Documentation Index
Fetch the complete documentation index at: https://docs.neuraltrust.ai/llms.txt
Use this file to discover all available pages before exploring further.
The chart ships a small set of values files that cover the most common deployment topologies. Pick the file closest to your target environment, copy it to my-values.yaml, and override only what you need.
| File | Purpose |
|---|
values-required.yaml | Minimal starting template — recommended for first-time setup. All other values use chart defaults. |
values.yaml | Complete reference with every option and inline comments. |
values-openshift.yaml | Pre-configured for OpenShift with Routes. |
values-openshift-ingress.yaml.example | OpenShift using Kubernetes Ingress instead of Routes. |
values-external-services.yaml.example | External ClickHouse, Kafka, and PostgreSQL. |
values-dataplane-gpu.yaml.example | Data Plane + GPU firewall workers, no TrustGate. |
values-all-deployed.yaml.example | Everything enabled — useful as a “what does the full stack look like” reference. |
curl -sLO https://raw.githubusercontent.com/NeuralTrust/neuraltrust-platform/main/values-required.yaml
Quick reference
| Scenario | Values file | Platform | Ingress | Routes | Secrets |
|---|
| Zero-config | None (defaults) | Any | No | No | Auto |
| Kubernetes (cloud) | values-required.yaml | aws / gcp / azure / kubernetes | Yes | No | Auto |
| OpenShift (Routes) | values-openshift.yaml | openshift | No | Yes | Auto |
| OpenShift (Ingress) | values-openshift-ingress.yaml.example | openshift | Yes | No | Pre-gen |
| Everything on | values-all-deployed.yaml.example | Configurable | Yes | Configurable | Auto |
| External infra | values-external-services.yaml.example | Configurable | Yes | Configurable | Auto |
| GPU firewall | values-dataplane-gpu.yaml.example | Configurable | Yes | Configurable | Explicit |
Common scenarios
Kubernetes with Ingress
global:
platform: "aws" # or "gcp", "azure", "kubernetes"
domain: "platform.example.com"
values-required.yaml and override global.platform + global.domain. The chart picks the right ingress flavor for the cloud automatically.
OpenShift with Routes
global:
platform: "openshift"
domain: "apps.mycluster.example.com"
values-openshift.yaml. Routes are created automatically; Ingress is disabled. See OpenShift.
OpenShift with Ingress
global:
platform: "openshift"
domain: "apps.mycluster.example.com"
ingress:
provider: "openshift"
trustgate:
ingress:
enabled: true
neuraltrust-control-plane:
controlPlane:
components:
api:
ingress:
enabled: true
app:
ingress:
enabled: true
values-openshift-ingress.yaml.example.
External infrastructure only
NeuralTrust services in-cluster, ClickHouse / Kafka / PostgreSQL provided externally:
infrastructure:
clickhouse:
deploy: false
external:
host: "clickhouse.example.com"
port: "8123"
user: "neuraltrust"
password: "" # inject via --set or pre-created secret
database: "neuraltrust"
kafka:
deploy: false
external:
bootstrapServers: "kafka.example.com:9092"
neuraltrust-control-plane:
infrastructure:
postgresql:
deploy: false
controlPlane:
components:
postgresql:
secrets:
host: "postgres.example.com"
port: "5432"
user: "neuraltrust"
password: "" # inject via --set or pre-created secret
database: "neuraltrust"
values-external-services.yaml.example.
Services-only (no TrustGate)
trustgate:
enabled: false
neuraltrust-control-plane:
controlPlane:
enabled: true
neuraltrust-data-plane:
dataPlane:
enabled: true
Pre-generated secrets (CI/CD, Vault)
global:
autoGenerateSecrets: false
preserveExistingSecrets: true
Zero-config
helm upgrade --install neuraltrust-platform \
oci://europe-west1-docker.pkg.dev/neuraltrust-app-prod/helm-charts/neuraltrust-platform \
--version <VERSION> \
--namespace neuraltrust --create-namespace
global.platform: "gcp", in-cluster infrastructure, auto-generated secrets, and self-signed TLS. Useful for rapid evaluation; not suitable for production.
How infrastructure resolves
| Component | In-cluster service name | External config path |
|---|
| ClickHouse | <release>-clickhouse | infrastructure.clickhouse.external.host |
| Kafka | <release>-kafka:9092 | infrastructure.kafka.external.bootstrapServers |
| PostgreSQL | control-plane-postgresql | neuraltrust-control-plane.controlPlane.components.postgresql.secrets.host |
_helpers.tpl resolves the right hostname automatically based on deploy: true / false. You don’t typically need to override these directly.
Component toggles
Every component can be flipped independently:
neuraltrust-data-plane:
dataPlane:
enabled: true # Data Plane API + workers
neuraltrust-control-plane:
controlPlane:
enabled: true # Control Plane API + UI + scheduler
trustgate:
enabled: true # TrustGate AI gateway
neuraltrust-firewall:
firewall:
enabled: false # Firewall gateway + workers (off by default)
Ingress vs Routes
| Feature | Ingress | Routes (OpenShift) |
|---|
| Platform | Any Kubernetes | OpenShift only |
| Controller | Required (NGINX, ALB, GCE, etc.) | Built-in |
| TLS | kubernetes.io/tls secrets or cloud-managed | OpenShift router |
| Enable | ingress.enabled: true per component | Default when platform: "openshift" |
Secret management modes
| Mode | Flag | Behavior | Best for |
|---|
| Auto-generated | autoGenerateSecrets: true | Helm creates and preserves secrets | Dev, staging, quick starts |
| Explicit values | autoGenerateSecrets: true + values set | Your values override auto-generation | Controlled environments |
| Pre-generated | preserveExistingSecrets: true | Helm never touches secrets | Vault, Sealed Secrets, compliance |
Firewall: CPU and GPU
| Component | Image | Scheduling | CUDA MPS |
|---|
| Gateway | firewall-cpu | CPU only | N/A |
| Workers (default) | firewall-cpu | CPU only | Omit MPS keys |
| Workers (GPU) | firewall-gpu | GPU nodes with nvidia.com/gpu, nodeSelector, tolerations, hostIPC | Set both cudaMpsActiveThreadPercentage and cudaMpsPinnedDeviceMemLimit |
values-dataplane-gpu.yaml.example, values.yaml. Detailed setup: Firewall deployment.
