Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.emergence.ai/llms.txt

Use this file to discover all available pages before exploring further.

Values Reference

This page documents all configurable values in the em-runtime Helm chart. Values are organized by scope: global, per-service, infrastructure subcharts, and testing.

Global Values

KeyTypeDefaultDescription
hostnamestring"localhost"External hostname for the platform. Used in HTTPRoute hostnames, CORS origins, and Keycloak redirect URIs.
schemestring"http"URL scheme (http or https). Combined with hostname to form BASE_URL.
existingSecretstring""Name of a pre-existing Secret containing external database credentials. Required when postgres.enabled or redis.enabled is false.
gatewayNamestring"em-runtime-gateway"Name of the Kubernetes Gateway resource that HTTPRoutes reference.
gatewayNamespacestring"gateway"Namespace where the Gateway resource is deployed.
pullPolicystring"IfNotPresent"Default image pull policy for all containers.
imagePullSecretslist[{name: "em-registry-secret"}]Default image pull secrets for private registry access.

Bootstrap

KeyTypeDefaultDescription
bootstrap.organizationIdstring"emergence"Default organization identifier (also used as Keycloak realm name). Must be alphanumeric with hyphens or underscores.
bootstrap.organizationNamestring"Emergence"Display name of the default organization.
bootstrap.organizationDescriptionstring"Emergence organization"Description of the default organization.
bootstrap.adminEmailstring"admin@emergence.local"Admin email for platform services bootstrap.

CORS

KeyTypeDefaultDescription
cors.enabledbooltrueEnables CORS middleware on all runtime services.

HTTPRoute

KeyTypeDefaultDescription
httpRoute.enabledbooltrueCreates an HTTPRoute resource.
httpRoute.ruleslistSee belowRouting rules mapping external path prefixes to internal services.

Default HTTPRoute Rules

Path PrefixServicePortRewrite
/keycloakkeycloak8080None
/api/governanceem-runtime-governance8000/governance
/api/assetsem-runtime-assets8000/assets
/api/utilsem-runtime-utils8000/utils

Service Accounts (Bootstrap)

KeyTypeDefaultDescription
serviceAccounts.enabledbooltrueEnables service account creation during bootstrap.
serviceAccounts.serviceslist5 servicesList of service accounts to create in Keycloak master realm.
Default service accounts: svc-data-readiness, svc-readiness, svc-scheduler, svc-cleanup, svc-indexer.

Runtime Service Values

The following values apply to each of em-runtime-governance, em-runtime-assets, and em-runtime-utils. Replace <service> with the service name.

Deployment

KeyTypeDefaultDescription
<service>.replicaCountint1Number of replicas.
<service>.image.repositorystring"ghcr.io/emergenceai/em-runtime-<name>"Container image repository.
<service>.image.tagstringChart versionContainer image tag.
<service>.image.pullPolicystring"IfNotPresent"Image pull policy.
<service>.deploymentStrategyobject{type: "Recreate"}Update strategy (Assets only, for PVC compatibility).

Autoscaling

KeyTypeDefaultDescription
<service>.autoscaling.enabledboolfalseEnable Horizontal Pod Autoscaler.
<service>.autoscaling.minReplicasint1Minimum replicas.
<service>.autoscaling.maxReplicasint10Maximum replicas.
<service>.autoscaling.targetCPUUtilizationPercentageint80CPU utilization target for scaling.

Resources

KeyTypeDefault (Governance/Assets)Default (Utils)
<service>.resources.requests.cpustring"250m""100m"
<service>.resources.requests.memorystring"512Mi""256Mi"
<service>.resources.limits.cpustring"1000m""500m"
<service>.resources.limits.memorystring"1Gi""512Mi"

Security Context

KeyTypeDefaultDescription
<service>.podSecurityContext.runAsNonRootbooltrueEnforce non-root execution.
<service>.podSecurityContext.runAsUserint1000User ID for the container.
<service>.podSecurityContext.fsGroupint1000Filesystem group.
<service>.securityContext.readOnlyRootFilesystembooltrueRead-only root filesystem.
<service>.securityContext.allowPrivilegeEscalationboolfalsePrevent privilege escalation.
<service>.securityContext.capabilities.droplist["ALL"]Drop all Linux capabilities.

Health Probes

KeyTypeDefaultDescription
<service>.livenessProbe.httpGet.pathstring"/health"Liveness check path.
<service>.livenessProbe.httpGet.portint8000Liveness check port.
<service>.readinessProbe.httpGet.pathstring"/health"Readiness check path.
<service>.startupProbe.failureThresholdint30Startup probe attempts before failure.
<service>.startupProbe.periodSecondsint10Seconds between startup probe checks.

Scheduling

KeyTypeDefaultDescription
<service>.nodeSelectorobject{}Node label constraints.
<service>.tolerationslist[]Toleration rules for tainted nodes.
<service>.affinityobject{}Pod scheduling affinity rules.

Service

KeyTypeDefaultDescription
<service>.service.typestring"ClusterIP"Service type.
<service>.service.portint8000Service port.
<service>.service.annotationsobject{}Service annotations.

