Quick Start - Bifrost

Latest Chart Version: View on Artifact Hub

OSS
Enterprise

Prerequisites

Kubernetes cluster (v1.19+)
kubectl configured
Helm 3.2.0+ installed
Persistent Volume provisioner (required for SQLite; optional for Postgres-only)

If you use PostgreSQL for Bifrost storage, ensure the database is UTF8 encoded. See PostgreSQL UTF8 Requirement.

Step 1 - Add the Helm Repository

helm repo add bifrost https://maximhq.github.io/bifrost/helm-charts
helm repo update

Step 2 - Install

The Helm chart ships ready-made values files under helm-charts/bifrost/values-examples/. For example: sqlite-only.yaml, production-ha.yaml, external-postgres.yaml, and secrets-from-k8s.yaml. See the full list here: https://github.com/maximhq/bifrost/tree/main/helm-charts/bifrost/values-examples

Minimal (SQLite)
With a Provider Key
Production (PostgreSQL + HA)

Fastest way to get running. Bifrost deploys as a StatefulSet with a 10Gi PVC for SQLite.

kubectl create secret generic bifrost-encryption-key \
  --from-literal=encryption-key="$(openssl rand -base64 32)"

helm install bifrost bifrost/bifrost \
  --set image.tag=v1.4.11 \
  --set bifrost.encryptionKeySecret.name="bifrost-encryption-key" \
  --set bifrost.encryptionKeySecret.key="encryption-key"

Add your first provider key at install time:

kubectl create secret generic bifrost-encryption-key \
  --from-literal=encryption-key="$(openssl rand -base64 32)"

kubectl create secret generic provider-keys \
  --from-literal=openai-api-key='sk-your-key'

helm install bifrost bifrost/bifrost \
  --set image.tag=v1.4.11 \
  --set bifrost.encryptionKeySecret.name="bifrost-encryption-key" \
  --set bifrost.encryptionKeySecret.key="encryption-key" \
  --set 'bifrost.providers.openai.keys[0].name=primary' \
  --set 'bifrost.providers.openai.keys[0].value=env.OPENAI_API_KEY' \
  --set 'bifrost.providers.openai.keys[0].weight=1' \
  --set bifrost.providerSecrets.openai.existingSecret="provider-keys" \
  --set bifrost.providerSecrets.openai.key="openai-api-key" \
  --set bifrost.providerSecrets.openai.envVar="OPENAI_API_KEY"

High-availability setup - 3 replicas, PostgreSQL, autoscaling, ingress.

# 1. Create secrets
kubectl create secret generic bifrost-encryption-key \
  --from-literal=encryption-key="$(openssl rand -base64 32)"

kubectl create secret generic postgres-credentials \
  --from-literal=password="$(openssl rand -base64 32)"

kubectl create secret generic provider-keys \
  --from-literal=openai-api-key='sk-...'

# production.yaml
image:
  tag: "v1.4.11"

replicaCount: 3

storage:
  mode: postgres

postgresql:
  enabled: true
  auth:
    username: bifrost
    database: bifrost
    existingSecret: "postgres-credentials"
    secretKeys:
      adminPasswordKey: "password"
  primary:
    persistence:
      size: 50Gi
    resources:
      requests:
        cpu: 500m
        memory: 1Gi
      limits:
        cpu: 2000m
        memory: 2Gi

autoscaling:
  enabled: true
  minReplicas: 3
  maxReplicas: 10
  targetCPUUtilizationPercentage: 70
  targetMemoryUtilizationPercentage: 80

ingress:
  enabled: true
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
  hosts:
    - host: bifrost.yourdomain.com
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: bifrost-tls
      hosts:
        - bifrost.yourdomain.com

resources:
  requests:
    cpu: 500m
    memory: 1Gi
  limits:
    cpu: 2000m
    memory: 2Gi

bifrost:
  encryptionKeySecret:
    name: "bifrost-encryption-key"
    key: "encryption-key"

  client:
    initialPoolSize: 500
    dropExcessRequests: true
    enableLogging: true

  providers:
    openai:
      keys:
        - name: "openai-primary"
          value: "env.OPENAI_API_KEY"
          weight: 1

  providerSecrets:
    openai:
      existingSecret: "provider-keys"
      key: "openai-api-key"
      envVar: "OPENAI_API_KEY"

  plugins:
    telemetry:
      enabled: true
      version: 1
    logging:
      enabled: true
      version: 1
    governance:
      enabled: true
      version: 1

# 2. Install
helm install bifrost bifrost/bifrost -f production.yaml

image.tag is required - the chart will not start without it. Check Docker Hub for available versions.

