Core Helm Chart

Early Access Capability

Deploying the Edge `core` Helm Chart

This section describes how to deploy the PlainID Edge core Helm chart in a Kubernetes environment. The core deployment installs the foundational PlainID Edge components required for MCP Gateway, discovery, and RAG enrichment capabilities. These steps assume that the Kubernetes cluster is already available and that Helm is installed and configured.

Early Access Prerequisites

Before proceeding with the installation, ensure that you have received credentials to the PlainID container registry oci://plainidio.azurecr.io.

Contact PlainID Support for help.

If you are using Helm v3.8.0 or higher, this is enabled by default. If you are using a lower version, you can enable OCI support setting the environment variable:

export HELM_EXPERIMENTAL_OCI=1

To set up the Core Helm Chart deployment:

Log in to the OCI Helm registry:
```
$ helm registry login -u <SHARED_USERNAME> plainidio.azurecr.io
Password:
Login Succeeded
```
Notes:
- Replace <SHARED_USERNAME> with the credentials provided by PlainID support.

Validate access to the Helm charts. You can repeat these steps for each chart. The version number may vary.

$ helm show chart oci://plainidio.azurecr.io/helm/core
Pulled: plainidio.azurecr.io/helm/core:1.0.0
Digest: sha256:a9744cfd44b7658196560bab7d355b590784b4f3a9f586367a3e14bfccc1e0fe
apiVersion: v2
appVersion: 1.0.0
dependencies:
- condition: vector-db-classifier-engine.enabled
 name: vector-db-classifier-engine
 repository: oci://plainidio.azurecr.io/helm
 version: 1.0.1
- condition: enrichment-agent.enabled
 name: enrichment-agent
 repository: oci://plainidio.azurecr.io/helm
 version: 1.0.4
- condition: mcp-gateway.enabled
 name: mcp-gateway
 repository: oci://plainidio.azurecr.io/helm
 version: 1.0.4
- condition: discovery-agent.enabled
 name: discovery-agent
 repository: oci://plainidio.azurecr.io/helm
 version: 1.0.1
description: PlainID Edge Core Helm Umbrella chart for Kubernetes
icon: https://www.plainid.com/wp-content/uploads/2024/01/mobile-logo.png
maintainers:
- email: support@plainid.com
 name: PlainID
 url: https://plainid.com
name: core
type: application
version: 1.0.0

Notes:

By default, it will show the latest version of the chart.

Deploy the core Helm chart. Ensure you replace <YOUR_VALUES_FILE> with the path to your Helm values file, and replace the <HELM_RELEASE_NAME> with the name of your Helm release.

$ helm install <HELM_RELEASE_NAME> oci://plainidio.azurecr.io/helm/core -f <YOUR_VALUES_FILE>

The following example shows a sample values file.

---
global:
  imagePullSecrets:
    - name: "<YOUR_PULL_SECRET>"

vector-db-classifier-engine:
  secret:
    OPENAI_API_KEY: "YOUR_OPENAI_API_KEY"

enrichment-agent:
  env:
    JWT_VALIDATION_ENABLED: "false"
    CLASSIFICATION_SERVICE_URL: "http://<HELM_RELEASE_NAME>-vector-db-classifier-engine:8000"
  secret:
    PINECONE_API_KEY: "YOUR_PINECONE_API_KEY"

mcp-gateway:
  plainIDConfig:
    config.yaml: |
      mcpServers:
        context7:
          url: "https://mcp.context7.com/mcp"
          transportType: "streamable-http"
          headersToForward:
            - "Authorization"
            - "X-User-Token"
            - "X-Agent-Token"
      plainID:
        runtimeBaseURL: "http://${PLAINID_RUNTIME_HOST}:${PLAINID_RUNTIME_PORT}/api"
        toolsAsset: "tools"
        clientID: "${PLAINID_CLIENT_ID}"
        clientSecret: "${PLAINID_CLIENT_SECRET}"
        emptyOnError: false
        plugins:
          logger:
            enable: true
          presidio:
            enable: false
            analyzer_url: "http://${PRESIDIO_ANALYZER_HOST}:${PRESIDIO_ANALYZER_PORT}/analyze"
            anonymizer_url: "http://${PRESIDIO_ANONYMIZER_HOST}:${PRESIDIO_ANONYMIZER_PORT}/anonymize"
            threshold: 0.5
          dataFilter:
            enable: false
            authHeader: "X-User-Token"
            filterUrl: "http://${DATAFILTER_HOST}:${DATAFILTER_PORT}/resql"
            clientID: "${DATAFILTER_CLIENT_ID}"
            clientSecret: "${DATAFILTER_CLIENT_SECRET}"
            flags:
              emptyAllowedTreatAsPermitted: true
              ignoreRuntimeAllowedFields: true
              expandStarColumn: false
              oppositeColumnFilteringBehavior: true
              runtimeAllowedAsMasked: false
              runtimeCLSAsMasked: true
        headersToForward:
          - "Authorization"
          - "X-User-Token"
          - "X-Agent-Token"
      mcpProxy:
        addr: 5432
        pingInterval: 10

discovery-agent:
  env:       
    PLAINID_API_URL: "https://<PLAINID_API_ENDPOINT>" 
     # Refer to the API URL Bases below to know which endpoint to use.
    PLAINID_DISCOVERY_URL: "https://<PLAINID_LAMBDA_URL>"
    POP_ID: "MCP"
    ENVIRONMENT_ID: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
    PLAINID_MCP_GATEWAY_URL: "<HELM_RELEASE_NAME>-mcp-gateway:5235"
    PLAINID_CLIENT_ID: "XXXXXXXXXXXXXXXXXXXX"
    PLAINID_CLIENT_SECRET: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

Every individual component can be disabled by configuring the enabled: false parameter in individual components.
- Example:
```
vector-db-classifier-engine:
  enabled: false
```

API URL Bases

Accessing the APIs is through a dedicated domain/URL, according to your PlainID Tenant Location:
United States (US) - https://api.us1.plainid.io
Canada (CA) - https://api.ca1.plainid.io
Europe (EU) - https://api.eu1.plainid.io

Core Helm Chart

Deploying the Edge core Helm Chart

API URL Bases

Deploying the Edge `core` Helm Chart