Overview
The officialmyrm-platform Helm Chart deploys the control plane + frontend as a dual-component release on any Kubernetes cluster. Sandbox instances (one per user) are dynamically created by the control plane via the K8s API.
The Helm Chart is for cloud-hosted and enterprise private deployment scenarios. For local single-user setups, use the Desktop App or Local Deployment instead.
Prerequisites
- Kubernetes cluster (v1.25+)
- Helm 3.10+
kubectlconfigured for your cluster- A pre-created Kubernetes Secret containing at minimum
JWT_SECRET
Quick Start
Architecture
Configuration
All configuration is centralized invalues.yaml. The chart maps 1:1 to the control plane’s ControlPlaneConfig fields.
Images
Secrets
The chart uses an external Secret pattern — you create the Secret manually, and the chart references it:JWT_SECRET
Optional keys: MYRM_CP_STRIPE_SECRET_KEY, MYRM_CP_GOOGLE_OAUTH_CLIENT_SECRET, MYRM_CP_GITHUB_OAUTH_CLIENT_SECRET, MYRM_CP_ADMIN_API_KEY, MYRM_CP_ENTERPRISE_LICENSE_KEY, etc.
Ingress
Persistence
RBAC
The control plane needs permissions to manage sandbox Pods via the K8s API:Optional Enterprise Features
All disabled by default — enable as needed:| Feature | Config Key | Purpose |
|---|---|---|
| Network Policy | networkPolicy.enabled | Restrict traffic between components |
| HPA | autoscaling.enabled | Auto-scale CP and frontend pods |
| PDB | podDisruptionBudget.enabled | Guarantee availability during upgrades |
| PrometheusRule | monitoring.prometheusRule.enabled | Alert on CP downtime and high latency |