Use this guide when you deploy kagenti-backend for the KubeStellar Console AI Agents dashboard. It covers the supported hosted providers, how to create the kagenti-llm-secrets Secret, how to set LLM_PROVIDER, and what to check when the backend fails to start.
| Provider | LLM_PROVIDER value | Secret key |
|---|---|---|
| Google Gemini | gemini | GEMINI_API_KEY |
| Anthropic Claude | anthropic | ANTHROPIC_API_KEY |
| OpenAI | openai | OPENAI_API_KEY |
Use exactly LLM_PROVIDER value in the Deployment. The selected provider must have its matching API key present in the kagenti-llm-secrets Secret.
Create the Secret in the same namespace as kagenti-backend.
kubectl create secret generic kagenti-llm-secrets \
-n kagenti-system \
--from-literal=GEMINI_API_KEY=your-gemini-api-keykubectl create secret generic kagenti-llm-secrets \
-n kagenti-system \
--from-literal=ANTHROPIC_API_KEY=your-anthropic-api-keykubectl create secret generic kagenti-llm-secrets \
-n kagenti-system \
--from-literal=OPENAI_API_KEY=your-openai-api-keyIf you want to keep more than provider key available, recreate the Secret with multiple --from-literal flags.
LLM_PROVIDER in kagenti-backendUpdate the env: block for the kagenti-backend container in your kagenti-backend-deploy.yaml manifest, then re-apply it.
env:
- name: KAGENTI_AUTH_ENABLED
value: "false"
- name: LLM_PROVIDER
value: gemini
- name: GEMINI_API_KEY
valueFrom:
secretKeyRef:
name: kagenti-llm-secrets
key: GEMINI_API_KEYenv:
- name: KAGENTI_AUTH_ENABLED
value: "false"
- name: LLM_PROVIDER
value: anthropic
- name: ANTHROPIC_API_KEY
valueFrom:
secretKeyRef:
name: kagenti-llm-secrets
key: ANTHROPIC_API_KEYenv:
- name: KAGENTI_AUTH_ENABLED
value: "false"
- name: LLM_PROVIDER
value: openai
- name: OPENAI_API_KEY
valueFrom:
secretKeyRef:
name: kagenti-llm-secrets
key: OPENAI_API_KEYApply the updated Deployment:
kubectl apply -f kagenti-backend-deploy.yaml
kubectl rollout status deployment/kagenti-backend -n kagenti-systemWhen you rotate a key, recreate the Secret and restart the backend so the Pod reads the new value.
kubectl delete secret kagenti-llm-secrets -n kagenti-system
kubectl create secret generic kagenti-llm-secrets \
-n kagenti-system \
--from-literal=GEMINI_API_KEY=your-new-gemini-api-key
kubectl rollout restart deployment/kagenti-backend -n kagenti-system
kubectl rollout status deployment/kagenti-backend -n kagenti-systemIf you use Anthropic or OpenAI instead, replace the literal key name with ANTHROPIC_API_KEY or OPENAI_API_KEY. If your Secret stores multiple providers, recreate all required entries before restarting the Deployment.
CreateContainerConfigErrorIf the Secret is missing, Kubernetes cannot build the container environment and the Pod stays in CreateContainerConfigError.
Check the Pod events:
kubectl describe pod -n kagenti-system <kagenti-backend-pod-name>Typical symptom:
Error: secret "kagenti-llm-secrets" not foundFix:
kagenti-llm-secrets in kagenti-system.kubectl rollout restart deployment/kagenti-backend -n kagenti-systemLLM_PROVIDER value or mismatched keyIf LLM_PROVIDER is not of gemini, anthropic, or openai, or if it points to a provider whose key is missing, the backend will not be able to talk to the selected LLM provider.
Check the Deployment configuration and logs:
kubectl get deployment kagenti-backend -n kagenti-system -o yaml | grep -A6 "LLM_PROVIDER"
kubectl logs deployment/kagenti-backend -n kagenti-system --tail=50Verify that:
LLM_PROVIDER exactly matches of the supported values.kagenti-llm-secrets.Today, KubeStellar Console can discover and connect to Kagenti, but it does not manage Kagenti provider secrets for you. Continue to manage kagenti-llm-secrets and LLM_PROVIDER with kubectl, Helm values, or your GitOps workflow. When console-based secret management is available, this guide will be updated.