This document walks you through deploying LangWatch on Kubernetes using our Helm chart. You will add our Helm repo, choose a values profile, and deploy.
While the open-source version is available for local use and experimentation, for commercial use please reach out for a demo call with our team.

Prerequisites

  • A Kubernetes cluster (local or managed), kubectl, and Helm 3.12+
  • StorageClass available if you enable chart-managed PostgreSQL, Redis, or OpenSearch
Chart-managed OpenSearch/PostgreSQL options are intended for testing/evaluation. For production, use managed/external providers for these services.

Add Helm repo

helm repo add langwatch https://langwatch.github.io/langwatch/
helm repo update

Choose a values profile

Pick the profile that matches your environment. You can copy these into files like values.prod.yaml, values.dev.yaml, values.half-managed.yaml, or values.minimal.yaml.

Minimal (quickstart dev)

  • Smallest set of overrides for a local test
  • Autogen enabled, chart-managed dependencies
# values.minimal.yaml
# Minimal development values for LangWatch Helm chart
# Only essential overrides for development environment

autogen:
  enabled: true

app:
  resources:
    requests:
      cpu: 250m
      memory: 512Mi
    limits:
      cpu: 1000m
      memory: 1Gi

langwatch_nlp:
  resources:
    requests:
      cpu: 500m
      memory: 1Gi
    limits:
      cpu: 1500m
      memory: 2Gi

langevals:
  resources:
    requests:
      cpu: 500m
      memory: 1.5Gi
    limits:
      cpu: 2000m
      memory: 3Gi

postgresql:
  chartManaged: true
  auth:
    password: "rtfyg6j8iu"

redis:
  chartManaged: true

opensearch:
  chartManaged: true
  clusterName: "langwatch-test-opensearch"

Production (external/managed dependencies, secrets via Secret manager)

  • No autogen
  • External PostgreSQL, Redis, OpenSearch
  • Secrets referenced via secretKeyRef
  • Ingress enabled
# values.prod.yaml
global:
  env: production

autogen:
  enabled: false

app:
  http:
    # Public URL for users (your HTTPS domain)
    publicUrl: https://langwatch.example.com
    # Internal base URL (usually same host via Ingress)
    baseHost: https://langwatch.example.com
  credentialsEncryptionKey:
    secretKeyRef:
      name: langwatch-secrets
      key: credentialsEncryptionKey
  cronApiKey:
    secretKeyRef:
      name: langwatch-secrets
      key: cronApiKey
  nextAuth:
    secret:
      secretKeyRef:
        name: langwatch-secrets
        key: nextAuthSecret
  telemetry:
    metrics:
      enabled: true
      apiKey:
        secretKeyRef:
          name: langwatch-secrets
          key: metricsApiKey
    sentry:
      enabled: false

ingress:
  enabled: true
  className: nginx
  hosts:
    - host: langwatch.example.com
      paths:
        - path: /
          pathType: Prefix
  tls:
    - hosts:
        - langwatch.example.com
      secretName: langwatch-tls

postgresql:
  chartManaged: false
  external:
    connectionString:
      secretKeyRef:
        name: pg-conn
        key: url

redis:
  chartManaged: false
  external:
    connectionString:
      secretKeyRef:
        name: redis-conn
        key: url

opensearch:
  chartManaged: false
  external:
    engine: opensearch
    nodeUrl:
      secretKeyRef:
        name: opensearch-conn
        key: nodeUrl
    apiKey:
      secretKeyRef:
        name: opensearch-conn
        key: apiKey

prometheus:
  chartManaged: false
Create Kubernetes Secrets (langwatch-secrets, pg-conn, redis-conn, opensearch-conn) via your secret manager or IaC. Avoid inlining production secrets.

