Setup Qodo Aware

Follow this guide to setup, install, and begin using Qodo Aware in On Prem environments.

Prerequisites

Infrastructure Requirements

The machine running Qodo Aware components should have at least:

  • vCPU: 8

  • 16 GB RAM

PostgreSQL Instance (Recommended Size):

  • vCPU: 4

  • Memory: 32 GB

  • Disk: 100 GB

You may opt for smaller instances if working with a relatively small codebase.

PostgreSQL Version: 17

Required Configuration:

  • pg_vector extension installed

    Note: This is pre-installed in managed cloud deployments.

  • TCP port 5432 must be accessible from the Kubernetes cluster where Qodo Aware will be deployed

  • Two separate databases:

    • rag-indexer

    • metadata

  • Two PostgreSQL users with full access to their respective databases

Supported Git Providers:

  • GitHub (Cloud or Enterprise)

  • Bitbucket Data Center


Models Supported

These models are used by Qodo Aware and must be available for Qodo Aware to be used:

  • gpt-4.1-mini-2025-04-14

  • gpt-4o

  • text-embedding-3-large


GitHub App Installation

  1. Navigate to Your Organizations via the top-right menu on GitHub.

    Select your organization and go to Settings > Developer settings > GitHub Apps.

  2. Click New GitHub App and fill in:

    1. App name: Qodo RAG Indexer

    2. Homepage URL: https://qodo.ai

    3. Webhook: Disabled Webhooks will be supported in future releases for continuous updates.

  3. Under Repository permissions, grant:

    • Contents: Read-only

  4. Choose “Any account” for installation scope.

  5. Click Create GitHub App.

  6. Save the generated App ID.

  7. Generate a private key and store it securely.

  8. Click Install App, choose your organization, and select specific repositories (do not choose “All repositories”).

  9. Save the Installation ID from the resulting URL (e.g., https://github.com/organizations/YOUR_ORG/settings/installations/2).

Qodo Aware Installation Overview

Qodo Aware consists of a few components. Install them in the following order:

  1. metadata-service

  2. rag-indexer

  3. context-retriever

  4. context-retriever-mcp

We recommend deploying all components in the same Kubernetes namespace.

Each component requires its own values.yaml file with configuration like the following.

1. metadata-service

Example metadata-values.yaml:

image:
  repository: artif-reg-self-hosted.codium.ai/proxy/codium-stack/us-central1-docker.pkg.dev/codium-production/codium-repo-self-hosted/qodo-engine-metadata
  tag: "insert version here"

externalSecrets:
  enabled: true
  v1StableApi: true # use stable externalSecret API (set if >=v0.17.0)
  clusterSecretStore: true
  secretStoreName: "cluster-secret-store" # Must exist prior to deployment
  secrets:
    - targetSecretName: secrets-file
      remoteSecretName: qodo-engine-secrets # Must exist prior to deployment
      data:
        - secretKey: .secrets.toml
deployments:
  enabled: true
  resources:
    requests:
      cpu: "500m"
      memory: "2Gi"
  ports:
    - containerPort: 8000
      name: http
  probes:
    liveness:
      httpGet:
        path: /api/v1/health
        port: http
      initialDelaySeconds: 15
      failureThreshold: 5
      periodSeconds: 30
      successThreshold: 1
service:
  enabled: true
  type: NodePort
  port: 8000
  ports:
    http:
      targetPort: http
volumes:
  secrets-file:
    secret:
      secretName: secrets-file
      useShortName: true
volumeMounts:
  secrets-file:
    mountPath: /workspace/app/config_prod

Install with Helm:

helm upgrade --install metadata-service oci://artifacts-self-hosted.qodo.ai/codium-stack/stable/module -f ./metadata-values.yaml

2. rag-indexer


image:
  repository: artif-reg-self-hosted.codium.ai/proxy/codium-stack/us-central1-docker.pkg.dev/codium-production/codium-repo-self-hosted/qodo-engine-indexer
  tag: "insert version here"

externalSecrets:
  enabled: true
  clusterSecretStore: true
  v1StableApi: true # use stable externalSecret API (set if >=v0.17.0)
  secretStoreName: "cluster-secret-store" # Must exist prior to deployment
  secrets:
    - targetSecretName: secrets-file
      remoteSecretName: qodo-engine-secrets # Must exist prior to deployment
      data:
        - secretKey: .secrets.toml

deployments:
  enabled: true
  resources:
    requests:
      cpu: "500m"
      memory: "2Gi"
  ports:
    - containerPort: 3000
      name: http
  probes:
    liveness:
      httpGet:
        path: /api/v1/indexer/health
        port: http
      initialDelaySeconds: 15
      failureThreshold: 5
      periodSeconds: 30
      successThreshold: 1
service:
  enabled: true
  type: NodePort
  port: 3000
  ports:
    http:
      targetPort: http


volumes:
  secrets-file:
    secret:
      secretName: secrets-file
      useShortName: true
volumeMounts:
  secrets-file:
    mountPath: /workspace/qodo_engine/shared_settings/secrets

cronJobs:
  reindex:
    schedule: "0 3 * * *" # Adjust schedule as needed - once a day is recommended
    concurrencyPolicy: "Allow"
    suspend: false
    image:
      repository: curlimages/curl
      tag: 8.11.1
      pullPolicy: IfNotPresent
    command:
      - "/bin/sh"
      - "-c"
      - "curl -X POST -H 'Content-Type: application/json' -d '{}' http://$(CONFIG.APP_NAME):3000/api/v1/indexer/reindex"

