Skip to main content
Deploy Infrahub on Kubernetes using Helm charts for production-grade deployments with high availability, scalability, and resilience.

Prerequisites

  • Kubernetes cluster (1.27+)
  • Helm (version 3.x)
  • kubectl configured for cluster access
  • Storage provisioner for persistent volumes
  • 16 GB RAM minimum per node (32 GB recommended)

Helm charts

Infrahub provides two Helm charts:
  • infrahub - Community edition
  • infrahub-enterprise - Enterprise edition with HA features

Chart repositories

    Chart structure

    The Enterprise chart uses the Community chart as a dependency. Most configuration goes under the infrahub key:
    values.yml
    infrahub:
  infrahubServer:
    replicas: 3
    # ...

    Quick start

    Community edition

    Deploy with default settings (not suitable for production): 
    helm install infrahub \
  oci://registry.opsmill.io/opsmill/chart/infrahub \
  --namespace infrahub --create-namespace

    Enterprise edition

    Deploy with medium sizing preset (32 GB RAM): 
    helm install infrahub \
  oci://registry.opsmill.io/opsmill/chart/infrahub-enterprise \
  --version 4.0.0-medium \
  --namespace infrahub --create-namespace \
  -f values.yml

    Configuration

    Minimal production configuration

    Create a values.yml file with production settings:
    values.yml
    infrahub:
  infrahubServer:
    replicas: 3
    affinity:
      podAntiAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchExpressions:
              - key: service
                operator: In
                values:
                - infrahub-server
            topologyKey: topology.kubernetes.io/zone
    ingress:
      enabled: true
      hosts:
        - host: infrahub.example.com
          paths:
            - path: /
              pathType: Prefix
    env:
      INFRAHUB_PRODUCTION: "true"
      INFRAHUB_LOG_LEVEL: INFO
      INFRAHUB_ALLOW_ANONYMOUS_ACCESS: "false"
      INFRAHUB_INITIAL_ADMIN_TOKEN: "change-me"
      INFRAHUB_SECURITY_SECRET_KEY: "change-me"
      INFRAHUB_STORAGE_DRIVER: s3
      AWS_ACCESS_KEY_ID: "your-access-key"
      AWS_SECRET_ACCESS_KEY: "your-secret-key"
      AWS_S3_BUCKET_NAME: infrahub-artifacts
      AWS_S3_ENDPOINT_URL: https://s3.amazonaws.com

  infrahubTaskWorker:
    replicas: 3
    affinity:
      podAntiAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchExpressions:
              - key: service
                operator: In
                values:
                - infrahub-task-worker
            topologyKey: topology.kubernetes.io/zone

  neo4j:
    services:
      admin:
        enabled: true
    volumes:
      data:
        mode: dynamic
        dynamic:
          storageClassName: premium-rwo
          requests:
            storage: 100Gi

    Sizing presets

    Enterprise charts include pre-configured sizing presets:
    FlavorChart versionRAM requiredAPI workersTask workers
    small4.0.0-small16 GB42
    medium4.0.0-medium32 GB44
    medium-data4.0.0-medium-data32 GB42
    large4.0.0-large64 GB48
    large-data4.0.0-large-data64 GB42
    Data-optimized presets allocate more resources to Neo4j instead of workers. Install with a sizing preset: 
    helm install infrahub \
  oci://registry.opsmill.io/opsmill/chart/infrahub-enterprise \
  --version 4.0.0-medium \
  -f values.yml

    Redis configuration for flavored charts

    When using sizing presets, configure Redis host for Prefect:
    values.yml
    infrahub:
  prefect-server:
    backgroundServices:
      messaging:
        redis:
          host: "infrahub-cache-master"
    The host value should match your Redis service name (default: infrahub-cache-master).

    Storage configuration

    Persistent volumes

    Enable persistence for Neo4j:
    values.yml
    infrahub:
  neo4j:
    volumes:
      data:
        mode: dynamic
        dynamic:
          storageClassName: premium-rwo
          requests:
            storage: 100Gi

    S3 object storage

    Configure S3 for artifacts (required for multiple API replicas):
    values.yml
    infrahub:
  infrahubServer:
    env:
      INFRAHUB_STORAGE_DRIVER: s3
      AWS_ACCESS_KEY_ID: "your-access-key"
      AWS_SECRET_ACCESS_KEY: "your-secret-key"
      AWS_S3_BUCKET_NAME: infrahub-artifacts
      AWS_S3_ENDPOINT_URL: https://s3.amazonaws.com
    For MinIO or other S3-compatible services: 
    AWS_S3_ENDPOINT_URL: https://minio.example.com
AWS_S3_USE_SSL: "true"

    High availability

    Neo4j cluster (Enterprise only)

