> ## Documentation Index > Fetch the complete documentation index at: https://docs.enkryptai.com/llms.txt > Use this file to discover all available pages before exploring further. # Configuration and Installation ## 1. Prerequisites Before installing the Helm charts, ensure your Kubernetes environment meets the following requirements. > **Note:** Ensure that your VPC environment has network access to pull the required container images for the Enkrypt AI stack. ### Namespaces Create the following namespaces to isolate the application components: ```bash theme={"system"} kubectl create namespace enkryptai-stack kubectl create namespace redteam-jobs ``` ### Kubernetes Secrets The following secrets must be created before installation. The Enkrypt AI team will provide the necessary secret values. | Namespace | Secret Name | Used By | | ----------------- | ------------------------------ | ------------------------------ | | `enkryptai-stack` | `elastic-env-secret` | `gateway-kong`, `opensearch` | | `enkryptai-stack` | `frontend-env-secret` | `frontend` | | `enkryptai-stack` | `gateway-env-secret` | `gateway-kong` | | `enkryptai-stack` | `gateway-migration-env-secret` | `gateway-kong` | | `enkryptai-stack` | `guardrails-env-secret` | `guardrails` | | `enkryptai-stack` | `onprem` | Supabase (on-prem database) | | `enkryptai-stack` | `openfga-env-secret` | `openfga` | | `enkryptai-stack` | `opensearch-cred` | `opensearch` | | `enkryptai-stack` | `opensearch-securityconfig` | `opensearch` | | `enkryptai-stack` | `postgres-superuser-secret` | Supabase (on-prem) | | `enkryptai-stack` | `redteam-proxy-env-secret` | `redteaming` | | `enkryptai-stack` | `s3-cred` | `redteaming`, Supabase (MinIO) | | `enkryptai-stack` | `superuser-secret` | Postgres (CloudNativePG) | | `enkryptai-stack` | `litellm-gateway-env-secret` | `litellm` | | `enkryptai-stack` | `guardrails-model-secret` | `guardrails-model` | | `redteam-jobs` | `redteam-proxy-env-secret` | `redteam-jobs` | ## SMTP Requirements We require SMTP to enable login. Right now, on-prem deployments only support SMTP based sign-in. If you want to use your own SMTP provider, update the relevant environment variables in your on-prem secret `6-onprem.yaml` and re-apply it. Enkryptai can also supply an SMTP service (powered by Resend). If you choose that option, make sure `smtp.resend.com` is whitelisted in your environment. To configure any SMTP provider, update the environment variables shown below and re-apply the secret. ```yaml theme={"system"} GOTRUE_MAILER_EXTERNAL_HOSTS: smtp.resend.com GOTRUE_SMTP_ADMIN_EMAIL: no-reply@example.com GOTRUE_SMTP_HOST: smtp.resend.com GOTRUE_SMTP_PORT: "587" GOTRUE_SMTP_SENDER_NAME: no-reply@example.com smtppassword: your_password smtpusername: your_username ``` ### Ingress and DNS Configuration The Enkrypt AI stack requires three fully qualified domain names (FQDNs), each secured with a valid SSL/TLS certificate. | Component | Example FQDN | Purpose | | ---------------- | ------------------ | ------------------------------------------ | | **Frontend UI** | `app.example.com` | Enkrypt AI Web UI - Frontend | | **API Gateway** | `api.example.com` | Backend API traffic routing - Gateway-Kong | | **Auth Service** | `auth.example.com` | Authentication and DB APIs - Supabase | You can configure ingress using either NGINX with Cert Manager or the AWS Load Balancer (ALB) Controller with ACM. #### Option A: NGINX Ingress Controller If using NGINX, configure your `values.yaml` to use `cert-manager` for TLS. ```yaml theme={"system"} # values.yaml for enkryptai-stack chart ingress: enabled: true className: nginx annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" # Or your preferred issuer nginx.ingress.kubernetes.io/proxy-buffer-size: "128k" hosts: - host: app.example.com paths: - path: / pathType: Prefix tls: - secretName: frontend-tls hosts: - app.example.com ``` #### Option B: AWS ALB Ingress Controller If using the AWS ALB Controller, specify the ACM certificate ARN directly in the annotations. ```yaml theme={"system"} # values.yaml for enkryptai-stack chart ingress: enabled: true className: alb annotations: alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80},{"HTTPS":443}]' alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:REGION:ACCOUNT_ID:certificate/CERT_ID alb.ingress.kubernetes.io/ssl-redirect: '443' hosts: - host: app.example.com paths: - path: / pathType: Prefix ``` #### Option C: Azure AGIC Ingress Controller If using Azure Kubernetes Service (AKS) with Application Gateway Ingress Controller (AGIC), configure TLS with Azure Key Vault or managed certificates: ```yaml theme={"system"} # values.yaml for enkryptai-stack chart ingress: enabled: true className: azure/application-gateway annotations: appgw.ingress.kubernetes.io/ssl-redirect: "true" appgw.ingress.kubernetes.io/backend-protocol: "https" cert-manager.io/cluster-issuer: "letsencrypt-prod" cert-manager.io/acme-challenge-type: "http01" hosts: - host: app.example.com paths: - path: / pathType: Prefix tls: - secretName: frontend-tls hosts: - app.example.com ```