This guide helps you install and configure your self-managed Primary Site.


To deploy your Primary Site, you will first need an account with one of the supported cloud providers (AWS, Azure, GCP).

You will need to provision storage buckets, a Kubernetes cluster, and cloud credentials before installing the Primary Site.

Foxglove provides a set of Terraform examples to help with these initial provisioning steps.

1. Create storage buckets

Create two storage buckets for your Primary Site:

  • inbox – For all file uploads
  • lake – For processed and indexed versions of all files added to inbox

2. Kubernetes cluster

We recommend creating this in the same region as your buckets to reduce access latency and cost.

Create a Kubernetes cluster to run your site workloads (e.g. processing inbox data, servicing data access requests from the lake).

3. Cloud credentials

Create a service account with read and write access to the storage buckets. The Kubernetes workloads will use this service account.

See Configure cloud credentials for details on how to provide this credential to the deployment.

4. Install the release

The Primary Site is installed via Helm.

Prepare a values file

Create a values.yaml file to configure the installation. You'll need a site token and the name of your lake bucket.

Here is an example values file:

  siteToken: fox_sk_...

    storageProvider: google_cloud
    bucketName: foxglove-lake
    storageProvider: google_cloud
    bucketName: foxglove-inbox

Accepted values for storageProvider are: aws, azure, or google_cloud.

Find your Primary Site's site token on the Sites tab of Foxglove web console's Settings page.


Note: Helm will install the Primary Site deployment to your current Kubernetes context

$ helm repo add foxglove
$ helm repo update
$ helm upgrade --install foxglove-primary-site foxglove/primary-site \
    --values ./values.yaml  \
    --namespace foxglove \

View info about the deployment:

$ helm list -n foxglove

5. Ingress for data access

The deployment installs an Ingress which exposes a REST API endpoint for accessing available data.

To reach the ingress from outside the cluster you'll need to assign a DNS name and HTTPS endpoint. This HTTP endpoint must be reachable from your organization's network or any network you want to have access to the site data.

How to assign a DNS name and HTTPS endpoint to the ingress is specific to your organization and cloud environment.

You can configure the ingress using your values file. Below are the default values.

  enabled: true
  annotations: {}

You can completely disable the ingress by setting ingress.enabled to false. However, you must provide an Ingress for the site to function.

Some cloud providers require configuring annotations for HTTPS certificates. Here's an example values file for AWS.

  annotations: "alb" internet-facing ip HTTP '[{"HTTPS":443}]' arn:aws:acm:us-west-1:xxxxxxxxxxxx:certificate/EXAMPLE-xxxx-xxxx-xxxx-xxxxxxxxxxxx

6. Configure Console

Once the site's ingress public URL is known, you can configure it on the Site details page, linked from Foxglove web console's Settings page.

Under Site URL, enter the HTTPS URL you've assigned to the Ingress.

7. Bucket push notification

The site inbox processor needs to know when new files are uploaded to the inbox bucket. To notify of new uploads, configure a push notification to the foxglove data platform inbox-notifications endpoint.

Configuring a push notification for new file uploads is specific to your cloud provider.

Org admins can find the inbox notification endpoint on the Foxglove web console's Settings page.

Next steps

Congratulations! 🦊 Your Primary Site is setup and ready for use.