From e30d8c457b517d9282c07b961ab99dcb3d39cded Mon Sep 17 00:00:00 2001 From: James Purcell Date: Wed, 6 May 2026 16:54:26 +0100 Subject: [PATCH 1/3] Add helm examples for EKS with and without Quarantine VPC enabled --- README.md | 2 +- braintrust/README.md | 6 + .../examples/aws-eks-quarantine/values.yaml | 109 ++++++++++++++++++ braintrust/examples/aws-eks/values.yaml | 90 +++++++++++++++ 4 files changed, 206 insertions(+), 1 deletion(-) create mode 100644 braintrust/examples/aws-eks-quarantine/values.yaml create mode 100644 braintrust/examples/aws-eks/values.yaml diff --git a/README.md b/README.md index 5ec78fd..348ec1b 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,6 @@ helm upgrade --install \ ## Prerequisites -Before installing the Braintrust Helm chart, ensure you have run the appropriate braintrust terraform module [Google](https://github.com/braintrustdata/terraform-google-braintrust-data-plane) or [Azure](https://github.com/braintrustdata/terraform-azure-braintrust-data-plane) to deploy the base infrastructure. +Before installing the Braintrust Helm chart, ensure you have run the appropriate Braintrust Terraform module for [AWS](https://github.com/braintrustdata/terraform-aws-braintrust-data-plane), [Google](https://github.com/braintrustdata/terraform-google-braintrust-data-plane), or [Azure](https://github.com/braintrustdata/terraform-azure-braintrust-data-plane) to deploy the base infrastructure. See the [Braintrust Helm Chart](./braintrust/README.md) for more details. diff --git a/braintrust/README.md b/braintrust/README.md index a912b70..d413adf 100644 --- a/braintrust/README.md +++ b/braintrust/README.md @@ -192,3 +192,9 @@ This version also adds first-class `brainstoreWalFooterVersion` support and auto ## Example Values Files Example values files for different cloud providers and configurations are located in the `examples/` folder. + +- `examples/aws-eks/values.yaml`: AWS EKS deployment without a quarantine VPC. User-defined functions execute in the API pod. Includes the API service annotations needed for the Terraform-managed CloudFront plus adopted internal NLB path. +- `examples/aws-eks-quarantine/values.yaml`: AWS EKS deployment with user-defined functions routed into the quarantine VPC. Includes the API service annotations needed for the Terraform-managed CloudFront plus adopted internal NLB path. +- `examples/google-autopilot/values.yaml`: GKE Autopilot deployment. +- `examples/google-autopilot-cel/values.yaml`: GKE Autopilot deployment with CEL-friendly security settings. +- `examples/google-standard/values.yaml`: GKE Standard deployment. diff --git a/braintrust/examples/aws-eks-quarantine/values.yaml b/braintrust/examples/aws-eks-quarantine/values.yaml new file mode 100644 index 0000000..1fef7f7 --- /dev/null +++ b/braintrust/examples/aws-eks-quarantine/values.yaml @@ -0,0 +1,109 @@ +# Sample values for AWS EKS deployment with a quarantine VPC + +global: + orgName: "" + namespace: "braintrust" + +cloud: "aws" + +objectStorage: + aws: + brainstoreBucket: "" + responseBucket: "" + codeBundleBucket: "" + +api: + name: "braintrust-api" + replicas: 1 + # Disable in-pod code execution so user-defined functions run in the quarantine VPC. + allowCodeFunctionExecution: false + annotations: + service: + # Internal NLB via the AWS Load Balancer Controller. + # If you are using the terraform-aws-braintrust-data-plane EKS CloudFront path, + # set these so the controller adopts the pre-created internal NLB. + service.beta.kubernetes.io/aws-load-balancer-scheme: "internal" + service.beta.kubernetes.io/aws-load-balancer-type: "external" + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "instance" + service.beta.kubernetes.io/aws-load-balancer-security-groups: "" + service.beta.kubernetes.io/aws-load-balancer-name: "" + service: + type: LoadBalancer + port: 8000 + portName: http + serviceAccount: + name: "braintrust-api" + awsRoleArn: "" + resources: + requests: + cpu: "4" + memory: "16Gi" + limits: + cpu: "8" + memory: "16Gi" + extraEnvVars: + - name: QUARANTINE_INVOKE_ROLE + value: "" + - name: QUARANTINE_FUNCTION_ROLE + value: "" + - name: QUARANTINE_REGION + value: "" + - name: QUARANTINE_PRIVATE_SUBNET_1_ID + value: "" + - name: QUARANTINE_PRIVATE_SUBNET_2_ID + value: "" + - name: QUARANTINE_PRIVATE_SUBNET_3_ID + value: "" + - name: QUARANTINE_PUB_PRIVATE_VPC_DEFAULT_SECURITY_GROUP + value: "" + - name: QUARANTINE_PUB_PRIVATE_VPC_ID + value: "" + # nodeSelector: + # topology.kubernetes.io/zone: us-east-1a + +brainstore: + serviceAccount: + name: "brainstore" + awsRoleArn: "" + reader: + name: "brainstore-reader" + replicas: 2 + service: + type: ClusterIP + port: 4000 + portName: http + resources: + requests: + cpu: "16" + memory: "32Gi" + limits: + cpu: "16" + memory: "32Gi" + fastreader: + name: "brainstore-fastreader" + replicas: 2 + service: + type: ClusterIP + port: 4000 + portName: http + resources: + requests: + cpu: "16" + memory: "32Gi" + limits: + cpu: "16" + memory: "32Gi" + writer: + name: "brainstore-writer" + replicas: 1 + service: + type: ClusterIP + port: 4000 + portName: http + resources: + requests: + cpu: "32" + memory: "64Gi" + limits: + cpu: "32" + memory: "64Gi" diff --git a/braintrust/examples/aws-eks/values.yaml b/braintrust/examples/aws-eks/values.yaml new file mode 100644 index 0000000..b676ea3 --- /dev/null +++ b/braintrust/examples/aws-eks/values.yaml @@ -0,0 +1,90 @@ +# Sample values for AWS EKS deployment without a quarantine VPC + +global: + orgName: "" + namespace: "braintrust" + +cloud: "aws" + +objectStorage: + aws: + brainstoreBucket: "" + responseBucket: "" + codeBundleBucket: "" + +api: + name: "braintrust-api" + annotations: + service: + # Internal NLB via the AWS Load Balancer Controller. + # If you are using the terraform-aws-braintrust-data-plane EKS CloudFront path, + # set these so the controller adopts the pre-created internal NLB. + service.beta.kubernetes.io/aws-load-balancer-scheme: "internal" + service.beta.kubernetes.io/aws-load-balancer-type: "external" + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "instance" + service.beta.kubernetes.io/aws-load-balancer-security-groups: "" + service.beta.kubernetes.io/aws-load-balancer-name: "" + replicas: 1 + service: + type: LoadBalancer + port: 8000 + portName: http + serviceAccount: + name: "braintrust-api" + awsRoleArn: "" + # Keep code execution enabled when not using a quarantine VPC. + allowCodeFunctionExecution: true + resources: + requests: + cpu: "4" + memory: "16Gi" + limits: + cpu: "8" + memory: "16Gi" + +brainstore: + serviceAccount: + name: "brainstore" + awsRoleArn: "" + reader: + name: "brainstore-reader" + replicas: 2 + service: + type: ClusterIP + port: 4000 + portName: http + resources: + requests: + cpu: "16" + memory: "32Gi" + limits: + cpu: "16" + memory: "32Gi" + fastreader: + name: "brainstore-fastreader" + replicas: 2 + service: + type: ClusterIP + port: 4000 + portName: http + resources: + requests: + cpu: "16" + memory: "32Gi" + limits: + cpu: "16" + memory: "32Gi" + writer: + name: "brainstore-writer" + replicas: 1 + service: + type: ClusterIP + port: 4000 + portName: http + resources: + requests: + cpu: "32" + memory: "64Gi" + limits: + cpu: "32" + memory: "64Gi" From dfd1689f3d1437bbed4a9e89badd2bdc60da6236 Mon Sep 17 00:00:00 2001 From: James Purcell Date: Wed, 6 May 2026 17:01:26 +0100 Subject: [PATCH 2/3] Remove CEL example from README --- braintrust/README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/braintrust/README.md b/braintrust/README.md index d413adf..7194ef0 100644 --- a/braintrust/README.md +++ b/braintrust/README.md @@ -196,5 +196,4 @@ Example values files for different cloud providers and configurations are locate - `examples/aws-eks/values.yaml`: AWS EKS deployment without a quarantine VPC. User-defined functions execute in the API pod. Includes the API service annotations needed for the Terraform-managed CloudFront plus adopted internal NLB path. - `examples/aws-eks-quarantine/values.yaml`: AWS EKS deployment with user-defined functions routed into the quarantine VPC. Includes the API service annotations needed for the Terraform-managed CloudFront plus adopted internal NLB path. - `examples/google-autopilot/values.yaml`: GKE Autopilot deployment. -- `examples/google-autopilot-cel/values.yaml`: GKE Autopilot deployment with CEL-friendly security settings. - `examples/google-standard/values.yaml`: GKE Standard deployment. From 40ae3bc50814a0c50a48bd53a0058d0eba766305 Mon Sep 17 00:00:00 2001 From: James Purcell Date: Wed, 6 May 2026 17:27:51 +0100 Subject: [PATCH 3/3] Bump API replicas to 4 to match general guidance --- braintrust/examples/aws-eks-quarantine/values.yaml | 2 +- braintrust/examples/aws-eks/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/braintrust/examples/aws-eks-quarantine/values.yaml b/braintrust/examples/aws-eks-quarantine/values.yaml index 1fef7f7..7dafae1 100644 --- a/braintrust/examples/aws-eks-quarantine/values.yaml +++ b/braintrust/examples/aws-eks-quarantine/values.yaml @@ -14,7 +14,7 @@ objectStorage: api: name: "braintrust-api" - replicas: 1 + replicas: 4 # Disable in-pod code execution so user-defined functions run in the quarantine VPC. allowCodeFunctionExecution: false annotations: diff --git a/braintrust/examples/aws-eks/values.yaml b/braintrust/examples/aws-eks/values.yaml index b676ea3..9dc7141 100644 --- a/braintrust/examples/aws-eks/values.yaml +++ b/braintrust/examples/aws-eks/values.yaml @@ -24,7 +24,7 @@ api: service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "instance" service.beta.kubernetes.io/aws-load-balancer-security-groups: "" service.beta.kubernetes.io/aws-load-balancer-name: "" - replicas: 1 + replicas: 4 service: type: LoadBalancer port: 8000