Avnology ID
Self-Hosting

Kubernetes

Helm chart is planned; Docker Compose is the only supported deployment today.

Kubernetes

Avnology ID does not ship a production-grade Helm chart in v1.0.

Current status

  • Docker Compose: fully supported, see Docker Compose deploy.
  • Helm chart: tracked on the public roadmap, target post-v1.0.
  • Raw Kubernetes manifests: deploy/kubernetes/ in the repo has early manifests for the gateway, Ory components, and PodDisruptionBudgets / HPAs. These are internal-only prototypes, not a supported deployment path.

Why not yet?

The Docker Compose stack encodes 19 services, 4 init containers, cross-service env wiring, and Traefik routing. Ports have been exposed, tested, and hardened against real traffic in staging. Porting that to Helm is not a mechanical translation -- Keto's strict mode, pgbouncer transaction pooling, Kratos courier singleton mode, and Oathkeeper's rule format all have K8s-specific failure modes that need their own testing loop.

We'd rather ship the Helm chart late and correct than early and broken.

What to do until Helm lands

If you must run on Kubernetes today:

  1. Run the Docker Compose stack inside a single VM managed by K8s (via KubeVirt or a cloud-provided VM CRD). Ugly but stable.
  2. Use Docker Swarm on your K8s hosts. The shipped compose file works with docker stack deploy modulo secrets-handling differences.
  3. Fork deploy/kubernetes/ and own it. The Avnology team will review PRs but cannot commit to support.

Follow along

Star the GitHub milestone for Helm-chart progress.

Upgrading

Upgrade Ory versions, zero-downtime deploy patterns, and rollback.

Migrate from another IAM

Move users, OAuth clients, and redirect URLs from Auth0, Clerk, Firebase Auth, or Cognito to Avnology ID with the avnology migrate CLI.

On this page

KubernetesCurrent statusWhy not yet?What to do until Helm landsFollow along