Skip to content

Run Collector

The AI Assets Collector collects AI assets from your data sources, builds an inventory, and records relationships between them for AI Governance.

Start AI Assets Collector Using Runtime on K8s

A Trust3 Runtime is a lightweight deployment plane that runs inside your own EKS/AKS cluster. It lets Trust3 deploy and manage collectors — such as the AI Assets Collector — directly in your environment, without requiring inbound connectivity from the internet into your cluster.

When you create a Runtime, Trust3 installs a small agent in your cluster (the Runtime Plane) that maintains an outbound-only connection to the Trust3 control plane. You then add collectors to that Runtime through the Trust3 dashboard, and Trust3 deploys them as pods in your cluster automatically.

This approach keeps your data local — the AI Assets Collector reads from your Databricks workspace or Azure environment and sends only governance metadata to Trust3, never raw data.

When to use this path: Use the Runtime on K8s path if your Databricks workspace or Azure environment is network-restricted, if your security policy requires all compute to run inside your own cluster, or if you prefer Kubernetes-native deployment and lifecycle management over running Docker locally.

If you are evaluating Trust3 or running a quick local test, use the Docker tab instead — it requires no Kubernetes cluster.

Follow this workflow to run the AI Assets Collector in your EKS or AKS cluster using a Trust3 Runtime.

Create a Runtime

  1. In the Trust3 dashboard, navigate to Settings > Runtime.
  2. Click Create New.

  3. On the Create Runtime Plane page, configure the runtime:

    Setting Value
    Deployment Type Partially Managed (D2P) — the Trust3 control plane is cloud-hosted; the data plane runs in your own cluster
    Configuration Mode Basic Config
    Cloud Provider AWS or Azure
    Region Select the region where your cluster is deployed
    Runtime Name Auto-generated — you can rename it, this will be your namespace in kubernetes
    Auto Upgrade Set to true — the runtime plane updates automatically when new releases are available

  4. Select the AWS Prerequisites or Azure Prerequisites checkbox to confirm all prerequisites are met. Click View full details if you need to complete any missing prerequisites before continuing.

  5. Click Generate.

Deploy the Runtime Plane

The next screen shows two commands to run from your terminal:

  1. curl or wget command — downloads the Trust3 runtime installation script to your machine.
  2. Helm command — deploys the Trust3 Runtime Plane components into your Kubernetes cluster and connects them to Trust3Cloud. Run this exactly as shown — it includes a pre-populated token for your tenant.

Run the commands in order. When the status on screen changes to Connection Established, click Done.

Tip

If the connection does not establish within 5 minutes, verify that your Kubernetes cluster has outbound internet access and that the namespace Helm targets exists in your cluster.

Add AI Assets Collector

  1. Go to Settings > Runtime and click the running runtime to open its detail view.
  2. Select the Collectors tab.
  3. Click Add New.
  4. From Available Collectors, select AI Assets Collector.
  5. In Basic Info, enter:
    • Name — a descriptive name for this collector instance
    • Description (optional)
  6. Click Continue.

  7. In Datasource Configuration, provide your configuration values.

    Collector Configs — provide values for the platforms you are connecting. You can configure Databricks, Azure, or both.

    Variable Purpose
    DATABRICKS_HOST Databricks workspace URL (e.g. https://your-workspace.cloud.databricks.com)
    DATABRICKS_TOKEN Databricks personal access token
    DATABRICKS_ENVIRONMENT_NAME Labels this workspace in the Trust3 inventory — does not affect connectivity. Use dev, stage, prod, or test. Defaults to prod if omitted.
    AZURE_TENANT_ID Azure tenant ID
    AZURE_CLIENT_ID Azure application (client) ID
    AZURE_CLIENT_SECRET Azure client secret

    Leave any variables you are not using blank — remove them entirely rather than leaving them with empty values.

    Kubernetes Configs — update resource values to match your cluster configuration.

  8. Click Save. Trust3 creates the AI Assets Collector pod in your runtime namespace.

Note

The collector runs on a 15-minute schedule. Your first assets will appear in the Trust3 portal under AI Assets within 15 minutes of the pod starting.

