Aegis Orchestrator
Deployment

Infrastructure Requirements

Dependency matrix, hardware requirements, network topology, pod architecture, and the local development stack.

Infrastructure Requirements

This page defines the infrastructure components required to run AEGIS, their inter-dependencies, and minimum hardware specifications.

Deployment Paths

AEGIS provides two distinct deployment paths depending on your use case:

PathUse CaseIAMSecretsTLS
aegis initLocal testing & evaluationNone (unauthenticated)In-memoryNone
aegis-deployProductionNone (optional add-on)OpenBaoCaddy ACME

aegis init bootstraps a minimal local stack suitable for experimenting with agents and workflows. It does not deploy Keycloak, OpenBao, or a TLS edge proxy. It is not suitable for production use.

aegis-deploy (github.com/100monkeys-ai/aegis-deploy) is the recommended production deployment path. It deploys all platform services as Podman pods with secrets management and TLS termination.

Dependency Matrix

ComponentVersionRoleRequired
Docker Engine24.0+Agent container runtime, local development✓ (one of Docker or Podman)
Podman4.0+Agent container runtime and production platform deployment✓ (one of Docker or Podman)
PostgreSQL15+Primary data store (agents, executions, events)
Temporal1.22+Durable workflow execution✓ (if using workflows)
SeaweedFS3.60+Volume storage backend — see SeaweedFS Storage
OpenBao2.0+Secrets managementRecommended
Caddy2.9+Reverse proxy with automatic TLSProduction only
Jaeger1.55+Distributed tracing (OTLP collector)Recommended
Prometheus2.51+Metrics collection and alertingRecommended
Grafana10.4+Dashboards and visualizationRecommended
Loki3.0+Log aggregationRecommended
Linux kernel5.15+KVM support for Firecracker (planned later phase)Later phase

Minimum viable deployment requires only a container runtime (Docker or Podman), PostgreSQL, and SeaweedFS. For the full platform deployment with Podman pods, see Deployment Profiles.

Network Architecture

┌────────────────────────────────────────────────────────────────────────┐
│  Caddy Reverse Proxy (pod-zaru-edge)  :80 / :443                      │
│  Routes: api.* → :8088  auth.* → :8180  grafana.* → :3300  etc.      │
└───────┬────────────────────────────────────────────────────────────────┘

        ▼  aegis-network (Podman bridge)
┌───────────────────────────────────────────────────────────────────────┐
│                                                                       │
│  ┌─────────────────┐   ┌─────────────────┐   ┌────────────────────┐  │
│  │ pod-core        │   │ pod-temporal     │   │ pod-database       │  │
│  │ aegis-runtime   │   │ temporal :7233   │   │ postgres :5432     │  │
│  │ :8088 :50051    │   │ temporal-ui :8233│   │ pg-exporter :9187  │  │
│  │ :2049 :9091     │   │ worker :3000     │   │                    │  │
│  └─────────────────┘   └─────────────────┘   └────────────────────┘  │
│                                                                       │
│  ┌─────────────────┐   ┌────────────────────────────────────────┐  │
│  │ pod-secrets     │   │ pod-storage                            │  │
│  │ openbao :8200   │   │ master :9333  volume :8080  filer :8888│  │
│  └─────────────────┘   └────────────────────────────────────────┘  │
│                                                                       │
│  ┌─────────────────┐   ┌─────────────────┐                           │
│  │ pod-observability│   │ pod-seal-gateway│                           │
│  │ jaeger :16686   │   │ gateway :8089   │                           │
│  │ prometheus :9090│   │         :50055  │                           │
│  │ grafana :3300   │   │                 │                           │
│  │ loki :3100      │   │                 │                           │
│  └─────────────────┘   └─────────────────┘                           │
│                                                                       │
│  ┌────────────────────────────────────────────────────────────────┐   │
│  │  Agent Containers (spawned by aegis-runtime via bollard)       │   │
│  │  ┌────────────┐  ┌────────────┐  ┌────────────┐               │   │
│  │  │ container1 │  │ container2 │  │ container3 │               │   │
│  │  │  NFS mount │  │  NFS mount │  │  NFS mount │               │   │
│  │  └─────┬──────┘  └─────┬──────┘  └─────┬──────┘               │   │
│  └────────┼───────────────┼───────────────┼───────────────────────┘   │
│           └───────────────┴───────────────┘                           │
│           All NFS traffic → pod-core (port 2049)                      │
└───────────────────────────────────────────────────────────────────────┘

Agent containers communicate only with the AEGIS orchestrator (via /v1/dispatch-gateway over HTTP) and the NFS server (port 2049). They do not have direct access to PostgreSQL, SeaweedFS, OpenBao, or external networks (unless the manifest network_policy.allowlist permits specific domains).

