Deployment Profiles
Tyrum supports two operator-visible deployment profiles:
single-host: a single gateway instance running all roles, backed by SQLitesplit-role: separategateway-edge,worker, andschedulerroles, backed by Postgres
Reference (reproducible) configuration templates live in config/deployments/.
Docker deployments (docker compose)
The repo ships a docker-compose.yml with two profiles:
- default: single-host (
tyrumservice) split: split-role (tyrum-edge,tyrum-worker,tyrum-scheduler+postgres)
Safety note:
docker-compose.ymlis local-first. It allows plaintext HTTP for convenience and publishes Postgres on5432. For remote deployments, add firewalling/allowlists, use TLS termination, and set strong database credentials. Seedocs/advanced/remote-gateway.md.
Single-host
docker compose up -d --build tyrum
docker compose logs -f tyrum
The gateway auto-generates an admin token at ${TYRUM_HOME}/.admin-token if GATEWAY_TOKEN is not set.
Split-role
Split-role requires one shared admin token across all roles:
cp config/deployments/split-role.env.example config/local.env
# edit config/local.env and set GATEWAY_TOKEN (>=32 chars)
docker compose --env-file config/local.env --profile split up -d --build postgres tyrum-edge tyrum-worker tyrum-scheduler
Kubernetes deployments (Helm)
The repo ships a Helm chart in charts/tyrum.
Single-host
helm install tyrum charts/tyrum -f config/deployments/helm-single.values.yaml
Split-role
Split-role requires Postgres:
helm install tyrum charts/tyrum -f config/deployments/helm-split-role.values.yaml
Replace REPLACE_ME in config/deployments/helm-split-role.values.yaml with your Postgres password (or set env.GATEWAY_DB_PATH to your full Postgres URI).
Once env.GATEWAY_DB_PATH contains real credentials, treat the resulting Helm values as sensitive (avoid committing it; prefer an untracked values file or a secret manager workflow).