Self-Hosting

StackLens is self-hostable via Helm. The self-hosted distribution includes Identity, FlowOps, Gateway, and the UI. StackTrace and GovernAI are available on StackLens Cloud.

Requirements

Kubernetes 1.27+
Helm 3.8+ (OCI support)
An ingress controller (nginx recommended)
PostgreSQL and Redis — or use the bundled Bitnami subcharts for a quick start

Install

The chart is published as an OCI artifact — no helm repo add step required.

External Postgres + Redis (production)

helm install stacklens \
  oci://ghcr.io/getstacklens-ai/helm/stacklens-platform \
  --version 0.2.10 \
  --namespace stacklens --create-namespace \
  --set ingress.host=app.your-domain.com \
  --set secrets.identityDb="Host=your-pg-host;Database=stacklens_identity;Username=stacklens;Password=..." \
  --set secrets.flowopsDb="Host=your-pg-host;Database=stacklens_flowops;Username=stacklens;Password=..." \
  --set secrets.redis="your-redis-host:6379" \
  --set secrets.jwtSecret="$(openssl rand -base64 32)"

Bundled Postgres + Redis (quick start)

For a quick spin-up with no external dependencies. Not recommended for production data.

helm install stacklens \
  oci://ghcr.io/getstacklens-ai/helm/stacklens-platform \
  --version 0.2.10 \
  --namespace stacklens --create-namespace \
  --set postgresql.enabled=true \
  --set postgresql.auth.postgresPassword="$(openssl rand -base64 16)" \
  --set redis.enabled=true \
  --set ingress.host=app.your-domain.com \
  --set secrets.jwtSecret="$(openssl rand -base64 32)"

Upgrade

helm upgrade stacklens \
  oci://ghcr.io/getstacklens-ai/helm/stacklens-platform \
  --version <new-version> \
  --namespace stacklens \
  --reuse-values

Values reference

Value	Default	Purpose
`ingress.host`	`stacklens.example.com`	Hostname for the ingress rule
`ingress.className`	`nginx`	Ingress class
`ingress.annotations`	nginx proxy timeouts + body size	Extra ingress annotations
`ingress.tls`	`[]`	TLS configuration (standard Kubernetes ingress TLS format)
`secrets.jwtSecret`	—	JWT signing key — minimum 32 random bytes
`secrets.identityDb`	—	Connection string for the Identity database
`secrets.flowopsDb`	—	Connection string for the FlowOps database
`secrets.redis`	—	Redis connection string (`host:port`)
`secrets.existingSecret`	`""`	Name of a pre-existing Kubernetes Secret — chart skips creating one
`images.registry`	`ghcr.io/getstacklens-ai`	Image registry for all StackLens services
`images.tag`	`latest`	Image tag for all StackLens services
`images.pullPolicy`	`IfNotPresent`	Image pull policy
`imagePullSecrets`	`[]`	Pull secrets for GHCR authentication
`identity.replicas`	`1`	Identity service replica count
`flowops.replicas`	`1`	FlowOps service replica count
`gateway.replicas`	`2`	Gateway replica count
`gateway.upstreams.identity`	`""`	Override identity upstream URL (empty = in-cluster Service)
`gateway.upstreams.flowops`	`""`	Override flowops upstream URL (empty = in-cluster Service)
`ui.replicas`	`2`	UI replica count
`postgresql.enabled`	`false`	Enable bundled Bitnami PostgreSQL subchart
`redis.enabled`	`false`	Enable bundled Bitnami Redis subchart

Full defaults: values.yaml

Using an external secrets manager

If you manage secrets with Vault, External Secrets Operator, or Sealed Secrets, create the Kubernetes Secret yourself and set secrets.existingSecret:

--set secrets.existingSecret="stacklens-credentials"

The chart expects the following keys in that secret:

ConnectionStrings__IdentityDb
ConnectionStrings__FlowOpsDb
ConnectionStrings__Redis
Jwt__Secret

After installation

Navigate to your configured ingress host in a browser and create your account.

The API is available at https://your-host/api.

Configure the SDK

import getstacklens
 
getstacklens.configure(
    api_key="sl-xxxx",        # generated in Settings → API Keys
    endpoint="https://your-host",
)

Production recommendations

Use a managed PostgreSQL service (RDS, Cloud SQL, Azure Database for PostgreSQL)
Use a managed Redis service (ElastiCache, Upstash, Azure Cache for Redis)
Store secrets in your cloud provider's secret manager — not in values.yaml or --set flags on the command line
Configure ingress.tls with cert-manager for automatic TLS
Enable regular database backups before upgrading