> **Building with AI coding agents?** If you're using an AI coding agent, install the official Scalekit plugin. It gives your agent full awareness of the Scalekit API — reducing hallucinations and enabling faster, more accurate code generation.
>
> - **Claude Code**: `/plugin marketplace add scalekit-inc/claude-code-authstack` then `/plugin install <auth-type>@scalekit-auth-stack`
> - **GitHub Copilot CLI**: `copilot plugin marketplace add scalekit-inc/github-copilot-authstack` then `copilot plugin install <auth-type>@scalekit-auth-stack`
> - **Codex**: run the bash installer, restart, then open Plugin Directory and enable `<auth-type>`
> - **Skills CLI** (Windsurf, Cline, 40+ agents): `npx skills add scalekit-inc/skills --list` then `--skill <skill-name>`
>
> `<auth-type>` / `<skill-name>`: `agentkit`, `full-stack-auth`, `mcp-auth`, `modular-sso`, `modular-scim` — [Full setup guide](https://docs.scalekit.com/dev-kit/build-with-ai/)

---

# System requirements

Before installing Scalekit, confirm your infrastructure meets the requirements below.

## Kubernetes

| Requirement | Value |
|-------------|-------|
| Kubernetes version | 1.27 or later |
| Helm version | 3.12 or later |
| `kubectl` | Configured with cluster access |

Any managed Kubernetes service works — GKE, EKS, AKS, or a self-managed cluster.

Scalekit supports two ingress options — use one, not both:

- **Kubernetes Gateway API** (recommended for cloud clusters): requires a GatewayClass installed on your cluster
- **Nginx Ingress** (for local or Minikube deployments): requires the nginx ingress controller

For Gateway API, common GatewayClasses:

| Provider | GatewayClass |
|----------|-------------|
| GKE | `gke-l7-global-external-managed` (built-in) |
| Istio | `istio` |
| Envoy Gateway | `eg` |

On GKE, the Gateway controller is enabled by default. For other clusters, install the Gateway API CRDs and a compatible controller before deploying Scalekit.

## PostgreSQL

Scalekit requires **three separate databases** on PostgreSQL 15 or later. These can all live on the same PostgreSQL instance.

| Database | Used by |
|----------|---------|
| `scalekit` | Core auth service |
| `webhooks` | Webhook delivery |
| `openfga` | Authorization engine (if enabled) |

Create a dedicated user with full privileges on each database. Scalekit runs migrations automatically on install and upgrade.
**Evaluation without external PostgreSQL:** The Helm chart includes an optional PostgreSQL subchart. Set `postgresql.enabled: true` in your `values.yaml` to spin up a bundled database for evaluation. Do not use this in production.
**CockroachDB:** CockroachDB is also supported. Set `DB_ADAPTER=postgresql` in the `db-migrations` secret (the setup script handles this automatically).

## Redis

| Requirement | Value |
|-------------|-------|
| Version | 6.2 or later |

Scalekit uses Redis for session storage, token caching, and background job queues. Redis does not need persistence enabled, but enabling RDB snapshots is recommended for production.
**Evaluation without external Redis:** The Helm chart includes an optional Redis subchart. Set `redis.enabled: true` in your `values.yaml` to use it for evaluation. Do not use this in production.

## Email (SMTP)

Scalekit sends transactional email for password resets, magic links, and user invitations. You need an SMTP provider configured before first run.

Supported providers with first-class integration: **Postmark**, **SendGrid**. Any SMTP server works with the `OTHER` provider type.

## Node sizing

| Resource | Production (per node) |
|----------|-----------------------|
| CPU | 4 vCPUs |
| RAM | 8 GB |

The Scalekit Deployment defaults to 2 replicas with autoscaling up to 20. Each replica includes all sidecar containers. Tune `replicaCount` and HPA settings in your `values.yaml`.

## Network and DNS

### DNS

A wildcard DNS record pointing to your Gateway's external IP is required. You set this up after the deployment is running — see [Install Scalekit](/self-hosted/installation/#update-dns).

### TLS

HTTPS is required. Manage certificates through your cloud provider's certificate manager (for example, GCP Certificate Manager) and reference it via a Gateway annotation. cert-manager is also supported — add the appropriate annotation to `gateway.annotations` in your `values.yaml`.

## Container registry access

Scalekit container images are hosted on <code>{REGISTRY_HOST}</code>. You receive registry credentials through the <a href={DISTR_URL}>Scalekit distribution portal</a> as part of onboarding. The registry token is stored as a Kubernetes image pull secret (`artifact-registry-secret`) during setup.

## Next step

Once your infrastructure is ready, proceed to [configure Scalekit](/self-hosted/configuration/).

---

## More Scalekit documentation

| Resource | What it contains | When to use it |
|----------|-----------------|----------------|
| [/llms.txt](/llms.txt) | Structured index with routing hints per product area | Start here — find which documentation set covers your topic before loading full content |
| [/llms-full.txt](/llms-full.txt) | Complete documentation for all Scalekit products in one file | Use when you need exhaustive context across multiple products or when the topic spans several areas |
| [sitemap-0.xml](https://docs.scalekit.com/sitemap-0.xml) | Full URL list of every documentation page | Use to discover specific page URLs you can fetch for targeted, page-level answers |