Documentation Index
Fetch the complete documentation index at: https://docs.getbifrost.ai/llms.txt
Use this file to discover all available pages before exploring further.
This page covers every top-level parameter group in the Bifrost Helm chart’s values.yaml, how to supply values via --set vs -f, and where to find ready-made example files.
The full values schema is available at https://getbifrost.ai/schema. All values.yaml fields map directly to config.json fields generated by the chart. Supplying Values
One-liner with --set
Good for a single field or quick experiments:
helm install bifrost bifrost/bifrost \
--set image.tag=v1.4.11 \
--set replicaCount=3 \
--set bifrost.client.initialPoolSize=500
Values file with -f
Recommended for anything beyond a couple of fields:
# Create your values file
cat > my-values.yaml <<'EOF'
image:
tag: "v1.4.11"
replicaCount: 2
bifrost:
encryptionKey: "your-32-byte-encryption-key-here"
client:
initialPoolSize: 500
enableLogging: true
EOF
# Install
helm install bifrost bifrost/bifrost -f my-values.yaml
# Upgrade later
helm upgrade bifrost bifrost/bifrost -f my-values.yaml
# Upgrade and reuse all previously set values, overriding only one field
helm upgrade bifrost bifrost/bifrost \
--reuse-values \
--set replicaCount=5
Multiple values files
Later files override earlier ones - useful for a base + environment-specific overlay:
helm install bifrost bifrost/bifrost \
-f base-values.yaml \
-f production-overrides.yaml
Key Parameters Reference
Image
| Parameter | Description | Default |
|---|
image.repository | Container image repository | docker.io/maximhq/bifrost |
image.tag | Required. Image version (e.g. v1.4.11) | "" |
image.pullPolicy | Image pull policy | IfNotPresent |
imagePullSecrets | List of pull secret names for private registries | [] |
# Always specify the tag - the chart will not start without it
helm install bifrost bifrost/bifrost --set image.tag=v1.4.11
Replicas & Autoscaling
| Parameter | Description | Default |
|---|
replicaCount | Static replica count (ignored when HPA is enabled) | 1 |
autoscaling.enabled | Enable Horizontal Pod Autoscaler | false |
autoscaling.minReplicas | Minimum replicas | 1 |
autoscaling.maxReplicas | Maximum replicas | 10 |
autoscaling.targetCPUUtilizationPercentage | CPU target for scaling | 80 |
autoscaling.targetMemoryUtilizationPercentage | Memory target for scaling | 80 |
autoscaling.behavior.scaleDown.stabilizationWindowSeconds | Cooldown before scale-down (important for SSE streams) | 300 |
autoscaling.behavior.scaleDown.policies[0].value | Max pods removed per period | 1 |
Resources
| Parameter | Description | Default |
|---|
resources.requests.cpu | CPU request | 500m |
resources.requests.memory | Memory request | 512Mi |
resources.limits.cpu | CPU limit | 2000m |
resources.limits.memory | Memory limit | 2Gi |
Service
| Parameter | Description | Default |
|---|
service.type | ClusterIP, LoadBalancer, or NodePort | ClusterIP |
service.port | Service port | 8080 |
Ingress
| Parameter | Description | Default |
|---|
ingress.enabled | Enable ingress | false |
ingress.className | Ingress class (e.g. nginx, traefik) | "" |
ingress.annotations | Ingress annotations | {} |
ingress.hosts | Host rules | see values.yaml |
ingress.tls | TLS configuration | [] |
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/proxy-body-size: "100m"
hosts:
- host: bifrost.yourdomain.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: bifrost-tls
hosts:
- bifrost.yourdomain.com
Probes
| Parameter | Description | Default |
|---|
livenessProbe.initialDelaySeconds | Seconds before first liveness check | 30 |
livenessProbe.periodSeconds | Liveness check interval | 30 |
readinessProbe.initialDelaySeconds | Seconds before first readiness check | 10 |
readinessProbe.periodSeconds | Readiness check interval | 10 |
GET /health.