Install with Helm:

helm upgrade --install indexer oci://artifacts-self-hosted.qodo.ai/codium-stack/stable/module -f ./indexer-values.yaml

3. context-retriever

image:
  repository: artif-reg-self-hosted.codium.ai/proxy/codium-stack/us-central1-docker.pkg.dev/codium-production/codium-repo-self-hosted/qodo-engine-context-retriever
  tag: "insert version here"

externalSecrets:
  enabled: true
  v1StableApi: true # use stable externalSecret API (set if >=v0.17.0)
  clusterSecretStore: true
  secretStoreName: "cluster-secret-store" # Must exist prior to deployment
  secrets:
    - targetSecretName: secrets-file
      remoteSecretName: qodo-engine-secrets # Must exist prior to deployment
      data:
        - secretKey: .secrets.toml

deployments:
  enabled: true
  resources:
    requests:
      cpu: "500m"
      memory: "2Gi"
  ports:
    - containerPort: 8001
      name: http
  probes:
    liveness:
      httpGet:
        path: /v1/context/health
        port: http
      initialDelaySeconds: 15
      failureThreshold: 5
      periodSeconds: 30
      successThreshold: 1
service:
  enabled: true
  type: NodePort
  port: 8001
  ports:
    http:
      targetPort: http

volumes:
  secrets-file:
    secret:
      secretName: secrets-file
      useShortName: true
volumeMounts:
  secrets-file:
    mountPath: /app/qodo_engine/shared_settings/secrets

Install with Helm:

helm upgrade --install context-retriever oci://artifacts-self-hosted.qodo.ai/codium-stack/stable/module -f ./context-retriever-values.yaml

  1. Trigger initial indexing (if you prefer to not wait until the cronjob is triggered): kubectl create job indexer-reindex-manual --from=cronjob/indexer-reindex

  2. Verify indexer pod (that is part of the deployment, not the job) logs, to confirm indexing has completed (can take anywhere from minutes to up to a day, depends on how many repositories are configured and how big they are).

4. context-retriever-mcp

deployments:
  enabled: false
  resources:
    requests:
      cpu: "500m"
      memory: "2Gi"
  ports:
    - containerPort: 8001
      name: http
  probes:
    liveness:
      httpGet:
        path: /health
        port: http
      initialDelaySeconds: 15
      failureThreshold: 5
      periodSeconds: 30
      successThreshold: 1
service:
  enabled: true
  annotations:
    cloud.google.com/backend-config: '{"default": "backend-config"}'
  type: NodePort
  port: 8001
  ports:
    http:
      targetPort: http
externalSecrets:
  enabled: true
  clusterSecretStore: true
  secretStoreName: "gcp-backend"
volumes:
  secrets-file:
    secret:
      secretName: secrets-file
      useShortName: true
volumeMounts:
  secrets-file:
    mountPath: /app/qodo_engine/shared_settings/secrets
envFrom:
  configMapRefs:
    - name: main
      useShortName: true
configMaps:
  main:
    SERVICE_CONFIG__EXPOSE_MCP_SERVER: "true"
ingress:
  enabled: true
  host: "example.com"
  annotations:
    kubernetes.io/ingress.class: "gce"
    kubernetes.io/ingress.allow-http: "true" # Required for managedCertificate
    networking.gke.io/v1beta1.FrontendConfig: context-retriever-mcp
    networking.gke.io/managed-certificates: 'context-retriever-mcp'
  hosts:
    - paths:
        - path: /mcp
          pathType: Prefix

Configuration

Shared Configuration

[qodo_logger]
logging_format = "JSON"
log_level = "INFO"

[openai_api]
key = ""
org = ""

# RAG-indexer database
[postgresql]
host = ""
port = ""
username = ""
password = ""

[vectordb]
db_name = ''

#metadata-service database
[kubernetes]
DATABASE_USER = ""
DATABASE_PASSWORD = ""
DATABASE_NAME = ""
DATABASE_HOST = ""
DATABASE_PORT = ""

Github Configuration

Github On prem: If you are using github on prem you should specificy the api_base_url in the configuration for [github_app] section as mentioned below.

Make sure that github is able to accept requests from the Kubernetes cluster. Firewall adjustments may be needed.

[github_app]
private_key="""\\
... private key goes here...
PRIVATE_KEY
"""
app_id = "1019460"
installation_id = "55739937"
api_base_url = "<https://api.github.com>"

Bitbucket DC Configuration

Refer to our Bitbucket DC documentation.

Enabling qodo-engine functionality in Qodo Merge

Qodo Merge

  1. Update qodo-merge secret, append the following

[rag_arguments]
enable_rag=true

[context_retrieval_service]
url = "<service name>.<namespace>" # set this to context-retriever service address
  1. Restart pods to pick up the new secret.

STS Customer instructions

Please make sure to provide the customer the IP to whitelist.

Last updated

Was this helpful?