Helm Chart

Helm chart installation instructions

The Helm chart option separates the infrastructure and permission provisioning process from the DBNL platform deployment process, allowing you to manage the infrastructure, permissions and Helm chart using your existing processes.

To get the Helm chart, see ghcr.io/dbnlai/charts/dbnl.

Prerequisites

The following prerequisite steps are required before starting the Helm chart installation.

Infrastructure

To successfully deploy the DBNL Helm chart, you will need the following infrastructure:

A Kubernetes cluster (e.g. EKS, GKE).
- An Ingress or Gateway controller (e.g. aws-load-balancer-controller, ingress-gce)
A PostgreSQL database (e.g. RDS, CloudSQL).
An object store bucket (e.g. S3, GCS) to store raw data.
A Redis database (e.g. ElasticCache, Memorystore) to act as a messaging queue.

Configuration

To configure the DBNL Helm chart, you will need:

A hostname to host the DBNL platform (e.g. dbnl.example.com).
A set of DBNL registry credentials to pull the DBNL artifacts (e.g. Docker images, Helm chart).
An RSA key pair to sign the personal access tokens.

An RSA key pair can be generated with:

openssl genrsa -out dbnl_dev_token_key.pem 2048

Requirements

To install the DBNL Helm chart, you will need:

Install kubectl and set the Kubernetes cluster context.
Install helm.

Permissions

For the services deployed by the Helm chart to work as expected, they will need the following permissions and network accesses:

api-srv
- Network access to the database.
- Network access to the Redis database.
- Permission to read, write and generate pre-signed URLs on the object store bucket.
worker-srv
- Network access to the database.
- Network access to the Redis database.
- Permission to read and write to the object store bucket.

Installation

The Helm chart can be installed directly using helm install or using your chart release management tool of choice such as ArgoCD or FluxCD.

Steps

The steps to install the Helm chart using the Helm CLI are as follows:

Create a minimal values.yaml file.

auth:
  # For more details on OIDC options, see OIDC Authentication section.
  oidc:
    enabled:   true
    issuer:    oidc.example.com
    audience:  xxxxxxxx
    clientId:  xxxxxxxx
    scopes:    "openid email profile"

db:
  host: db.example.com
  port: 5432
  username: user
  password: password
  database: database

redis:
  host: redis.example.com
  port: 6379
  username: user
  password: password

ingress:
  enabled: true
  api:
    host: dbnl.example.com
  ui:
    host: dbnl.example.com

storage:
  s3:
    enabled: true
    region: us-east-1
    bucket: example-bucket

Install the Helm chart.

helm upgrade \
    --install \
    -f values.yaml \
    dbnl oci://ghcr.io/dbnlai/charts/dbnl

Options

For more details on all the installation options, see the Helm chart README and values.yaml files. The chart can be inspected with:

helm show all oci://ghcr.io/dbnlai/charts/dbnl --version $VERSION

Troubleshooting

Deployment Issues

Image pull errors:

# Check if registry secret exists
kubectl get secret dbnl-registry-secret -n dbnl

# If missing, contact Distributional for registry credentials
# Then create the secret:
kubectl create secret docker-registry dbnl-registry-secret \
  --docker-server=ghcr.io \
  --docker-username=YOUR_USERNAME \
  --docker-password=YOUR_TOKEN \
  -n dbnl

Database connection failures:

# Check database connectivity from a pod
kubectl run -it --rm debug --image=postgres:13 -n dbnl -- \
  psql -h YOUR_DB_HOST -U YOUR_DB_USER -d YOUR_DB_NAME

# Verify values.yaml has correct db.host, db.username, db.password

Pods not starting:

# Check pod status
kubectl get pods -n dbnl

# View pod logs
kubectl logs -n dbnl deployment/api-srv
kubectl logs -n dbnl deployment/worker-srv

# Describe pod for events
kubectl describe pod -n dbnl POD_NAME

Ingress not created:

# Check ingress status
kubectl get ingress -n dbnl

# Verify ingress controller is installed
kubectl get pods -n ingress-nginx  # or your ingress namespace

# Check ingress events
kubectl describe ingress -n dbnl dbnl-ingress

OIDC authentication failures:

Verify auth.oidc.issuer, auth.oidc.clientId, and auth.oidc.audience match your IDP configuration
Check that redirect URIs in your IDP include https://YOUR_DOMAIN/auth/callback
Ensure OIDC scopes include at minimum: openid email profile

Validation Steps

After deployment, verify the installation:

# Check all pods are running
kubectl get pods -n dbnl
# Expected: api-srv, worker-srv, ui-srv all in Running state

# Check services
kubectl get svc -n dbnl

# Test API health endpoint
kubectl port-forward -n dbnl svc/api-srv 8080:80
curl http://localhost:8080/health

# Access the UI
kubectl get ingress -n dbnl
# Note the ADDRESS and navigate to https://YOUR_DOMAIN

Need more help? Contact [email protected]

PreviousSandbox NextTerraform Module

Was this helpful?