Every option on this page is already wired in the Helm chart defaults — either via a dedicated Helm value or as a direct environment variable on the relevant service.Each setting is listed as the env var name with its Helm values path written right below it. Always set the Helm value when one exists rather than overriding the env var directly — they map to the same setting, but the Helm value is the supported, upgrade-safe path.
Pin all service & app tags
Pin all core service and app image tags to the desired tag. Available tags are listed on the Prisme.ai releases page.prismeai-runtime dependencies
LLM and vector store credentials
LLM Gateway and Storage workspaces consume credentials throughWORKSPACE_SECRET_* environment variables exposed on prismeai-runtime.
The string after
llm-gateway_ or storage_ is the secret name as it will be consumed by the LLM Gateway and Storage workspaces. The names you choose here must match the secret names referenced from the products configuration at the later products install step.- Elasticsearch Vector store
- Opensearch Vector store
- LLM providers
Declare every vector store credential as a
WORKSPACE_SECRET_storage_* variable.Examples:WORKSPACE_SECRET_storage_index_prefix prefixes every RAG index name — useful when sharing the same cluster between several Prisme.ai platforms. The platform appends _ automatically, so the value must not end with - or _ (e.g. set acme, not acme_).Runtime app endpoints (custom deployments)
With the standard Helm charts, runtime → app routing is wired automatically. If you run a custom deployment, verify that the runtime configuration points to the right hosts:FUNCTIONS_HOST must point to prismeai-functions, SEARCHENGINE_HOST to prismeai-searchengine, both reachable from prismeai-runtime.
prismeai-api-gateway: Accounts and authentication
Sessions and tokens
Prisme.ai follows the standard OIDC split between session (server-side, on the auth server) and access token (JWT, on the client):- The browser holds an OIDC session cookie issued by
prismeai-api-gateway. As long as that cookie is valid, the gateway can silently mint a new JWT without prompting the user to log in again. - Clients (Studio, APIs, automations) hold an access token JWT and present it on every request. When the JWT expires, the client bounces through the gateway, which — if the session cookie is still alive — hands back a fresh JWT.
- Expiring the session cookie is what actually forces a re-login, after the JWT expiration.
Email provider
Configure at least one provider to send signup-validation / password-reset emails.Mailgun
SMTP
CORS
By default, the API gateway only accepts cross-origin requests fromCONSOLE_URL and from workspace custom domains. To embed agents or call the API from another origin (e.g. a public website hosting the chat widget), allowlist it explicitly:
Exposing several front-end domains
A single Prisme.ai platform can serve its front-end (Studio / console) on several domains at once — e.g.studio.example.com, team-a.example.com, team-b.example.com — all backed by the same core services. This is the standard multi-tenant SaaS setup.
Only the front-end is multi-domain. The API gateway always keeps a single public domain (
global.apiUrl, e.g. https://api.example.com/v2) — every console domain talks to that same backend URL.prismeai-core values file:
1. List every console domain in global.consoleUrl
global.consoleUrl accepts a comma-separated list of front-end URLs. The first entry is the default — it’s the one used for emails and sign-out when a request carries no recognizable origin. Every entry is automatically allow-listed by the api-gateway for OIDC redirect_uris, CSP frame-ancestors and CORS, so you don’t have to repeat them anywhere else.
2. Point every domain’s DNS at the load balancer
Create a DNS record for each console domain that resolves to the same ingress load balancer (the ALB / NLB / nginx service that fronts the platform) — typically aCNAME to the LB hostname, or an A/ALIAS record to its address. All the front domains share one load balancer; the ingress routing (next step) is what dispatches each host to the right service. Don’t forget your TLS certificates must cover every domain (SAN cert or one cert per domain, depending on your ingress controller).
3. Add a front-end rule per domain on the ingress
Each console domain needs its ownhost rule on the ingress, all pointing to the same prismeai-console service. Define the console backend once with a YAML anchor, then reuse it for every domain — that keeps the block DRY as the list grows:
global.consoleUrl, create its DNS record, and append one more - host: … / http: *CONSOLE_SERVICE rule.
Upload and request limits
Event retention and cleanup
The platform produces a large volume of activity events. Tune retention or you’ll outgrow your Elasticsearch or OpenSearch cluster.Functions (custom code)
The two settings below are the most often tuned — see Functions Microservice for the full env-var reference (task storage, memory caps, NPM registry, …).Crawler & Searchengine
The settings below are the most often tuned — see Crawler & SearchEngine Microservices for the full env-var reference.Rate limiting
The platform enforces rate limits at three places, with different semantics:Authentication endpoints (prismeai-api-gateway env variables)
RATE_LIMIT_* env vars protect signup, login and password reset. Requests above the threshold are rejected with HTTP 429. Tune these tighter for production to slow down credential-stuffing or signup abuse. See Environment Variables — Rate Limiting.
Workspace APIs (gateway ConfigMap)
In addition to the env-var-driven auth limits, the gateway applies four per-user rate limits on native workspaces routes, defined in thegateway.config.yml of the core-prismeai-api-gateway-config ConfigMap. All four use key: userId and window: 60s.
Override by editing the ConfigMap directly. These are platform-level guardrails — they apply to every user, including super-admins, so raise them carefully when scripting bulk operations.
Automations (prismeai-runtime env vars)
RATE_LIMIT_* env vars on the runtime protect the automation engine. Unlike the gateway, these do not break execution — automations that exceed the threshold are deliberately slowed down rather than failed. The intent is fair-share execution under load, not to reject work. See API Reference — Rate Limits for the full list and per-workspace overrides.
