> **Building with AI coding agents?** Install the authstack plugin with one command. This equips your agent with accurate Scalekit implementation patterns. > > **Recommended**: > ```bash > npx @scalekit-inc/cli setup > ``` > > Global: > ```bash > npm install -g @scalekit-inc/cli > scalekit setup > ``` > > Supports Claude Code, Cursor, GitHub Copilot, Codex + skills for 40+ agents. > Features: full-stack-auth, agent-auth, mcp-auth, modular-sso, modular-scim. > [Full setup guide](https://docs.scalekit.com/dev-kit/build-with-ai/) --- # System requirements Kubernetes, database, and network requirements for a self-hosted Scalekit deployment. You will confirm that your Kubernetes cluster, databases, and network meet the requirements for a self-hosted deployment. This helps you avoid installation failures and costly production issues later. ## Prepare Kubernetes | Requirement | Value | |-------------|-------| | Kubernetes version | 1.27 or later | | Helm version | 3.12 or later | | `kubectl` | Configured with cluster access | Any managed Kubernetes service works (GKE, EKS, AKS, or a self-managed cluster). Scalekit supports two ingress options. Use one, not both: - **Kubernetes Gateway API** (recommended for cloud clusters): requires a GatewayClass installed on your cluster - **Nginx Ingress** (for local or Minikube deployments): requires the nginx ingress controller For Gateway API, common GatewayClasses: | Provider | GatewayClass | |----------|-------------| | GKE | `gke-l7-global-external-managed` (built-in) | | Istio | `istio` | | Envoy Gateway | `eg` | On GKE, the Gateway controller is enabled by default. For other clusters, install the Gateway API CRDs and a compatible controller before deploying Scalekit. ## Prepare PostgreSQL Scalekit requires **three separate databases** on PostgreSQL 15 or later. These can all live on the same PostgreSQL instance. | Database | Used by | |----------|---------| | `scalekit` | Core auth service | | `webhooks` | Webhook delivery | | `openfga` | Authorization engine (if enabled) | Create a dedicated user with full privileges on each database. Scalekit runs migrations automatically on install and upgrade. > tip: Evaluation without external PostgreSQL > > The Helm chart includes an optional PostgreSQL subchart. Set `postgresql.enabled: true` in your `values.yaml` to spin up a bundled database for evaluation. Do not use this in production. > tip: CockroachDB > > CockroachDB is also supported. Set `DB_ADAPTER=postgresql` in the `db-migrations` secret (the setup script handles this automatically). ## Prepare Redis | Requirement | Value | |-------------|-------| | Version | 6.2 or later | Scalekit uses Redis for session storage, token caching, and background job queues. Redis does not need persistence enabled, but enabling RDB snapshots is recommended for production. > tip: Evaluation without external Redis > > The Helm chart includes an optional Redis subchart. Set `redis.enabled: true` in your `values.yaml` to use it for evaluation. Do not use this in production. ## Set up email (SMTP) Scalekit sends transactional email for password resets, magic links, and user invitations. You need an SMTP provider configured before first run. Supported providers with first-class integration: **Postmark**, **SendGrid**. Any SMTP server works with the `OTHER` provider type. ## Size your nodes | Resource | Production (per node) | |----------|-----------------------| | CPU | 4 vCPUs | | RAM | 8 GB | The Scalekit Deployment defaults to 2 replicas with autoscaling up to 20. Each replica includes all sidecar containers. Tune `replicaCount` and HPA settings in your `values.yaml`. ## Configure network and DNS ### Set up DNS A wildcard DNS record pointing to your Gateway's external IP is required. You set this up after the deployment is running (see [Install Scalekit](/self-hosted/installation/#update-dns)). ### Set up TLS HTTPS is required. Manage certificates through your cloud provider's certificate manager (for example, GCP Certificate Manager) and reference it via a Gateway annotation. cert-manager is also supported. Add the appropriate annotation to `gateway.annotations` in your `values.yaml`. ## Access the container registry Scalekit container images are hosted on a private container registry. You receive the registry server URL and credentials through the Scalekit distribution portal as part of onboarding. The registry token is stored as a Kubernetes image pull secret (`artifact-registry-secret`) during setup. ## Next step Once your infrastructure is ready, the Configure your deployment page will help you prepare the values.yaml that drives your deployment. --- ## More Scalekit documentation | Resource | What it contains | When to use it | |----------|-----------------|----------------| | [/llms.txt](/llms.txt) | Structured index with routing hints per product area | Start here — find which documentation set covers your topic before loading full content | | [/llms-full.txt](/llms-full.txt) | Complete documentation for all Scalekit products in one file | Use when you need exhaustive context across multiple products or when the topic spans several areas | | [sitemap-0.xml](https://docs.scalekit.com/sitemap-0.xml) | Full URL list of every documentation page | Use to discover specific page URLs you can fetch for targeted, page-level answers |