Setup Qodo Aware
Follow this guide to setup, install, and begin using Qodo Aware in On Prem environments.
Prerequisites
Infrastructure Requirements
The machine running Qodo Aware components should have at least:
vCPU: 8
16 GB RAM
PostgreSQL Instance (Recommended Size):
vCPU: 4
Memory: 32 GB
Disk: 100 GB
You may opt for smaller instances if working with a relatively small codebase.
PostgreSQL Version: 17
Required Configuration:
pg_vector
extension installedNote: This is pre-installed in managed cloud deployments.
TCP port
5432
must be accessible from the Kubernetes cluster where Qodo Aware will be deployedTwo separate databases:
rag-indexer
metadata
Two PostgreSQL users with full access to their respective databases
Supported Git Providers:
GitHub (Cloud or Enterprise)
Bitbucket Data Center
Models Supported
These models are used by Qodo Aware and must be available for Qodo Aware to be used:
gpt-4.1-mini-2025-04-14
gpt-4o
text-embedding-3-large
Contact Qodo support if none of these AI models are supported by your system.
GitHub App Installation
Important Note:
These steps must be completed by a GitHub organization administrator.
Navigate to Your Organizations via the top-right menu on GitHub.
Select your organization and go to Settings > Developer settings > GitHub Apps.
Click New GitHub App and fill in:
App name:
Qodo RAG Indexer
Homepage URL:
https://qodo.ai
Webhook: Disabled Webhooks will be supported in future releases for continuous updates.
Under Repository permissions, grant:
Contents
: Read-only
Choose “Any account” for installation scope.
Click Create GitHub App.
Save the generated App ID.
Generate a private key and store it securely.
Click Install App, choose your organization, and select specific repositories (do not choose “All repositories”).
Save the Installation ID from the resulting URL (e.g., https://github.com/organizations/YOUR_ORG/settings/installations/2).
Qodo Aware Installation Overview
Qodo Aware consists of a few components. Install them in the following order:
metadata-service
rag-indexer
context-retriever
context-retriever-mcp
We recommend deploying all components in the same Kubernetes namespace.
Each component requires its own values.yaml
file with configuration like the following.
1. metadata-service
Example metadata-values.yaml
:
image:
repository: artif-reg-self-hosted.codium.ai/proxy/codium-stack/us-central1-docker.pkg.dev/codium-production/codium-repo-self-hosted/qodo-engine-metadata
tag: "insert version here"
externalSecrets:
enabled: true
v1StableApi: true # use stable externalSecret API (set if >=v0.17.0)
clusterSecretStore: true
secretStoreName: "cluster-secret-store" # Must exist prior to deployment
secrets:
- targetSecretName: secrets-file
remoteSecretName: qodo-engine-secrets # Must exist prior to deployment
data:
- secretKey: .secrets.toml
deployments:
enabled: true
resources:
requests:
cpu: "500m"
memory: "2Gi"
ports:
- containerPort: 8000
name: http
probes:
liveness:
httpGet:
path: /api/v1/health
port: http
initialDelaySeconds: 15
failureThreshold: 5
periodSeconds: 30
successThreshold: 1
service:
enabled: true
type: NodePort
port: 8000
ports:
http:
targetPort: http
volumes:
secrets-file:
secret:
secretName: secrets-file
useShortName: true
volumeMounts:
secrets-file:
mountPath: /workspace/app/config_prod
Install with Helm:
helm upgrade --install metadata-service oci://artifacts-self-hosted.qodo.ai/codium-stack/stable/module -f ./metadata-values.yaml
2. rag-indexer
image:
repository: artif-reg-self-hosted.codium.ai/proxy/codium-stack/us-central1-docker.pkg.dev/codium-production/codium-repo-self-hosted/qodo-engine-indexer
tag: "insert version here"
externalSecrets:
enabled: true
clusterSecretStore: true
v1StableApi: true # use stable externalSecret API (set if >=v0.17.0)
secretStoreName: "cluster-secret-store" # Must exist prior to deployment
secrets:
- targetSecretName: secrets-file
remoteSecretName: qodo-engine-secrets # Must exist prior to deployment
data:
- secretKey: .secrets.toml
deployments:
enabled: true
resources:
requests:
cpu: "500m"
memory: "2Gi"
ports:
- containerPort: 3000
name: http
probes:
liveness:
httpGet:
path: /api/v1/indexer/health
port: http
initialDelaySeconds: 15
failureThreshold: 5
periodSeconds: 30
successThreshold: 1
service:
enabled: true
type: NodePort
port: 3000
ports:
http:
targetPort: http
volumes:
secrets-file:
secret:
