Helm & Kubernetes: Installation

We offer both Diffgram Opencore and Diffgram Enterprise on kubernetes cluster via a helm chart. Please read the following guide and visit https://github.com/diffgram/diffgram-helm to get the helm chart.


The diffgram/diffgram-helm repository is the best way to use Diffgram with Kubernetes. The chart contains all the required components to get started and all the configuration values to scale or customize your deployment requirments.

Chart Components

  • Nginx Ingress
  • External service for Postgres DB Connection
  • Postgres Database (If not using external service)
  • diffgram/default component
  • diffgram/walrus component
  • diffgram/frontend component

Optional Dependencies

Useful Tutorials

Diffgram Helm Chart Quick Start Guide

If you are looking to get Diffgram up and running on kubernetes as fast as possible we recommend the following guide for Proof of Concept deployments.

The guide will walk you through deploying the Diffgram chart with the default values and features. But does not necessarly meet productions ready requirements. Please make sure to test workloads and tune the services CPU and RAM if you want to get the helm chart to Production with sustained work loads.


  • A domain which you or your organization owns, and acces to adding DNS records to the Domain.
  • A Kubernetes Cluster
  • A working installation of kubectl
  • A working installation of helm

Domain Availability

For this guide you will not be able to use the infamout "example.com" domain. You need a domain that is internet accesible and also a domain you can add DNS records to. This is important because to issue SSL certificates the Let's Encrypt serviers will have to resolve the domain address in order to issue a valid SSL certificate.

Getting a Kubernetes Cluster

There are many ways you can create a kubernetes cluster. We recommend using any of the top cloud providers managed services:

Installing Kubectl

Once you have a cluster you can visit Kubernetes Official Documentation for installing kubectl.

Installing Helm V3

For this guide, we use helm's latest release. You can visit the Official installation instructions

Cloning the Helm repo & Installing

Clone the git repo for helm:
git clone https://github.com/diffgram/diffgram-helm
And now install:

# If you don't want tls you can skip this
helm repo add jetstack https://charts.jetstack.io
helm install cert-manager --namespace default jetstack/cert-manager --set installCRDs=true

# Install Diffgram
helm install diffgram . -f values.yaml`

Make sure you inspect all the values of the values.yaml file and set them to the correct values for your deployment. For this quick install guide, you can use the defaults.


The following are some of the most important configurations of the values.yaml in the helm chart. Please feel free to contact us if you have any questions on any of the configurations.

4.1 Database Settings

1. dbSettings.dbProvider: Set this to “rds”, "azure", or "local" depending on your DB managed service.

2. dbSettings.rdsEndpoint: Set this to your RDS instance endpoint, so diffgram can use it as the database.

3. dbSettings.dbProvider: Set this to “rds”

4, dbSettings.dbUser: Set this to the postgres user you want to use with Diffgram.

5. dbSettings.dbName: Set this to Postgres Database name you want to create the tables on

6. dbSettings.dbPassword: Set this to RDS instance’s password

4.2 Diffgram Configuration Settings

1. diffgramSecrets.DIFFGRAM_AWS_ACCESS_KEY_ID: Set this to your AWS credentials access key. Make sure the account has permissions to the S3 bucket you’ll use as static storage.

2. diffgramSecrets.DIFFGRAM_AWS_ACCESS_KEY_SECRET: Set this to your AWS credentials secret. Make sure the account has permissions to the S3 bucket you’ll use as static storage.

3. diffgramSettings.DIFFGRAM_S3_BUCKET_NAME: Set this to your S3’s bucket name for static file storage.

4. diffgramSettings.ML__DIFFGRAM_S3_BUCKET_NAME: Set this to your S3’s bucket name for static file storage.

5. diffgramSettings.DIFFGRAM_STATIC_STORAGE_PROVIDER: Set this to the provider you will use. Either aws, gcp or azure. Depending on this value, the helm will or will not require the above configurations.

Enterprise Common Errors

If you are getting a similar error to this:

Error: failed pre-install: warning: Hook pre-install diffgram/templates/hooks/secret_gcr_db_migrations.yaml failed: Secret in version "v1" cannot be handled as a Secret: v1.Secret.ObjectMeta: v1.ObjectMeta.TypeMeta: Kind: Data: decode base64: illegal base64 data at input byte 8, error found in #10 byte of ...|gram_team"},"kind":"|..., bigger context ...|":{".dockerconfigjson":"provided_by_diffgram_team"},"kind":"Secret","metadata":{"annotations":{"helm|..

Please make sure that you have the imagePullCredentials.gcrCredentials setup with the secret key provided by the Diffgram Team. If you are still having trouble setting up the enterprise installation, please contact us.

Did this page help you?