Helm Values Reference

This is the list of configuration parameters used in the AGENTIC STAR marketplace Helm charts.

The "Source" column for each parameter indicates how the value is set.

Source	Description
Fixed	Default fixed value. Typically no change needed
UI Input	Value specified in the deployment form at purchase time
Auto-Retrieved	Automatically retrieved from Azure resources during deployment
Auto-Generated	Randomly generated secret created during deployment

Common Settings (common-values)

Settings shared across all services.

Environment Settings

Parameter	Default	Source	Description
global.environment	—	UI Input	Environment name
global.customerEnvironment	—	UI Input	Same value as Environment Name
global.primary.language	ja	UI Input	UI display language (ja / en / fr / es / th)

Container Registry

Parameter	Default	Source	Description
global.imagePullSecret.enabled	false	Fixed	Enable image pull secret
global.imagePullSecret.name	""	Fixed	Secret name
global.imagePullSecret.registry	""	Fixed	Registry URL

PostgreSQL

Parameter	Default	Source	Description
global.postgresql.host	—	Auto-Retrieved	PostgreSQL server FQDN
global.postgresql.port	5432	Fixed	Port number
global.postgresql.database	—	Auto-Retrieved	Database name
global.postgresql.username	—	UI Input	Administrator username
global.postgresql.password	—	UI Input	Administrator password
global.postgresql.useAzureAd	false	Fixed	Use Azure AD authentication
global.postgresql.poolMinSize	5	Fixed	Connection pool minimum size
global.postgresql.poolMaxSize	20	Fixed	Connection pool maximum size
global.postgresql.commandTimeout	60	Fixed	Command timeout (seconds)
global.postgresql.poolTimeout	30	Fixed	Pool timeout (seconds)
global.postgresql.maxOverflow	10	Fixed	Maximum overflow connections

Azure Settings

Parameter	Default	Source	Description
global.azure.subscriptionId	—	Auto-Retrieved	Azure subscription ID
global.azure.resourceGroupName	—	Auto-Retrieved	Resource group name

Object Storage

Parameter	Default	Source	Description
global.objectStorage.provider	azure	Fixed	Storage provider
global.objectStorage.azure.container	autonomous-agent-files	Fixed	Azure Blob container name
global.objectStorage.azure.connectionString	—	Auto-Retrieved	Connection string
global.objectStorage.azure.storageAccountName	—	Auto-Retrieved	Storage account name
global.objectStorage.azure.customDomain	—	Auto-Retrieved	Custom domain

Ingress TLS

Parameter	Default	Source	Description
global.ingress.tls.enabled	true	Fixed	Enable TLS
global.ingress.tls.secretName	selfsigned-tls-cert	Fixed	TLS certificate Secret name
global.ingress.tls.useCertManager	false	Fixed	Use cert-manager
global.ingress.tls.clusterIssuer	""	Fixed	ClusterIssuer name

Kubernetes

Parameter	Default	Source	Description
global.kubernetes.namespace	autonomous-agent	Fixed	Default Namespace
global.kubernetes.serviceAccount	default	Fixed	Service account name
global.kubernetes.rbac.create	true	Fixed	Create RBAC resources

Main Application (librechat)

