A production-minded Helm starter that deploys an OpenAI Agents platform on Kubernetes:
- Orchestrator (Agents SDK + Responses API)
- Optional Realtime gateway (WebSocket/WebRTC to Realtime API)
- HPA + KEDA autoscaling (Prometheus and HTTP add-on)
- Ingress, NetworkPolicy, PDB
- Prometheus ServiceMonitors + Grafana dashboard
- Sample FastAPI services and Mermaid diagrams
This is a community project. It is not an official OpenAI product nor affiliated with OpenAI.
- Install External Secrets Operator:
helm repo add external-secrets https://charts.external-secrets.io helm repo update helm upgrade --install external-secrets external-secrets/external-secrets -n external-secrets --create-namespace
- Enable ESO in the chart and choose a provider in
values.yaml:externalSecrets: enabled: true createStore: true storeKind: ClusterSecretStore storeName: openai-api-store provider: aws refreshInterval: 1h remoteRef: key: "/prod/openai/apiKey" target: secretKey: "apiKey" aws: region: us-east-1
- Deploy/upgrade the chart. The resulting Secret named
<release>-openaiwill be created and used by the pods.
Use one of the prefilled values files to pull secrets from your cloud secret manager:
# AWS (Secrets Manager)
helm upgrade --install agents charts/helm-for-openai-agents -n agents --create-namespace `
-f charts/helm-for-openai-agents/values-aws.yaml
# GCP (Secret Manager)
helm upgrade --install agents charts/helm-for-openai-agents -n agents --create-namespace `
-f charts/helm-for-openai-agents/values-gcp.yaml
# Azure (Key Vault)
helm upgrade --install agents charts/helm-for-openai-agents -n agents --create-namespace `
-f charts/helm-for-openai-agents/values-azure.yamlThe profiles also include optional Vector store and DB secrets. Disable them by setting
externalSecretsVector.enabled=false or externalSecretsDb.enabled=false if not needed.