Deployment Model
Zenvara runs as a single binary — no JVM, no Python interpreter, no cluster requirement, no separate database. The deployment story is short, but precise.
What a deployment is
Section titled “What a deployment is”A self-contained .NET 10 binary plus:
- a
data/directory (storage, see Storage Backends), - an
appsettings.yaml(configuration, see appsettings & Layers).
The binary serves a Kestrel HTTP listener (default port 5000). There is no agent, no message broker, no external scheduler. Storage can be local files, S3, or an S3-compatible store like Minio — picked at install.
The platform is single-replica by design today. Horizontal scaling is on the roadmap; customers who need HA run a single-replica StatefulSet behind a load balancer that doesn’t actually load-balance. The model is “scale up, not out.”
Footprint
Section titled “Footprint”Roughly 200 MB on disk for the binary plus whatever data/ grows into. No runtime to install on the host.
The six targets
Section titled “The six targets”Pick one — they’re covered in Deployment Targets:
- From source —
dotnet run, for development and demos only. - Linux + systemd — the common Linux production target.
- Windows Service —
sc.exe-registered service, often with a domain service account. - IIS site — for organisations standardised on IIS as the public tier.
- Docker — multi-stage image,
/datavolume,HEALTHCHECKon/health. - Kubernetes — single-replica
StatefulSet+ PVC + Service + Ingress.
Health and readiness endpoints
Section titled “Health and readiness endpoints”A load balancer or monitor will hit:
/api/v1/platform/diagnostics— readiness.200with environment/operator counts and a version banner when fully booted;503while loading./health— liveness (DockerHEALTHCHECK, k8s liveness)./swagger— interactive API surface; disable in production withEnableSwagger: false.
Structured Serilog output is the rest of the observability story — console + file by default; add an ELK / Loki / Splunk sink to ship logs off-host.
Reverse proxy and TLS
Section titled “Reverse proxy and TLS”TLS terminates at a reverse proxy (nginx or IIS). The proxy forwards X-Forwarded-For and X-Forwarded-Proto; configure the platform’s ForwardedHeaders middleware to trust the proxy’s CIDR so the audit log sees real client IPs. Kestrel binds to localhost by default.
Set LocalOverlay.Enabled: false in production and reject /api/v1/local/... at the proxy as defense-in-depth.
Continue to Deployment Targets →.