Graceful Shutdown
Bifrost supports long-lived SSE streaming connections. The default preStop hook and termination grace period let in-flight streams finish before the pod is killed:
| Parameter | Description | Default |
|---|
terminationGracePeriodSeconds | Total grace period | 60 |
lifecycle.preStop.exec.command | Sleep before SIGTERM so load balancer drains | ["sh", "-c", "sleep 15"] |
terminationGracePeriodSeconds if your typical stream responses take longer than 45 seconds.
Service Account
| Parameter | Description | Default |
|---|
serviceAccount.create | Create a dedicated service account | true |
serviceAccount.annotations | Annotations (e.g. for IRSA, Workload Identity) | {} |
serviceAccount.name | Override the generated name | "" |
Pod Scheduling
# Spread replicas across nodes
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: bifrost
topologyKey: kubernetes.io/hostname
# Pin to specific node pool
nodeSelector:
node-type: ai-workload
# Tolerate GPU taints
tolerations:
- key: "gpu"
operator: "Equal"
value: "true"
effect: "NoSchedule"
# Inline key/value pairs
env:
- name: HTTP_PROXY
value: "http://proxy.corp.example.com:3128"
# Map syntax (appended after env)
extraEnv:
NO_PROXY: "169.254.169.254,10.0.0.0/8"
# Bulk-load from existing Secrets or ConfigMaps
envFrom:
- secretRef:
name: my-corp-secrets
- configMapRef:
name: my-app-config
Init Containers
initContainers:
- name: wait-for-db
image: busybox:1.35
command: ["sh", "-c", "until nc -z postgres-svc 5432; do sleep 2; done"]
Values Examples
The chart ships ready-made example files under helm-charts/bifrost/values-examples/:
| File | Use case |
|---|
sqlite-only.yaml | Minimal local/dev setup |
postgres-only.yaml | Single-store Postgres |
production-ha.yaml | HA: 3 replicas, Postgres, Weaviate, HPA, Ingress |
providers-and-virtual-keys.yaml | All 23 providers + 7 virtual key patterns |
secrets-from-k8s.yaml | All sensitive values from Kubernetes Secrets |
external-postgres.yaml | Point at an existing Postgres instance |
postgres-redis.yaml | Postgres + Redis vector store |
postgres-weaviate.yaml | Postgres + Weaviate vector store |
postgres-qdrant.yaml | Postgres + Qdrant vector store |
semantic-cache-secret-example.yaml | Semantic cache with secret injection |
mixed-backend.yaml | Config store = postgres, logs store = sqlite |
helm install bifrost bifrost/bifrost \
-f https://raw.githubusercontent.com/maximhq/bifrost/main/helm-charts/bifrost/values-examples/production-ha.yaml \
--set image.tag=v1.4.11
Helm Operations
View current values
Diff before upgrading (requires helm-diff plugin)
helm diff upgrade bifrost bifrost/bifrost -f my-values.yaml
Rollback
helm history bifrost
helm rollback bifrost # to previous revision
helm rollback bifrost 2 # to revision 2
Uninstall
helm uninstall bifrost
# Also remove PVCs (deletes all data)
kubectl delete pvc -l app.kubernetes.io/instance=bifrost
All Key Parameters
A quick-reference table of the most commonly used top-level parameters:
| Parameter | Description | Default |
|---|
image.tag | Required. Bifrost image version (e.g., v1.4.11) | "" |
replicaCount | Number of replicas | 1 |
storage.mode | Storage backend (sqlite or postgres) | sqlite |
storage.persistence.size | PVC size for SQLite | 10Gi |
postgresql.enabled | Deploy embedded PostgreSQL | false |
vectorStore.enabled | Enable vector store | false |
vectorStore.type | Vector store type (weaviate, redis, qdrant) | none |
bifrost.encryptionKey | Optional encryption key (use encryptionKeySecret in production). If omitted, data is stored in plaintext. | "" |
ingress.enabled | Enable ingress | false |
autoscaling.enabled | Enable HPA | false |
Secret Reference Parameters
Use existing Kubernetes Secrets instead of plain-text values. Every sensitive field in the chart has a corresponding existingSecret / secretRef alternative:
| Parameter | Description | Default |
|---|
bifrost.encryptionKeySecret.name | Secret name for encryption key | "" |
bifrost.encryptionKeySecret.key | Key within the secret | "encryption-key" |
postgresql.external.existingSecret | Secret name for PostgreSQL password | "" |
postgresql.external.passwordKey | Key within the secret | "password" |
vectorStore.redis.external.existingSecret | Secret name for Redis password | "" |
