Self-hosted deployment overview

You will run the full Scalekit platform on your own Kubernetes cluster. This helps you keep all authentication data inside your network for data residency, compliance, and isolation from the public internet.

Use self-hosted deployment when your organization requires:

• Data residency: Auth data must remain in a specific region or on-premises location
• Network isolation: The auth service must not be reachable from the public internet
• Compliance: Regulations such as FedRAMP, HIPAA, or internal security policies prohibit use of SaaS auth services
• Air-gapped environments: Your deployment environment has no outbound internet access

How self-hosted deployment works

Scalekit is deployed on Kubernetes via a Helm chart managed through the Scalekit distribution portal. You configure the deployment with a values.yaml file, apply Kubernetes secrets to your cluster, and connect the cluster to the portal. The portal handles chart delivery, migrations, and upgrades.

Components in a self-hosted deployment

A self-hosted deployment runs as a single Kubernetes Deployment with multiple containers:

Component	Description
Auth service	Core service handling login, token issuance, sessions, SSO, and SCIM
Dashboard	Admin web UI for managing your Scalekit instance
Flagd	Feature flag sidecar for runtime configuration
Webhooks	Webhook delivery service
OpenFGA	Fine-grained authorization engine (optional)

Infrastructure you must provide

Scalekit does not bundle a database or cache in production. You provision and manage these separately:

Dependency	Requirement	Notes
Kubernetes	1.27 or later	Any managed or self-managed cluster
PostgreSQL	15 or later	Three databases required: scalekit, webhooks, openfga
Redis	6.2 or later	Used for sessions, caching, and job queues
SMTP	Any provider	Postmark and SendGrid have first-class support

Evaluation shortcut

The Helm chart includes optional PostgreSQL and Redis subcharts. Enable them to spin up Scalekit quickly without provisioning external services. Use subcharts for evaluation only. They are not suitable for production.

Access required

Self-hosted deployment requires a Scalekit enterprise license. You receive your Helm chart access and container registry token through the Scalekit distribution portal as part of onboarding.

Choose your path

Path	When to use
Quickstart: Deploy Scalekit on Kubernetes	Get Scalekit running fast using bundled PostgreSQL and Redis. Ideal for evaluation and proof-of-concept. No external databases or kubectl secret commands needed.
Full installation	Production deployment with external PostgreSQL and Redis, full secret management, and your choice of ingress controller.

Next, Quickstart: Deploy Scalekit on Kubernetes will get you a working evaluation instance so you can test before full deployment.