> ## Documentation Index
> Fetch the complete documentation index at: https://www.truefoundry.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Install on-prem

> Install TrueFoundry with Minio or S3-compatible storage and self-hosted options.

Deploy the TrueFoundry control plane and AI Gateway. See the [overview](/docs/platform/deploy-control-plane-and-gateway-plane) for compute requirements and prerequisites.

## Installation Instructions

<Steps>
  <Step title="Get S3 compatible storage">
    You can use Minio or any other S3 compatible storage.

    <Accordion title="Using Minio (Self-Hosted S3-Compatible Storage)">
      If you're using Minio or another S3-compatible storage solution, you'll need to provide the following configuration:

      1. **Bucket Name**: Name of the S3-compatible bucket
      2. **Region**: Region identifier (can be any string for Minio)
      3. **Access Key ID**: Access key for authentication
      4. **Secret Access Key**: Secret key for authentication
      5. **Endpoint URL**: Full URL to your S3-compatible storage endpoint

      These values will be used in the configuration steps below.
    </Accordion>
  </Step>

  <Step title="Create Postgres database">
    If you have a managed postgres database, we highly recommend you to use it. If you don't have one, you can create a PostgreSQL database of size equivalent to `db.t3.medium` with storage size of 30GB.

    <Warning>
      **Important Configuration Notes:**

      * **For PostgreSQL 17+:** Disable SSL by setting `force_ssl` parameter to `0` in the parameter group
      * **Security Group:** Ensure your database security group/firewall rules allow traffic from Kubernetes node groups
    </Warning>

    <Accordion title="Using Managed PostgreSQL">
      For production environments, we strongly recommend using a managed PostgreSQL service:

      1. Create a PostgreSQL instance with the specifications from the [Compute Requirements](#compute-requirements) section
      2. Create a database named `truefoundry` (or your preferred name)
      3. Create a user with full permissions on this database
      4. Note down the following details:
         * **DB\_HOST**: Database hostname or IP address
         * **DB\_PORT**: Database port (usually 5432)
         * **DB\_NAME**: Database name
         * **DB\_USERNAME**: Database username
         * **DB\_PASSWORD**: Database password
    </Accordion>

    <Accordion title="Using PostgreSQL on Kubernetes (Dev/Testing Only)">
      For development or testing purposes only, you can deploy PostgreSQL on Kubernetes:

      1. Set `devMode.enabled: true` in the values file (shown in a later step)
      2. The PostgreSQL will be automatically deployed with the control plane

      This setup is NOT highly-available and should NOT be used for production environments.
    </Accordion>
  </Step>

  <Step title="Create Kubernetes Secrets">
    We will create two secrets in this step:

    1. Store the License Key and DB Credentials
    2. Store the Image Pull Secret

    <Accordion title="Create Kubernetes Secret for License Key and DB Credentials">
      We need to create a [Kubernetes secret](https://github.com/truefoundry/infra-charts/blob/main/charts/truefoundry/README.md#using-k8s-secret-for-required-fields) containing the licence key and db credentials.

      <Note>
        If you are using PostgreSQL on Kubernetes in the dev mode, the values will be as follows:

        DB\_HOST: \<HELM\_RELEASE\_NAME>-postgresql.\<NAMESPACE>.svc.cluster.local // eg. truefoundry-postgresql.truefoundry.svc.cluster.local

        DB\_NAME: truefoundry

        DB\_USERNAME: postgres # In order to use custom username, please update the same at `postgresql.auth.username`

        DB\_PASSWORD: randompassword # You can change this to any value here.
      </Note>

      ```yaml truefoundry-creds.yaml lines theme={"dark"}
      apiVersion: v1
      kind: Secret
      metadata:
        name: truefoundry-creds
      type: Opaque
      stringData:
        TFY_API_KEY: <TFY_API_KEY> # Provided by TrueFoundry team
        DB_HOST: <DB_HOST>
        DB_NAME: <DB_NAME>
        DB_USERNAME: <DB_USERNAME>
        DB_PASSWORD: <DB_PASSWORD>
      ```

      Apply the secret to the Kubernetes cluster (Assuming you are installing the control plane in the `truefoundry` namespace)

      ```bash lines theme={"dark"}
      kubectl apply -f truefoundry-creds.yaml -n truefoundry
      ```
    </Accordion>

    <Accordion title="Create Kubernetes Secret for Image Pull Secret">
      We need to create a [Image Pull Secret](https://github.com/truefoundry/infra-charts/blob/main/charts/truefoundry/README.md#using-k8s-secret-for-required-fields) to enable pulling the truefoundry images from the private registry.