Verify the Collector Pod

Confirm the collector is running using kubectl:

Bash
1
kubectl get pods -n <your-runtime-namespace>

Tip

<your-runtime-namespace> will be the Runtime Name configured in Step 3.

Look for a pod named trust3-ai-assets-collector-* with status Running. If the pod is in CrashLoopBackOff or Error, check the logs:

Bash
1
kubectl logs -n <your-runtime-namespace> <your-pod-name> --tail=50

You can also open Collectors in the Trust3 Portal, Navigate to Settings > Runtime > Runtime Name > Collectors Tab and confirm the AI Assets Collector shows a running status there.

Tip

If you use k9s, navigate to the runtime namespace and confirm the collector pod is running.

Quick checklist

  • Deployment Type set to Partially Managed (D2P)
  • Cloud Provider set to AWS or Azure, region matches AWS / AKS cluster region
  • AWS / Azure prerequisites confirmed
  • Runtime installation commands run from terminal (curl/wget first, then Helm)
  • Runtime shows Connection Established before clicking Done
  • AI Asset Collector added from Collectors > Add New
  • Databricks configuration provided (if connecting Databricks)
  • AWS configuration provided (if connecting AWS)
  • Azure configuration provided (if connecting Azure)
  • Collector pod shows Running in kubectl
  • AI assets appear in Trust3 portal within 15 minutes
  • Databricks: Databricks
  • Azure: Azure

Download docker-compose.yml

Save the file in a directory on your machine (for example ai-assets-collector/). Use the link below — it triggers a download using the site’s download helper.

Download docker-compose.yml

Create .env

Under the same directory where you keep docker-compose.yml, create a file named .env and add the variables below. Set values for each platform you connect (Databricks, Azure, or both) and AI_GOVERNANCE_API_KEY (To retrieve the API key, log in to Trust3 and navigate to Settings -> API Keys. Make sure you have ADMIN Role to access this page)

Bash
1
2
3
4
5
6
7
8
9
DATABRICKS_HOST=https://your-workspace.cloud.databricks.com
DATABRICKS_TOKEN=
DATABRICKS_ENVIRONMENT_NAME=(dev/test/prod/stage)

AZURE_TENANT_ID=
AZURE_CLIENT_ID=
AZURE_CLIENT_SECRET=

AI_GOVERNANCE_API_KEY=

Leave a line blank or omit variables you are not using, following your collector’s expectations.

Login Trust3 AI Docker Repository

To log in to the Trust3 AI Docker repository, use the following command:

Bash
1
docker login api.na.trust3ai.com -u trust3

When prompted for a password, enter your API key. To retrieve the API key, log in to Trust3 and navigate to Settings > API Keys.

Run with Docker Compose

  1. Open a terminal under the directory where you keep docker-compose.yml and .env.

  2. Start the collector (detached):

    Bash
    1
    docker compose up -d

  3. Watch logs — while docker compose is up, the collector runs on a schedule (every 15 minutes in the current release):

    Bash
    1
    docker compose logs -f trust3-ai-assets-collector

  4. Tear down when you no longer want scheduled collection on this host:

    Bash
    1
    docker compose down

Environment variables (for .env)

Variable Purpose
DATABRICKS_HOST Databricks workspace URL
DATABRICKS_TOKEN Personal access token
DATABRICKS_ENVIRONMENT_NAME Databricks Workspace Env Type (dev/stage/prod)
AZURE_TENANT_ID Azure tenant ID
AZURE_CLIENT_ID Azure application (client) ID
AZURE_CLIENT_SECRET Azure client secret
AI_GOVERNANCE_API_KEY API key for AI Governance ingest, when your deployment expects it

Quick checklist

  • docker-compose.yml in a directory (download or copy from ai-assets-collector/docker/ in the repo)
  • .env under that same directory with the variables above filled in as needed
  • docker compose up -d
  • docker compose logs -f trust3-ai-assets-collector to verify the run
  • Databricks: Databricks
  • Azure: Azure

Next step

Once your collector is running, your AI assets will appear in the Trust3 portal under AI Assets within 15 minutes. See the Core Concepts to explore your inventory, review trust scores, and start configuring governance policies.