Configure

Integrations

The optional pieces: outbound email, object storage, error reporting and the AI translation keys.

Integrations

Everything on this page is optional. The platform boots, serves and stays licensed without any of it. Each one adds a feature, and the feature it adds is the only thing that stops working if you leave it out.

Two Helm values carry any environment the chart does not template itself. api.env is a map that lands in the ConfigMap, for plain settings. api.secretEnv is a map that lands in the platform Secret, for credentials. Both are merged in verbatim, so anything the API reads from its environment can be set through one of them.

api:
  env:
    SENTRY_DSN: https://abc123@o0.ingest.sentry.io/0
  secretEnv:
    ANTHROPIC_API_KEY: sk-ant-...

Supplier and payment credentials go through the same two maps. They are out of scope for this page, and none of them gate a boot: each feature stays off until its key is there.

Outbound email

The platform sends transactional mail (order confirmations, eSIM delivery, password resets) through an email worker that reads jobs off Kafka, renders the template, and hands the result to Resend.

--set ess.enabled=true \
--set auth.resendAPIKey=re_... \
--set auth.fromEmail=support@acme.com \
--set auth.fromName='Acme Mobile'

The worker only renders if Kafka is wired: ess.enabled=true with no brokers renders nothing at all, silently. If you set kafka.mode=external and left kafka.external.brokers empty, that is the case you are in.

auth.resendAPIKey lands in the Secret as RESEND_API_KEY and is read by both the email worker and the auth service. auth.fromEmail and auth.fromName are the envelope every message goes out under. If you want Resend's delivery webhooks verified, put RESEND_WEBHOOK_SIGNING_KEY in api.secretEnv; the worker reads it as an optional key and runs without it.

The auth service sends its own mail separately, for sign-up confirmation and recovery. Three ways to configure it:

  • auth.resendAPIKey, the same key as above.
  • auth.smtp.host, .port, .user, .password and .adminEmail, if you have an SMTP relay and no Resend account.
  • auth.emailHook.enabled=true, which routes the auth service's mail through the email worker instead, so confirmation mail matches your branded templates rather than GoTrue's plain ones. This needs ess.enabled=true.

Leave all three unset and the auth service sends nothing. Sign-ups auto-confirm and no mail is attempted. Fine for a smoke test, wrong for a real storefront.

Without any of this: the platform runs. Orders complete, eSIMs provision. No email arrives, and email jobs pile up unsent.

Object storage

Uploads (logos, product images, CMS media) go to an S3-compatible bucket. The chart configures none of it, so set it through api.env and api.secretEnv:

api:
  env:
    STORAGE_PROVIDER: r2
    R2_ACCOUNT_ID: <cloudflare-account-id>
    R2_ACCESS_KEY_ID: <access-key-id>
    R2_BUCKET_NAME: solvegio-media
    R2_PUBLIC_URL: https://media.acme.com
  secretEnv:
    R2_SECRET_ACCESS_KEY: <secret-access-key>

R2_PUBLIC_URL is the hostname the bucket's objects are served from, and it is what gets written into the URLs the platform stores. Point it at a domain you control rather than a bucket URL you might want to move off later. STORAGE_PROVIDER defaults to r2.

Without it: the platform runs and serves. Any upload fails. If you never upload a logo or a product image, you will never notice.

Error reporting

Sentry, if you use it. Three keys, all non-secret, all in api.env:

api:
  env:
    SENTRY_DSN: https://abc123@o0.ingest.sentry.io/0
    SENTRY_ENV: production
    SENTRY_RELEASE: v1.4.2

SENTRY_DSN is the only one that turns it on. SENTRY_ENV labels which install an error came from, which matters once you have a staging deployment alongside production. SENTRY_RELEASE labels which build.

Without it: errors are logged to stdout and nowhere else. kubectl logs is your only view of them.

AI translation

The platform can translate catalog and CMS content in the background. It ships configured for Anthropic and needs a key before the engine will run:

api:
  env:
    TRANSLATION_AI_PROVIDER: anthropic     # chart default
    TRANSLATION_AI_MODEL: claude-sonnet-5  # chart default
  secretEnv:
    ANTHROPIC_API_KEY: sk-ant-...

The provider and the key have to agree. TRANSLATION_AI_PROVIDER: openai reads OPENAI_API_KEY, and google reads GOOGLE_TRANSLATE_API_KEY and ignores TRANSLATION_AI_MODEL entirely. Setting a key without switching the provider does nothing.

Without the matching key: the engine is disabled. The platform boots, the API serves, and translation jobs sit in the queue as pending. Nothing errors and nothing retries. Add the key and they start moving.


Every variable named here, plus the ones the chart sets for you, is in the environment reference. The Helm values that wrap them are in the Helm values reference.

Copyright © 2026