Deploying the Edge core Helm Chart
This section describes how to deploy the PlainID Edge core Helm chart in a Kubernetes environment. The core deployment installs the foundational PlainID Edge components required for MCP Gateway, discovery, and RAG enrichment capabilities. These steps assume that the Kubernetes cluster is already available and that Helm is installed and configured.
Before proceeding with the installation, ensure that you have received credentials to the PlainID container registry oci://plainidio.azurecr.io.
Contact PlainID Support for help.
If you are using Helm v3.8.0 or higher, this is enabled by default. If you are using a lower version, you can enable OCI support setting the environment variable:
export HELM_EXPERIMENTAL_OCI=1
To set up the Core Helm Chart deployment:
-
Log in to the OCI Helm registry:
$ helm registry login -u <SHARED_USERNAME> plainidio.azurecr.io Password: Login SucceededNotes:
- Replace
<SHARED_USERNAME>with the credentials provided by PlainID support.
- Replace
-
Validate access to the Helm charts. You can repeat these steps for each chart. The version number may vary.
% helm show chart oci://plainidio.azurecr.io/helm/core Pulled: plainidio.azurecr.io/helm/core:1.0.6 Digest: sha256:c36916da0223fb5a441595bad1a5bdcb90fcea757345fb165af47d39152fc33a apiVersion: v2 appVersion: 1.0.6 dependencies: - condition: vector-db-classifier-engine.enabled name: vector-db-classifier-engine repository: oci://plainidio.azurecr.io/helm version: 1.0.1 - condition: enrichment-agent.enabled name: enrichment-agent repository: oci://plainidio.azurecr.io/helm version: 1.0.6 - condition: mcp-gateway.enabled name: mcp-gateway repository: oci://plainidio.azurecr.io/helm version: 1.0.4 - condition: discovery-agent.enabled name: discovery-agent repository: oci://plainidio.azurecr.io/helm version: 1.0.2 description: PlainID Edge Core Helm Umbrella chart for Kubernetes icon: https://www.plainid.com/wp-content/uploads/2024/01/mobile-logo.png maintainers: - email: support@plainid.com name: PlainID url: https://plainid.com name: core type: application version: 1.0.6Note: By default, the latest version of the chart is shown.
-
Deploy the
coreHelm chart. Ensure you replace<YOUR_VALUES_FILE>with the path to your Helm values file, and replace the<HELM_RELEASE_NAME>with the name of your Helm release.$ helm install <HELM_RELEASE_NAME> oci://plainidio.azurecr.io/helm/core -f <YOUR_VALUES_FILE> -
Create a Kubernetes entity. This is not a PlainID-specific command. Ensure that your setting and secret is defined before continuing:
kubectl create secret docker-registry <YOUR_PULL_SECRET> \ --namespace <namespace> \ --docker-server=plainidio.azurecr.io \ --docker-username=<token-name> \ --docker-password=<token-password>The following example shows a sample values file. This is a basic configuration for Pinecone RAG enrichment. For advanced configurations, see the relevant subpages:
Vector DB Engine
Enrichment Agent
MCP Gateway
Discovery Agent
---
global:
imagePullSecrets:
- name: "<YOUR_PULL_SECRET>"
vector-db-classifier-engine:
secret:
OPENAI_API_KEY: "YOUR_OPENAI_API_KEY"
enrichment-agent:
env:
JWT_VALIDATION_ENABLED: "false"
CLASSIFICATION_SERVICE_URL: "http://<HELM_RELEASE_NAME>-vector-db-classifier-engine:8000"
secret:
PINECONE_API_KEY: "YOUR_PINECONE_API_KEY"
mcp-gateway:
plainIDConfig:
config.yaml: |
mcpServers:
context7:
url: "https://mcp.context7.com/mcp"
transportType: "streamable-http"
headersToForward:
- "Authorization"
- "X-User-Token"
- "X-Agent-Token"
plainID:
runtimeBaseURL: "http://${PLAINID_RUNTIME_HOST}:${PLAINID_RUNTIME_PORT}/api"
toolsAsset: "tools"
clientID: "${PLAINID_CLIENT_ID}"
clientSecret: "${PLAINID_CLIENT_SECRET}"
emptyOnError: false
plugins:
logger:
enable: true
presidio:
enable: false
analyzer_url: "http://${PRESIDIO_ANALYZER_HOST}:${PRESIDIO_ANALYZER_PORT}/analyze"
anonymizer_url: "http://${PRESIDIO_ANONYMIZER_HOST}:${PRESIDIO_ANONYMIZER_PORT}/anonymize"
threshold: 0.5
dataFilter:
enable: false
authHeader: "X-User-Token"
filterUrl: "http://${DATAFILTER_HOST}:${DATAFILTER_PORT}/resql"
clientID: "${DATAFILTER_CLIENT_ID}"
clientSecret: "${DATAFILTER_CLIENT_SECRET}"
flags:
emptyAllowedTreatAsPermitted: true
ignoreRuntimeAllowedFields: true
expandStarColumn: false
oppositeColumnFilteringBehavior: true
runtimeAllowedAsMasked: false
runtimeCLSAsMasked: true
headersToForward:
- "Authorization"
- "X-User-Token"
- "X-Agent-Token"
mcpProxy:
addr: 5432
pingInterval: 10
discovery-agent:
plainIDConfig:
config.yaml |
plainIdUrl: "https://api.dev8.plainid.cloud"
plainIdDiscoveryUrl: "https://api.app.dev8.plainid.cloud"
discoverySources:
- popId: POP456
environmentId: "550e8400-e29b-41d4-a716-446655440000"
type: Pinecone
periodicStart: "0 0 1 * * ?"
vendor:
pinecone:
apiKey: "your-pinecone-api-key"
sampleLimit: 50000 # optional; 0 = no limit
collections:
mode: exclude
patterns:
- "users"
- "books_.*"
plainIdCredentials:
clientId: "your-client-id"
clientSecret: "your-client-secret"
metadataKeys:
mode: exclude
patterns:
- "createdAt"
- "timestamp.*"
availabilityThreshold: 0.1
- Every individual component can be disabled by configuring the
enabled: falseparameter in individual components. Example:vector-db-classifier-engine: enabled: false
API URL Bases
Accessing the APIs is through a dedicated domain/URL, according to your PlainID Tenant Location:
United States (US) - https://api.us1.plainid.io
Canada (CA) - https://api.ca1.plainid.io
Europe (EU) - https://api.eu1.plainid.io
PlainID Discovery URLs
Accessing the PlainID Discovery APIs is through a dedicated domain/URL:
United States (US) - https://api.us1.app.plainid.io
Europe (EU) - https://api.eu1.app.plainid.io
Canada (CA) - https://api.ca1.app.plainid.io