Deployment
Getting Hoziron into production means picking an environment, configuring networking and TLS, and wiring up observability. This section covers every supported deployment model — from a single binary on a VM to a fully orchestrated Kubernetes cluster, including air-gapped environments where nothing touches the internet.
The right starting point depends on your constraints: team size, existing infrastructure, compliance requirements, and whether your models run locally or in the cloud.
What you'll find here
| Guide | Description |
|---|---|
| Bare metal / VM | Install the binary, configure systemd, set up TLS, create a dedicated service user |
| Docker Compose | Compose file, volume mounts, health checks, networking with local providers |
| Kubernetes | Helm chart deployment with production values, PDB, HPA, and ingress configuration |
| Air-gapped | Disconnected environments: local models, offline package transfer, no outbound calls |
| TLS and networking | Certificate configuration, IP allowlists, CORS, Unix socket listeners |
| Observability | Structured logging, Prometheus metrics, OpenTelemetry tracing |
Which guide should I start with?
Common tasks
- Get running in under 5 minutes (dev/eval) → Docker Compose § Quick start
- Configure TLS certificates → TLS and networking § TLS configuration
- Set up Prometheus scraping → Observability § Prometheus metrics
- Deploy the Helm chart with production values → Kubernetes § Production values
- Transfer packages to a disconnected network → Air-gapped § Offline package transfer
- Enable JSON structured logging → Observability § Structured logging
Key defaults
| Setting | Default | Override |
|---|---|---|
| Listen address | 127.0.0.1:4200 | --listen flag, HOZIRON_LISTEN env, or [server].listen in config |
| TLS | Disabled | [server.tls] section in config.toml |
| Metrics | Enabled at /metrics | Always on |
| Health check | /health | Always on, bypasses IP allowlist |
Related
- Security — hardening your deployment once it's running
- Providers — connecting to models (cloud or local)
- Data integration — network configuration affecting external connectivity