A Helm chart for Obot
To install the chart with the release name obot:
helm repo add obot https://charts.obot.ai
helm install obot obot/obot
This chart defaults to the open source version of Obot.
If you want to use the enterprise version of Obot instead, set image.repository to ghcr.io/obot-platform/obot-enterprise. To install this version, you must create an imagePullSecret and configure that in the chart.
| Key | Type | Default | Description |
|---|---|---|---|
| additionalLabels | object | {} |
|
| affinity | object | {} |
Configure affinity rules for pod scheduling |
| config.ANTHROPIC_API_KEY | string | "" |
An Anthropic API Key used to configure access to Anthropic models, which can be used as the default in Obot. |
| config.AWS_ACCESS_KEY_ID | string | "" |
An AWS access key with permissions for AWS KMS, used for encryption |
| config.AWS_REGION | string | "" |
An AWS region, used to access AWS KMS |
| config.AWS_SECRET_ACCESS_KEY | string | "" |
An AWS secret access key with permissions for AWS KMS, used for encryption |
| config.GITHUB_AUTH_TOKEN | string | "" |
A github PAT, used to authenticate catalog and tool pulls to avoid github ratelimiting |
| config.KINM_DB_CONNECTIONS | string | "5" |
Advanced - the number of connections in the database pool for kinm |
| config.NAH_THREADINESS | string | "10000" |
Advanced - sets the number of concurrent threads that can run in the Obot controller |
| config.OBOT_BOOTSTRAP_TOKEN | string | "" |
Sets a bootstrap token. If authentication is enabled, one will be autogenerated for you if this is not set. |
| config.OBOT_GCP_KMS_KEY_URI | string | "" |
The URI of a Google Cloud KMS key, used for encryption |
| config.OBOT_SERVER_AUDIT_LOGS_COMPRESS_FILE | bool | true |
Whether to compress audit log files |
| config.OBOT_SERVER_AUDIT_LOGS_MODE | string | "off" |
Configures the storage backend for audit logs in Obot. Can be 'off', 'disk', or 's3' |
| config.OBOT_SERVER_AUDIT_LOGS_STORE_S3BUCKET | string | "" |
The name of the S3 bucket to store audit logs in. Only used if config.OBOT_SERVER_AUDIT_LOGS_MODE is 's3' |
| config.OBOT_SERVER_AUDIT_LOGS_STORE_S3ENDPOINT | string | "" |
If config.OBOT_SERVER_AUDIT_LOGS_MODE is 's3' and you are not using AWS S3, this needs to be set to the S3 api endpoint of your provider. |
| config.OBOT_SERVER_AUDIT_LOGS_USE_PATH_STYLE | bool | false |
Whether to use path style for S3 |
| config.OBOT_SERVER_AUTH_ADMIN_EMAILS | string | "" |
A comma separated list of email addresses that will have the Admin role in Obot. |
| config.OBOT_SERVER_AUTH_OWNER_EMAILS | string | "" |
A comma separated list of email addresses that will have the Owner role in Obot. |
| config.OBOT_SERVER_DISABLE_UPDATE_CHECK | string | "" |
Disable the Obot server update check. Defaults to false. |
| config.OBOT_SERVER_DISALLOW_LOCALHOST_MCP | string | "" |
disallow MCP servers that try to connect to localhost. Defaults to false. |
| config.OBOT_SERVER_DSN | string | "" |
The DSN for your database. For example: postgres://:@/<db_name> |
| config.OBOT_SERVER_ENABLE_AUTHENTICATION | bool | false |
Enables authentication for Obot |
| config.OBOT_SERVER_ENABLE_REGISTRY_AUTH | bool | false |
Enables authentication for the MCP registry API. When false (default), registry is accessible without authentication and returns only default catalog items with wildcard access control rules. |
| config.OBOT_SERVER_ENCRYPTION_CONFIG_FILE | string | "" |
The path to a file containing the encryption configuration. Only used if config.OBOT_SERVER_ENCRYPTION_PROVIDER is 'custom' |
| config.OBOT_SERVER_ENCRYPTION_KEY | string | "" |
The key to use for encryption. Only used if config.OBOT_SERVER_ENCRYPTION_PROVIDER is 'custom'. A key can be generated with openssl rand -base64 32 |