    Deploy a 3-node Neo4j cluster:
    neo4j-values.yaml
    services:
  admin:
    enabled: true
volumes:
  data:
    mode: dynamic
    dynamic:
      storageClassName: premium-rwo
      requests:
        storage: 100Gi
env:
  NEO4J_EDITION: enterprise
  NEO4J_initial_dbms_default__primaries__count: "3"
    Deploy three instances: 
    kubectl create secret generic neo4j-user \
  --namespace infrahub \
  --from-literal=NEO4J_AUTH=neo4j/admin

helm install database-0 neo4j/neo4j \
  --version 2025.10.1-4 \
  --namespace infrahub \
  -f neo4j-values.yaml

helm install database-1 neo4j/neo4j \
  --version 2025.10.1-4 \
  --namespace infrahub \
  -f neo4j-values.yaml

helm install database-2 neo4j/neo4j \
  --version 2025.10.1-4 \
  --namespace infrahub \
  -f neo4j-values.yaml
    Install headless service: 
    helm install database-service neo4j/neo4j-headless-service \
  --version 2025.10.1-4 \
  --namespace infrahub \
  -f service-values.yaml

    RabbitMQ cluster

    Deploy clustered RabbitMQ:
    rabbitmq-values.yaml
    replicaCount: 3
clustering:
  enabled: true
  partitionHandling: autoheal
persistence:
  enabled: true
  storageClass: premium-rwo
  size: 20Gi
auth:
  username: infrahub
  password: infrahub
    Install: 
    helm install messagequeue \
  oci://registry-1.docker.io/bitnamicharts/rabbitmq \
  --version 14.4.1 \
  --namespace infrahub \
  -f rabbitmq-values.yaml

    Redis Sentinel

    Deploy Redis with Sentinel for high availability:
    redis-values.yaml
    architecture: replication
sentinel:
  enabled: true
  quorum: 2
master:
  persistence:
    enabled: true
    storageClass: premium-rwo
    size: 10Gi
replica:
  replicaCount: 3
  persistence:
    enabled: true
    storageClass: premium-rwo
    size: 10Gi
    Install: 
    helm install cache bitnami/redis \
  --version 19.5.2 \
  --namespace infrahub \
  -f redis-values.yaml

    Networking

    Ingress configuration

    Enable ingress for external access:
    values.yml
    infrahub:
  infrahubServer:
    ingress:
      enabled: true
      className: nginx
      annotations:
        cert-manager.io/cluster-issuer: letsencrypt-prod
      hosts:
        - host: infrahub.example.com
          paths:
            - path: /
              pathType: Prefix
      tls:
        - secretName: infrahub-tls
          hosts:
            - infrahub.example.com

    Load balancer

    For cloud providers, use LoadBalancer service type:
    values.yml
    infrahub:
  infrahubServer:
    service:
      type: LoadBalancer
      annotations:
        service.beta.kubernetes.io/aws-load-balancer-type: nlb

    Upgrading

    Upgrade chart

    Upgrade to a new version: 
    helm upgrade infrahub \
  oci://registry.opsmill.io/opsmill/chart/infrahub-enterprise \
  --version 4.1.0-medium \
  -f values.yml

    Migrate from chart versions before 4.0.0

    If upgrading from chart versions earlier than 4.0.0:
    1. Remove sizing preset environment variables from values.yml
    2. Add Redis host configuration for Prefect:
    infrahub:
  prefect-server:
    backgroundServices:
      messaging:
        redis:
          host: "infrahub-cache-master"
    1. Run the upgrade:
    helm upgrade infrahub \
  oci://registry.opsmill.io/opsmill/chart/infrahub-enterprise \
  --version 4.0.0-medium \
  -f values.yml

    Monitoring

    Enable metrics

    Configure Prometheus metrics:
    values.yml
    infrahub:
  infrahubServer:
    env:
      INFRAHUB_TRACE_ENABLE: "true"
      INFRAHUB_TRACE_EXPORTER_TYPE: otlp
      INFRAHUB_TRACE_EXPORTER_ENDPOINT: http://prometheus:9090

    Health checks

    Verify pod health: 
    kubectl get pods -n infrahub -l app=infrahub
    Check API server health: 
    kubectl exec -n infrahub deployment/infrahub-server -- \
  curl -f http://localhost:8000/api/health

    Troubleshooting

    View logs

    View API server logs: 
    kubectl logs -n infrahub -l service=infrahub-server -f
    View task worker logs: 
    kubectl logs -n infrahub -l service=infrahub-task-worker -f

    Restart deployments

    Restart API servers: 
    kubectl rollout restart deployment/infrahub-server -n infrahub
    Restart task workers: 
    kubectl rollout restart deployment/infrahub-task-worker -n infrahub

    Database connectivity

    Test Neo4j connectivity: 
    kubectl run -n infrahub cypher-shell --rm -i --tty \
  --image neo4j:2025.10.1-community -- \
  cypher-shell -a bolt://database:7687 -u neo4j -p admin

    Production recommendations

    Storage persistence

    • Enable persistence for Neo4j database at minimum
    • Use SSD-backed storage classes for better performance
    • Configure backup strategies for persistent volumes

    External dependencies

    For production, use managed services instead of bundled dependencies:
    • Managed Neo4j (Neo4j Aura, cloud provider)
    • Managed RabbitMQ (CloudAMQP, cloud provider)
    • Managed Redis (Redis Enterprise, cloud provider)
    • Managed PostgreSQL (RDS, Cloud SQL)
    • Managed S3 (AWS S3, GCS, Azure Blob)

    Security

    • Enable network policies for pod-to-pod communication
    • Use secrets instead of environment variables
    • Enable TLS for all database connections
    • Restrict ingress to specific IP ranges
    • Enable pod security policies

    Build docs developers (and LLMs) love

    Get started for freeTalk to us