Operations
Helm Install
The Helm chart at infra/helm/layer/ installs the gateway, operator, and
document cache into a cluster that already has the AWS resources from
Terraform or equivalent resources you manage.
Required values
Most of the chart is opinionated defaults. In a typical install the only value you must bring from outside the cluster is the Turbopuffer API key.
| Value | Required | Notes |
|---|---|---|
turbopuffer.apiKey | yes | Turbopuffer credential the gateway uses on every upstream request. |
gateway.image | yes | Gateway image URL — Terraform emits this as an ECR output. |
gateway.apiKey | yes | Bearer token clients send as Authorization: Bearer …. Chart render fails when blank, by design. |
s3.bucket | yes | S3 bucket Terraform created for snapshots and history. |
serviceAccount.roleArn | yes | IRSA role ARN that grants the gateway access to the S3 bucket. |
gateway.indexGc.enabled | no | Enables namespace hard-delete cleanup of operator-discovered Index CRs. |
gateway.indexGc.indexNamespace | no | Namespace containing Index CRs. Blank follows operator.discovery.indexNamespace, then the Helm release namespace. |
dashboard.serviceAccount.roleArn | for cost tab | IRSA role ARN with AWS pricing, CloudWatch, and cost read access. |
ingress.host | optional | Set when you want a public ingress; use your DNS/TLS or enable Terraform-managed Route53/ACM. |
Install
helm upgrade --install layer ./infra/helm/layer \
--namespace layer --create-namespace \
-f values.customer.yaml
The chart is not published to a public Helm repository in 0.1 — install from the source path or from the chart artifact provided during onboarding.
What gets installed
layer-gateway— Rust gateway for Turbopuffer-compatible routes, fetch, scans, snapshots, warm jobs, and pipeline state.layer-operator— reconciler for Index, InfraRules, Pipeline, and Function CRDs documented in Kubernetes.layer-document-cache— Aerospike-backed document cache, scale-to-zero by default.- Supporting resources: service accounts, IRSA bindings, ingress, and CRDs.