| config.OBOT_SERVER_ENCRYPTION_PROVIDER | string | "" |
Configures an encryption provider for credentials in Obot |
| config.OBOT_SERVER_HOSTNAME | string | "" |
The hostname of your Obot instance, including protocol |
| config.OBOT_SERVER_KNOWLEDGE_FILE_WORKERS | string | "5" |
Advanced - sets the number of workers for knowledge |
| config.OBOT_SERVER_MCPAUDIT_LOGS_PERSIST_BATCH_SIZE | string | "" |
The batch size to use when persisting MCP audit logs to the database. Defaults to 1000 |
| config.OBOT_SERVER_MCPAUDIT_LOG_PERSIST_INTERVAL_SECONDS | string | "" |
The interval in seconds to persist MCP audit logs to the database. Defaults to 5 seconds. |
| config.OBOT_SERVER_MCPBASE_IMAGE | string | "ghcr.io/obot-platform/mcp-images/phat:main" |
Deploy MCP servers in the cluster using this base image. OBOT_SERVER_MCPNAMESPACE is automatically added to the secret if config.OBOT_SERVER_MCPBASE_IMAGE is set. |
| config.OBOT_SERVER_MCPCLUSTER_DOMAIN | string | "" |
The cluster domain to use for MCP services. Defaults to cluster.local. Only matters if the above image is set. |
| config.OBOT_SERVER_MCPHTTPWEBHOOK_BASE_IMAGE | string | "ghcr.io/obot-platform/mcp-images/http-webhook-converter:main" |
Deploy MCP HTTP webhook servers in the cluster using this base image. |
| config.OBOT_SERVER_MCPREMOTE_SHIM_BASE_IMAGE | string | "ghcr.io/nanobot-ai/nanobot:v0.0.45" |
Deploy MCP remote shim servers in the cluster using this base image. |
| config.OBOT_SERVER_MCPRUNTIME_BACKEND | string | "kubernetes" |
The runtime backend to use for MCP servers. Can be 'docker' or 'kubernetes'. Defaults to 'docker'. Setting this to 'kubernetes' will also create the necessary service account, role and rolebinding. |
| config.OBOT_SERVER_OTEL_BASE_EXPORT_ENDPOINT | string | "" |
The base export endpoint for OpenTelemetry |
| config.OBOT_SERVER_OTEL_BEARER_TOKEN | string | "" |
The bearer token for authentication with OpenTelemetry |
| config.OBOT_SERVER_OTEL_SAMPLE_PROB | string | "" |
The sampling probability for OpenTelemetry |
| config.OBOT_SERVER_RETENTION_POLICY_HOURS | string | "" |
The retention policy for the system. Set to 0 to disable retention. Default is 2160 (90 days) if left blank. This field should just be a number in a string, no h suffix. |
| config.OPENAI_API_KEY | string | "" |
An OpenAI API Key used to configure access to OpenAI models, which are the default in Obot. |
| config.existingSecret | string | "" |
The name of an existing secret to use for config instead of creating a new one. Must contain keys in env format, just like below. |
| dev.useEmbeddedDb | bool | false |
For development/testing use only, enables the use of an postgres database embedded in the obot container. Do not use in production. |
| extraEnv | object | {} |
A map of additional environment variables to set |
| extraEnvFrom | list | [] |
A list of additional environment variables to set from a secret |
| extraVolumeMounts | list | [] |
A list of additional volume mounts to create |
| extraVolumes | list | [] |
A list of additional volumes to create |
| image.pullPolicy | string | "IfNotPresent" |
Kubernetes image pullPolicy to use for Obot |
| image.repository | string | "ghcr.io/obot-platform/obot" |
The name of the docker repository for Obot. ghcr.io/obot-platform/obot for open-source or ghcr.io/obot-platform/obot-enterprise for enterprise. Please note that for enterprise you will need to set an imagePullSecret |
| image.tag | string | "" |
The docker tag to pull for obot. If blank, will default to the chart appVersion |
| imagePullSecrets | list | [] |
Configures kubernetes secrets to use for pulling private images. Expects a list of objects. imagePullSecrets:[{"name": "fooBar"}] |