Parameter	Default	Source	Description
image.tag	—	Fixed (version-dependent)	Image tag
global.domain	front.agentic.internal	Fixed	Internal domain
vectordb.enabled	true	Fixed	Enable vector DB
nginx-ingress.enabled	false	Fixed	Disable built-in Ingress (uses existing)
appConfig.buildMode	mp	Fixed	Build mode (marketplace)
appConfig.authBaseUrl	—	Auto-Retrieved	Authentication service URL
appConfig.domainClient	—	Auto-Retrieved	Client domain
appConfig.domainServer	—	Auto-Retrieved	Server domain
appConfig.jwtSecret	—	Auto-Generated	JWT secret
appConfig.jwtRefreshSecret	—	Auto-Generated	JWT refresh secret
appConfig.credsKey	—	Auto-Generated	Credential encryption key
appConfig.credsIv	—	Auto-Generated	Credential encryption IV
appConfig.tokenEncryptionKey	—	Auto-Generated	Token encryption key
appConfig.searchSyncSecret	—	Auto-Generated	Search sync secret
appConfig.gateApiKey	—	Auto-Generated	Gate API key
appConfig.extApiKey	—	Auto-Generated	External API key
appConfig.extApiWebhookSecret	—	Auto-Generated	Webhook secret
mongodb.podAntiAffinityPreset	soft	Fixed	MongoDB AntiAffinity
api.hpa.minReplicas	1	Fixed	Minimum replica count

Authentication Service (librechat-auth)

Parameter	Default	Source	Description
image.tag	—	Fixed (version-dependent)	Image tag
env.APP_URL	—	Auto-Retrieved	Authentication service URL
env.LIBRECHAT_URL	—	Auto-Retrieved	Main application URL
env.ADMIN_CONSOLE_URL	—	Auto-Retrieved	Admin console URL
env.KEYCLOAK_REALM	agenticstar	Fixed	Keycloak realm name
env.KEYCLOAK_ADMIN	admin	Fixed	Keycloak administrator name
env.POSTGRES_DB	keycloak_db	Fixed	Keycloak database name
env.BUILD_MODE	mp	Fixed	Build mode
env.EMAIL_AUTH_ENABLED	true	Fixed	Enable authentication email
env.NEXT_PUBLIC_REQUIRE_OAUTH	true	Fixed	Require OAuth
env.WEBAUTHN_RP_NAME	AGENTIC STAR	Fixed	WebAuthn display name
env.WEBAUTHN_RP_ID	—	Auto-Retrieved	WebAuthn RP ID (authentication domain)
secrets.JWT_SECRET	—	Auto-Generated	JWT secret
secrets.TOKEN_ENCRYPTION_KEY	—	Auto-Generated	Token encryption key
secrets.KEYCLOAK_ADMIN_PASSWORD	—	Auto-Generated	Keycloak administrator password
secrets.KEYCLOAK_CLIENT_SECRET	—	Auto-Generated	Keycloak client secret
autoscaling.minReplicas	1	Fixed	Minimum replica count
keycloakx.replicas	1	Fixed	Keycloak replica count

Admin Console (agenticai-admin)

Parameter	Default	Source	Description
image.tag	—	Fixed (version-dependent)	Image tag
env.GEO_BLOCKING_EXCLUDED_COUNTRIES	JP	Fixed	Geo-blocking excluded countries (ISO 3166-1)
env.ALLOWED_ORIGINS	—	Auto-Retrieved	Allowed origins
env.AFD_CHATBOARD_FRONT_AUTH_DOMAIN	—	Auto-Retrieved	Authentication and front domain
env.AFD_CHATBOARD_ADMIN_DOMAIN	—	Auto-Retrieved	Admin console domain
env.CHATBOARD_FRONT_DOMAIN	—	Auto-Retrieved	Front domain
secrets.KEYCLOAK_DB	keycloak_db	Fixed	Keycloak database name
secrets.TOKEN_ENCRYPTION_KEY	—	Auto-Generated	Token encryption key
replicaCount	1	Fixed	Replica count
autoscaling.minReplicas	1	Fixed	Minimum replica count
rbac.create	true	Fixed	Create RBAC resources

Agent Execution Platform (agent-executor)

Parameter	Default	Source	Description
image.tag	—	Fixed (version-dependent)	Image tag
memory.graphiti.enabled	false	Fixed	Enable Graphiti memory (disabled as FalkorDB is not included)
deployment.replicas	1	Fixed	Replica count
hpa.minReplicas	1	Fixed	HPA minimum replica count

External API (agenticai-extapi)