Default Environment Variables

All Services

KeyDefaultDescription
ENVIRONMENT"production"Runtime environment identifier.
LOG_LEVEL"INFO"Log verbosity (DEBUG, INFO, WARNING, ERROR).
LOG_FORMAT"JSON"Log output format.
ROOT_PATH"/api"API root path prefix.
DOCS_ENABLED"true"Enable OpenAPI documentation endpoints.
OTEL_ENABLED"true"Master switch for OpenTelemetry.
OTEL_EXPORTER_OTLP_ENDPOINT"http://otel-collector:4317"OTLP collector gRPC endpoint.
OTEL_TRACES_ENABLED"true"Enable distributed tracing.
OTEL_METRICS_ENABLED"true"Enable metrics export.
OTEL_LOGS_ENABLED"true"Enable log record export.
OTEL_TRACE_SAMPLE_RATE"0.1"Trace sampling ratio (0.0-1.0).

Assets and Utils Only

KeyDefaultDescription
GOVERNANCE_API_URL"http://em-runtime-governance:8000"Internal governance service URL.
AUTH_CHECK_URL"http://keycloak:8080/keycloak"Keycloak URL for token validation.

Secret-Backed Variables (via envVars)

These are sourced from em-runtime-secrets and can be overridden by setting the same key in env:
KeyServicesDescription
BASE_URLAllPlatform base URL (from hostname + scheme).
CORS_ENABLEDAllCORS middleware toggle.
POSTGRES_HOSTAllPostgreSQL hostname.
POSTGRES_PORTAllPostgreSQL port.
POSTGRES_USERAllPostgreSQL username.
POSTGRES_PASSWORDAllPostgreSQL password.
POSTGRES_DBAllPer-service database name.
REDIS_HOSTAllRedis hostname.
REDIS_PORTAllRedis port.
REDIS_SCHEMEAllRedis connection scheme.
REDIS_PASSWORDAllRedis password.

S3 Storage Variables

VariableDefaultDescription
STORAGE_TYPElocalStorage backend: local or s3.
S3_ENDPOINT_URLNoneCustom S3 endpoint (required for GCS, MinIO).
S3_ACCESS_KEY_IDNoneAccess key ID.
S3_SECRET_ACCESS_KEYNoneSecret access key.
S3_REGIONus-east-1Bucket region.
S3_BUCKET_NAMEem-runtimeBucket name.
S3_PREFIX_UPLOADEDuploadedPrefix for user-uploaded artifacts.
S3_PREFIX_GENERATEDgeneratedPrefix for system-generated artifacts.

Assets Storage (PVC)

KeyTypeDefaultDescription
em-runtime-assets.storage.enabledbooltrueEnable PVC storage. Set false for S3.
em-runtime-assets.storage.sizestring"10Gi"PVC size.
em-runtime-assets.storage.accessModeslist["ReadWriteMany"]PVC access modes.
em-runtime-assets.storage.mountPathstring"/var/lib/em-runtime/storage"Mount path in container.
em-runtime-assets.storage.storageClassstring""StorageClass name (empty uses default).

Infrastructure Subcharts

Keycloak

KeyTypeDefaultDescription
keycloak.replicaCountint1Number of Keycloak replicas.
keycloak.resources.requests.cpustring"1000m"CPU request.
keycloak.resources.requests.memorystring"1280Mi"Memory request.
keycloak.resources.limits.cpustring"2000m"CPU limit.
keycloak.resources.limits.memorystring"2Gi"Memory limit.

OpenFGA

KeyTypeDefaultDescription
openfga.replicaCountint1Number of OpenFGA replicas.
openfga.autoscaling.enabledboolfalseEnable HPA.
openfga.autoscaling.targetCPUUtilizationPercentageint80CPU scaling target.
openfga.autoscaling.targetMemoryUtilizationPercentageint80Memory scaling target.
openfga.resources.requests.cpustring"100m"CPU request.
openfga.resources.requests.memorystring"256Mi"Memory request.

Infisical (On-Premises / Cloud-Agnostic)

Infisical is one of two supported secrets backends. For cloud deployments on GCP, ESO + GCP Secret Manager can be used instead. See Secrets Management for a comparison.
KeyTypeDefaultDescription
infisical.enabledbooltrueEnable the Infisical subchart. Set false when using ESO + GCP Secret Manager.
infisical-standalone.infisical.replicaCountint1Number of Infisical replicas.
infisical-standalone.infisical.resources.requests.cpustring"350m"CPU request.
infisical-standalone.infisical.resources.requests.memorystring"512Mi"Memory request.

PostgreSQL (In-Cluster)

KeyTypeDefaultDescription
postgres.enabledbooltrueEnable in-cluster PostgreSQL. Set false for external.
postgres.replicaCountint1Number of PostgreSQL replicas.
postgres.persistence.enabledbooltrueEnable data persistence.
postgres.persistence.sizestring"8Gi"Persistent volume size.

Redis (In-Cluster)

KeyTypeDefaultDescription
redis.enabledbooltrueEnable in-cluster Redis. Set false for external.
redis.replicaCountint1Number of Redis replicas.
redis.persistence.enabledbooltrueEnable data persistence.
redis.persistence.sizestring"8Gi"Persistent volume size.

Next Steps

Helm Configuration

Deployment modes, secrets, and production setup guide.

Upgrades

Version upgrades, migration steps, and rollback.