Infrastructure Requirements

This guide covers all prerequisites and planning considerations before deploying Kindo in a self-managed environment.

Overview

Kindo can be deployed on any Kubernetes cluster (on-premises, AWS, GCP, Azure, or other cloud providers) using Helm charts.

Minimum Infrastructure

Component	Purpose	Minimum Specification
Kubernetes Cluster	Application runtime	3+ nodes, 8 vCPU, 16 GB RAM per node, v1.32+
PostgreSQL	Primary database	PostgreSQL 17+ (17.4 recommended)
Redis	Caching and sessions	Redis 7.0+
RabbitMQ	Message queue	RabbitMQ 3.13+
S3-Compatible Storage	File storage	AWS S3, MinIO, or compatible
Vector Database	Semantic search	Pinecone (pod-based) or Qdrant (self-hosted)
Ingress Controller	Traffic routing	NGINX, Traefik, or similar
Certificate Manager	SSL/TLS	cert-manager or manual certs
DNS Service	Domain management	Any DNS provider
GPU Nodes (optional)	Self-hosted AI models	NVIDIA GPUs with CUDA support

Deployment Sizing

Size	Use Case	K8s Nodes	Database
Dev	Development/Testing	3 nodes (8 vCPU, 16 GB)	2 vCPU, 4 GB RAM
Small	Teams up to 50 users	5 nodes (8 vCPU, 16 GB)	4 vCPU, 8 GB RAM
Medium	50—200 users	8 nodes (16 vCPU, 32 GB)	8 vCPU, 16 GB RAM
Large	200—1000 users	15 nodes (32 vCPU, 64 GB)	16 vCPU, 32 GB RAM

Kubernetes Cluster Requirements

Cluster Specifications

Minimum:

Kubernetes version 1.32 or higher
3 nodes minimum (for HA)
8 vCPU and 16 GB RAM per node minimum
100 GB SSD per node
Network plugin: Calico, Cilium, or Flannel
Dynamic storage provisioning enabled

GPU Node Requirements (for self-hosted models):

NVIDIA drivers installed
nvidia-container-runtime configured
NVIDIA device plugin or GPU Operator installed
Nodes labeled for workload targeting:

kubectl label nodes <gpu-node-name> nvidia.com/gpu=true
kubectl label nodes <gpu-node-name> accelerator=nvidia-h100

Required Kubernetes Features

Storage: Dynamic volume provisioning, default storage class, ReadWriteOnce volumes
Networking: LoadBalancer or NodePort support, network policies (recommended), ingress controller
RBAC: Enabled (required)

Pre-installed Components

Component	Purpose
Ingress Controller	HTTP(S) routing (NGINX, Traefik, or cloud provider)
cert-manager	SSL certificate management
metrics-server	Resource metrics

Optional but recommended: External Secrets Operator, Prometheus/Grafana, Loki

Database Requirements

PostgreSQL

Version: 17.0+ (17.4 recommended)

Specifications: 4 vCPU, 8 GB RAM, 100 GB SSD, 200 concurrent connections

Required databases:

CREATE DATABASE kindo;      -- Main application
CREATE DATABASE unleash;    -- Feature flags
CREATE DATABASE litellm;    -- AI model proxy
CREATE DATABASE ssoready;   -- SSO authentication

Create dedicated users for each service with appropriate grants. Connection strings follow the format: postgresql://username:password@hostname:5432/database_name

Production HA: Use streaming replication, managed PostgreSQL (AWS RDS, Cloud SQL, Azure Database), automatic failover, and daily backups.

Redis

Version: 7.0+ (7.2 recommended). Minimum 2 GB memory, 100 concurrent connections.

Kindo uses Redis Streams for real-time conversation streaming between backend workers and the API layer. All stream operations for a given conversation must resolve to the same Redis node. Deploy Redis in standalone mode — a single primary instance with no sharding.

Cloud provider compatibility

AWS ElastiCache — Use Cluster Mode Disabled with a single node (no replicas). Recommended: num_node_groups = 1, replicas_per_node_group = 0, engine version 7.0+. Cluster Mode Enabled with 2+ shards is not supported.

Azure Cache for Redis — Use Basic or Standard tier (single-node, non-clustered). Premium/Enterprise clustered tiers with 2+ shards are not supported.

Google Cloud Memorystore — Use Basic tier (standalone instance). Redis Cluster mode is not supported.

