Installing on Kubernetes
Prerequisites
Before installing NeuralTrust, ensure you have:
- Kubernetes cluster (v1.20+)
- Minimum of 3 nodes
- Each node: 4 vCPUs, 16 GB Memory
- Total cluster resources: 12+ vCPUs, 48+ GB Memory
- Helm (v3.8+)
- kubectl configured to access your cluster
- OpenAI API key
- HuggingFace token (provided by NeuralTrust)
- Google Container Registry (GCR) service account key (provided by NeuralTrust)
Required Tools
kubectl
: For interacting with the Kubernetes clusterhelm
: For deploying Kubernetes applicationsyq
: For YAML processingjq
: For JSON processing
Installation Steps
1. Environment Setup
First, clone the repository and set up environment files:
2. Configure Environment Variables
Required environment variables:
Common Variables
ENVIRONMENT
: Environment (dev/prod)EMAIL
: Email for Let’s Encrypt certificatesOPENAI_API_KEY
: OpenAI API keyHUGGINGFACE_TOKEN
: HuggingFace token (provided by NeuralTrust)GCR_KEY_FILE
: Path to GCR service account key file
Data Plane API Variables
DATA_PLANE_API_URL
: Full URL for the Data Plane APIDATA_PLANE_API_IMAGE_REPOSITORY
: Docker image repositoryDATA_PLANE_API_IMAGE_TAG
: Docker image tagDATA_PLANE_API_IMAGE_PULL_POLICY
: Image pull policyDATA_PLANE_JWT_SECRET
: JWT secret for Control Plane authentication
Worker Variables
WORKER_IMAGE_REPOSITORY
: Docker image repositoryWORKER_IMAGE_TAG
: Docker image tagWORKER_IMAGE_PULL_POLICY
: Image pull policy
3. Run Installation
The script will:
- Create namespace (default: neuraltrust)
- Install cert-manager for SSL certificates
- Install NGINX Ingress Controller
- Create required secrets
- Install ClickHouse database
- Install Kafka for messaging
- Deploy Data Plane components
Installation Options
Skip ingress resources:
Skip cert-manager installation:
Or use values file:
Domain Configuration
DNS Setup
-
Create a subdomain for your Data Plane API (e.g.,
dataplane.yourdomain.com
) -
Configure CNAME record:
Get ingress controller address:
- Alternative: Use A record:
TLS/SSL Certificates
The installation automatically configures Let’s Encrypt certificates. Ensure:
- Domain is publicly accessible
- DNS propagation is complete
- Valid email address in
EMAIL
variable
Note: For custom certificates, contact NeuralTrust support.
Connecting to Control Plane
After installation:
- Log in to NeuralTrust portal
- Navigate to “Data Plane” section
- Add new Data Plane connection
- Enter Data Plane API endpoint
- Enter JWT secret from installation
- Save connection
Important: Save the JWT secret displayed during installation for Control Plane connection.
Upgrading
To upgrade existing installation:
- Update environment variables as needed
- Run installation script again:
The Helm charts will detect existing installations and perform an upgrade.
Troubleshooting
Common issues and solutions:
- Pod startup failures
- Database connection issues
- API key errors
- Verify OpenAI API key and HuggingFace token
- Ingress issues
- Certificate issues
- Control Plane connection issues
- Verify Data Plane API endpoint is accessible
- Confirm JWT token is correct
Additional Resources
For more information:
For support, contact support@neuraltrust.ai