secretName: secrets-file
useShortName: true
volumeMounts:
secrets-file:
mountPath: /workspace/qodo_engine/shared_settings/secrets
cronJobs:
reindex:
schedule: "0 3 * * *" # Adjust schedule as needed - once a day is recommended
concurrencyPolicy: "Allow"
suspend: false
image:
repository: curlimages/curl
tag: 8.11.1
pullPolicy: IfNotPresent
command:
- "/bin/sh"
- "-c"
- "curl -X POST -H 'Content-Type: application/json' -d '{}' http://$(CONFIG.APP_NAME):3000/api/v1/indexer/reindex"
Install with Helm:
helm upgrade --install indexer oci://artifacts-self-hosted.qodo.ai/codium-stack/stable/module -f ./indexer-values.yaml
3. context-retriever
image:
repository: artif-reg-self-hosted.codium.ai/proxy/codium-stack/us-central1-docker.pkg.dev/codium-production/codium-repo-self-hosted/qodo-engine-context-retriever
tag: "insert version here"
externalSecrets:
enabled: true
v1StableApi: true # use stable externalSecret API (set if >=v0.17.0)
clusterSecretStore: true
secretStoreName: "cluster-secret-store" # Must exist prior to deployment
secrets:
- targetSecretName: secrets-file
remoteSecretName: qodo-engine-secrets # Must exist prior to deployment
data:
- secretKey: .secrets.toml
deployments:
enabled: true
resources:
requests:
cpu: "500m"
memory: "2Gi"
ports:
- containerPort: 8001
name: http
probes:
liveness:
httpGet:
path: /v1/context/health
port: http
initialDelaySeconds: 15
failureThreshold: 5
periodSeconds: 30
successThreshold: 1
service:
enabled: true
type: NodePort
port: 8001
ports:
http:
targetPort: http
volumes:
secrets-file:
secret:
secretName: secrets-file
useShortName: true
volumeMounts:
secrets-file:
mountPath: /app/qodo_engine/shared_settings/secrets
Install with Helm:
helm upgrade --install context-retriever oci://artifacts-self-hosted.qodo.ai/codium-stack/stable/module -f ./context-retriever-values.yaml
Trigger initial indexing (if you prefer to not wait until the cronjob is triggered):
kubectl create job indexer-reindex-manual --from=cronjob/indexer-reindex
Verify
indexer
pod (that is part of the deployment, not the job) logs, to confirm indexing has completed (can take anywhere from minutes to up to a day, depends on how many repositories are configured and how big they are).
4. context-retriever-mcp
deployments:
enabled: false
resources:
requests:
cpu: "500m"
memory: "2Gi"
ports:
- containerPort: 8001
name: http
probes:
liveness:
httpGet:
path: /health
port: http
initialDelaySeconds: 15
failureThreshold: 5
periodSeconds: 30
successThreshold: 1
service:
enabled: true
annotations:
cloud.google.com/backend-config: '{"default": "backend-config"}'
type: NodePort
port: 8001
ports:
http:
targetPort: http
externalSecrets:
enabled: true
clusterSecretStore: true
secretStoreName: "gcp-backend"
volumes:
secrets-file:
secret:
secretName: secrets-file
useShortName: true
volumeMounts:
secrets-file:
mountPath: /app/qodo_engine/shared_settings/secrets
envFrom:
configMapRefs:
- name: main
useShortName: true
configMaps:
main:
SERVICE_CONFIG__EXPOSE_MCP_SERVER: "true"
ingress:
enabled: true
host: "example.com"
annotations:
kubernetes.io/ingress.class: "gce"
kubernetes.io/ingress.allow-http: "true" # Required for managedCertificate
networking.gke.io/v1beta1.FrontendConfig: context-retriever-mcp
networking.gke.io/managed-certificates: 'context-retriever-mcp'
hosts:
- paths:
- path: /mcp
pathType: Prefix
Configuration
Shared Configuration
[qodo_logger]
logging_format = "JSON"
log_level = "INFO"
[openai_api]
key = ""
org = ""
# RAG-indexer database
[postgresql]
host = ""
port = ""
username = ""
password = ""
[vectordb]
db_name = ''
#metadata-service database
[kubernetes]
DATABASE_USER = ""
DATABASE_PASSWORD = ""
DATABASE_NAME = ""
DATABASE_HOST = ""
DATABASE_PORT = ""
Github Configuration
[github_app]
private_key="""\\
... private key goes here...
PRIVATE_KEY
"""
app_id = "1019460"
installation_id = "55739937"
api_base_url = "<https://api.github.com>"
Bitbucket DC Configuration
Refer to our Bitbucket DC documentation.
Enabling qodo-engine functionality in Qodo Merge
Qodo Merge
Update qodo-merge secret, append the following
[rag_arguments]
enable_rag=true
[context_retrieval_service]
url = "<service name>.<namespace>" # set this to context-retriever service address
Restart pods to pick up the new secret.
STS Customer instructions
Please make sure to provide the customer the IP to whitelist.
Last updated
Was this helpful?