Requirements
Premora Core is a Kubernetes-native platform installed with Helm. Before you install, prepare the operator workstation and the target cluster.
Operator workstation
The machine that runs the premora CLI / install scripts needs:
kubectl— configured with access to the target clusterhelm- cluster access with namespace-creation rights
- one of
docker,nerdctl, orpodman— required for air-gapped image import - a customer-specific values file for secrets, ingress, and backing-service configuration
You can validate the workstation and cluster connectivity at any time:
premora doctor
Target cluster
Premora Core runs on a standard Kubernetes cluster. Plan for:
- A dedicated namespace (e.g.
premora). - Persistent storage for the backing services below.
- Ingress (or a gateway) to expose
premora-api-gateway— the single front door. - Customer-managed TLS certificates / CAs if required by policy.
Backing services
Core depends on these platform components, provisioned in-cluster or as managed equivalents:
| Component | Role |
|---|---|
| PostgreSQL | Operational state, split into per-domain logical databases. |
| MinIO (or S3-compatible) | Content-addressed object storage for raw source blobs. |
| OpenSearch | Keyword and filter retrieval index. |
| Qdrant | Vector retrieval index. |
| Redis | Caching and ephemeral coordination. |
| RabbitMQ | Durable background workflows and integration events. |
:::note Per-domain databases Premora splits Postgres into per-domain logical databases. Provide connection details in your values file; the installer applies database migrations on startup. :::
Inference (optional)
Premora Inference is a separate, optional GPU runtime that fronts vLLM for private on-prem
inference. It can run same-host (alongside Core) or split-host, and the host must be
bootstrapped before installing. If you use a customer-provided model endpoint instead, Inference
is not required.
Network & supply chain
Premora installs from signed, versioned artifacts — never source checkouts, and works the same across all delivery models:
- Connected — pull the catalog and bundles from the Premora release endpoint over HTTPS.
- On-prem registry — pull from an approved internal registry / artifact store.
- Air-gapped — read the catalog and bundles from offline media (USB).
Customer environments never need GitHub or GHCR credentials. Choose the model that matches your egress policy, then continue to Installation.