if config.OBOT_SERVER_ENCRYPTION_PROVIDER is ‘custom’. A key can be generated with openssl rand -base64 32 |
| config.OBOT_SERVER_ENCRYPTION_PROVIDER | string | "" |
Configures an encryption provider for credentials in Obot |
| config.OBOT_SERVER_HOSTNAME | string | "" |
The hostname of your Obot instance, including protocol |
| config.OBOT_SERVER_KNOWLEDGE_FILE_WORKERS | string | "5" |
Advanced - sets the number of workers for knowledge |
| config.OBOT_SERVER_MCPBASE_IMAGE | string | "" |
Deploy MCP servers in the cluster using this base image. Setting this value will also create the necessary service account, role and rolebinding. |
| config.OBOT_SERVER_MCPCLUSTER_DOMAIN | string | "" |
The cluster domain to use for MCP services. Defaults to cluster.local. Only matters if the above image is set. |
| config.OBOT_SERVER_OTEL_BASE_EXPORT_ENDPOINT | string | "" |
The base export endpoint for OpenTelemetry |
| config.OBOT_SERVER_OTEL_BEARER_TOKEN | string | "" |
The bearer token for authentication with OpenTelemetry |
| config.OBOT_SERVER_OTEL_SAMPLE_PROB | string | "" |
The sampling probability for OpenTelemetry |
| config.OBOT_SERVER_RETENTION_POLICY_HOURS | string | "" |
The retention policy for the system. Set to 0 to disable retention. Default is 2160 (90 days) if left blank. This field should just be a number in a string, no h suffix. |
| config.OPENAI_API_KEY | string | "" |
An OpenAI API Key used to configure access to OpenAI models, which are the default in Obot. |
| config.existingSecret | string | "" |
The name of an existing secret to use for config instead of creating a new one. Must contain keys in env format, just like below. OBOT_SERVER_MCPNAMESPACE is automatically added to the secret if config.OBOT_SERVER_MCPBASE_IMAGE is set. |
| extraEnv | object | {} |
A map of additional environment variables to set |
| extraEnvFrom | list | [] |
A list of additional environment variables to set from a secret |
| extraVolumeMounts | list | [] |
A list of additional volume mounts to create |
| extraVolumes | list | [] |
A list of additional volumes to create |
| image.pullPolicy | string | "IfNotPresent" |
Kubernetes image pullPolicy to use for Obot |
| image.repository | string | "ghcr.io/obot-platform/obot-enterprise" |
The name of the docker repository for Obot. ghcr.io/obot-platform/obot for open-source or ghcr.io/obot-platform/obot-enterprise for enterprise. Please note that for enterprise you will need to set an imagePullSecret |
| image.tag | string | "" |
The docker tag to pull for obot. If blank, will default to the chart appVersion |
| imagePullSecrets | list | [] |
Configures kubernetes secrets to use for pulling private images |
| ingress.annotations | object | {} |
Configure annotations to add to the ingress object |
| ingress.className | string | nil |
Configures a preexisting ingress class to use. |
| ingress.enabled | bool | false |
Enables ingress creation for Obot. |
| ingress.extraPaths | list | [] |
Define complete path objects, will be inserted before regular paths. Can be useful for things like ALB Ingress Controller actions |
| ingress.hosts | list | [] |
List of hostnames to configure the ingress with |
| ingress.paths[0].path | string | "/" |
|
| ingress.paths[0].pathType | string | "Prefix" |
|
| ingress.tls | list | [] |
List of secrets used to configure TLS for the ingress. |
| mcpNamespace.annotations.”argocd.argoproj.io/sync-wave” | string | "-1" |
|
| mcpNamespace.name | string | "" |
The namespace in which to deploy the MCP servers. Will only be created if config.OBOT_SERVER_MCPBASE_IMAGE image is set. Defaults to -mcp |
| persistence.accessModes | list | ["ReadWriteOnce"] |
Persistent Volume access modes |
| persistence.enabled | bool | false |
Enables persistence using a PVC |
| persistence.existingClaim | string | "" |
|
| persistence.path | string | "/data" |
The path the volume will be mounted |
| persistence.size | string | "8Gi" |
e Persistent Volume size |
| persistence.storageClass | string | "" |
Persistent Volume storage class If defined, storageClassName: |
| replicaCount | int | 1 |
The number of Obot server instances to run |
| resources | object | {} |
Resource requests and limits to use for Obot |
| service.annotations | object | {} |
Extra annotations to add to service object |
| service.port | int | 80 |
Port for the Kubernetes service to expose |
| service.spec | object | {} |
Any extra fields to add to the service object spec |
| service.type | string | "ClusterIP" |
Type of Kubernetes service to create |
| serviceAccount.annotations | object | {} |
|
| serviceAccount.create | bool | true |
|
| serviceAccount.name | string | "" |
|
| updateStrategy | string | "RollingUpdate" |
Configures what update strategy to use for the deployment (Recreate or RollingUpdate) |
This repo will be updated automatically whenever there is a release of Obot (and by extension, the helm chart). The GitHub Actions that control this can be found here.
You can manually update the documentation in this readme using helm-docs. If you have both the charts and obot repos checked out in the same folder, you can use this command:
helm-docs -c ../obot/chart -o '../../charts/README.md' --template-files '../../charts/README.md.gotmpl'
The template for the readme is ./README.md.gotmpl