> ## Documentation Index
> Fetch the complete documentation index at: https://docs.hellocobi.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Helm Chart Setup

> Step-by-step guide to installing Cobi on Kubernetes or OpenShift using the cobi-dashboard Helm chart

## 1. Choose the chart source

```bash theme={null}
CHART_REF=oci://registry-1.docker.io/hellocobi/cobi-dashboard
CHART_VERSION=0.1.0
```

<Note>
  The Helm chart is published as a public OCI artifact. If you are installing from a local checkout of the chart instead, skip these variables and use the local path in the `helm install` commands below.
</Note>

## 2. Create the namespace

```bash theme={null}
kubectl create namespace cobi
```

## 3. Create required Secrets

### Docker Hub pull secret

Required if `global.imagePullSecrets` is set (needed for `hellocobi/*` private images).

```bash theme={null}
kubectl create secret docker-registry dockerhub-secret \
  --docker-server=https://index.docker.io/v1/ \
  --docker-username=<username> \
  --docker-password=<token> \
  --docker-email=<email> \
  --namespace cobi
```

### Backend environment secret

The backend reads its configuration from a Kubernetes Secret. Create it with your environment-specific values:

```bash theme={null}
kubectl create secret generic cobi-backend-secrets \
  --namespace cobi \
  --from-literal=DATABASE_URL="postgres://postgres:<password>@cobi-dashboard-postgresql:5432/dashboard_auth?schema=public" \
  --from-literal=CORE_DATABASE_URL="postgres://postgres:<password>@cobi-dashboard-postgresql:5432/cobi_core?schema=public" \
  --from-literal=BETTER_AUTH_SECRET="<random-string>" \
  --from-literal=BETTER_AUTH_URL="https://api.example.com" \
  --from-literal=FRONTEND_URL="https://app.example.com" \
  --from-literal=CONNECT_SERVICE_URL="http://cobi-dashboard-connect:8000" \
  --from-literal=QDRANT_URL="http://cobi-dashboard-qdrant:6333" \
  --from-literal=S3_BUCKET="documents" \
  --from-literal=S3_REGION="us-east-1" \
  --from-literal=S3_ENDPOINT="http://cobi-dashboard-minio:9000" \
  --from-literal=S3_ACCESS_KEY_ID="admin" \
  --from-literal=S3_SECRET_ACCESS_KEY="<minio-root-password>" \
  --from-literal=CONNECT_SERVICE_TOKEN="<shared-token>" \
  --from-literal=CONNECT_BUCKET_PREFIX="ingestion" 
```

See [Backend Service](/deployment/backend) for the full variable reference.

### Frontend environment secret

```bash theme={null}
kubectl create secret generic cobi-frontend-secrets \
  --namespace cobi \
  --from-literal=NODE_ENV="production" \
  --from-literal=VITE_API_BASE_URL="https://api.example.com" \
  --from-literal=VITE_API_SANDBOX_URL="https://api.example.com"
```

`VITE_API_BASE_URL` must match the backend Gateway route, Ingress, or Route hostname.

### Connect service secret

```bash theme={null}
kubectl create secret generic cobi-connect-secrets \
  --namespace cobi \
  --from-literal=HOST="0.0.0.0" \
  --from-literal=PORT="8000" \
  --from-literal=CONNECT_SERVICE_TOKEN="<shared-token>" \
  --from-literal=S3_ENDPOINT="http://cobi-dashboard-minio:9000"
```

Use the same `CONNECT_SERVICE_TOKEN` value in both the backend and connect secrets.

## 4. Build chart dependencies

If installing from a local chart directory:

```bash theme={null}
cd charts/cobi-dashboard
helm dependency build
```

This downloads the dependency charts (PostgreSQL, Qdrant, vllm-stack, MinIO) into `charts/`.