Step 3 - Verify

# Check pods are running
kubectl get pods -l app.kubernetes.io/name=bifrost

# Port forward and hit the health endpoint
kubectl port-forward svc/bifrost 8080:8080
curl http://localhost:8080/health

# Check Prometheus metrics
curl http://localhost:8080/metrics

Step 4 - Configure Providers & Plugins

# Make your first inference call
curl http://localhost:8080/v1/chat/completions \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4o-mini",
    "messages": [{"role": "user", "content": "Hello from Bifrost!"}]
  }'

Next steps: jump to Next Steps.

Enterprise customers receive dedicated container images in a private registry, along with additional features, SLAs, and compliance documentation.

Book a demo to know more about our enterprise features.

Prerequisites

Kubernetes cluster (v1.19+)
kubectl configured
Helm 3.2.0+ installed
Enterprise registry credentials (provided by Maxim)

Step 1 - Add the Helm Repository

helm repo add bifrost https://maximhq.github.io/bifrost/helm-charts
helm repo update

Step 2 - Create Pull Secret

Create a Kubernetes image pull secret for our private enterprise registry:

Google Artifact Registry
AWS ECR
Azure ACR
Self-Hosted Registry

kubectl create secret docker-registry enterprise-registry-secret \
  --docker-server=us-west1-docker.pkg.dev \
  --docker-username=_json_key \
  --docker-password="$(cat service-account-key.json)" \
  --docker-email=your-email@example.com

kubectl create secret docker-registry enterprise-registry-secret \
  --docker-server=123456789.dkr.ecr.us-east-1.amazonaws.com \
  --docker-username=AWS \
  --docker-password=$(aws ecr get-login-password --region us-east-1)

ECR tokens expire after 12 hours. Use the ECR Credential Helper or ECR Registry Creds operator for automatic refresh.

kubectl create secret docker-registry enterprise-registry-secret \
  --docker-server=yourregistry.azurecr.io \
  --docker-username=<service-principal-id> \
  --docker-password=<service-principal-password>

kubectl create secret docker-registry enterprise-registry-secret \
  --docker-server=registry.yourcompany.com \
  --docker-username=<username> \
  --docker-password=<password>

Step 3 - Create Required Secrets

# Encryption key
kubectl create secret generic bifrost-encryption \
  --from-literal=key="$(openssl rand -base64 32)"

# Provider API keys
kubectl create secret generic provider-keys \
  --from-literal=openai-api-key='sk-...' \
  --from-literal=anthropic-api-key='sk-ant-...'

# Admin credentials (for dashboard + governance)
kubectl create secret generic bifrost-admin-credentials \
  --from-literal=username='admin' \
  --from-literal=password='secure-admin-password'

Step 4 - Install

# enterprise.yaml
image:
  # Registry URL provided by Maxim
  repository: us-west1-docker.pkg.dev/bifrost-enterprise/your-org/bifrost
  tag: "latest"

imagePullSecrets:
  - name: enterprise-registry-secret

replicaCount: 3

resources:
  requests:
    cpu: 1000m
    memory: 2Gi
  limits:
    cpu: 4000m
    memory: 8Gi

autoscaling:
  enabled: true
  minReplicas: 3
  maxReplicas: 20
  targetCPUUtilizationPercentage: 70
  targetMemoryUtilizationPercentage: 80

storage:
  mode: postgres

postgresql:
  enabled: true
  auth:
    password: "secure-password"   # use existingSecret in production
  primary:
    persistence:
      size: 100Gi
    resources:
      requests:
        cpu: 1000m
        memory: 2Gi
      limits:
        cpu: 4000m
        memory: 8Gi

vectorStore:
  enabled: true
  type: weaviate
  weaviate:
    enabled: true
    persistence:
      size: 100Gi

ingress:
  enabled: true
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/proxy-body-size: "100m"
  hosts:
    - host: bifrost.yourcompany.com
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: bifrost-tls
      hosts:
        - bifrost.yourcompany.com

bifrost:
  encryptionKeySecret:
    name: "bifrost-encryption"
    key: "key"

  client:
    initialPoolSize: 1000
    dropExcessRequests: true
    enableLogging: true
    disableContentLogging: false    # set true for HIPAA/compliance
    logRetentionDays: 365
    enforceGovernanceHeader: true
    maxRequestBodySizeMb: 100
    allowedOrigins:
      - "https://yourcompany.com"
      - "https://*.yourcompany.com"

  providers:
    openai:
      keys:
        - name: "openai-primary"
          value: "env.OPENAI_API_KEY"
          weight: 1
    anthropic:
      keys:
        - name: "anthropic-primary"
          value: "env.ANTHROPIC_API_KEY"
          weight: 1

  providerSecrets:
    openai:
      existingSecret: "provider-keys"
      key: "openai-api-key"
      envVar: "OPENAI_API_KEY"
    anthropic:
      existingSecret: "provider-keys"
      key: "anthropic-api-key"
      envVar: "ANTHROPIC_API_KEY"

