Documentation Index
Fetch the complete documentation index at: https://mintlify.com/OpsMill/infrahub/llms.txt
Use this file to discover all available pages before exploring further.
Deploy Infrahub on Kubernetes using Helm charts for production-grade deployments with high availability, scalability, and resilience.
Prerequisites
- Kubernetes cluster (1.27+)
- Helm (version 3.x)
- kubectl configured for cluster access
- Storage provisioner for persistent volumes
- 16 GB RAM minimum per node (32 GB recommended)
Helm charts
Infrahub provides two Helm charts:
- infrahub - Community edition
- infrahub-enterprise - Enterprise edition with HA features
Chart repositories
Chart structure
The Enterprise chart uses the Community chart as a dependency. Most configuration goes under the infrahub key:
infrahub:
infrahubServer:
replicas: 3
# ...
Quick start
Deploy with default settings (not suitable for production):
helm install infrahub \
oci://registry.opsmill.io/opsmill/chart/infrahub \
--namespace infrahub --create-namespace
Enterprise edition
Deploy with medium sizing preset (32 GB RAM):
helm install infrahub \
oci://registry.opsmill.io/opsmill/chart/infrahub-enterprise \
--version 4.0.0-medium \
--namespace infrahub --create-namespace \
-f values.yml
Configuration
Minimal production configuration
Create a values.yml file with production settings:
infrahub:
infrahubServer:
replicas: 3
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: service
operator: In
values:
- infrahub-server
topologyKey: topology.kubernetes.io/zone
ingress:
enabled: true
hosts:
- host: infrahub.example.com
paths:
- path: /
pathType: Prefix
env:
INFRAHUB_PRODUCTION: "true"
INFRAHUB_LOG_LEVEL: INFO
INFRAHUB_ALLOW_ANONYMOUS_ACCESS: "false"
INFRAHUB_INITIAL_ADMIN_TOKEN: "change-me"
INFRAHUB_SECURITY_SECRET_KEY: "change-me"
INFRAHUB_STORAGE_DRIVER: s3
AWS_ACCESS_KEY_ID: "your-access-key"
AWS_SECRET_ACCESS_KEY: "your-secret-key"
AWS_S3_BUCKET_NAME: infrahub-artifacts
AWS_S3_ENDPOINT_URL: https://s3.amazonaws.com
infrahubTaskWorker:
replicas: 3
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: service
operator: In
values:
- infrahub-task-worker
topologyKey: topology.kubernetes.io/zone
neo4j:
services:
admin:
enabled: true
volumes:
data:
mode: dynamic
dynamic:
storageClassName: premium-rwo
requests:
storage: 100Gi
Sizing presets
Enterprise charts include pre-configured sizing presets:
| Flavor | Chart version | RAM required | API workers | Task workers |
|---|
| small | 4.0.0-small | 16 GB | 4 | 2 |
| medium | 4.0.0-medium | 32 GB | 4 | 4 |
| medium-data | 4.0.0-medium-data | 32 GB | 4 | 2 |
| large | 4.0.0-large | 64 GB | 4 | 8 |
| large-data | 4.0.0-large-data | 64 GB | 4 | 2 |
helm install infrahub \
oci://registry.opsmill.io/opsmill/chart/infrahub-enterprise \
--version 4.0.0-medium \
-f values.yml
Redis configuration for flavored charts
When using sizing presets, configure Redis host for Prefect:
infrahub:
prefect-server:
backgroundServices:
messaging:
redis:
host: "infrahub-cache-master"
infrahub-cache-master).
