Skip to content

Production deployment

Ollama is part of the trusted privacy boundary because it performs local classification and embeddings as well as generation. Non-device service addresses must declare trust_zone = "private_network"; only do this for a network segment authorized to receive the protected context handled by the deployment. yagami doctor reports the effective trust zone.

Yagami ships a secure-by-default Helm chart in deploy/helm/yagami. It runs headless with authentication required, a read-only root filesystem, dropped Linux capabilities, health probes, explicit resource limits, persistent data, and no mounted Kubernetes service-account token.

Create credentials separately so they never enter Helm values or release history:

kubectl create secret generic yagami-secrets \
  --from-literal=YAGAMI_API_KEYS='{"key":{"project_id":"default","roles":["gateway"]}}'
helm upgrade --install yagami deploy/helm/yagami \
  --set image.digest='sha256:YOUR_VERIFIED_RELEASE_DIGEST'

For production, terminate TLS at an ingress or service mesh, use an immutable image digest, and source the Kubernetes Secret from your cloud KMS or Vault operator. The chart never creates secret values. Enable its NetworkPolicy only after setting the ingress namespace selector appropriate to your cluster.

The bundled SQLite database is suited to a single writable replica. Keep replicaCount: 1 unless all stateful features are externalized; horizontal autoscaling is opt-in for that reason.

Install the observability extra and set the standard OpenTelemetry exporter environment variables to export traces and metrics. Yagami emits gen_ai.operation.name, provider/model, response timing, finish reason, and token usage attributes plus the standard GenAI client duration and token usage metrics. Prompt, response, tool-argument, and document content are deliberately never attached to telemetry.