|
1 | 1 | --- |
2 | 2 | name: powersync-service |
3 | | -description: PowerSync Service configuration — self-hosting, Docker, source database setup, bucket storage, authentication, and PowerSync Cloud |
| 3 | +description: PowerSync Service configuration — self-hosting, Docker, Kubernetes, Helm, source database setup, bucket storage, authentication, and PowerSync Cloud |
4 | 4 | metadata: |
5 | | - tags: service, self-hosted, docker, postgresql, mongodb, mysql, mssql, authentication, jwt, replication, configuration, private-endpoints, privatelink, vpc, aws |
| 5 | + tags: service, self-hosted, docker, postgresql, mongodb, mysql, mssql, authentication, jwt, replication, configuration, private-endpoints, privatelink, vpc, aws, kubernetes, helm, eks |
6 | 6 | --- |
7 | 7 |
|
8 | 8 | # PowerSync Service |
9 | 9 |
|
10 | | -> **Load this when** configuring the PowerSync service itself — self-hosting, Docker, source database connections, bucket storage, or authentication setup. |
| 10 | +> **Load this when** configuring the PowerSync service itself — self-hosting, Docker, Kubernetes, source database connections, bucket storage, or authentication setup. |
11 | 11 |
|
12 | 12 | ## Table of Contents |
13 | 13 | - [Sync Config](#sync-config) |
@@ -175,6 +175,50 @@ replication: |
175 | 175 |
|
176 | 176 | Without this, you will see: `Replication error postgres does not support ssl`. |
177 | 177 |
|
| 178 | +### Kubernetes / Helm Charts |
| 179 | + |
| 180 | +For Kubernetes deployments (including AWS EKS), use the community-maintained Helm chart. The chart packages the API, replication, compaction, and migration workloads with production defaults. |
| 181 | + |
| 182 | +**Chart repository (source of truth for values, install instructions, and upgrade notes):** https://github.com/powersync-community/powersync-helm-chart |
| 183 | + |
| 184 | +Deploy using standard Helm install/upgrade; configure via `values.yaml` overrides. The PowerSync CLI is not used for Kubernetes deployments. |
| 185 | + |
| 186 | +#### Key Constraints |
| 187 | + |
| 188 | +| Component | Constraint | |
| 189 | +|-----------|------------| |
| 190 | +| Replication | Default 2 replicas = warm standby. **Only one pod replicates at a time.** Do not add replicas to scale throughput — scale vertically instead. If you drop to `replicas: 1`, set the deployment strategy to `Recreate`. | |
| 191 | +| API | Target ~100 connections per pod; hard cap is **200**. Exceeding 200 triggers `PSYNC_S2304` errors. API is stateless — scale out via HPA, not up. | |
| 192 | +| `NODE_OPTIONS` | Leave `--max-old-space-size-percentage=80` as-is. V8 tracks the container memory limit automatically; no recalculation is needed when you change `resources.limits.memory`. | |
| 193 | + |
| 194 | +#### Ingress Requirements |
| 195 | + |
| 196 | +- Use a **dedicated subdomain** (e.g. `powersync.example.com`). PowerSync cannot share a host with other services. |
| 197 | +- Requires HTTP/2 and WebSocket support. Without HTTP/2, sync stream multiplexing degrades. |
| 198 | +- `proxy-buffering: "off"` is **required** for streaming sync — without it responses buffer and stall. |
| 199 | +- Set `proxy-read-timeout` and `proxy-send-timeout` to `3600` to keep long-lived sync streams open. |
| 200 | +- Terminate TLS at the ingress with a real certificate. The placeholder in `values.yaml` will not work in production. |
| 201 | + |
| 202 | +#### Scaling Beyond a Single Instance |
| 203 | + |
| 204 | +A single replication instance handles roughly 50,000–100,000 concurrent clients depending on row size. Past that, run [multiple instances](https://docs.powersync.com/maintenance-ops/self-hosting/multiple-instances) by installing the chart again under a separate Helm release name with its own bucket storage database. The same source database can be shared across installs. |
| 205 | + |
| 206 | +**Important:** Clients must be **pinned to a specific instance**. Each instance maintains its own copy of bucket data — a client switching instances triggers a full resync. Pin clients via your backend (pass the endpoint explicitly) or compute the endpoint deterministically (e.g. `hash(user_id) % n`). Do not load-balance multiple instances behind one host. |
| 207 | + |
| 208 | +#### Observability |
| 209 | + |
| 210 | +Prometheus metrics are exposed on port `9464`. Enable the chart's `NetworkPolicy` (`networkPolicy.enabled: true`) in production to allow scrapes on that port. Key signals: |
| 211 | + |
| 212 | +| Metric | Note | |
| 213 | +|--------|------| |
| 214 | +| `powersync_concurrent_connections` | Primary HPA driver. Alert when a pod nears the 200 hard cap. | |
| 215 | +| `powersync_replication_lag_seconds` | Alert on sustained spikes. | |
| 216 | +| `powersync_replication_storage_size_bytes` | Capacity-plan from the trend. | |
| 217 | +| `powersync_operation_storage_size_bytes` | Capacity-plan from the trend. | |
| 218 | +| `powersync_data_sent_bytes_total` | Egress cost driver. | |
| 219 | + |
| 220 | +See [Metrics](https://docs.powersync.com/maintenance-ops/self-hosting/metrics) for the full metric catalog. |
| 221 | + |
178 | 222 | ### Bucket Storage Database |
179 | 223 | This is required by PowerSync and can be configured in two different ways. This is separate from the source DB. |
180 | 224 |
|
|
0 commit comments