## 5. Install

Choose a values file that matches your environment, then install:

```bash theme={null}
helm install cobi-dashboard "$CHART_REF" \
  --namespace cobi \
  --version "$CHART_VERSION" \
  --values my-values.yaml \
  --wait
```

Or from a local chart:

```bash theme={null}
helm install cobi-dashboard ./charts/cobi-dashboard \
  --namespace cobi \
  --values my-values.yaml \
  --wait
```

## 6. Verify the rollout

```bash theme={null}
kubectl get pods -n cobi
kubectl get gateway,httproute -n cobi  # Gateway API
kubectl get ingress -n cobi       # Kubernetes
kubectl get routes -n cobi        # OpenShift
```

All pods should reach `Running` / `1/1 Ready`. The vLLM pod takes longer (\~5 min) while it downloads model weights.

## Upgrade

```bash theme={null}
helm upgrade cobi-dashboard "$CHART_REF" \
  --namespace cobi \
  --version "$CHART_VERSION" \
  --values my-values.yaml \
  --wait
```

## Uninstall

```bash theme={null}
helm uninstall cobi-dashboard --namespace cobi
```

PersistentVolumeClaims are **not** deleted automatically. Remove them manually if you want to purge all data:

```bash theme={null}
kubectl delete pvc -n cobi --all
```

***

## Minimal values file

The following enables all application components with sensible defaults. Substitute your image tags and domain names:

```yaml theme={null}
global:
  imagePullSecrets:
    - dockerhub-secret

backend:
  enabled: true
  image:
    repository: docker.io/hellocobi/dashboard-backend
    tag: "0.2.6"
    pullPolicy: IfNotPresent
  envFrom:
    - secretRef:
        name: cobi-backend-secrets
  s3:
    existingSecret: cobi-backend-secrets

frontend:
  enabled: true
  image:
    repository: docker.io/hellocobi/dashboard-frontend
    tag: "0.1.9"
    pullPolicy: IfNotPresent
  envFrom:
    - secretRef:
        name: cobi-frontend-secrets

connect:
  enabled: true
  image:
    repository: docker.io/hellocobi/dashboard-connect
    tag: "823edd6d96f97aae01425d8c3ddfc9ef8839c65b"
    pullPolicy: IfNotPresent
  envFrom:
    - secretRef:
        name: cobi-connect-secrets

ingress:
  enabled: true
  className: nginx
  tls:
    - secretName: cobi-dashboard-tls
      hosts:
        - app.example.com
        - api.example.com
        - connect.example.com
  app:
    enabled: true
    host: app.example.com
  api:
    enabled: true
    host: api.example.com
  connect:
    enabled: true
    host: connect.example.com
  minio:
    enabled: false
  grafana:
    enabled: false

gateway:
  enabled: false

postgresql:
  enabled: true
  auth:
    username: postgres
    password: "<strong-password>"
    database: dashboard_auth
  primary:
    initdb:
      scripts:
        create-core-db.sql: |
          CREATE DATABASE cobi_core;
    persistence:
      enabled: true
      size: 10Gi

qdrant:
  enabled: true
  persistence:
    enabled: true
    size: 10Gi

minio:
  enabled: true
  auth:
    rootUser: admin
    rootPassword: "<strong-password>"
  defaultBuckets: "documents"
  persistence:
    enabled: true
    size: 100Gi

otelLgtm:
  enabled: true

# vLLM disabled by default — see vLLM Setup guide
vllmstack:
  enabled: false
```

## OpenShift values override

For OpenShift, disable Kubernetes Ingress and Gateway, then enable the chart's frontend and backend API Routes:

```yaml theme={null}
ingress:
  enabled: false

gateway:
  enabled: false

# Enable OpenShift Routes
openshift:
  route:
    enabled: true
    host: dashboard.apps.cluster.example.com
    api:
      enabled: true
      host: api.apps.cluster.example.com
```

OpenShift Routes use edge TLS termination by default — TLS is terminated at the router, plain HTTP to the pods. Update the frontend and backend secrets to use the frontend Route and API Route:

```bash theme={null}
# Frontend secret
--from-literal=VITE_API_BASE_URL="https://api.apps.cluster.example.com"
--from-literal=VITE_API_SANDBOX_URL="https://api.apps.cluster.example.com"

# Backend secret
--from-literal=BETTER_AUTH_URL="https://api.apps.cluster.example.com"
--from-literal=FRONTEND_URL="https://dashboard.apps.cluster.example.com"
```

See [Ingress & Routes](/deployment/ingress-routes) for the full platform-specific configuration.