Environment variables

Variable	Required	Description
`REDIS_URL`	Yes	Connection string (e.g., `redis://host:6379` or `rediss://...` for TLS)
`REDIS_CA_CERT_PEM`	No	PEM-encoded CA certificate for TLS with a private CA

Streaming tuning (optional — defaults are suitable for most deployments):

Variable	Default	Description
`STREAM_TTL_SECONDS`	`900` (15 min)	How long streams persist before expiring
`CHAT_STREAM_XREAD_BLOCK_TIME_MS`	`10`	Blocking wait time for new events (ms)
`CHAT_STREAM_MAX_RETRIES`	`20`	Retries when waiting for a stream to appear
`CHAT_STREAM_RETRY_DELAY_MS`	`500`	Delay between retries (ms)

Troubleshooting Redis

Conversations hang with no streaming output — Most commonly caused by a sharded Redis Cluster or unsupported Sentinel/replica deployment. The task worker writes to a stream on one shard or node, but the API reads from a different one where the stream doesn’t exist. Reconfigure to a standalone single-node deployment.

How to check your Redis mode:

redis-cli INFO server | grep redis_mode

redis_mode:standalone — compatible
redis_mode:sentinel or redis_mode:cluster — not supported; reconfigure to standalone

For AWS ElastiCache, check the replication group’s Cluster Mode setting in the console or via:

aws elasticache describe-replication-groups \
  --replication-group-id your-group-id \
  --query 'ReplicationGroups[0].ClusterMode'

RabbitMQ

Version: 3.13+. 2 vCPU, 2 GB RAM, 20 GB disk. Management plugin enabled.

Production HA: 3+ node cluster with quorum queues, or managed service.

Storage Requirements

S3-Compatible Object Storage

Options: AWS S3, MinIO, GCS (S3 compatibility), Azure Blob (S3 compatibility), Ceph

Required buckets:

Bucket	Purpose	Access
`kindo-uploads`	User file uploads	Private
`kindo-audit-logs`	Compliance audit logs	Private (strict)
`kindo-backups`	Database backups	Private

External Service Requirements

Vector Database (choose one)

Pinecone (managed): Create a pod-based (not serverless) index with cosine metric and 1536 dimensions.

Qdrant (self-hosted): Deploy in Kubernetes with cosine distance, 1536 vector size. 3+ replicas for HA.

AI/LLM Services (at least one)

Provider	Best For
OpenAI	Most versatile, GPT-4o, o1
Anthropic Claude	Complex reasoning, long context
Azure OpenAI	Enterprise compliance
Groq	Fast inference, low latency

For self-hosted models, see GPU requirements:

Use Case	GPU Requirements
Embedding models only	1x GPU, 8 GB+ VRAM
Small LLMs (7B—13B)	1x GPU, 16 GB+ VRAM
Medium LLMs (30B—70B)	2—4x GPUs, 24 GB+ each
Large LLMs (70B+)	4—8x GPUs, 80 GB+ each

Audit Logging

Syslog server supporting RFC3164, accessible from the cluster on TCP/UDP 514. 1+ year log retention recommended.

Email Service

SMTP server, Amazon SES, SendGrid, or Mailgun.

Network and DNS

DNS

Control over a domain or subdomain with the ability to create A/CNAME records.

Component	Subdomain Example
Frontend	`app.kindo.company.com`
API	`api.kindo.company.com`
SSOReady	`sso.kindo.company.com`
LiteLLM	`litellm.kindo.company.com`
Unleash	`unleash.kindo.company.com`

Firewall Rules

Inbound: 443 (HTTPS), 80 (HTTP redirect)

Outbound: 443 (external APIs), 5432 (PostgreSQL), 6379 (Redis), 5672 (RabbitMQ), 514 (Syslog)

Security

Encryption

At rest: PostgreSQL, Redis, S3, and Kubernetes secrets encryption
In transit: HTTPS for all web traffic, TLS for database and cache connections

Secret Management

Use External Secrets Operator to sync from AWS Secrets Manager, HashiCorp Vault, Google Secret Manager, or Azure Key Vault.

Required Tools

Tool	Version
Helm	3.8.0+
kubectl	1.32+
jq	Latest
yq	Latest

Pre-Deployment Checklist

Next Steps

Proceed to the Installation Guide for step-by-step deployment instructions, or see the AI Model Deployment Guide for detailed guidance on deploying and configuring the AI models that power your Kindo installation.