Dynamiq Docs
  • Welcome to Dynamiq
  • Low-Code Builder
    • Extractors and Transformers
    • Chat
    • Basics
    • Connecting Nodes
    • Conditional Nodes and Multiple Outputs
    • Input and Output Transformers
    • Error Handling and Retries
    • LLM Nodes
    • Validator Nodes
    • RAG Nodes
      • Indexing Workflow
        • Pre-processing Nodes
        • Document Splitting
        • Document Embedders
        • Document Writers
      • Inference RAG workflow
        • Text embedders
        • Document retrievers
          • Complex retrievers
        • LLM Answer Generators
    • LLM Agents
      • Basics
      • Guide to Implementing LLM Agents: ReAct and Simple Agents
      • Guide to Agent Orchestration: Linear and Adaptive Orchestrators
      • Guide to Advanced Agent Orchestration: Graph Orchestrator
    • Audio and voice
    • Tools and External Integrations
    • Python Code in Workflows
    • Memory
    • Guardrails
  • Deployments
    • Workflows
      • Tracing Workflow Execution
    • LLMs
      • Fine-tuned Adapters
      • Supported Models
    • Vector Databases
  • Prompts
    • Prompt Playground
  • Connections
  • LLM Fine-tuning
    • Basics
    • Using Adapters
    • Preparing Data
    • Supported Models
    • Parameters Guide
  • Knowledge Bases
  • Evaluations
    • Metrics
      • LLM-as-a-Judge
      • Predefined metrics
        • Faithfulness
        • Context Precision
        • Context Recall
        • Factual Correctness
        • Answer Correctness
      • Python Code Metrics
    • Datasets
    • Evaluation Runs
    • Examples
      • Build Accurate vs. Inaccurate Workflows
  • Examples
    • Building a Search Assistant
      • Approach 1: Single Agent with a Defined Role
      • Approach 2: Adaptive Orchestrator with Multiple Agents
      • Approach 3: Custom Logic Pipeline with a Straightforward Workflow
    • Building a Code Assistant
  • Platform Settings
    • Access Keys
    • Organizations
    • Settings
    • Billing
  • On-premise Deployment
    • AWS
    • IBM
    • Red Hat OpenShift
  • Support Center
  • AI Agent Factory
Powered by GitBook
On this page
  • Table of contents
  • Prerequisites
  • Quick‑start variables
  • 1 – Install CLI & plugins
  • 2 – Authenticate & target a resource group
  • 3 – Create networking (VPC + Subnet + Gateway)
  • 4 – Provision the Kubernetes cluster
  • 5 – Provision PostgreSQL
  • 6 – Provision Object Storage
  • 7 – Install Dynamiq platform
  • 8 – Create production secrets
  • 9 – Verify installation
  • 10 – Upgrade
  • 11 – Uninstall
  • Appendix A – values.yaml reference
  • Appendix B – Security & Compliance controls
  1. On-premise Deployment

IBM

IBM Cloud Catalog Installation Guide

Provision all required IBM Cloud services and install Dynamiq via Helm so that the platform is production‑ready, fully private, and upgradeable through IBM Cloud Schematics.

Table of contents

  1. Prerequisites

  2. Quick‑start variables

  3. Install CLI & plugins

  4. Authenticate & target a resource group

  5. Create networking (VPC + Subnet + Gateway)

  6. Provision the VPC‑Gen2 Kubernetes cluster

  7. Provision PostgreSQL

  8. Provision Object Storage

  9. Install Dynamiq platform (Helm)

  10. Create production secrets

  11. Verify installation

  12. Upgrade

  13. Uninstall

Prerequisites

Requirement
Notes

IBM Cloud account

Billing enabled & quota for VPC, Kubernetes, Databases for PostgreSQL, and Cloud Object Storage

Access

Manager and Administrator roles on the destination Kubernetes cluster service citeibm_roles_doc

Local tooling

bash, curl, IBM Cloud CLI v2.20+, kubectl v1.31+, Helm v3.13+, jq, openssl

Kubernetes version

1.31 (latest LTS)

Outbound network

Port 22 (SSH), 443 (HTTPS) open to IBM Cloud APIs

Tip If you prefer containerised tooling, grab the official 💡 ibmcloud‑tools image: docker run --rm -it ibmcom/ibmcloud-tools:latest.

Quick‑start variables

Export once and reuse everywhere:

# ====== Edit me ======
export REGION="us-south"              #  <REGION>  e.g. us-south, eu-de
export RG_NAME="dynamiq"              #  <RESOURCE_GROUP_NAME>
export VPC_NAME="dynamiq"             #  <VPC_NAME>
export SUBNET_NAME="public"           #  <SUBNET_NAME>
export GW_NAME="dynamiq-gateway"      #  <PUBLIC_GATEWAY_NAME>
export ZONE="${REGION}-1"             #  Keep default or pick another zone
export CLUSTER_NAME="dynamiq-cluster" #  <CLUSTER_NAME>
export K8S_VERSION="1.31"             #  Align with supported versions
export FLAVOR="bx2.2x8"               #  2 vCPU / 8 GB each worker
export WORKERS="2"                    #  Adjust for your workload
export DB_INSTANCE_NAME="db-dynamiq"  #  <POSTGRES_INSTANCE_NAME>
export COS_INSTANCE_NAME="cos-dynamiq"#  <COS_INSTANCE_NAME>
export COS_BUCKET="dynamiqai"         #  <BUCKET_NAME>
# =======================

