Skip to main content

Documentation Index

Fetch the complete documentation index at: https://langchain-5e9cc07a-preview-featse-1779998369-ad736a3.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Reference for every input variable exposed by the Azure Terraform modules. Set non-sensitive variables in infra/terraform.tfvars. For sensitive variables (license key, passwords, encryption keys), make setup-env writes them to infra/secrets.auto.tfvars and Terraform stores them in Azure Key Vault.

Core

VariableDefaultDescription
subscription_idAzure subscription ID. Required.
locationeastusAzure region.
identifier""Suffix appended to all resource names (for example, -prod, -dev-dz). Must start with a hyphen or be empty.
environmentdevEnvironment tag on all resources.
owner""Owner tag applied to all resources.
cost_center""Cost center tag for billing attribution.

Deployment tier

VariableDefaultDescription
postgres_sourceexternalexternal — Azure DB for PostgreSQL (private VNet). in-cluster — Helm chart manages its own Postgres pod (dev/demo only).
redis_sourceexternalexternal — Azure Cache for Redis (private VNet). in-cluster — Helm chart manages its own Redis pod (dev/demo only).
clickhouse_sourcein-clusterin-cluster — ClickHouse deployed as a Helm pod (dev/POC only). externalLangChain Managed ClickHouse, recommended for production.

PostgreSQL

VariableDefaultDescription
postgres_admin_usernamelangsmithPostgreSQL admin username.
postgres_admin_password""PostgreSQL admin password (sensitive). Set with setup-env.sh.
postgres_subnet_address_prefix["10.0.32.0/20"]CIDR for the PostgreSQL subnet.
postgres_deletion_protectiontruePrevent accidental PostgreSQL server deletion. Set false for dev/test.
database_namelangsmithPostgreSQL database to create. Used in the connection_url output.

Redis

VariableDefaultDescription
redis_subnet_address_prefix["10.0.48.0/20"]CIDR for the Redis subnet.
redis_capacity2Redis Cache tier (P2 = 13 GB).

AKS node pools

VariableDefaultDescription
default_node_pool_vm_sizeStandard_D8s_v3AKS node VM size (8 vCPU, 32 GB). Use Standard_D4s_v3 for light/demo only.
default_node_pool_min_count1Min nodes for the default pool. Set to 3 for production. Set to 5 before enabling the LangSmith Deployment add-on.
default_node_pool_max_count10Max nodes for the autoscaler.
additional_node_poolslarge: D16s_v3 0–2Extra node pools. Default includes a large pool (Standard_D16s_v3, 16 vCPU, 64 GB) scaled to zero when idle. Required for ClickHouse (15GB RAM request).
aks_service_cidr10.0.64.0/20Kubernetes ClusterIP range. Must not overlap the VNet.
aks_dns_service_ip10.0.64.10CoreDNS service IP. Must be within aks_service_cidr.
aks_deletion_protectiontruePrevent accidental AKS cluster deletion. Set false for dev/test.
availability_zones["1"]Availability zones for AKS node pools (for example, ["1", "2", "3"]). Set to [] to disable zone pinning.

Ingress controller

VariableDefaultDescription
ingress_controllernginxIngress controller: nginx | istio-addon | istio | agic | envoy-gateway. See INGRESS_CONTROLLERS.md in the module repo for the full TLS compatibility matrix.

DNS and TLS

VariableDefaultDescription
dns_label""Azure Public IP DNS label for the ingress LoadBalancer. Results in <label>.<region>.cloudapp.azure.com. Works with nginx, istio, istio-addon, envoy-gateway.
langsmith_domain""Custom hostname for LangSmith (for example, langsmith.example.com). Takes priority over dns_label.
tls_certificate_sourceletsencryptletsencrypt — HTTP-01 with cert-manager. dns01 — DNS-01 with Azure DNS + Workload Identity. none — no TLS.
letsencrypt_email""Email for Let’s Encrypt notifications. Required when tls_certificate_source is letsencrypt or dns01.
cert_manager_identity_client_id""Client ID of the cert-manager Managed Identity. Wired automatically from the k8s-cluster output. Required when tls_certificate_source = "dns01".
create_dns_zonefalseEnable Azure DNS zone + A record. Required for DNS-01 cert issuance.
dns_zone_name""Azure DNS zone name (for example, langsmith.mycompany.com). Required when tls_certificate_source = "dns01".
dns_resource_group_name""Resource group containing the Azure DNS zone. Required when tls_certificate_source = "dns01".