Secrets encryption keys
Prisme.ai encrypts workspace secrets at rest with envelope encryption (AES-256-GCM): a master key (KEK) wraps per-workspace data keys, and short-lived reference keys sign secret references. Both live in a single Kubernetes Secret —<release>-secrets-encryption by default — and are exposed to the services as the SECRETS_MASTER_KEYS / SECRETS_REF_KEYS environment variables.
Recommended: pre-create the encryption Secret and reference it with
existingSecret. That is the only deterministic path for helm template / GitOps (Argo CD, Flux), and it is documented as an install step in Install with Helm → Secrets encryption keys. The auto-generation option below is for quick, non-GitOps helm install.Option — auto-generation (live helm install only)
On a live helm install, the chart auto-generates the keys into an immutable Secret and preserves them across every helm upgrade by reading the live Secret through Helm’s lookup. No pre-create step is needed — but this only works when Helm actually talks to the cluster.
Back up the generated keys right after install:
Value reference
masterKeys and refKeys must always be provided together — supplying only one is rejected, because mixing an explicit key with a freshly generated one would break either encrypted data or secret references. The Secret is immutable; to rotate keys you delete and recreate it with a new active key (keep the old key in the array so existing data still decrypts). See Workspace secrets for how secrets are used at the product level.Trusting an extra CA bundle
When Prisme.ai services call an HTTPS endpoint signed by a private PKI or a self-signed certificate — an internal API, an on-prem LLM gateway, a Prisme.ai app behind an in-cluster TLS terminator — the calling runtime refuses the handshake unless the signing CA is in its trust store.global.extraCABundle lets you mount one PEM bundle into every Prisme.ai pod in one shot, on both the prismeai-core and prismeai-apps charts.
The chart only references a Secret or ConfigMap that you create out-of-band — it never reads or writes the bundle itself, so rotations stay independent of helm upgrades.
SSL_CERT_FILE and REQUESTS_CA_BUNDLE replace (not augment) the default trust store. To keep public TLS working out of the box, the prismeai-apps chart runs a tiny init container (extra-ca-merge, reusing the service’s own image) that concatenates the system bundle with your custom one into an emptyDir, and points the env vars at the merged file. This is enabled by default via global.extraCABundle.mergeWithSystem: true. Your bundle can contain only your private CAs — public CAs come from the service’s own distro.Set mergeWithSystem: false if your bundle already contains the public CAs, or if you explicitly want to restrict the trust store to your private CAs only (no init container runs and the env vars point at the raw bundle).On prismeai-core, NODE_EXTRA_CA_CERTS is additive natively, so there’s no init container and no merge toggle.Step 1 — Create the Secret (or ConfigMap) holding the bundle
Concatenate every CA certificate you want to trust into a single PEM file, then create the Secret in each namespace where you install a Prisme.ai chart (typicallycore and apps):
ConfigMap works equally well if the bundle is not sensitive:
ca-bundle.crt above) is what the chart mounts — pick anything, just remember it for step 2.
Step 2 — Reference it from your values
Identical block in bothprismeai-core and prismeai-apps values files:
Step 3 — Upgrade and verify
fetch instruction or a Custom Code function) — it should succeed without UNABLE_TO_VERIFY_LEAF_SIGNATURE / SELF_SIGNED_CERT_IN_CHAIN / CERTIFICATE_VERIFY_FAILED.
Rotating the bundle is a
kubectl operation on the Secret/ConfigMap you own — no helm upgrade required. Pods pick up the new file automatically (mounted secrets refresh within ~60s); restart the deployment if you need the change immediately.HTTP Proxy
When the cluster has no direct egress to the internet — or when corporate policy forces every external call through a forward proxy —global.proxy propagates the standard env vars (HTTP_PROXY / HTTPS_PROXY / NO_PROXY plus lowercase variants) to every Prisme.ai pod, on both prismeai-core and prismeai-apps.
Step 1 — Configure the proxy values
Identical block on both charts:Step 2 — Upgrade and verify
fetch instruction to a public URL) and watch your proxy access logs — the request should appear there.
Proxy auth credentials embedded in
httpProxy / httpsProxy will be visible in pod env vars and in plaintext YAML on the filesystem. For sensitive credentials, keep the password out of the chart values and inject the full URL via existingSecret on a per-service envFrom instead.Offline or private-network deployments
For restricted environments, verify these points:prismeai-functionsonly needs an npm registry if you plan to write Custom Code that pulls in extra packages beyond the ones bundled in the image. See Custom Code Functions — NPM Registry Access.- If internal or self-signed certificates are used to sign HTTPS endpoints that the platform calls, propagate the CA bundle to every service via Trusting an extra CA bundle — one helm value covers both
prismeai-coreandprismeai-apps. - LLM providers, vector stores, and crawler targets must be reachable from the relevant pods.
Security context
Every Prisme.ai service supports the standard Kubernetes Security Context fields. Set them per service to enforce non-root execution, drop Linux capabilities, and prevent privilege escalation.prismeai-api-gateway, prismeai-workspaces, prismeai-runtime, prismeai-events, prismeai-console, prismeai-pages (core) and prismeai-crawler, prismeai-searchengine, prismeai-nlu, prismeai-llm (apps).
prismeai-functions is the exception. Its pod runs a root supervisor that forks each Custom Code execution into an isolated sandbox with its own UNIX user, network namespace and resource limits — that’s the actual isolation layer. Hardening the parent container’s security context is allowed but does not further restrict the sandboxes, so the gain is marginal. Don’t block root on the functions pod unless you’ve verified the supervisor still starts.Where to go next
- Install products — once the readiness check is green, import the platform products (Agent Creator, LLM Gateway, Storage, Governe, …).
- Resources & Autoscaling — picking Balanced vs Performance, HPA targets.
- Environment Variables — exhaustive per-service reference.
- Operations / Scaling — runtime tuning under load.