Ctrlk
K-AI
For the complete documentation index, see llms.txt. This page is also available as Markdown.

On-premise installation

K-AI deploys on-premise with the same application code, the same APIs, and the same per-instance isolation model as the SaaS offering. Only the substrate changes: the customer owns the Kubernetes cluster, the database, the storage, and the operational responsibility.

For the commercial overview of deployment modes, see Platform — Deployment models. For depth on the three modes side-by-side, see Deployment models.

Prerequisites

Component
Requirement

Kubernetes

Modern version (1.27+); OpenShift supported. Cluster-admin access required during install.

Ingress & TLS

An ingress controller (NGINX, cloud load balancer, OpenShift Route, …) and TLS termination (managed certificates or your own PKI).

Storage

A PVC-capable storage class for vector index and object storage. Sized to the document estate.

PostgreSQL

Managed or self-hosted. The installer creates the required databases and schemas.

Object storage

S3-compatible (MinIO, Ceph RGW, any S3 gateway).

Container registry

OCI-compatible (Harbor or any private registry).

Identity provider

OIDC-compliant IdP (Azure AD, Okta, Ping, …) for SSO, or local password auth.

GPU (optional)

Required only if you self-host LLM completion or embedding. Otherwise route LLM traffic to a K-AI or third-party endpoint.

Network

Outbound HTTPS for the image registry and the LLM endpoint (unless air-gapped or self-hosted).

Sizing is driven by document estate size and indexation throughput. K-AI provides a pre-install questionnaire and sizing guidance during onboarding.

Air-gapped support

The on-premise mode is designed for environments without internet egress. K-AI produces an offline bundle on a connected machine; the customer transfers it (SFTP, disk, whatever the customer's transfer rules allow) and loads it into the customer's private registry. Subsequent upgrades ship as smaller delta bundles containing only the images that changed.

This flow is the supported path for classified environments and highly classified data (e.g. secret-défense in the French defence sector).

Install model

K-AI is delivered as a Helm chart with pre-filled values for common targets (generic Kubernetes with NGINX, OpenShift, managed Kubernetes on the major clouds). The bundled offline-install scripts handle image loading, registry re-tagging, and the database bootstrap. Module toggles (audit, retrieval, billing, web crawler, GPU-accelerated parsing) are flags in the customer values file.

A companion chart is available for customers who want to self-host LLM completion and embedding inside their cluster. It ships separately and includes model weights.

Detailed installation steps — values reference, preflight checks, upgrade procedure — are provided with the on-premise distribution and are not duplicated here.

Responsibility split

Provided by the customer
Provided by K-AI

Kubernetes cluster, ingress, TLS certificates

Helm chart and signed image artifacts

PostgreSQL and S3-compatible object storage

Updates and security patches per the support contract

IAM federation for SSO

Remote support and incident response

Observability stack (Datadog, Grafana, Splunk, …)

Documented migration paths for breaking changes

Backups of the customer-side database and storage

Backwards compatibility on the public API surfaces for one minor version

OS-level patching of cluster nodes

Sizing guidance and reference deployments under NDA

For an anonymised reference deployment from a comparable customer, contact your K-AI account team.

PreviousRunbooksNextOverview

Last updated