Kubernetes Deployment | IDA — Identity for the AI Age

Deploy IDA to a Kubernetes cluster for production use.

Prerequisites

Tool	Version
kubectl	1.28+
Helm	3.14+
Kubernetes cluster	1.28+

Quick Deploy

$ # Add IDA Helm repo
$ helm repo add ida https://charts.ida.infinia.io
$ helm repo update
$ 
$ # Install IDA
$ helm install ida ida/ida-platform \
>   --namespace ida \
>   --create-namespace \
>   --values values-production.yaml

Namespace Structure

ida/
  ida-api (Deployment, 3 replicas)
  ida-resolver (Deployment, 2 replicas)
  ida-portal (Deployment, 2 replicas)
  postgres (StatefulSet, 1 replica)
  redis (StatefulSet, 1 replica)
  nats (StatefulSet, 3 replicas)
ida-blockchain/
  adi-node-validator-0 (StatefulSet)
  adi-node-validator-1 (StatefulSet)
  adi-node-observer-0 (StatefulSet)

Manual Deployment (kubectl)

Namespace

1 apiVersion: v1
2 kind: Namespace
3 metadata:
4   name: ida

API Deployment

1 apiVersion: apps/v1
2 kind: Deployment
3 metadata:
4   name: ida-api
5   namespace: ida
6 spec:
7   replicas: 3
8   selector:
9     matchLabels:
10       app: ida-api
11   template:
12     metadata:
13       labels:
14         app: ida-api
15     spec:
16       containers:
17         - name: ida-api
18           image: infinia/ida-api:latest
19           ports:
20             - containerPort: 8080
21           env:
22             - name: DATABASE_URL
23               valueFrom:
24                 secretKeyRef:
25                   name: ida-secrets
26                   key: database-url
27             - name: REDIS_URL
28               value: redis://redis:6379
29             - name: ADI_RPC_URL
30               value: http://adi-node-validator-0.ida-blockchain:8545
31             - name: NATS_URL
32               value: nats://nats:4222
33             - name: LOG_LEVEL
34               value: info
35           resources:
36             requests:
37               cpu: 500m
38               memory: 512Mi
39             limits:
40               cpu: 2000m
41               memory: 2Gi
42           livenessProbe:
43             httpGet:
44               path: /health
45               port: 8080
46             initialDelaySeconds: 10
47             periodSeconds: 15
48           readinessProbe:
49             httpGet:
50               path: /health
51               port: 8080
52             initialDelaySeconds: 5
53             periodSeconds: 5
54 ---
55 apiVersion: v1
56 kind: Service
57 metadata:
58   name: ida-api
59   namespace: ida
60 spec:
61   selector:
62     app: ida-api
63   ports:
64     - port: 8080
65       targetPort: 8080
66   type: ClusterIP

Ingress

1 apiVersion: networking.k8s.io/v1
2 kind: Ingress
3 metadata:
4   name: ida-ingress
5   namespace: ida
6   annotations:
7     cert-manager.io/cluster-issuer: letsencrypt-prod
8     nginx.ingress.kubernetes.io/rate-limit: "100"
9 spec:
10   tls:
11     - hosts:
12         - api.ida.infinia.io
13         - portal.ida.infinia.io
14       secretName: ida-tls
15   rules:
16     - host: api.ida.infinia.io
17       http:
18         paths:
19           - path: /
20             pathType: Prefix
21             backend:
22               service:
23                 name: ida-api
24                 port:
25                   number: 8080
26     - host: portal.ida.infinia.io
27       http:
28         paths:
29           - path: /
30             pathType: Prefix
31             backend:
32               service:
33                 name: ida-portal
34                 port:
35                   number: 80

Secrets

1 apiVersion: v1
2 kind: Secret
3 metadata:
4   name: ida-secrets
5   namespace: ida
6 type: Opaque
7 stringData:
8   database-url: postgres://ida:password@postgres:5432/ida?sslmode=require
9   redis-password: redis-secret
10   api-signing-key: your-signing-key

Helm Chart Values

values-production.yaml

1 global:
2   environment: production
3   domain: ida.infinia.io
4 
5 api:
6   replicas: 3
7   image:
8     repository: infinia/ida-api
9     tag: "1.0.0"
10   resources:
11     requests:
12       cpu: 500m
13       memory: 512Mi
14     limits:
15       cpu: 2000m
16       memory: 2Gi
17   autoscaling:
18     enabled: true
19     minReplicas: 3
20     maxReplicas: 10
21     targetCPU: 70
22 
23 resolver:
24   replicas: 2
25   image:
26     repository: infinia/ida-resolver
27     tag: "1.0.0"
28 
29 portal:
30   replicas: 2
31   image:
32     repository: infinia/ida-portal
33     tag: "1.0.0"
34 
35 postgres:
36   enabled: true
37   persistence:
38     size: 100Gi
39     storageClass: gp3
40 
41 redis:
42   enabled: true
43   persistence:
44     size: 10Gi
45 
46 nats:
47   enabled: true
48   replicas: 3
49 
50 blockchain:
51   validators: 2
52   observers: 1
53   persistence:
54     size: 500Gi
55 
56 monitoring:
57   enabled: true
58   prometheus:
59     enabled: true
60   grafana:
61     enabled: true
62 
63 ingress:
64   enabled: true
65   className: nginx
66   tls: true
67   certManager: true

Monitoring

Prometheus ServiceMonitor

1 apiVersion: monitoring.coreos.com/v1
2 kind: ServiceMonitor
3 metadata:
4   name: ida-api
5   namespace: ida
6 spec:
7   selector:
8     matchLabels:
9       app: ida-api
10   endpoints:
11     - port: metrics
12       interval: 15s
13       path: /metrics

Scaling

$ # Scale API replicas
$ kubectl scale deployment ida-api --replicas=5 -n ida
$ 
$ # Enable HPA
$ kubectl autoscale deployment ida-api --min=3 --max=10 --cpu-percent=70 -n ida