> ## Documentation Index
> Fetch the complete documentation index at: https://danswer-whuang-craft-v2-docs.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Kubernetes

> Deploy Onyx with Helm

<Tip>
  Check out our [Resourcing Guide](/deployment/getting_started/resourcing) before getting started.
</Tip>

## Guide

The Onyx Helm chart packages all the required services (API, web, PostgreSQL, Vespa, etc.) into a single deployment.
By default, persistent volumes will be created for stateful services (e.g. PostgreSQL, Vespa).

<Steps>
  <Step title="Add the Onyx Helm repository">
    ```bash theme={null}
    helm repo add onyx https://onyx-dot-app.github.io/onyx/
    helm repo update
    helm search repo onyx
    ```
  </Step>

  <Step title="Install Onyx">
    Install into its own namespace (recommended):

    ```bash theme={null}
    kubectl create namespace onyx
    helm install onyx onyx/onyx -n onyx
    ```

    This will pull the latest Onyx chart and deploy all dependencies.
  </Step>

  <Step title="Verify the installation">
    ```bash theme={null}
    helm list -n onyx
    kubectl get pods -n onyx
    ```

    Wait until all pods are in a `Running` state before accessing Onyx.
  </Step>

  <Step title="Access Onyx">
    By default, the chart exposes Onyx via a Kubernetes Service. For local testing, you can port-forward:

    ```bash theme={null}
    kubectl -n onyx port-forward service/onyx-nginx 8080:80
    ```

    Then open [http://localhost:8080](http://localhost:8080).
  </Step>

  <Step title="Configure Onyx">
    Configure your deployment by modifying the `values.yaml` file in the `onyx/deployment/helm/charts/onyx` directory.

    You'll need to restart Onyx after changing any `values.yaml` variables.

    ```bash theme={null}
    helm upgrade onyx onyx/onyx -n onyx -f deployment/helm/charts/onyx/values.yaml
    ```
  </Step>
</Steps>

See the [Helm chart README](https://github.com/onyx-dot-app/onyx/tree/main/deployment/helm)
for advanced options such as running as non-root and testing with Kind.

## Enabling Onyx Craft

[Onyx Craft](/overview/core_features/craft) can run on Helm deployments with the Kubernetes sandbox backend.

Requirements:

* Kubernetes `>=1.33`.
* `configMap.ENABLE_CRAFT=true`.
* `configMap.SANDBOX_API_SERVER_URL` set to a URL reachable from sandbox pods.
* `configMap.SANDBOX_BACKEND=kubernetes` or left unset so the backend default remains Kubernetes.
* `auth.sandboxPushSecret.enabled=true`.
* A supported LLM provider: Anthropic, OpenAI, or OpenRouter.

Example values:

```yaml theme={null}
configMap:
  ENABLE_CRAFT: "true"
  SANDBOX_BACKEND: "kubernetes"
  SANDBOX_API_SERVER_URL: "https://onyx.your-org.example"

auth:
  sandboxPushSecret:
    enabled: true
```

The Helm chart also renders the sandbox namespace, sandbox RBAC, sandbox pod template, sandbox proxy,
and scheduled-task worker configuration used by Craft.

<Warning>
  The Helm chart does not support the Docker sandbox backend. Docker sandboxes are for Docker Compose deployments.
</Warning>

Read the [Craft deployment guide](/deployment/local/craft) for the full operator checklist.

## Next Steps

<CardGroup cols={2}>
  <Card title="Configure Authentication" icon="shield-check" href="/deployment/authentication/basic">
    Set up authentication for your Onyx deployment with OAuth, OIDC, or SAML.
  </Card>

  <Card title="More Onyx Configuration Options" icon="gear" href="/deployment/configuration/configuration">
    Learn about all available configuration options for your Onyx deployment.
  </Card>
</CardGroup>