LangSmith application

VariableDefaultDescription
langsmith_namespacelangsmithKubernetes namespace for LangSmith workloads.
langsmith_release_namelangsmithHelm release name (used for Workload Identity federated credential subjects).
langsmith_helm_chart_version""Pin a specific Helm chart version. Empty = use latest.
sizing_profileproductionHelm sizing overlay: minimum | dev | production | production-large. Read by init-values.sh; Terraform ignores this value.

Blob Storage

VariableDefaultDescription
blob_ttl_enabledtrueEnable lifecycle TTL rules on the blob container.
blob_ttl_short_days14TTL for short-lived trace blobs.
blob_ttl_long_days400TTL for long-lived trace blobs.

Key Vault

VariableDefaultDescription
keyvault_name""Override Key Vault name (default: langsmith-kv<identifier>).
keyvault_purge_protectiontrueEnable Key Vault purge protection. Set false for dev/test to allow immediate name reuse after destroy.

Network (BYO VNet)

VariableDefaultDescription
create_vnettrueCreate a new VNet. Set false to bring your own.
vnet_id""Existing VNet resource ID. Required when create_vnet = false.

High availability

VariableDefaultDescription
postgres_high_availability_mode""PostgreSQL HA mode (for example, ZoneRedundant). Requires GeneralPurpose or MemoryOptimized SKU.
postgres_standby_availability_zone""Zone for the PostgreSQL standby replica. Set when enabling zone-redundant HA.

Optional modules

VariableDefaultDescription
create_waffalseEnable Azure WAF policy (OWASP 3.2 + bot protection). Safe to add post-deploy.
create_diagnosticsfalseEnable Log Analytics workspace + diagnostic settings for AKS, Key Vault, and PostgreSQL. Recommended for production.
enable_aks_diagtrueCreate the AKS diagnostic setting inside the diagnostics module.
enable_keyvault_diagtrueCreate the Key Vault diagnostic setting inside the diagnostics module.
enable_postgres_diagfalseCreate the PostgreSQL diagnostic setting. Set true when postgres_source = "external".
create_bastionfalseEnable a jump VM for private AKS cluster access with az ssh vm. No public IP required.

Add-on flags

init-values.sh and deploy.sh read these flags; Terraform ignores them. The flags affect which Helm add-on overlay files the scripts generate.
VariableDefaultDescription
enable_deploymentsfalseEnables LangSmith Deployment (host-backend, listener, operator). See the LangSmith Deployment add-on. Scale default_node_pool_min_count to 5 first.
enable_agent_builderfalseEnable Agent Builder UI. Requires enable_deployments = true. See the Agent Builder add-on.
enable_insightsfalseEnable Insights / Clio analytics. Requires enable_deployments = true. See the Insights and Polly add-on.
enable_pollyfalseEnable Polly AI eval agent. Requires enable_deployments = true. See the Insights and Polly add-on.

Sensitive variables (set with setup-env.sh)

make setup-env writes these to secrets.auto.tfvars and Terraform stores them in Azure Key Vault. Never set these inline in terraform.tfvars.
VariableDescription
langsmith_license_keyLangSmith enterprise license key.
langsmith_admin_passwordInitial org admin password.
langsmith_api_key_saltSalt for hashing API keys. Must stay stable after first deploy.
langsmith_jwt_secretJWT secret for Basic Auth sessions.
langsmith_deployments_encryption_keyFernet key for the LangSmith Deployment add-on. Must never change.
langsmith_agent_builder_encryption_keyFernet key for the Agent Builder add-on. Must never change.
langsmith_insights_encryption_keyFernet key for the Insights add-on. Must never change.
langsmith_polly_encryption_keyFernet key for Polly. Must never change.
Connect these docs to Claude, VSCode, and more via MCP for real-time answers.
Edit this page on GitHub or file an issue.