1 – Install CLI & plugins

curl -sL https://ibm.biz/idt-installer | bash
ibmcloud plugin install infrastructure-service
ibmcloud plugin install kubernetes-service
ibmcloud plugin install cos

Verify:

ibmcloud -v  # should be ≥ 2.20
helm version
kubectl version --client

2 – Authenticate & target a resource group

ibmcloud login -r $REGION --sso  # or remove --sso for API‑key login
ibmcloud resource group-create $RG_NAME || true
ibmcloud target -g $RG_NAME

3 – Create networking (VPC + Subnet + Gateway)

ibmcloud is vpc-create $VPC_NAME --resource-group-name $RG_NAME
ibmcloud is public-gateway-create $GW_NAME $VPC_NAME $ZONE --resource-group-name $RG_NAME
ibmcloud is subnet-create $SUBNET_NAME $VPC_NAME --zone $ZONE \
  --ipv4-address-count 256 --pgw $GW_NAME --resource-group-name $RG_NAME

Grab IDs for automation:

export VPC_ID=$(ibmcloud is vpcs --json | jq -r '.[] | select(.name=="'$VPC_NAME'") | .id')
export SUBNET_ID=$(ibmcloud is subnets --json | jq -r '.[] | select(.name=="'$SUBNET_NAME'") | .id')

4 – Provision the Kubernetes cluster

ibmcloud ks cluster create vpc-gen2 \
  --name $CLUSTER_NAME \
  --zone $ZONE \
  --version $K8S_VERSION \
  --flavor $FLAVOR \
  --workers $WORKERS \
  --vpc-id $VPC_ID \
  --subnet-id $SUBNET_ID \
  --disable-outbound-traffic-protection

Configure kubectl:

ibmcloud ks cluster ls
export CLUSTER_ID=$(ibmcloud ks cluster ls --output json --provider vpc-gen2 | jq -r '.[] | select(.name=="'$CLUSTER_NAME'") | .id')
ibmcloud ks cluster config --cluster $CLUSTER_ID

5 – Provision PostgreSQL

ibmcloud resource service-instance-create $DB_INSTANCE_NAME \
  databases-for-postgresql standard $REGION \
  --service-endpoints public --parameters '{"location_hardware":"virtual","version":"16"}'
# Wait until the instance becomes AVAILABLE
ibmcloud resource service-instance $DB_INSTANCE_NAME

Create credentials:

ibmcloud resource service-key-create ${DB_INSTANCE_NAME}-credentials \
  --instance-name $DB_INSTANCE_NAME --parameters '{"HMAC":true}'
export DATABASE_USERNAME=$(ibmcloud resource service-key ${DB_INSTANCE_NAME}-credentials --output json | jq -r '.[0].credentials.connection.postgres.authentication.username')
export DATABASE_PASSWORD=$(ibmcloud resource service-key ${DB_INSTANCE_NAME}-credentials --output json | jq -r '.[0].credentials.connection.postgres.authentication.password')
export DATABASE_HOST=$(ibmcloud resource service-key ${DB_INSTANCE_NAME}-credentials --output json | jq -r '.[0].credentials.connection.postgres.hosts[0].hostname')
export DATABASE_PORT=$(ibmcloud resource service-key ${DB_INSTANCE_NAME}-credentials --output json | jq -r '.[0].credentials.connection.postgres.hosts[0].port')
export DATABASE_NAME=$(ibmcloud resource service-key ${DB_INSTANCE_NAME}-credentials --output json | jq -r '.[0].credentials.connection.postgres.database')

6 – Provision Object Storage

ibmcloud resource service-instance-create $COS_INSTANCE_NAME \
  cloud-object-storage standard global -g $RG_NAME
ibmcloud resource service-key-create ${COS_INSTANCE_NAME}-credentials Writer \
  --instance-name $COS_INSTANCE_NAME --parameters '{"HMAC":true}'
export STORAGE_IBM_COS_API_KEY=$(ibmcloud resource service-key ${COS_INSTANCE_NAME}-credentials --output json | jq -r '.[0].credentials.apikey')
export STORAGE_IBM_COS_SERVICE_INSTANCE_ID=$(ibmcloud resource service-instance $COS_INSTANCE_NAME --output json | jq -r '.[0].id')
export STORAGE_IBM_COS_SERVICE_ENDPOINT="https://s3.${REGION}.cloud-object-storage.appdomain.cloud"
ibmcloud cos bucket-create --bucket $COS_BUCKET --region $REGION --ibm-service-instance-id $STORAGE_IBM_COS_SERVICE_INSTANCE_ID

