This repository contains a Helm chart which can be used to install Tonic via helm install.
Project structure:
.
├── templates
└── <All template files>
├── values.yaml
└── README.md
Helm must be installed to use the charts. Please refer to Helm's documentation to get started. The chart is published as an OCI package. It is recommended that you use a Helm version >= 3.8.0 which added full support for OCI registries.
To install the textual chart:
helm install -n <your-namespace> textual oci://quay.io/tonicai/textual -f values.yaml
To uninstall the chart:
helm uninstall textual
Alternatively, if you have the templates downloaded into your machine, you may also use the following from within the Textual directory:
helm install -n <your-namespace> textual -f values.yaml .
Before deploying this setup, configure the following values.
- ENVIRONMENT_NAME: E.g. "my-company-name", or if deploying multiple Tonic instances, "my-company-name-dev" or "my-company-name-prod to differentiate instances.
- textualVersion: A specific version tag. Tonic's tag convention is just the release number, e.g. "086". The latest version during installation will be supplied by Tonic.
The connection details for the Postgres metadata/application database which holds Tonic's state (user accounts, workspaces, etc.).
- host
- port
- dbName
- user
- password
This value is used as the secret for encryption
- textualEncryptionSecret: Any string value is valid
For all sensitive values, instead of providing the value directly in values.yaml, you can reference a pre-existing Kubernetes secret. This is useful when secrets are managed externally (e.g. synced from AWS Secrets Manager, Azure Key Vault, or HashiCorp Vault via a CSI driver).
The pattern for each is an ExistingSecret field (the secret name) and an optional ExistingSecretKey field (the key within the secret, defaulting to the value shown below).
textualDatabase:
# Option A: provide the password directly
password: <password>
# Option B: reference an existing secret
existingSecret: <secret-name>
existingSecretKey: password # default# Option A: provide the license directly
solarLicense: <license>
# Option B: reference an existing secret
solarLicenseExistingSecret: <secret-name>
solarLicenseExistingSecretKey: secret # default# Option A: provide the value directly
textualEncryptionSecret: <value>
# Option B: reference an existing secret
textualEncryptionSecretExistingSecret: <secret-name>
textualEncryptionSecretExistingSecretKey: secret # defaultThe same pattern applies to all other sensitive values:
| Value | ExistingSecret field | ExistingSecretKey field | Default key |
|---|---|---|---|
openAiApiKey |
openAiApiKeyExistingSecret |
openAiApiKeyExistingSecretKey |
secret |
chatApiKey |
chatApiKeyExistingSecret |
chatApiKeyExistingSecretKey |
secret |
azureDocIntelligenceKey |
azureDocIntelligenceKeyExistingSecret |
azureDocIntelligenceKeyExistingSecretKey |
secret |
googleClientSecret |
googleClientSecretExistingSecret |
googleClientSecretExistingSecretKey |
secret |
githubClientSecret |
githubClientSecretExistingSecret |
githubClientSecretExistingSecretKey |
secret |
azureClientSecret |
azureClientSecretExistingSecret |
azureClientSecretExistingSecretKey |
secret |
keycloakClientSecret |
keycloakClientSecretExistingSecret |
keycloakClientSecretExistingSecretKey |
secret |
When using an ExistingSecret, the chart will not create a Kubernetes secret for that value — it will reference the named secret directly. For optional values, if neither the direct value nor ExistingSecret is set, the corresponding environment variable is simply omitted.
Tonic hosts our application images on a private quay.io repository. Authorization is required to pull the images.
- dockerConfigAuth: This value will be provided to you by Tonic and will allow you to authenticate against our private docker image repository.
This value is used to maintain consistency of values across redactions
- solarStatisticsSeed: Any integer value
numberOfWorkers: An integer. Increase to more than 1 to deploy additional workers. Each worker can run a single redaction at a time. Multiple workers are needed to run jobs simultaneously. This sets the number of replicas in the Tonic Worker Deployment spec.
The Helm charts include default annotations for internal-facing load balancers for AWS, Azure, and GCP. You can change to your preferred ingress method by modifying solar-api-server-service.yaml as well as updating the annotations section included in values.yaml
Each of the deployment YAML template files contains resource requests and limits. In some cases these may need to be modified for your environment.
To install Tonic Textual, execute the following commands.
Create a namespace:
$ kubectl create namespace my-tonic-namespace
Deploy Tonic Textual:
$ helm install <name_of_release> -n <namespace_name> <path-to-helm-chart>
Use kubectl get all -n <namespace_name> to check that the Textual pods are running:
The deployment may take a few minutes with pods in the ContainerCreating status. Re-run the command to get an updated status. Once all pods have a status of Running and deployments show READY as 1/1, Tonic should be available shortly after via browser at the URL/IP listed in the EXTERNAL-IP field next to the load balancer service. If you have modified the Helm chart ingress configuration, then this will vary. While not required, it's recommended to set up a more user-friendly domain routing to the Tonic web application.
You can validate that Tonic has fully started up and is in a healthy state by running kubectl logs deployment/textual-api-server -n <namespace_name> and check for output that reads "Now listening on: ...."