  governance:
    authConfig:
      isEnabled: true
      disableAuthOnInference: false
      existingSecret: "bifrost-admin-credentials"
      usernameKey: "username"
      passwordKey: "password"

  plugins:
    telemetry:
      enabled: true
      version: 1
    logging:
      enabled: true
      version: 1
    governance:
      enabled: true
      version: 1
      config:
        is_vk_mandatory: true
    semanticCache:
      enabled: true
      version: 1
      config:
        provider: "openai"
        embedding_model: "text-embedding-3-small"
        dimension: 1536
        threshold: 0.85
        ttl: "1h"

affinity:
  podAntiAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchLabels:
            app.kubernetes.io/name: bifrost
        topologyKey: kubernetes.io/hostname

helm install bifrost bifrost/bifrost -f enterprise.yaml

Next steps: jump to Next Steps.

For DB-backed deployments, built-in plugins support a top-level version field (for example: telemetry, logging, governance, semanticCache, otel, maxim, datadog). Increase this number when you want config from Helm to overwrite an older plugin record in the DB.

Enterprise Support

Enterprise customers have access to:

Dedicated Slack channel for support
Priority bug fixes and feature requests
Custom feature development
SLA guarantees
Compliance documentation (SOC2, HIPAA, etc.)

Contact support@getmaxim.ai for support.

Operations

Upgrade

helm repo update

# Upgrade reusing all existing values
helm upgrade bifrost bifrost/bifrost --reuse-values

# Upgrade with new values
helm upgrade bifrost bifrost/bifrost -f your-values.yaml

# Upgrade and override a single field
helm upgrade bifrost bifrost/bifrost \
  --reuse-values \
  --set image.tag=v1.4.11

Rollback

helm history bifrost
helm rollback bifrost          # to previous revision
helm rollback bifrost 2        # to specific revision

Scale

kubectl scale deployment bifrost --replicas=5

# Or via Helm
helm upgrade bifrost bifrost/bifrost \
  --reuse-values \
  --set replicaCount=5

Uninstall

helm uninstall bifrost

# Also remove PVCs (permanently deletes all data)
kubectl delete pvc -l app.kubernetes.io/instance=bifrost

Monitoring

Prometheus Metrics

Bifrost exposes Prometheus metrics at /metrics. Enable ServiceMonitor for automatic scraping:

serviceMonitor:
  enabled: true
  interval: 30s
  scrapeTimeout: 10s

Health Checks

Check pod health:

# View pod status
kubectl get pods -l app.kubernetes.io/name=bifrost

# Check logs
kubectl logs -l app.kubernetes.io/name=bifrost --tail=100

# Describe pod
kubectl describe pod -l app.kubernetes.io/name=bifrost

Metrics Endpoints

# Port forward
kubectl port-forward svc/bifrost 8080:8080

# Check metrics
curl http://localhost:8080/metrics

# Check health
curl http://localhost:8080/health

Configuration Guides

Values Reference

All parameters, secret references, advanced config, example patterns

Client Configuration

Pool size, logging, CORS, header filtering, compat shims, MCP settings

Provider Setup

OpenAI, Anthropic, Azure, Bedrock, Vertex, Groq, self-hosted

Storage

SQLite, PostgreSQL, object storage for logs, vector stores

Plugins

Telemetry, logging, semantic cache, OTel, Datadog, governance

Governance

Budgets, rate limits, virtual keys, routing rules

Cluster Mode

Multi-replica HA, gossip, peer discovery

Troubleshooting

Pod startup, database, ingress, PVC, secrets, performance

Resources

Next Steps

Configure provider keys
Enable plugins
Set up observability
Configure governance

​Prerequisites

​Step 1 - Add the Helm Repository

​Step 2 - Install

​Step 3 - Verify

​Step 4 - Configure Providers & Plugins

​Prerequisites

​Step 1 - Add the Helm Repository

​Step 2 - Create Pull Secret

​Step 3 - Create Required Secrets

​Step 4 - Install

​Enterprise Support

​Operations

​Upgrade

​Rollback

​Scale

​Uninstall

​Monitoring

​Prometheus Metrics

​Health Checks

​Metrics Endpoints

​Configuration Guides

Values Reference

Client Configuration

Provider Setup

Storage

Plugins

Governance

Cluster Mode

Troubleshooting

​Resources

​Next Steps

Prerequisites

Step 1 - Add the Helm Repository

Step 2 - Install

Step 3 - Verify

Step 4 - Configure Providers & Plugins

Prerequisites

Step 1 - Add the Helm Repository

Step 2 - Create Pull Secret

Step 3 - Create Required Secrets

Step 4 - Install

Enterprise Support

Operations

Upgrade

Rollback

Scale

Uninstall

Monitoring

Prometheus Metrics

Health Checks

Metrics Endpoints

Configuration Guides

Resources

Next Steps