Parameter	Default	Source	Description
image.tag	—	Fixed (version-dependent)	Image tag
config.LOG_LEVEL	INFO	Fixed	Log level
secrets.CBF_S2S_API_KEY	—	Auto-Generated	S2S API key
secrets.WEBHOOK_SECRET	—	Auto-Generated	Webhook secret
replicaCount	1	Fixed	Replica count
autoscaling.minReplicas	1	Fixed	Minimum replica count

Gateway (gate-services)

Parameter	Default	Source	Description
image.tag	—	Fixed (version-dependent)	Image tag
appConfig.defaultFromName	""	Fixed	Email sender name
secrets.apiKey	—	Auto-Generated	Gate API key
secrets.encryptionKey	—	Auto-Generated	Encryption key
secrets.azureConnectionString	""	Fixed	Azure connection string (unused)
replicaCount	1	Fixed	Replica count
autoscaling.minReplicas	1	Fixed	Minimum replica count

Zero-Trust Authorization Service (extauth-service)

Parameter	Default	Source	Description
image.tag	—	Fixed (version-dependent)	Image tag
webhook.enabled	true	Fixed	Enable Webhook
webhook.image.tag	—	Fixed (version-dependent)	Webhook image tag
webhook.replicaCount	1	Fixed	Webhook replica count
webhook.pdb.enabled	false	Fixed	Enable Webhook PDB
webhook.mutating.failurePolicy	Ignore	Fixed	Webhook failure policy
webhook.affinity	null	Fixed	AntiAffinity disabled (single replica)
cert-manager.enabled	false	Fixed	Disable cert-manager (already installed separately)
cert-manager.installCRDs	false	Fixed	Disable CRD installation
replicaCount	1	Fixed	Replica count
autoscaling.minReplicas	1	Fixed	Minimum replica count
pdb.enabled	false	Fixed	Enable PDB
affinity	null	Fixed	AntiAffinity disabled (single replica)
internalHosts.storageHosts	—	Auto-Retrieved	Internal storage hostnames (authorization bypass targets)

tip

For instructions on changing replica counts, PDB, and failurePolicy for security hardening, see the Security Guide.

Vector DB (qdrant)

Parameter	Default	Source	Description
qdrant.replicaCount	1	Fixed	Replica count
qdrant.config.cluster.enabled	false	Fixed	Enable cluster mode
loadBalancer.enabled	false	Fixed	Enable LoadBalancer
dashboard.enabled	false	Fixed	Enable dashboard

danger

loadBalancer.enabled and dashboard.enabled must be set to false in production environments. Enabling them allows external access, creating a risk of data leakage.

Database Migration (db-migration)

Parameter	Default	Source	Description
image.tag	—	Fixed (version-dependent)	Image tag
secrets.create	true	Fixed	Auto-create Secrets
secrets.keycloakDb	keycloak_db	Fixed	Keycloak database name
jobs.migrate.enabled	true	Fixed	Enable migration job
jobs.migrate.backoffLimit	0	Fixed	Retry count
jobs.migrate.target	head	Fixed	Migration target
jobs.downgrade.enabled	false	Fixed	Enable downgrade job
masterData.enabled	true	Fixed	Enable master data seeding
qdrant.enabled	true	Fixed	Enable Qdrant initial data seeding

Services Not Listed

The values for the following services are not included in this reference. These are monitoring and infrastructure services whose settings typically do not need to be changed by users.

Service	Description
kube-prometheus-stack	Prometheus monitoring stack
prometheus-adapter	Custom metrics API
ingress-nginx	Ingress controller
loki	Log storage
alloy-logs / alloy-metrics	Log and metrics collectors
k8s-monitoring	Kubernetes monitoring
agenticai-observability	Grafana / Jaeger
agenticai-datadog	Datadog integration
pvc-lifecycle-manager	PVC lifecycle management
init-platform	Platform initialization job

To view the settings for these services, run helm get values <release-name> -n <namespace> to check the current values.