vectorStore.redis.external.passwordKey | Key within the secret | "password" |
vectorStore.weaviate.external.existingSecret | Secret name for Weaviate API key | "" |
vectorStore.weaviate.external.apiKeyKey | Key within the secret | "api-key" |
vectorStore.qdrant.external.existingSecret | Secret name for Qdrant API key | "" |
vectorStore.qdrant.external.apiKeyKey | Key within the secret | "api-key" |
bifrost.plugins.maxim.secretRef.name | Secret name for Maxim API key | "" |
bifrost.plugins.maxim.secretRef.key | Key within the secret | "api-key" |
bifrost.providerSecrets.<provider>.existingSecret | Secret name for provider API key | "" |
bifrost.providerSecrets.<provider>.key | Key within the secret | "api-key" |
bifrost.providerSecrets.<provider>.envVar | Environment variable name to inject | "" |
Advanced Configuration
Comprehensive Example
A production-ready values file combining the most common settings:
# my-values.yaml
image:
tag: "v1.4.11"
replicaCount: 3
storage:
mode: postgres
postgresql:
enabled: true
auth:
password: "secure-password" # use existingSecret in production
autoscaling:
enabled: true
minReplicas: 3
maxReplicas: 10
ingress:
enabled: true
className: nginx
hosts:
- host: bifrost.example.com
paths:
- path: /
pathType: Prefix
bifrost:
encryptionKeySecret:
name: "bifrost-encryption"
key: "key"
providers:
openai:
keys:
- name: "primary"
value: "env.OPENAI_API_KEY"
weight: 1
providerSecrets:
openai:
existingSecret: "provider-api-keys"
key: "openai-api-key"
envVar: "OPENAI_API_KEY"
helm install bifrost bifrost/bifrost -f my-values.yaml
Node Affinity & Scheduling
Deploy to specific nodes and spread replicas across hosts:
nodeSelector:
node-type: ai-workload
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: bifrost
topologyKey: kubernetes.io/hostname
tolerations:
- key: "gpu"
operator: "Equal"
value: "true"
effect: "NoSchedule"
Deployment & Pod Annotations
Useful for tooling like Keel for automatic image updates or Datadog APM injection:
deploymentAnnotations:
keel.sh/policy: force
keel.sh/trigger: poll
podAnnotations:
ad.datadoghq.com/bifrost.logs: '[{"source":"bifrost","service":"bifrost"}]'
Common Patterns
Ready-made values files for the most common deployment scenarios. Each pattern builds on the quickstart.
Development
Multi-Provider
External Database
AI Workloads
Kubernetes Secrets Only
Simple setup for local testing. SQLite, single replica, no autoscaling.helm install bifrost bifrost/bifrost \
--set image.tag=v1.4.11 \
--set 'bifrost.providers.openai.keys[0].name=dev-key' \
--set 'bifrost.providers.openai.keys[0].value=sk-your-key' \
--set 'bifrost.providers.openai.keys[0].weight=1'
# Access
kubectl port-forward svc/bifrost 8080:8080
Multiple LLM providers with weighted load balancing.kubectl create secret generic provider-keys \
--from-literal=openai-api-key='sk-...' \
--from-literal=anthropic-api-key='sk-ant-...' \
--from-literal=gemini-api-key='your-gemini-key'
# multi-provider.yaml
image:
tag: "v1.4.11"
bifrost:
encryptionKey: "your-encryption-key"
client:
enableLogging: true
providers:
openai:
keys:
- name: "openai-primary"
value: "env.OPENAI_API_KEY"
weight: 2 # 50% of traffic
anthropic:
keys:
- name: "anthropic-primary"
value: "env.ANTHROPIC_API_KEY"
weight: 1 # 25%
gemini:
keys:
- name: "gemini-primary"
value: "env.GEMINI_API_KEY"
weight: 1 # 25%
providerSecrets:
openai:
existingSecret: "provider-keys"
key: "openai-api-key"
envVar: "OPENAI_API_KEY"
anthropic:
existingSecret: "provider-keys"
key: "anthropic-api-key"
envVar: "ANTHROPIC_API_KEY"
gemini:
existingSecret: "provider-keys"
key: "gemini-api-key"
envVar: "GEMINI_API_KEY"
plugins:
telemetry:
enabled: true
logging:
enabled: true
helm install bifrost bifrost/bifrost -f multi-provider.yaml
Use an existing PostgreSQL instance - RDS, Cloud SQL, Azure Database, or self-managed.kubectl create secret generic postgres-credentials \
--from-literal=password='your-external-postgres-password'
# external-db.yaml
image:
tag: "v1.4.11"
storage:
mode: postgres
postgresql:
enabled: false
external:
enabled: true
host: "your-rds-endpoint.us-east-1.rds.amazonaws.com"
port: 5432
user: "bifrost"
database: "bifrost"
sslMode: "require"
existingSecret: "postgres-credentials"
passwordKey: "password"
bifrost:
encryptionKey: "your-encryption-key"
providers:
openai:
keys:
- name: "openai-primary"
value: "sk-..."