| ingress.annotations | object | {} |
Configure annotations to add to the ingress object |
| ingress.className | string | nil |
Configures a preexisting ingress class to use. |
| ingress.enabled | bool | false |
Enables ingress creation for Obot. |
| ingress.extraPaths | list | [] |
Define complete path objects, will be inserted before regular paths. Can be useful for things like ALB Ingress Controller actions |
| ingress.hosts | list | [] |
List of hostnames to configure the ingress with |
| ingress.paths[0].path | string | "/" |
|
| ingress.paths[0].pathType | string | "Prefix" |
|
| ingress.tls | list | [] |
List of secrets used to configure TLS for the ingress. |
| mcpImagePullSecrets | list | [] |
Configuration for creating image pull secrets for MCP containers. Each entry should contain registry credentials that will be used to create Kubernetes secrets. |
| mcpNamespace.annotations."argocd.argoproj.io/sync-wave" | string | "-1" |
|
| mcpNamespace.name | string | "" |
The namespace in which to deploy the MCP servers. Will only be created if config.OBOT_SERVER_MCPBASE_IMAGE image is set. Defaults to {{ .Release.Name }}-mcp |
| mcpServerDefaults | object | {"affinity":{},"resources":{},"tolerations":[]} |
Default Kubernetes configuration for all deployed MCP server pods |
| mcpServerDefaults.affinity | object | {} |
Affinity rules for MCP server pods (YAML format) When set via Helm, these settings cannot be updated through the API |
| mcpServerDefaults.resources | object | {} |
Resource requests and limits for MCP server pods When set via Helm, these settings cannot be updated through the API |
| mcpServerDefaults.tolerations | list | [] |
Tolerations for MCP server pods (YAML list format) When set via Helm, these settings cannot be updated through the API |
| nodeSelector | object | {} |
Configure node selector for pod assignment |
| persistence.accessModes | list | ["ReadWriteOnce"] |
Persistent Volume access modes |
| persistence.enabled | bool | true |
Enables persistence using a PVC |
| persistence.existingClaim | string | "" |
|
| persistence.path | string | "/data" |
The path the volume will be mounted |
| persistence.size | string | "8Gi" |
e Persistent Volume size |
| persistence.storageClass | string | "" |
Persistent Volume storage class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner |
| podAnnotations | object | {} |
Extra pod annotations to add. |
| replicaCount | int | 1 |
The number of Obot server instances to run |
| resources | object | {} |
Resource requests and limits to use for Obot |
| service.annotations | object | {} |
Extra annotations to add to service object |
| service.port | int | 80 |
Port for the Kubernetes service to expose |
| service.spec | object | {} |
Any extra fields to add to the service object spec |
| service.type | string | "ClusterIP" |
Type of Kubernetes service to create |
| serviceAccount.annotations | object | {} |
|
| serviceAccount.create | bool | true |
|
| serviceAccount.name | string | "" |
|
| tolerations | list | [] |
Configure tolerations for pod scheduling |
| updateStrategy | string | "RollingUpdate" |
Configures what update strategy to use for the deployment (Recreate or RollingUpdate) |
This repo will be updated automatically whenever there is a release of Obot (and by extension, the helm chart). The GitHub Actions that control this can be found here.
You can manually update the documentation in this readme using helm-docs. If you have both the charts and obot repos checked out in the same folder, you can use this command:
helm-docs -c ../obot/chart -o '../../charts/README.md' --template-files '../../charts/README.md.gotmpl'
The template for the readme is ./README.md.gotmpl