# values-copilot.yaml # # When to use: enable the Sim Copilot service (the chat / Mothership backend) # alongside the main app. Provisions a dedicated Copilot Deployment, its own # Postgres StatefulSet, and a migration Job for the Copilot schema. # # Prerequisites: same as the base install. Merge this file with your main # values file (e.g. values-production.yaml) using multiple --values flags. # # Install: # helm install sim ./helm/sim \ # --namespace sim --create-namespace \ # --values ./helm/sim/examples/values-production.yaml \ # --values ./helm/sim/examples/values-copilot.yaml \ # --set app.env.BETTER_AUTH_SECRET="$BETTER_AUTH_SECRET" \ # --set app.env.ENCRYPTION_KEY="$ENCRYPTION_KEY" \ # --set app.env.INTERNAL_API_SECRET="$INTERNAL_API_SECRET" \ # --set app.env.CRON_SECRET="$CRON_SECRET" \ # --set postgresql.auth.password="$POSTGRES_PASSWORD" \ # --set copilot.postgresql.auth.password="$COPILOT_POSTGRES_PASSWORD" \ # --set copilot.server.env.AGENT_API_DB_ENCRYPTION_KEY="$AGENT_API_DB_ENCRYPTION_KEY" \ # --set copilot.server.env.INTERNAL_API_SECRET="$INTERNAL_API_SECRET" \ # --set copilot.server.env.LICENSE_KEY="$COPILOT_LICENSE_KEY" \ # --set copilot.server.env.SIM_BASE_URL="https://sim.example.com" \ # --set copilot.server.env.SIM_AGENT_API_KEY="$SIM_AGENT_API_KEY" \ # --set copilot.server.env.REDIS_URL="redis://default:password@redis:6379" \ # --set copilot.server.env.OPENAI_API_KEY_1="$OPENAI_API_KEY" # # All copilot.server.env.* keys above are required when copilot.enabled=true, # plus at least one model provider key (OPENAI_API_KEY_1 or ANTHROPIC_API_KEY_1). # LICENSE_KEY is issued by the Sim team. SIM_AGENT_API_KEY must equal the # COPILOT_API_KEY value on the main app side. SIM_BASE_URL is the public app URL. # Enable the copilot service copilot: enabled: true # Server configuration server: image: repository: simstudioai/copilot tag: "" # defaults to Chart.AppVersion; override to pin a specific release pullPolicy: IfNotPresent replicaCount: 2 # Node scheduling (OPTIONAL) # By default, copilot runs on the same nodes as the main Sim platform nodeSelector: {} # nodeSelector: # workload-type: copilot resources: limits: memory: "2Gi" cpu: "1000m" requests: memory: "1Gi" cpu: "500m" # Required secrets (set via values or provide your own secret) env: AGENT_API_DB_ENCRYPTION_KEY: "" # openssl rand -hex 32 INTERNAL_API_SECRET: "" # reuse Sim INTERNAL_API_SECRET LICENSE_KEY: "" # Provided by Sim team OPENAI_API_KEY_1: "" # At least one provider key required ANTHROPIC_API_KEY_1: "" # Optional secondary provider SIM_BASE_URL: "https://sim.example.com" # Base URL for Sim deployment SIM_AGENT_API_KEY: "" # Must match SIM-side COPILOT_API_KEY REDIS_URL: "redis://default:password@redis:6379" # Optional configuration CORS_ALLOWED_ORIGINS: "https://sim.example.com" OTEL_EXPORTER_OTLP_ENDPOINT: "" # Non-secret operational tunables — inlined as plain container env, never go through # the Secret/ExternalSecret, so they don't need externalSecrets.remoteRefs.copilot entries envDefaults: PORT: "8080" SERVICE_NAME: "copilot" ENVIRONMENT: "production" LOG_LEVEL: "info" # Create a Secret from the values above. Set create=false to reference an existing secret instead. secret: create: true name: "" annotations: {} extraEnv: [] extraEnvFrom: [] service: type: ClusterIP port: 8080 targetPort: 8080 # Internal PostgreSQL database (disable to use an external database) postgresql: enabled: true image: repository: postgres tag: 17-alpine pullPolicy: IfNotPresent auth: username: copilot password: "" # REQUIRED - set via --set copilot.postgresql.auth.password database: copilot nodeSelector: {} # nodeSelector: # workload-type: copilot resources: limits: memory: "1Gi" cpu: "500m" requests: memory: "512Mi" cpu: "250m" persistence: enabled: true size: 10Gi # External database configuration (only used when postgresql.enabled=false) database: existingSecretName: "" secretKey: DATABASE_URL url: "" # Migration job migrations: enabled: true resources: limits: memory: "512Mi" cpu: "500m" requests: memory: "256Mi" cpu: "100m" # Optional: Configure ingress to expose copilot service # Uncomment if you need external access to copilot # ingress: # enabled: true # className: nginx # annotations: # cert-manager.io/cluster-issuer: letsencrypt-prod # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" # copilot: # host: copilot.yourdomain.com # paths: # - path: / # pathType: Prefix # tls: # enabled: true # secretName: copilot-tls-secret # If using private Docker Hub repository # global: # imagePullSecrets: # - name: dockerhub-secret