      ```yaml truefoundry-image-pull-secret.yaml lines theme={"dark"}
      apiVersion: v1
      kind: Secret
      metadata:
        name: truefoundry-image-pull-secret
      type: kubernetes.io/dockerconfigjson
      data:
        .dockerconfigjson: <IMAGE_PULL_SECRET> # Provided by TrueFoundry team
      ```

      Apply the secret to the Kubernetes cluster (Assuming you are installing the control plane in the `truefoundry` namespace)

      ```bash lines theme={"dark"}
      kubectl apply -f truefoundry-image-pull-secret.yaml -n truefoundry
      ```
    </Accordion>
  </Step>

  <Step title="Create HelmChart Values file">
    Create a values file as given below and replace the following values:

    * `Control Plane URL`: URL that you will map to the control plane dashboard.
    * `Tenant Name`: Tenant name provided by TrueFoundry team.
    * `AWS S3 Bucket Name`: AWS S3 Bucket Name
    * `AWS Region`: AWS Region
    * `AWS Access Key ID`: AWS Access Key ID
    * `AWS Secret Access Key`: AWS Secret Access Key
    * `AWS Endpoint URL`: URL for your S3 compatible Blob storage

    ```yaml truefoundry-values.yaml wrap expandable lines theme={"dark"}
    global:
      # Domain to map the control plane dashboard
      controlPlaneURL: https://example.com

      # Ask TrueFoundry team to provide these
      tenantName: <TENANT_NAME>

      # This is the reference to the secrets we created in the previous step
      existingTruefoundryCredsSecret: "truefoundry-creds"
      imagePullSecrets:
        - name: "truefoundry-image-pull-secret"
      ## Add if you have restricted public registry access
      # image:
      #   pullSecretNames:
      #   - "truefoundry-image-pull-secret"

      # Choose the resource tier as per your needs
      resourceTier: medium # or small or large

      config:
        defaultCloudProvider: "aws"
        storageConfiguration:
          # In case of S3 compatible storage, provide the details here
          awsS3BucketName: "<AWS_S3_BUCKET_NAME_EQUIVALENT>"
          awsRegion: "<AWS_REGION_EQUIVALENT>"
      ingress:
        hosts:
          - example.com
        enabled: true
        annotations: {}
        ingressClassName: nginx # Replace with your ingress class name
    # In case, you want to spin up PostgreSQL on kubernetes, enable this
    # Please add creds and host details in the secret `truefoundry-creds`
    devMode:
      enabled: false
    tags:
      llmGateway: true
      llmGatewayRequestLogging: true

    servicefoundryServer:
      env:
        AWS_ACCESS_KEY_ID: <AWS_ACCESS_KEY_ID_EQUIVALENT>
        AWS_SECRET_ACCESS_KEY: <AWS_SECRET_ACCESS_KEY_EQUIVALENT>
        AWS_ENDPOINT_URL: <AWS_ENDPOINT_URL_EQUIVALENT>
        # AWS_ALLOW_HTTP: <AWS_ALLOW_HTTP_EQUIVALENT> (optional)

    deltaFusionIngestor:
      env:
        AWS_ACCESS_KEY_ID: <AWS_ACCESS_KEY_ID_EQUIVALENT>
        AWS_SECRET_ACCESS_KEY: <AWS_SECRET_ACCESS_KEY_EQUIVALENT>
        AWS_ENDPOINT_URL: <AWS_ENDPOINT_URL_EQUIVALENT>
        # AWS_ALLOW_HTTP: <AWS_ALLOW_HTTP_EQUIVALENT> (optional)

    deltaFusionQueryServer:
      env:
        AWS_ACCESS_KEY_ID: <AWS_ACCESS_KEY_ID_EQUIVALENT>
        AWS_SECRET_ACCESS_KEY: <AWS_SECRET_ACCESS_KEY_EQUIVALENT>
        AWS_ENDPOINT_URL: <AWS_ENDPOINT_URL_EQUIVALENT>
        # AWS_ALLOW_HTTP: <AWS_ALLOW_HTTP_EQUIVALENT> (optional)

    # Disable few dependencies for only LLM Gateway setup
    tfyBuild:
      enabled: false
    sfyManifestService:
      enabled: false
    tfyController:
      enabled: false
    tfyConfigs:
      enabled: false
    ```
  </Step>

  <Step title="Install Helm chart">
    ```bash wrap lines theme={"dark"}
    helm upgrade --install truefoundry oci://tfy.jfrog.io/tfy-helm/truefoundry -n truefoundry --create-namespace -f truefoundry-values.yaml
    ```
  </Step>
</Steps>
