_Includes
Configuring Helix Apps
Helix Apps are version-controlled configurations for LLM-based applications. Here’s how to configure them:
Basic App Structure
A Helix App consists of:
helix.yaml- Main configuration file- Supporting files (prompts, datasets, etc.)
helix.yaml Example
name: my-awesome-app
version: 1.0.0
description: An example Helix App
assistant:
model: gpt-4
system_prompt: "You are a helpful assistant."
temperature: 0.7
knowledge:
sources:
- type: url
url: https://example.com/docs
schedule: "0 0 * * *"
integrations:
- type: api
name: weather
url: https://api.weather.com/v1
auth:
type: api_key
key: WEATHER_API_KEY
Deployment
Deploy apps using git:
Configuring Caddy for HTTPS
Caddy can automatically provision and renew TLS certificates. Here’s a basic Caddyfile configuration:
{
email your-email@example.com
}
helix.yourdomain.com {
reverse_proxy localhost:8080
}
Installation
Install Caddy on Ubuntu:
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
Configuration
-
Edit the Caddyfile:
sudo nano /etc/caddy/Caddyfile -
Replace the contents with your configuration
Configuring External Providers
Helix can integrate with various external providers for enhanced functionality:
OpenAI Integration
To use OpenAI models, add the following to your configuration:
OPENAI_API_KEY=your_openai_api_key
OPENAI_BASE_URL=https://api.openai.com/v1
TogetherAI Integration
For TogetherAI models:
TOGETHER_API_KEY=your_together_api_key
Hugging Face Integration
For Hugging Face models and datasets:
HF_TOKEN=your_huggingface_token
GitHub Integration
To enable GitHub integration for app deployment:
GITHUB_TOKEN=your_github_token
GITHUB_WEBHOOK_SECRET=your_webhook_secret
Database Configuration
For external database connections:
DATABASE_URL=postgresql://user:password@host:port/database
Ensure you restart the Helix services after making configuration changes.
Configuring Runners
Runners are responsible for executing the actual inference tasks in Helix. Here’s how to configure them:
Local Runner Configuration
For a local runner, ensure the following in your .env file:
RUNNER_ENABLED=true
RUNNER_NAME=local-runner
RUNNER_GPU_ENABLED=true
Start the runner with:
./runner.sh
Remote Runner Configuration
To attach a remote runner to your control plane:
-
On the control plane, generate a runner token:
docker exec helix-controlplane helixctl generate-runner-token -
On the runner machine, configure the
.envfile:
Security Configuration
Helix comes with reasonable security defaults, but you should consider the following for production deployments:
Network Security
- Restrict access to the API port (default 8080) using firewall rules
- Use HTTPS in production with valid certificates
- Consider placing Helix behind a reverse proxy like Nginx or Caddy
Authentication
- Change default passwords immediately after installation
- Use strong, unique passwords for all accounts
- Enable two-factor authentication where possible
- Regularly rotate API keys and tokens
Data Protection
- Regularly backup your data and test restoration procedures
- Encrypt sensitive data at rest
- Monitor access logs for suspicious activity
- Apply security updates promptly
Container Security
- Run containers with non-root users where possible
- Regularly update base images
- Scan images for vulnerabilities
- Limit container privileges and capabilities
For more detailed security guidance, refer to the Security Best Practices documentation.
Control Plane Helm Chart Configuration
To install the Helix Control Plane using Helm, use the following configuration:
# values.yaml
controlplane:
image:
repository: helixml/controlplane
tag: "latest"
service:
type: ClusterIP
port: 8080
ingress:
enabled: true
hosts:
- helix.yourdomain.com
tls:
- hosts:
- helix.yourdomain.com
secretName: helix-tls
postgresql:
enabled: true
auth:
postgresPassword: "securePassword"
password: "securePassword"
redis:
enabled: true
Install with:
helm repo add helix https://charts.helixml.tech
helm install controlplane helix/controlplane -f values.yaml
Keycloak Helm Chart Configuration
To install Keycloak using Helm, use the following configuration:
# values.yaml
keycloak:
image:
repository: quay.io/keycloak/keycloak
tag: "21.1"
service:
type: ClusterIP
port: 8080
ingress:
enabled: true
hosts:
- keycloak.yourdomain.com
tls:
- hosts:
- keycloak.yourdomain.com
secretName: keycloak-tls
postgresql:
enabled: true
auth:
postgresPassword: "securePassword"
password: "securePassword"
Install with:
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install keycloak bitnami/keycloak -f values.yaml
Adding Helm Repositories
Before installing Helm charts, you need to add the appropriate repositories:
# Add Bitnami repository (for Keycloak, PostgreSQL, etc.)
helm repo add bitnami https://charts.bitnami.com/bitnami
# Add ingress-nginx repository
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
# Update all repositories
helm repo update
Verify the repositories are added:
helm repo list
System Requirements
- Operating System: Linux (Ubuntu 20.04+), macOS (12+), or Windows with WSL2
- CPU: Minimum 4 cores recommended
- RAM: Minimum 8GB, 16GB recommended
- Disk Space: Minimum 20GB free space
- Docker: Version 20.10 or higher
- Git: Version 2.20 or higher
For GPU Support
- NVIDIA GPU: CUDA-compatible GPU with at least 8GB VRAM
- NVIDIA Drivers: Latest drivers installed
- NVIDIA Container Toolkit: For Docker GPU support
For Local Development
- Terminal: Bash or compatible shell
- Text Editor: VS Code, Sublime Text, or similar
- Browser: Modern browser (Chrome, Firefox, Safari, Edge)