Not sure which model fits? See Deployment models for a full comparison of SaaS and BYOC.
Content
In this section, you will find:- Midaz Terraform Foundation: Learn about the Midaz Terraform Foundation, a repository with ready-made Terraform examples to help you create the infrastructure needed to run Midaz, following best practices of AWS, GCP, or Azure.
- Helm: Deploy and manage Midaz on Kubernetes using Helm.
- Using Helm: Install and configure Midaz on Kubernetes, including ingress setup, observability, and dependency management.
- Upgrading Helm: Migrate between Helm chart versions with breaking changes, migration paths, and rollback procedures.
- Upgrading Midaz and plugins via Helm: Step-by-step instructions for upgrading Midaz Core and plugins via Helm.
- Version compatibility: Check the compatibility matrix for Midaz Helm charts.
Deployment strategies
You manage the infrastructure in both Midaz modules, Community and Enterprise. We strongly recommend using Kubernetes with our Helm Charts. This approach simplifies deployment and scaling, especially if using the Enterprise edition, which includes support and modular microservices. That said, you can choose the deployment strategy that fits your needs.
Deploying with Kubernetes
Our official Helm Charts are the recommended method. They offer a fast and flexible way to install Midaz in a Kubernetes environment. You can either plug Midaz into your existing databases and services or use the default components provided in the Helm chart. This setup adapts to different infrastructure needs and supports production-grade deployments. For a step-by-step guide, check the Deploying using Helm documentation.Self-managed deployment
If you prefer full control, you can deploy Midaz manually. The project is already configured to run with Docker, which makes local or small-scale setups straightforward. You can also adapt it to your own infrastructure, whether you’re using a different orchestrator or running directly on virtual machines or bare metal. For instructions, check the Installing Midaz page.Platform requirements
You’re already aligned with the required versions using our default Helm configuration. If you’re bringing your own infrastructure components, make sure you meet the minimum supported versions:
| Service | Minimum Supported Version | Notes |
|---|---|---|
| Kubernetes | 1.20+ | 1.30+ recommended |
| Helm CLI | 3.8+ | Required for OCI registry |
| PostgreSQL | 16.3 | Primary database |
| MongoDB | 8.x | Document storage (Helm chart: bitnami/mongodb 16.4.0+) |
| RabbitMQ | 2.1.11 | Message broker |
| Valkey | 2.4.7 | In-memory cache (Redis fork) |
| OTEL Collector | 2.2.1 | Optional, for observability |
Best practices
Access to the infrastructure
- Use least privilege policies when connecting to databases.
- Block direct access to databases by default. Only allow it in exceptional cases with approval.
- Store secrets securely using tools like HashiCorp Vault.
- Use dedicated tools for safe access to production data.
Redundancy and high availability
- Enable replication and backups for both Midaz and your databases.
- Use load balancers to route traffic across services evenly.
Network security
- Run your services inside VPCs to isolate critical components.
- Use NAT gateways or proxies for outbound connections.
- Apply security groups or firewall rules to restrict access to required ports and IPs.
Data persistence and storage
- Use replicated databases to support high availability and recovery.
- Choose scalable storage solutions that match your data growth.
- Use Valkey (Redis fork) for caching and background message management.
Observability
- Integrate tools that monitor logs, traces, and metrics.
- Midaz supports observability through OpenTelemetry, making detecting and resolving issues easier.
Shared responsibilities
Running Midaz under the BYOC model is a shared responsibility between Lerian and your team. For a detailed breakdown of who secures what — including how responsibilities differ between BYOC and SaaS — see the Security page.