weight: 1
helm install bifrost bifrost/bifrost -f external-db.yaml
Semantic response caching for high-volume AI inference.kubectl create secret generic bifrost-encryption \
--from-literal=key='your-32-byte-encryption-key'
kubectl create secret generic provider-keys \
--from-literal=openai-api-key='sk-your-key'
# ai-workload.yaml
image:
tag: "v1.4.11"
storage:
mode: postgres
postgresql:
enabled: true
auth:
password: "secure-password"
primary:
persistence:
size: 50Gi
vectorStore:
enabled: true
type: weaviate
weaviate:
enabled: true
persistence:
size: 50Gi
bifrost:
encryptionKeySecret:
name: "bifrost-encryption"
key: "key"
providers:
openai:
keys:
- name: "openai-primary"
value: "env.OPENAI_API_KEY"
weight: 1
providerSecrets:
openai:
existingSecret: "provider-keys"
key: "openai-api-key"
envVar: "OPENAI_API_KEY"
plugins:
semanticCache:
enabled: true
config:
provider: "openai"
keys:
- value: "env.OPENAI_API_KEY"
weight: 1
embedding_model: "text-embedding-3-small"
dimension: 1536
threshold: 0.85
ttl: "1h"
cache_by_model: true
cache_by_provider: true
helm install bifrost bifrost/bifrost -f ai-workload.yaml
Zero credentials in values files - all sensitive data in Kubernetes Secrets.kubectl create secret generic postgres-credentials \
--from-literal=password='your-postgres-password'
kubectl create secret generic bifrost-encryption \
--from-literal=key='your-encryption-key'
kubectl create secret generic provider-keys \
--from-literal=openai-api-key='sk-...' \
--from-literal=anthropic-api-key='sk-ant-...'
kubectl create secret generic qdrant-credentials \
--from-literal=api-key='your-qdrant-api-key'
# secrets-only.yaml
image:
tag: "v1.4.11"
storage:
mode: postgres
postgresql:
enabled: false
external:
enabled: true
host: "postgres.example.com"
port: 5432
user: "bifrost"
database: "bifrost"
sslMode: "require"
existingSecret: "postgres-credentials"
passwordKey: "password"
vectorStore:
enabled: true
type: qdrant
qdrant:
enabled: false
external:
enabled: true
host: "qdrant.example.com"
port: 6334
existingSecret: "qdrant-credentials"
apiKeyKey: "api-key"
bifrost:
encryptionKeySecret:
name: "bifrost-encryption"
key: "key"
providers:
openai:
keys:
- name: "openai-primary"
value: "env.OPENAI_API_KEY"
weight: 1
anthropic:
keys:
- name: "anthropic-primary"
value: "env.ANTHROPIC_API_KEY"
weight: 1
providerSecrets:
openai:
existingSecret: "provider-keys"
key: "openai-api-key"
envVar: "OPENAI_API_KEY"
anthropic:
existingSecret: "provider-keys"
key: "anthropic-api-key"
envVar: "ANTHROPIC_API_KEY"
helm install bifrost bifrost/bifrost -f secrets-only.yaml
