FeaturesDiscussionsPreviewSkillsMobileOrchestrationDocs
Theme
Get Started
Sophon Docs
Self-Hosting

Kubernetes Deployment

Deploy Sophon on Kubernetes with Helm charts for production-grade scaling.

Prerequisites

  • Kubernetes 1.28+
  • Helm 3.x
  • Enterprise license (required for horizontal scaling)
  • kubectl configured for your cluster

Installation

helm repo add sophon https://charts.sophon.ai
helm repo update

helm install sophon sophon/sophon-enterprise \
  --namespace sophon \
  --create-namespace \
  --values values.yaml

Configuration

Create a values.yaml with your deployment configuration:

# Tier configuration
tier: Enterprise

# Gateway
gateway:
  image: buildersoftdev/sophon:latest
  replicas: 3
  resources:
    requests:
      cpu: "500m"
      memory: "1Gi"
    limits:
      cpu: "2"
      memory: "4Gi"
  env:
    SOPHON__DataDirectory: /home/sophon/.sophon
  persistence:
    enabled: true
    storageClass: standard
    size: 20Gi

# Dashboard
dashboard:
  image: buildersoftdev/sophon-dashboard:latest
  replicas: 2
  resources:
    requests:
      cpu: "100m"
      memory: "128Mi"
    limits:
      cpu: "500m"
      memory: "512Mi"

# Database
database:
  type: postgresql
  host: postgres.sophon.svc
  port: 5432
  name: sophon
  existingSecret: sophon-db-credentials

# Cache
cache:
  type: redis
  host: redis.sophon.svc
  port: 6379
  existingSecret: sophon-redis-credentials

# Vector Database
vectordb:
  type: qdrant
  host: qdrant.sophon.svc
  port: 6334

# Message Bus
messageBus:
  type: rabbitmq
  host: rabbitmq.sophon.svc
  port: 5672
  existingSecret: sophon-rabbitmq-credentials

# Ingress
ingress:
  enabled: true
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
  hosts:
    - host: sophon.example.com
      paths:
        - path: /
          service: dashboard
        - path: /api
          service: gateway
        - path: /hubs
          service: gateway
  tls:
    - secretName: sophon-tls
      hosts:
        - sophon.example.com

# Credential Vault
vault:
  provider: hashicorp
  address: https://vault.example.com
  role: sophon
  mountPath: secret/data/sophon

# Enterprise features
enterprise:
  sso:
    enabled: true
    provider: oidc
    issuerUrl: https://auth.example.com
    clientId: sophon
    existingSecret: sophon-sso-credentials
  rbac:
    enabled: true
  audit:
    enabled: true
    retention: 90d
  multiTenancy:
    enabled: true

Secrets

Create Kubernetes secrets for sensitive credentials before installing:

# Database credentials
kubectl create secret generic sophon-db-credentials \
  --namespace sophon \
  --from-literal=username=sophon \
  --from-literal=password=$(openssl rand -base64 24)

# Redis credentials
kubectl create secret generic sophon-redis-credentials \
  --namespace sophon \
  --from-literal=password=$(openssl rand -base64 24)

# RabbitMQ credentials
kubectl create secret generic sophon-rabbitmq-credentials \
  --namespace sophon \
  --from-literal=username=sophon \
  --from-literal=password=$(openssl rand -base64 24)

# JWT signing key
kubectl create secret generic sophon-jwt \
  --namespace sophon \
  --from-literal=secret=$(openssl rand -base64 48)

Scaling

Sophon supports horizontal scaling for the Gateway and Dashboard pods. The message bus (RabbitMQ) ensures distributed workflow execution across replicas.

Gateway Scaling

kubectl scale deployment sophon-gateway \
  --namespace sophon \
  --replicas=5

Or configure autoscaling:

# In values.yaml
gateway:
  autoscaling:
    enabled: true
    minReplicas: 2
    maxReplicas: 10
    targetCPUUtilization: 70
    targetMemoryUtilization: 80

What Scales

ComponentScalableNotes
GatewayYesStateless request handling; RabbitMQ coordinates work
DashboardYesStatic frontend, fully stateless
PostgreSQLVia externalUse managed PostgreSQL (RDS, Cloud SQL, Azure DB) for HA
QdrantVia externalUse Qdrant Cloud or distributed mode
RedisVia externalUse managed Redis (ElastiCache, Memorystore)
RabbitMQVia externalUse managed RabbitMQ (CloudAMQP) or RabbitMQ Cluster Operator

Health Checks

The Gateway exposes a health endpoint:

kubectl exec -it deployment/sophon-gateway \
  --namespace sophon \
  -- curl -f http://localhost:8080/api/health

Upgrading

helm repo update
helm upgrade sophon sophon/sophon-enterprise \
  --namespace sophon \
  --values values.yaml

Database migrations run automatically on pod startup. No manual migration step is needed.

Next Steps

Native Installation

Run Sophon as a native .NET application without Docker.

SSO & Authentication

Single sign-on with OIDC identity providers.

On this page

PrerequisitesInstallationConfigurationSecretsScalingGateway ScalingWhat ScalesHealth ChecksUpgradingNext Steps