Kubernetes & Helm Deployment
For enterprise production environments, Panovista is designed to be deployed directly into your Kubernetes clusters. Because the proxy is entirely stateless and consumes less than 20MB of memory, it scales horizontally alongside your AI application pods with near-zero resource overhead.
The Sidecar Pattern
In Kubernetes, the most secure way to deploy Panovista is as a sidecar container within the exact same Pod as your primary AI application. This ensures that unencrypted prompts and internal tool calls never leave the Pod’s local network (localhost) before being intercepted and sanitized.
Example Pod Manifest
Below is a standard Kubernetes Deployment manifest demonstrating the sidecar pattern:
apiVersion: apps/v1
kind: Deployment
metadata:
name: ai-agent-deployment
spec:
replicas: 3
selector:
matchLabels:
app: ai-agent
template:
metadata:
labels:
app: ai-agent
spec:
containers:
# 1. Your Primary AI Application
- name: ai-agent-app
image: your-company/ai-agent:v2.1.0
env:
# Point the SDK to the local sidecar proxy on localhost
- name: OPENAI_BASE_URL
value: "http://127.0.0.1:8080/v1"
# 2. The Panovista Security Proxy
- name: panovista-sidecar
image: panovista/proxy:v1.2.0
ports:
- containerPort: 8080
env:
- name: UPSTREAM_PROVIDER
value: "anthropic"
# Inject keys securely via Kubernetes Secrets
- name: PROVIDER_API_KEY
valueFrom:
secretKeyRef:
name: llm-provider-secrets
key: api-key
volumeMounts:
- name: panovista-policies
mountPath: /etc/panovista/policies
readOnly: true
volumes:
# Mount your RBAC and DLP schemas via a ConfigMap
- name: panovista-policies
configMap:
name: panovista-security-config
Deploying via Helm
For teams managing multiple environments (staging, UAT, production), we maintain an official Helm chart that automates the sidecar injection and ConfigMap management.
1. Add the Panovista Helm Repository
helm repo add panovista https://charts.panovista.io
helm repo update
2. Install the Chart
Create a values.yaml file with your specific schema configurations, then deploy it to your target namespace:
helm install panovista-proxy panovista/panovista-sidecar \
--namespace secure-ai-agents \
--create-namespace \
-f values.yaml
Horizontal Pod Autoscaling (HPA)
Because Panovista uses a lock-free Go engine and holds zero state, it scales flawlessly using standard Kubernetes HPA metrics. When your AI application experiences a surge in traffic, the sidecar simply scales up alongside it based on CPU or memory thresholds without requiring external database provisioning.