Self-Hosted Deployment

Deploy Align on your own infrastructure for complete data sovereignty.

Why Self-Host?

Data Sovereignty - All data stays in your infrastructure
Air-Gapped Environments - Works without internet access
Custom LLMs - Use your own models (Ollama, vLLM, etc.)
Compliance - Meet regulatory requirements
Integration - Deep integration with internal systems

Architecture

┌──────────────────────────────────────────────────────────────────────┐
│                      Your Kubernetes Cluster                          │
├──────────────────────────────────────────────────────────────────────┤
│                                                                       │
│  ┌──────────┐  ┌──────────┐  ┌──────────┐  ┌────────────────────┐   │
│  │    UI    │  │ Gateway  │  │  Brain   │  │    Connectors      │   │
│  │ SvelteKit│  │ Fastify  │  │ FastAPI  │  │ Slack/Teams/Jira/… │   │
│  └────┬─────┘  └────┬─────┘  └────┬─────┘  └─────────┬──────────┘   │
│       │             │             │                   │              │
│       └─────────────┴─────────────┴───────────────────┘              │
│                      │                    │                           │
│              ┌───────┴───────┐   ┌───────┴───────┐                  │
│              │  PostgreSQL   │   │ Redis (opt.)  │                  │
│              │  (Managed/    │   │ Job state &   │                  │
│              │   Self-hosted)│   │ pub/sub       │                  │
│              └───────────────┘   └───────────────┘                  │
│                                                                       │
└──────────────────────────────────────────────────────────────────────┘

Components

Component	Purpose	Port	Required?
UI	SvelteKit frontend	3000	Yes
Gateway	API server (Fastify)	8080	Yes
Brain	AI/ML service (FastAPI)	8090	Yes
Connectors	Integration services	808x	Yes
PostgreSQL	Database	5432	Yes
Redis	Job state & real-time events	6379	Yes (K8s)

Prerequisites

Kubernetes 1.25+
Helm 3.10+
PostgreSQL 15+ (self-managed or managed like RDS)
4GB+ RAM available for Align pods
Redis 6+ for Kubernetes deployments (any Redis-compatible service: ElastiCache, Memorystore, Dragonfly, KeyDB). Required for Discover scan progress tracking.
(Optional) GPU for local LLM inference

Quick Start

# Add the Align Helm repository
helm repo add align https://charts.align.tech
helm repo update

# Install with default values
helm install align align/align \
  --namespace align \
  --create-namespace \
  --set database.secretName=your-db-secret

# Check status
kubectl get pods -n align

See Installation for detailed instructions.

Deployment Options

Minimal (Development/POC)

Single replica per service
Local PostgreSQL
No HA, minimal resources

helm install align align/align -f values-minimal.yaml

Production

Multiple replicas with HPA
External PostgreSQL (RDS)
TLS, proper ingress
Secrets management

helm install align align/align -f values-production.yaml

Scaling Considerations

Deployment	Gateway Pods	Redis Required?	Notes
Kubernetes	1+	Yes	Required for Discover scan progress
Local dev	1	No	Uses in-memory fallbacks

Why Redis?

The Discover feature uses async job processing for bulk operations. Redis provides:

Job state storage - Track progress of long-running scans and approvals
Pub/Sub - Real-time progress streaming (SSE) across pods

In Kubernetes deployments, the gateway requires REDIS_URL and will fail to start without it. For local development (non-Kubernetes), the gateway automatically falls back to in-memory storage.

For Kubernetes deployments: Configure Redis (any Redis-compatible service works):

gateway:
  replicaCount: 2
  redis:
    url: "redis://your-redis:6379"

Redis options by cloud:

Cloud	Managed Service	Notes
AWS	ElastiCache Redis	Use IRSA for auth
GCP	Memorystore for Redis	Use Workload Identity
Azure	Azure Cache for Redis	Use Managed Identity
Self-hosted	Redis, Dragonfly, KeyDB	Any Redis-compatible server

Optional: Message queues for high-volume deployments

For very high-volume deployments (1000s of decisions/day), you can optionally add a message queue for distributed job processing. The gateway supports pluggable queue backends:

Provider	Best For	Config
memory (default)	Single-pod, dev, low-volume	No config needed
sqs	AWS deployments	Requires SQS queue URLs

# AWS SQS (for AWS deployments)
gateway:
  sqs:
    importJobQueueUrl: "https://sqs.region.amazonaws.com/account/import-queue"
    bulkApprovalQueueUrl: "https://sqs.region.amazonaws.com/account/approval-queue"
    bulkDeleteQueueUrl: "https://sqs.region.amazonaws.com/account/delete-queue"

Without queue URLs configured, the gateway uses an in-memory queue (which works fine for most deployments and single-pod setups).

What's Included

The Helm chart deploys:

All Align services (UI, Gateway, Brain)
Connectors (Slack, Teams, Jira, GitHub)
Database migrations (as pre-install hook)
Ingress configuration
HPA and PDB for availability
Service accounts and RBAC

What You Provide

Kubernetes cluster
PostgreSQL database
Secrets (OAuth credentials, API keys)
Ingress controller (Traefik, nginx, etc.)
TLS certificates (cert-manager recommended)
(Optional) Custom LLM server

Documentation

Guide	Description
Installation	Step-by-step install guide
Configuration	Helm values reference
Secrets	Secrets management options
OAuth Apps	Register your own OAuth apps
LLM Setup	Configure custom LLM providers
Upgrades	Upgrade and migration guide

Support

For self-hosted support:

Email: support@align.tech
Documentation: docs.align.tech

Why Self-Host?​

Architecture​

Components​

Prerequisites​

Quick Start​

Deployment Options​

Minimal (Development/POC)​

Production​

Scaling Considerations​

What's Included​

What You Provide​

Documentation​

Support​