Installing Fides With Kubernetes

This guide will help you deploy Fides on Kubernetes using the official Helm chart (opens in a new tab) with in-cluster PostgreSQL and Redis for development and testing.

This guide deploys PostgreSQL and Redis inside your Kubernetes cluster for a simple, self-contained setup. For production deployments using external managed databases and Redis, see the Production Kubernetes Deployment guide.

Prerequisites

Before deploying the Helm chart, you will need:

Helm v3 (opens in a new tab) installed on your machine
A Kubernetes cluster to which Fides will be deployed
kubectl configured to access your cluster

Configuration

Create a local values file (e.g., values.local.yaml) with the following configuration:

# values.local.yaml - In-cluster setup for development/testing
fides:
  publicHostname: "fides.example.com"
  
privacyCenter:
  publicHostname: "privacy.example.com"
 
# Deploy PostgreSQL and Redis in-cluster
postgresql:
  deployPostgres: true
 
redis:
  deployRedis: true

This configuration will:

Deploy a PostgreSQL database inside your cluster
Deploy a Redis instance inside your cluster
Set up Fides with default credentials and configuration

⚠️

Not for Production Use: This setup uses default credentials and runs databases in-cluster without persistence or backup configurations. For production deployments with external managed services, security hardening, and high-availability, see the Production Kubernetes Deployment guide.

Additional Configuration Options

You can customize your deployment further by adding these options to your values.local.yaml:

Custom Environment Variables:

fides:
  configuration:
    # Add plain environment variables
    additionalEnvVars:
      - name: LOG_LEVEL
        value: "INFO"
    # Reference sensitive values from a Kubernetes secret
    additionalEnvVarsSecret: "my-custom-secrets"

Worker Configuration: Configure background worker pods for privacy request processing, consent management, and other tasks. See the Workers Reference for detailed configuration options and scaling recommendations.

S3 Storage (Optional): To manage an S3 bucket for privacy request exports directly from Kubernetes using AWS Controllers for Kubernetes (ACK):

Install ACK for S3 (opens in a new tab) following the official setup
Enable IAM Roles for Service Accounts (IRSA) (opens in a new tab)
Add to your values.local.yaml:

s3:
  createS3Bucket: true
  bucketName: "my-fides-bucket"
  region: "us-east-1"

For a complete list of all available configuration options, see the Fides Helm chart values.yaml (opens in a new tab).

Useful resources:

Fides Configuration Guide - All configuration options
Workers Reference - Configure background workers
Requirements - System and configuration requirements

Installation

Add the Helm Repository

First, add the Ethyca Helm repository:

helm repo add ethyca https://helm.ethyca.com
helm repo update

Install Fides

Install the chart with your custom values:

helm install fides ethyca/fides --values values.local.yaml

Verify Installation

Check that all pods are running:

kubectl get pods

You should see pods for:

Fides webserver
Privacy Center
PostgreSQL (in-cluster)
Redis (in-cluster)

Accessing Fides

Once deployed, you can access Fides through:

Fides Admin UI: http://<fides.publicHostname> or port-forward for local access:
```
kubectl port-forward svc/fides 8080:8080
```
Privacy Center: http://<privacyCenter.publicHostname> or port-forward:
```
kubectl port-forward svc/fides-privacy-center 3000:3000
```

Next Steps

Configure storage destinations for privacy request exports
Set up integrations to connect to your data systems
Configure background workers for processing privacy requests
When ready for production, see the Production Kubernetes Deployment guide

Additional Resources

Fides Helm Chart Repository (opens in a new tab) - Official Helm chart source and documentation
Helm Documentation (opens in a new tab) - Learn more about Helm
Quick Start - Try the complete Fides demo

Pip Architecture Overview