Local development (chart-managed, autogen, explicit Postgres password)

  • Autogen enabled to generate app secrets
  • Chart-managed PostgreSQL/Redis/OpenSearch/Prometheus
  • Explicit PostgreSQL password for convenience
  • No Ingress; port-forward to access
  • Includes resource requests/limits for app, NLP, and Langevals
# values.dev.yaml
global:
  env: development

autogen:
  enabled: true

app:
  http:
    publicUrl: http://localhost:5560
    baseHost: http://localhost:5560
  features:
    skipEnvValidation: true
  telemetry:
    metrics:
      enabled: false
    sentry:
      enabled: false
  resources:
    requests:
      cpu: 250m
      memory: 512Mi
    limits:
      cpu: 1000m
      memory: 1Gi

langwatch_nlp:
  resources:
    requests:
      cpu: 500m
      memory: 1Gi
    limits:
      cpu: 1500m
      memory: 2Gi

langevals:
  resources:
    requests:
      cpu: 500m
      memory: 1.5Gi
    limits:
      cpu: 2000m
      memory: 3Gi

postgresql:
  chartManaged: true
  auth:
    username: postgres
    password: dev-postgres-password
    database: langwatch
  primary:
    persistence:
      enabled: false

redis:
  chartManaged: true
  auth:
    password: dev-redis-password
  master:
    persistence:
      enabled: false

opensearch:
  chartManaged: true
  replicas: 1
  persistence:
    enabled: false

prometheus:
  chartManaged: true

Half-managed (external PostgreSQL; chart-managed Redis/OpenSearch/Prometheus)

  • No autogen
  • External PostgreSQL via connection string
  • Chart-managed Redis/OpenSearch/Prometheus
# values.half-managed.yaml
global:
  env: production

autogen:
  enabled: false

app:
  http:
    publicUrl: https://langwatch.example.com
    baseHost: https://langwatch.example.com
  credentialsEncryptionKey:
    secretKeyRef:
      name: langwatch-secrets
      key: credentialsEncryptionKey
  cronApiKey:
    secretKeyRef:
      name: langwatch-secrets
      key: cronApiKey
  nextAuth:
    secret:
      secretKeyRef:
        name: langwatch-secrets
        key: nextAuthSecret
  telemetry:
    metrics:
      enabled: true
      apiKey:
        secretKeyRef:
          name: langwatch-secrets
          key: metricsApiKey

ingress:
  enabled: true
  className: nginx
  hosts:
    - host: langwatch.example.com
      paths:
        - path: /
          pathType: Prefix
  tls:
    - hosts:
        - langwatch.example.com
      secretName: langwatch-tls

postgresql:
  chartManaged: false
  external:
    connectionString:
      secretKeyRef:
        name: pg-conn
        key: url

redis:
  chartManaged: true
  auth:
    password: change-me # or use an existing Secret
  master:
    persistence:
      enabled: true
      size: 10Gi

opensearch:
  chartManaged: true
  replicas: 1
  persistence:
    enabled: true
    size: 20Gi

prometheus:
  chartManaged: true

Install

# (Optional) dedicated namespace
kubectl create namespace langwatch

# Install using your chosen values file
helm install langwatch langwatch/langwatch \
  -n langwatch \
  -f values.prod.yaml # or values.dev.yaml, values.half-managed.yaml, values.minimal.yaml
All pods should become Ready. Use kubectl get pods -n langwatch.

Access the UI (local dev)

kubectl port-forward svc/langwatch-app -n langwatch 5560:5560
Open http://localhost:5560.

Upgrade

helm repo update
helm upgrade langwatch langwatch/langwatch \
  -n langwatch \
  -f values.prod.yaml # or your chosen values file

Migration from Pre-1.0.0 Helm Charts

If you’re upgrading from a LangWatch Helm chart version before 1.0.0, you may need to preserve your existing PostgreSQL data.
Preserve existing data by setting postgresql.primary.persistence.existingClaim in your values file: 
postgresql:
  primary:
    persistence:
      existingClaim: "data-langwatch-postgres-0"
      size: 20Gi
This will prevent data loss during the upgrade process.

Uninstall

helm uninstall langwatch -n langwatch
kubectl delete namespace langwatch
For context on structure and workflow, see the Langfuse Helm deployment guide as a reference: https://langfuse.com/self-hosting/deployment/kubernetes-helm

FAQ