Implementation:Arize ai Phoenix Helm Values
Overview
The helm/values.yaml file provides the default configuration values for deploying Phoenix as a self-hosted application on Kubernetes using Helm. It covers every aspect of the deployment including replica count, deployment strategy, ingress, PostgreSQL database, authentication (basic, LDAP, OAuth2/OIDC), TLS, SMTP, logging, instrumentation, container image, resource limits, security contexts, health checks, and persistence.
Each configuration value maps to a Phoenix environment variable as documented at the Arize Phoenix self-hosting configuration page.
Code Reference
| Attribute | Value |
|---|---|
| Source File | helm/values.yaml |
| Lines | 778 |
| Domain | Deployment, Kubernetes |
| Chart Dependency | groundhog2k/postgres (for built-in PostgreSQL) |
Key Configuration Sections
Deployment
| Setting | Default | Description |
|---|---|---|
replicaCount |
1 | Number of Phoenix pod replicas |
deployment.strategy.type |
RollingUpdate | Deployment strategy (25% maxUnavailable/maxSurge) |
image.repository |
arizephoenix/phoenix |
Docker image repository |
image.tag |
version-13.0.3-nonroot |
Image version tag |
image.pullPolicy |
IfNotPresent | Image pull policy |
Server Configuration
| Setting | Default | Env Variable |
|---|---|---|
server.port |
6006 | PHOENIX_PORT
|
server.grpcPort |
4317 | PHOENIX_GRPC_PORT
|
server.host |
:: |
PHOENIX_HOST
|
server.workingDir |
/data |
PHOENIX_WORKING_DIR
|
server.maxSpansQueueSize |
20000 | PHOENIX_MAX_SPANS_QUEUE_SIZE
|
Database Persistence Strategies
The chart supports four mutually exclusive persistence strategies:
- SQLite with persistent storage --
persistence.enabled=true,postgresql.enabled=false - Built-in PostgreSQL (default) --
postgresql.enabled=true,persistence.enabled=false(uses groundhog2k/postgres chart) - External database -- Both disabled,
database.urlconfigured with a connection string - SQLite in-memory --
persistence.inMemory=true,postgresql.enabled=false(data lost on restart)
The default PostgreSQL configuration uses image postgres:16 with 20Gi storage, running as non-root (UID 999).
Authentication
Authentication is enabled by default (auth.enableAuth: true) and supports:
- Basic auth -- username/password with configurable token expiry (access: 60min, refresh: 43200min)
- LDAP -- Full Active Directory/OpenLDAP support with TLS, group role mappings, and attribute configuration
- OAuth2/OIDC -- Multiple identity provider support (Google, AWS Cognito, Microsoft Entra ID, Keycloak) with PKCE support
Security
- TLS/mTLS -- Optional TLS for HTTP and gRPC endpoints with client certificate verification
- Security contexts -- Pod and container security contexts available (disabled by default), supporting non-root execution (UID 65532), read-only root filesystem, and seccomp profiles
- Secrets -- Kubernetes secrets for
PHOENIX_SECRET,PHOENIX_ADMIN_SECRET,PHOENIX_POSTGRES_PASSWORD, andPHOENIX_SMTP_PASSWORD
Resources
| Resource | Requests | Limits |
|---|---|---|
| Phoenix | 500m CPU, 1Gi memory | 1000m CPU, 2Gi memory |
| PostgreSQL | 100m CPU, 256Mi memory | 500m CPU, 512Mi memory |
Health Checks
The chart configures liveness, readiness, and startup probes. The startup probe is enabled by default with a 30-attempt failure threshold at 1-second intervals, providing up to 30 seconds for initial startup.
Related Pages
- Arize_ai_Phoenix_Pyproject_Config - Python package configuration for the application deployed by this chart
- Arize_ai_Phoenix_OpenAPI_Spec_Canonical - REST API specification for the server endpoints exposed via ingress
- Arize_ai_Phoenix_Docs_Site_Config - Documentation site referencing deployment configuration