7 – Install Dynamiq platform

Install Fission CRDs + Dynamiq dependencies:

kubectl create -k "github.com/fission/fission/crds/v1?ref=v1.20.5"
helm upgrade --install fission fission-all \
  --repo https://fission.github.io/fission-charts/ \
  --namespace fission --create-namespace \
  --set routerServiceType=ClusterIP \
  --set defaultNamespace=apps \
  --set analytics=false --wait

8 – Create production secrets

Generate secure keys:

export AUTH_ACCESS_TOKEN_KEY=$(openssl rand -base64 48 | tr -d '\n')
export AUTH_REFRESH_TOKEN_KEY=$(openssl rand -base64 48 | tr -d '\n')
export AUTH_VERIFICATION_TOKEN_KEY=$(openssl rand -base64 48 | tr -d '\n')
# SMTP & HF tokens
export SMTP_HOST="<SMTP_HOST>"
export SMTP_PORT="<SMTP_PORT>"
export SMTP_USERNAME="<SMTP_USERNAME>"
export SMTP_PASSWORD="<SMTP_PASSWORD>"
export HUGGING_FACE_TOKEN="<HF_TOKEN>"

Apply secret:

kubectl create namespace dynamiq || true
cat <<EOF | envsubst | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
  name: nexus-secret
  namespace: dynamiq
type: Opaque
stringData:
  DATABASE_HOST: "$DATABASE_HOST"
  DATABASE_PORT: "$DATABASE_PORT"
  DATABASE_SSLMODE: "require"
  DATABASE_NAME: "$DATABASE_NAME"
  DATABASE_SCHEMA: "public"
  DATABASE_USERNAME: "$DATABASE_USERNAME"
  DATABASE_PASSWORD: "$DATABASE_PASSWORD"
  STORAGE_IBM_COS_API_KEY: "$STORAGE_IBM_COS_API_KEY"
  STORAGE_IBM_COS_SERVICE_INSTANCE_ID: "$STORAGE_IBM_COS_SERVICE_INSTANCE_ID"
  STORAGE_IBM_COS_SERVICE_ENDPOINT: "$STORAGE_IBM_COS_SERVICE_ENDPOINT"
  SMTP_HOST: "$SMTP_HOST"
  SMTP_PORT: "$SMTP_PORT"
  SMTP_USERNAME: "$SMTP_USERNAME"
  SMTP_PASSWORD: "$SMTP_PASSWORD"
  SMTP_DEFAULT_FROM: "system@getdynamiq.ai"
  AUTH_ACCESS_TOKEN_KEY: "$AUTH_ACCESS_TOKEN_KEY"
  AUTH_REFRESH_TOKEN_KEY: "$AUTH_REFRESH_TOKEN_KEY"
  AUTH_VERIFICATION_TOKEN_KEY: "$AUTH_VERIFICATION_TOKEN_KEY"
  HUGGING_FACE_TOKEN: "$HUGGING_FACE_TOKEN"
EOF

Remember to pass --set nexus.appSecret=nexus-secret (or prefixed name) when you deploy Dynamiq’s Helm chart.

Install Dynamiq:

helm upgrade --install dynamiq getdynamiq/dynamiq \
  --version <CHART_VERSION> \
  --namespace dynamiq \
  --create-namespace \
  --values values-production.yaml \
  --set nexus.appSecret=nexus-secret \
  --wait

9 – Verify installation

kubectl -n dynamiq get all
# Check that pods are RUNNING and the ingress/LoadBalancer endpoints are assigned

Browse to https://<YOUR_DOMAIN> and log in with the initial admin user.

10 – Upgrade

A new chart version appears as an Update inside your IBM Cloud Schematics workspace.

  1. Go to Menu ▸ Schematics → select the workspace.

  2. Click Settings → Update.

  3. Pick the desired chart version and confirm. The Dynamiq pods will roll seamlessly with zero‑downtime if you have ≥ 2 replicas per component.

11 – Uninstall

helm -n dynamiq uninstall dynamiq  # removes Dynamiq workloads only
# Optional: destroy workspace to delete infra managed by Schematics
ibmcloud schematics workspace destroy --id <WORKSPACE_ID>

Appendix A – values.yaml reference

Parameter
Description
Default
Required

dynamiq.imageCredentials.username

Container registry username

``

✅

dynamiq.imageCredentials.password

Container registry password

``

✅

nexus.ingress.enabled

Expose Nexus API via ingress

true

✅

nexus.configMapData.DOMAIN

Public FQDN mapped in DNS (e.g. dynamiq.example.com)

``

✅

nexus.appSecret

Name of Kubernetes secret with DB/ObjectStore credentials

nexus-secret

✅

synapse.ingress.enabled

Expose WebSocket gateway

true

✅

ui.ingress.enabled

Expose web UI

true

✅

Appendix B – Security & Compliance controls

  • Network isolation – all components run inside your VPC with no public ingress unless explicitly enabled.

  • TLS‑only – Dynamiq forces HTTPS and uses Cert‑Manager (optional) for automated certificate rotation.

  • IAM separation – each IBM Cloud service instance uses least‑privileged service IDs.

Need help?

Email: support@getdynamiq.ai

PreviousAWSNextRed Hat OpenShift

Last updated 1 month ago