Skip to main content

Documentation Index

Fetch the complete documentation index at: https://arize-ax.mintlify.dev/docs/llms.txt

Use this file to discover all available pages before exploring further.

Summary

Use this path when outbound traffic is limited to allowlisted destinations or must go through a corporate proxy. You will open the same endpoints Arize uses for distribution and images, then follow the same install flow as a connected deployment unless policy requires a private registry mirror.

Network and images

  • Distribution: Download with your JWT from ch.hub.arize.com as described in Download and extract the distribution.
  • Images: By default, workloads pull from Arize’s hub (pullRegistry defaults to ch.hub.arize.com in the chart)—once egress to those hosts is allowlisted or routed through your proxy.
  • Telemetry (Call Home): Same defaults as Connected (internet egress). Non-default configuration is covered only in Advanced → Helm in the offline docs/ bundle from your distribution archive.
  • Private registry: Optional; only if policy requires every workload to pull from your own registry.

Allowlist

Ensure these can be reached from your build hosts and, where applicable, from nodes or pull-through caches:
  • ch.hub.arize.com — distribution downloads and metadata
  • us-central1-docker.pkg.dev — Arize AX container images
./arize.sh may perform HTTPS reachability checks against both endpoints when pulling from the hub (see Connected → Firewall and script checks). Add any proxy or firewall exceptions your security team requires.

Cluster behavior

GKE nodes must still reach Google APIs for the control plane, GCS (Gazette and Druid buckets), and other services you enable (for example BigQuery or Vertex if used). Work with your platform team to confirm egress paths for those APIs. For buckets, IAM, and Workload Identity, see GKE cluster and resources (existing cluster).

Private registry mirror

If policy requires images in your Artifact Registry or Container Registry:
  1. Authenticate Docker (gcloud auth configure-docker or your registry’s login flow).
  2. Run ./arize.sh to pull from the Arize hub into your registry. Pass hubJwt as the base64-encoded JWT, cloud=gcp, and pushRegistry: 
    ./arize.sh -f none -y load-remote-images 'hubJwt=<BASE64_JWT>,cloud=gcp,pushRegistry=<YOUR_REGISTRY>'
  3. Example hostnames (replace project, location, and repository): us-central1-docker.pkg.dev/<project>/<repository> for Artifact Registry, or gcr.io/<project-id> for legacy Container Registry.
  4. Verify that your images have arrived in your registry.

Next steps

  1. Provision or use a GKE cluster (or Terraform).
  2. Install Arize (quick start) or detailed walkthrough for operator values and ./arize.sh.
  3. Configure ingress or another controller.
  4. Validate the deployment.