anythingllm
The all-in-one Desktop & Docker AI application with built-in RAG, AI agents, No-code agent builder, MCP compatibility, and more.
Configuration & Usage
-
Config vs Secrets: This chart exposes application configuration via two mechanisms:
config(invalues.yaml) — rendered into aConfigMapand injected usingenvFromin the pod. Do NOT place sensitive values (API keys, secrets) inconfigbecauseConfigMaps are not encrypted.env/envFrom— the preferred way to inject secrets. Use KubernetesSecretobjects and reference them fromenv(withvalueFrom.secretKeyRef) orenvFrom.secretRef.
-
Storage & STORAGE_DIR mapping: The chart creates (or mounts) a
PersistentVolumeClaimusing thepersistentVolume.*settings. The container mount path is set frompersistentVolume.mountPath. Ensure the containerSTORAGE_DIRconfig key matches that path (defaults are set invalues.yaml).
Providing API keys & secrets (recommended)
Use Kubernetes Secrets. Below are example workflows and values.yaml snippets.
- Create a Kubernetes Secret with API keys:
kubectl create secret generic openai-secret --from-literal=OPENAI_KEY="sk-..."
# or from a file
# kubectl create secret generic openai-secret --from-file=OPENAI_KEY=/path/to/keyfile
- Reference the Secret from
values.yamlusingenvFrom(recommended when your secret contains multiple env keys):
envFrom:
- secretRef:
name: openai-secret
This will inject all key/value pairs from the openai-secret Secret as environment variables in the container.
- Or reference a single secret key via
env(explicit mapping):
env:
- name: OPENAI_KEY
valueFrom:
secretKeyRef:
name: openai-secret
key: OPENAI_KEY
Notes:
- Avoid placing secret values into
config:(the chart'sConfigMap) —ConfigMaps are visible to anyone who can read the namespace. UseSecretobjects for any credentials/tokens. - If you use a GitOps workflow, consider integrating an external secret operator (ExternalSecrets, SealedSecrets, etc.) so you don't store raw secrets in Git.
Example values-secret.yaml to pass during helm install
image:
repository: mintplexlabs/anythingllm
tag: "1.12.1"
service:
type: ClusterIP
port: 3001
# Reference secret containing API keys
envFrom:
- secretRef:
name: openai-secret
# Optionally override other values
persistentVolume:
size: 16Gi
mountPath: /storage
Install with:
helm install my-anythingllm ./anythingllm -f values-secret.yaml
Best practices & tips
- Use
envFromfor convenience when many environment variables are stored in a singleSecretand useenv/valueFromfor explicit single-key mappings. - Use
kubectl create secret genericor your secrets management solution. If you need to reference multiple different provider keys (OpenAI, Anthropic, etc.), create a singleSecretwith multiple keys or multiple Secrets and add multipleenvFromentries. - Keep probe paths and
service.portaligned. If your probes fail after deployment, check that the probeportmatches the container port (or named porthttp) and that thepathis valid. - For storage, if you have a pre-existing PVC set
persistentVolume.existingClaimto the PVC name; the chart will mount that claim (and will not attempt to create a new PVC). - For production, provide resource
requestsandlimitsinvalues.yamlto prevent scheduler starvation and to control cost.
Values
| Key | Type | Default | Description |
|---|---|---|---|
| affinity | object | {} |
|
| config.DISABLE_TELEMETRY | string | "true" |
|
| config.GID | string | "1000" |
|
| config.NODE_ENV | string | "production" |
|
| config.STORAGE_DIR | string | "/storage" |
|
| config.UID | string | "1000" |
|
| env | object | {} |
|
| envFrom | object | {} |
|
| fullnameOverride | string | "" |
|
| image.pullPolicy | string | "IfNotPresent" |
|
| image.repository | string | "mintplexlabs/anythingllm" |
|
| image.tag | string | "1.12.1" |
|
| imagePullSecrets | list | [] |
|
| ingress.annotations | object | {} |
|
| ingress.className | string | "" |
|
| ingress.enabled | bool | false |
|
| ingress.hosts[0].host | string | "chart-example.local" |
|
| ingress.hosts[0].paths[0].path | string | "/" |
|
| ingress.hosts[0].paths[0].pathType | string | "ImplementationSpecific" |
|
| ingress.tls | list | [] |
|
| initContainers | list | [] |
|
| livenessProbe.failureThreshold | int | 3 |
|
| livenessProbe.httpGet.path | string | "/v1/api/health" |
|
| livenessProbe.httpGet.port | int | 8888 |
|
| livenessProbe.initialDelaySeconds | int | 15 |
|
| livenessProbe.periodSeconds | int | 5 |
|
| nameOverride | string | "" |
|
| nodeSelector | object | {} |
|
| persistentVolume.accessModes[0] | string | "ReadWriteOnce" |
|
| persistentVolume.annotations | object | {} |
|
| persistentVolume.existingClaim | string | "" |
|
| persistentVolume.labels | object | {} |
|
| persistentVolume.mountPath | string | "/storage" |
|
| persistentVolume.size | string | "8Gi" |
|
| podAnnotations | object | {} |
|
| podLabels | object | {} |
|
| podSecurityContext.fsGroup | int | 1000 |
|
| readinessProbe.httpGet.path | string | "/v1/api/health" |
|
| readinessProbe.httpGet.port | int | 8888 |
|
| readinessProbe.initialDelaySeconds | int | 15 |
|
| readinessProbe.periodSeconds | int | 5 |
|
| readinessProbe.successThreshold | int | 2 |
|
| replicaCount | int | 1 |
|
| resources | object | {} |
|
| securityContext | object | {} |
|
| service.port | int | 3001 |
|
| service.type | string | "ClusterIP" |
|
| serviceAccount.annotations | object | {} |
|
| serviceAccount.automount | bool | true |
|
| serviceAccount.create | bool | true |
|
| serviceAccount.name | string | "" |
|
| tolerations | list | [] |
|
| volumeMounts | list | [] |
|
| volumes | list | [] |