Hardware Requirements

Development / Single-Node

ResourceMinimumRecommended
CPU4 cores8+ cores
RAM8 GiB16 GiB
Disk40 GiB SSD200 GiB SSD
OSLinux, macOS (Docker Desktop or Podman Desktop)Ubuntu 22.04 LTS

Note: macOS is supported for local development only (Docker Desktop or Podman Desktop). Production deployments require Linux.

Production Multi-Node

Minimum 3 nodes for high availability:

Node TypeRoleCPURAMDisk
AEGIS OrchestratorAgent execution host16 cores32 GiB100 GiB SSD
DatabasePostgreSQL + Temporal8 cores16 GiB500 GiB NVMe
StorageSeaweedFS master + filer4 cores8 GiB1+ TiB HDD or NVMe

Scale AEGIS Orchestrator nodes horizontally to increase concurrent execution capacity. PostgreSQL and SeaweedFS can be scaled independently.

Local Development Stack

Install and initialize AEGIS locally:

# Install AEGIS
curl -fsSL https://get.100monkeys.ai | bash

# Initialize local stack
aegis init

# Check service status
docker compose -f ~/.aegis/docker-compose.yml ps

# View logs
docker compose -f ~/.aegis/docker-compose.yml logs -f

Dev Stack Services

ServicePortPurpose
PostgreSQL5432AEGIS database
SeaweedFS Master9333SeaweedFS coordination — see SeaweedFS Storage
SeaweedFS Filer8888SeaweedFS POSIX layer
SeaweedFS Volume8080SeaweedFS data server
Temporal Server7233Workflow execution
Temporal Web UI8233Workflow visibility UI

Clone and start the AEGIS daemon against the dev stack:

git clone https://github.com/100monkeys-ai/aegis-orchestrator.git
aegis daemon start --config ./aegis-config.yaml

Ports

PortProtocolServicePodExposure
8088HTTPAEGIS REST APIcoreInternal / load-balanced
50051gRPCAEGIS gRPC APIcoreInternal / load-balanced
9091HTTPPrometheus metricscoreInternal (scrape target)
2049TCPNFS Server GatewaycoreAgent container LAN only
5432TCPPostgreSQLdatabaseInternal only
9187HTTPPostgreSQL ExporterdatabaseInternal (scrape target)
7233gRPCTemporal ServertemporalInternal only
8233HTTPTemporal UItemporalInternal / proxied
8200HTTPOpenBaosecretsInternal only
9333HTTPSeaweedFS MasterstorageInternal only
8080HTTPSeaweedFS VolumestorageInternal only
8888HTTPSeaweedFS FilerstorageInternal only
16686HTTPJaeger UIobservabilityInternal / proxied
4317gRPCOTLP CollectorobservabilityInternal only
9090HTTPPrometheusobservabilityInternal / proxied
3300HTTPGrafanaobservabilityInternal / proxied
3100HTTPLokiobservabilityInternal only
8089HTTPSEAL Gatewayseal-gatewayInternal / proxied
50055gRPCSEAL Gateway gRPCseal-gatewayInternal only
80/443HTTP/TLSCaddy Reverse ProxyedgePublic

Port 2049 (NFS) must be reachable by agent containers but should not be exposed to external networks. Public-facing traffic enters through Caddy on ports 80/443 only.

Identity and Secrets

The Keymaster Pattern, OAuth federation, and centralized secrets management.

Deployment Profiles

Profile-based deployment for AEGIS — minimal, development, and full profiles with pod composition, use cases, and environment configuration.

On this page

Infrastructure RequirementsDeployment PathsDependency MatrixNetwork ArchitectureHardware RequirementsDevelopment / Single-NodeProduction Multi-NodeLocal Development StackDev Stack ServicesPorts