Deploy FleetForge with Helm and KEDA

This guide installs the open-core runtime and API on Kubernetes using the bundled Helm chart. It also covers the optional KEDA scaler for the Kafka/Redpanda outbox forwarder.

Prerequisites

• Kubernetes cluster with access to Postgres and an S3-compatible object store.
• helm v3+ installed locally.
• Credentials for the runtime/API to reach Postgres and object storage.
• Optional: Kafka or Redpanda broker for the transactional outbox.

1. Install the chart

helm upgrade --install fleetforge deploy/helm/fleetforge \
  --namespace fleetforge \
  --create-namespace \
  --set api.env.DATABASE_URL="postgres://user:pass@postgres:5432/fleetforge" \
  --set runtime.env.DATABASE_URL="postgres://user:pass@postgres:5432/fleetforge" \
  --set secrets.objectStore.accessKey="$S3_ACCESS_KEY" \
  --set secrets.objectStore.secretKey="$S3_SECRET_KEY" \
  --set api.env.FLEETFORGE_OBJECT_STORE="s3" \
  --set runtime.env.FLEETFORGE_OBJECT_STORE="s3"

The release provisions two workloads:

• fleetforge-api – gRPC, gRPC-web, and JSON/HTTP front door.
• fleetforge-runtime – Scheduler, retention worker, outbox forwarder.

2. Configure policy and guardrails

Set runtime environment variables to match your policy requirements:

• FLEETFORGE_POLICY_PACK=hipaa|gdpr|allow_all
• FLEETFORGE_ALLOWED_TOOLS, FLEETFORGE_ALLOWED_IMAGES, FLEETFORGE_ALLOWED_NETWORKS
• FLEETFORGE_FIRECRACKER_SHIM when enabling microVM sandboxes

Refer to the Guardrail reference for the full list.

3. Optional: Enable KEDA for the outbox

helm upgrade --install fleetforge deploy/helm/fleetforge \
  --set keda.enabled=true \
  --set keda.triggers[0].type=kafka \
  --set keda.triggers[0].metadata.bootstrapServers="redpanda:9092" \
  --set keda.triggers[0].metadata.consumerGroup="fleetforge-outbox" \
  --set keda.triggers[0].metadata.topic="fleetforge.outbox"

This scales the runtime workers based on Kafka partition lag.

4. Validate the deployment

1. Port-forward the API: kubectl port-forward svc/fleetforge-api 8080:8080 50051:50051.
2. Run through the Hello Fleet tutorial against the cluster endpoints (update NEXT_PUBLIC_API_HTTP and friends).
3. Confirm fleetforge-runtime logs show steps transitioning and outbox batches flushing to Kafka.
4. Optional: Watch fleetforge.queue.lag_seconds and the Grafana dashboard to verify queue health.

5. Next steps

• Harden the deployment with the demo-to-production checklist.
• Configure ClickHouse and Grafana using the observability how-to.
• Enable ChangeOps gates before promoting new prompts or adapters (see ChangeOps concept).