Skip to main content

​
Deployment Guides

Docker Compose

Single VM, up to 100 developers

Kubernetes

Clustered, 100+ developers

​
Docker Compose Architecture

All services run as containers on a single Linux host, orchestrated by Docker Compose.
Greptile architecture overview

​
Core Services

ServicePortFunction
greptile-web3000Web UI
greptile-api3001REST API, business logic
greptile-auth3002Internal authentication
greptile-webhook3007Receives GitHub/GitLab webhooks
saml-jackson5225SAML SSO (Okta, Azure AD, etc.)

​
Background Workers

ServicePortFunction
greptile-indexer-chunker-Splits repositories into chunks for indexing
greptile-indexer-summarizer-Generates repository summaries
greptile-reviews3005Generates PR reviews using LLMs
greptile-jobs8086Scheduled tasks (analytics, cleanup)
greptile-llmproxy4000Routes requests to configured LLM providers

​
Infrastructure Services

ServicePortFunction
hatchet-api8080Workflow orchestration API
hatchet-frontend8080Hatchet admin UI (via caddy)
hatchet-engine7077Executes background workflows
hatchet-postgres-Hatchet’s PostgreSQL database
hatchet-rabbitmq5673Message queue for Hatchet
greptile-postgres5432Application database (pgvector enabled)
hatchet-caddy80/443/8080Reverse proxy for Hatchet

​
Data Flow

  1. Webhook received → greptile-webhook validates and queues the event
  2. Hatchet picks up the job and dispatches to appropriate worker
  3. Workers (chunker, summarizer, reviews) process via llmproxy
  4. Results stored in PostgreSQL, response posted back to SCM

​
Network Requirements

Must expose:
  • Port 3007 for SCM webhooks (or route through Caddy on 443)
  • Port 3000 for web UI access
  • Port 8080 for Hatchet admin (optional, can restrict to internal)
Must reach outbound:
  • LLM provider APIs (OpenAI, Anthropic, Bedrock, etc.)
  • SCM provider APIs (GitHub, GitLab, etc.)
  • Container registry for image pulls

​
Storage

PostgreSQL stores all application data including:
  • Repository metadata and summaries
  • Code embeddings (via pgvector)
  • Review history and analytics
  • User accounts and settings
Plan storage based on repository sizes. Embeddings are the largest component.

​
Kubernetes Architecture

Services deployed as pods across a Kubernetes cluster, managed by Helm charts. External PostgreSQL and Redis recommended for production.
Kubernetes architecture

​
Pod Deployments

Same services as Docker Compose, deployed as separate Kubernetes Deployments:
DeploymentReplicas (prod)Notes
web3Stateless, scales horizontally
api20High traffic, scales horizontally
auth1Low traffic
webhook5Scales with PR volume
chunker10CPU/memory intensive
summarizer50LLM-bound, scales with indexing load
reviews36LLM-bound, scales with review volume
jobs1Single instance

​
External Services

Unlike Docker Compose, Kubernetes deployments typically use managed services:
ComponentRecommendedPurpose
PostgreSQLRDS with pgvectorApplication data, embeddings
RedisElastiCacheCaching, rate limiting
HatchetDeployed via HelmWorkflow orchestration

​
Networking

Ingress: LoadBalancer or Ingress controller exposes web and webhook services. Service mesh: Optional. mTLS between services if using Istio/Linkerd. Egress: NAT gateway for outbound traffic to LLM/SCM providers.

​
Scaling Considerations

  • API and Webhook scale with traffic volume
  • Chunker scales with new repository indexing load
  • Summarizer and Reviews scale with LLM throughput requirements
  • Use HPA (Horizontal Pod Autoscaler) for dynamic scaling based on CPU/memory

​
Security Model

​
Authentication

MethodUse Case
SAML SSOEnterprise IdP (Okta, Azure AD, etc.)
Internal authUsername/password for smaller deployments
GitHub/GitLab OAuthDeveloper authentication

​
Secrets Management

Docker Compose: Environment variables in .env file. For production, use a secrets manager and inject at runtime. Kubernetes: External Secrets Operator syncing from AWS Secrets Manager, Vault, or similar.

​
Network Security

  • Deploy in private subnet, expose only webhook port externally
  • Database and Redis should not have public IPs
  • Use security groups/firewall rules to restrict access
  • All external traffic over TLS

​
Monitoring

​
Key Metrics

WhatWhy
Hatchet dashboardWorkflow success/failure rates, queue depth
Container healthRestarts, OOM kills
CPU/MemoryCapacity planning, scaling triggers
Disk usageEmbedding storage growth
LLM latencyProvider performance
  • Logs: CloudWatch, ELK, or Loki
  • Metrics: Prometheus + Grafana, or CloudWatch
  • Alerting: PagerDuty, Opsgenie, or native cloud alerting
Greptile’s Hatchet dashboard (port 8080) provides workflow-level visibility without additional setup.