Installation

GlassFlow AI Runtime ships as a Helm chart for Kubernetes. The chart deploys all platform services (control plane, receiver, pipeline, sink, UI) with bundled NATS and PostgreSQL.

The AI agent is not included in the Helm chart. Agents are deployed separately — see Agents.

Prerequisites

Kubernetes 1.24+
Helm 3.10+

Quick install


# Clone the repo
git clone https://github.com/glassflow/glassflow-ai-runtime.git
cd glassflow-ai-runtime/charts/glassflow-ai-runtime
 
# Fetch dependencies (NATS + PostgreSQL sub-charts)
helm dependency build
 
# Install with a secure JWT secret
helm install glassflow . \
  --set controlplane.jwtSecret="$(openssl rand -hex 32)"

This deploys all services with ClusterIP services. See Exposing the UI for ingress setup.

Configuration

JWT secret

The control plane uses a JWT secret to sign authentication tokens. Always set this to a random value in production:


--set controlplane.jwtSecret="$(openssl rand -hex 32)"

CORS origins

Set this to the external URL where the UI is served, so the browser can call the API:


--set controlplane.corsAllowedOrigins="https://glassflow.example.com"

Image registry and tag


global:
  image:
    registry: ghcr.io/glassflow
    tag: v0.1.0
    pullPolicy: IfNotPresent

Email (optional)

Enable password-reset emails and member invites:


controlplane:
  smtp:
    connectionUrl: "smtp://user:pass@smtp.example.com:587"
    fromAddress: "noreply@example.com"
  uiBaseUrl: "https://glassflow.example.com"

Exposing the UI

The chart does not include an Ingress resource. Create one that matches your cluster’s ingress controller.

Same domain for UI and API

Serve the UI at / and the API at /api on the same domain:


# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: glassflow
spec:
  ingressClassName: nginx
  rules:
    - host: glassflow.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: glassflow-ui
                port:
                  number: 3000
          - path: /api
            pathType: Prefix
            backend:
              service:
                name: glassflow-controlplane
                port:
                  number: 8080
          - path: /healthz
            pathType: Exact
            backend:
              service:
                name: glassflow-controlplane
                port:
                  number: 8080
  tls:
    - hosts:
        - glassflow.example.com
      secretName: glassflow-tls

With this setup, use:


--set controlplane.corsAllowedOrigins="https://glassflow.example.com" \
--set ui.apiUrl=""

An empty ui.apiUrl means the browser calls the same origin.

Separate domains

If you prefer app.example.com for the UI and api.example.com for the API:


--set controlplane.corsAllowedOrigins="https://app.example.com" \
--set ui.apiUrl="https://api.example.com"

Exposing the receiver

The receiver needs to be reachable by your OTLP sources and your AI agent. Create a LoadBalancer service or ingress:


apiVersion: v1
kind: Service
metadata:
  name: glassflow-receiver-lb
spec:
  type: LoadBalancer
  selector:
    app.kubernetes.io/component: receiver
  ports:
    - port: 4318
      targetPort: 4318

External PostgreSQL

To use an existing PostgreSQL instance instead of the bundled one:


helm install glassflow . \
  --set postgresql.enabled=false \
  --set postgresql.externalUrl="postgres://user:pass@your-postgres:5432/gfai?sslmode=require" \
  --set controlplane.jwtSecret="$(openssl rand -hex 32)"

External NATS

To use an existing NATS cluster instead of the bundled one:


helm install glassflow . \
  --set nats.enabled=false \
  --set nats.externalUrl="nats://your-nats:4222" \
  --set controlplane.jwtSecret="$(openssl rand -hex 32)"

Uninstall


helm uninstall glassflow

The PostgreSQL PVC is retained by default. Delete it manually to remove stored data.

All values

See the full values reference in the Helm chart README .