Storage configuration
Persistent volumes
Enable persistence for Neo4j:
infrahub:
neo4j:
volumes:
data:
mode: dynamic
dynamic:
storageClassName: premium-rwo
requests:
storage: 100Gi
S3 object storage
Configure S3 for artifacts (required for multiple API replicas):
infrahub:
infrahubServer:
env:
INFRAHUB_STORAGE_DRIVER: s3
AWS_ACCESS_KEY_ID: "your-access-key"
AWS_SECRET_ACCESS_KEY: "your-secret-key"
AWS_S3_BUCKET_NAME: infrahub-artifacts
AWS_S3_ENDPOINT_URL: https://s3.amazonaws.com
AWS_S3_ENDPOINT_URL: https://minio.example.com
AWS_S3_USE_SSL: "true"
High availability
Neo4j cluster (Enterprise only)
Deploy a 3-node Neo4j cluster:
services:
admin:
enabled: true
volumes:
data:
mode: dynamic
dynamic:
storageClassName: premium-rwo
requests:
storage: 100Gi
env:
NEO4J_EDITION: enterprise
NEO4J_initial_dbms_default__primaries__count: "3"
kubectl create secret generic neo4j-user \
--namespace infrahub \
--from-literal=NEO4J_AUTH=neo4j/admin
helm install database-0 neo4j/neo4j \
--version 2025.10.1-4 \
--namespace infrahub \
-f neo4j-values.yaml
helm install database-1 neo4j/neo4j \
--version 2025.10.1-4 \
--namespace infrahub \
-f neo4j-values.yaml
helm install database-2 neo4j/neo4j \
--version 2025.10.1-4 \
--namespace infrahub \
-f neo4j-values.yaml
helm install database-service neo4j/neo4j-headless-service \
--version 2025.10.1-4 \
--namespace infrahub \
-f service-values.yaml
RabbitMQ cluster
Deploy clustered RabbitMQ:
replicaCount: 3
clustering:
enabled: true
partitionHandling: autoheal
persistence:
enabled: true
storageClass: premium-rwo
size: 20Gi
auth:
username: infrahub
password: infrahub
helm install messagequeue \
oci://registry-1.docker.io/bitnamicharts/rabbitmq \
--version 14.4.1 \
--namespace infrahub \
-f rabbitmq-values.yaml
Redis Sentinel
Deploy Redis with Sentinel for high availability:
architecture: replication
sentinel:
enabled: true
quorum: 2
master:
persistence:
enabled: true
storageClass: premium-rwo
size: 10Gi
replica:
replicaCount: 3
persistence:
enabled: true
storageClass: premium-rwo
size: 10Gi
helm install cache bitnami/redis \
--version 19.5.2 \
--namespace infrahub \
-f redis-values.yaml
Networking
Ingress configuration
Enable ingress for external access:
infrahub:
infrahubServer:
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: infrahub.example.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: infrahub-tls
hosts:
- infrahub.example.com
Load balancer
For cloud providers, use LoadBalancer service type:
infrahub:
infrahubServer:
service:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: nlb
Upgrading
Upgrade chart
Upgrade to a new version:
helm upgrade infrahub \
oci://registry.opsmill.io/opsmill/chart/infrahub-enterprise \
--version 4.1.0-medium \
-f values.yml
Migrate from chart versions before 4.0.0
If upgrading from chart versions earlier than 4.0.0:
- Remove sizing preset environment variables from
values.yml
- Add Redis host configuration for Prefect:
infrahub:
prefect-server:
backgroundServices:
messaging:
redis:
host: "infrahub-cache-master"
- Run the upgrade:
helm upgrade infrahub \
oci://registry.opsmill.io/opsmill/chart/infrahub-enterprise \
--version 4.0.0-medium \
-f values.yml
Monitoring
Enable metrics
Configure Prometheus metrics:
infrahub:
infrahubServer:
env:
INFRAHUB_TRACE_ENABLE: "true"
INFRAHUB_TRACE_EXPORTER_TYPE: otlp
INFRAHUB_TRACE_EXPORTER_ENDPOINT: http://prometheus:9090
Health checks
Verify pod health:
kubectl get pods -n infrahub -l app=infrahub
kubectl exec -n infrahub deployment/infrahub-server -- \
curl -f http://localhost:8000/api/health
Troubleshooting
View logs
View API server logs:
kubectl logs -n infrahub -l service=infrahub-server -f
kubectl logs -n infrahub -l service=infrahub-task-worker -f
Restart deployments
Restart API servers:
kubectl rollout restart deployment/infrahub-server -n infrahub
kubectl rollout restart deployment/infrahub-task-worker -n infrahub
Database connectivity
Test Neo4j connectivity:
kubectl run -n infrahub cypher-shell --rm -i --tty \
--image neo4j:2025.10.1-community -- \
cypher-shell -a bolt://database:7687 -u neo4j -p admin
Production recommendations
Storage persistence
- Enable persistence for Neo4j database at minimum
- Use SSD-backed storage classes for better performance
- Configure backup strategies for persistent volumes
External dependencies
For production, use managed services instead of bundled dependencies:
- Managed Neo4j (Neo4j Aura, cloud provider)
- Managed RabbitMQ (CloudAMQP, cloud provider)
- Managed Redis (Redis Enterprise, cloud provider)
- Managed PostgreSQL (RDS, Cloud SQL)
- Managed S3 (AWS S3, GCS, Azure Blob)
Security
- Enable network policies for pod-to-pod communication
- Use secrets instead of environment variables
- Enable TLS for all database connections
- Restrict ingress to specific IP ranges
- Enable pod security policies