Skip to Content
GuidesDeployment & hostingSelf-host with Helm

Self-host Arcade with Helm

The Arcade Helm chart deploys the full Arcade platform onto a Kubernetes cluster you manage. It’s the bring-your-own-Kubernetes alternative to the cloud marketplaces: you control the cluster, the data, and the upgrade cadence.

If you’d rather not manage Kubernetes yourself, the Azure and AWS marketplace deployments run the same platform as turnkey, Arcade-operated deployments in your own cloud .

What it deploys

The chart installs the complete platform — Engine, Coordinator, Worker, Dashboard, and Experience API — into a namespace on your cluster, along with the supporting controllers it needs.

Prerequisites

  • Kubernetes 1.30 or later
  • Helm 3.8 or later (for OCI chart support)
  • PostgreSQL and Redis — bundled by the chart for proof-of-concept, or bring your own managed instances for production
  • An OIDC identity provider
  • An ingress controller or Gateway API implementation, TLS certificates, and a DNS hostname

Set up your identity provider

Arcade signs users in through your OpenID Connect (OIDC) identity provider. The provider authenticates dashboard users and backs the tokens that gateways validate, so set it up before you deploy.

  1. Register an application with your identity provider. Arcade works with Microsoft Entra ID, Okta, Auth0, or Keycloak, or any standards-compliant OIDC provider.
  2. Copy the application’s client ID, generate a client secret, and note the issuer URL. For Microsoft Entra ID, use the v2.0 issuer https://login.microsoftonline.com/<tenant-id>/v2.0.
  3. Provide the client ID, client secret, and issuer in your Helm values.
  4. After you deploy, register the redirect URI for your hostname’s /signin/oidc/callback path on the application, then sign in to the dashboard.

Install the chart

Install from the OCI registry

The chart is published as an OCI artifact, so there’s no repository to add — install it directly. Provide your configuration in a values.yaml file (see Configuration).

Terminal
helm install arcade \ oci://public.ecr.aws/s5i6x9d1/charts/arcade \ --namespace arcade --create-namespace \ -f values.yaml

Verify the deployment

Once the pods are running, open your configured hostname and sign in through your identity provider to confirm the platform is up.

Configuration

Configure the platform through Helm values. The chart covers:

  • Components — Engine, Coordinator, Worker, Dashboard, and Experience API
  • Identity — your OIDC identity provider and OAuth providers
  • Data stores — bundled or external PostgreSQL and Redis
  • Networking — ingress or Gateway API, TLS, and the engine.ssrfAllowlist for reaching internal services
  • Security — encryption keys, network policies, and RBAC
  • Telemetry — OpenTelemetry (OTLP) logs, metrics, and traces

The full, versioned values reference lives on Artifact Hub . Use it as the source of truth for every value and default.

Upgrade and roll back

Upgrade to a new chart version with helm upgrade, and roll back with helm rollback if needed. See the Artifact Hub listing  for version-specific upgrade notes.

Next steps

Last updated on