New in Rulebricks: Reactive Rule Flows. More →
Private Deployment
Rulebricks on AWS EKS

Rulebricks on AWS

Configuration

AWS EKS is our preferred deployment method for private deployments of Rulebricks, superceding our old, Docker compose based deployments.

Nearly all of the setup work is automated by Terraform, and a custom setup script we provide handles the rest. This spins up an externally hosted database instance, which we manage for you, and a Kubernetes cluster.

This guide provides detailed instructions for deploying Rulebricks in your own infrastructure. Private deployments allow you to run Rulebricks in your own cloud account with complete control over your data and infrastructure.

Note: This guide assumes you have contacted Rulebricks and received a valid license key. We welcome teams trying to evaluate Rulebricks privately– shoot us an email at support@rulebricks.com for quick turnaround on this.

Table of Contents

Overview

Rulebricks allows you to deploy the application in your own cloud environment. This private deployment option is fully supported on AWS EKS (Elastic Kubernetes Service) and includes configuration options for Azure and GCP as well.

The private deployment consists of:

  • A Kubernetes cluster provisioned through Terraform
  • Application components deployed through Helm charts
  • A Supabase project for database, authentication, and storage
  • Redis for caching and temporary data storage
  • Traefik as the ingress controller with automatic TLS configuration

Prerequisites

Before starting a private deployment, ensure you have:

Required Accounts

  1. Rulebricks License - You need a valid license key from Rulebricks
  2. Cloud Provider Account - AWS (recommended), Azure, or GCP
  3. Supabase Account - For database and authentication services

Command Line Tools

The following tools must be installed and configured on your local machine:

  • kubectl - Kubernetes command-line tool
  • helm - Kubernetes package manager
  • terraform - Infrastructure as code tool
  • supabase - Supabase CLI
  • openssl - For cryptographic operations

Domain Configuration

  • A domain or subdomain that you control
  • Ability to configure DNS records for this domain

Cloud Provider Setup

AWS (Recommended)

  1. Install and configure AWS CLI
  2. Ensure your AWS user/role has permissions to:
    • Create and manage EKS clusters
    • Create and manage IAM roles and policies
    • Create and manage VPCs, security groups, and load balancers
    • Create and manage EC2 instances

Azure

  1. Install and configure Azure CLI
  2. Ensure your Azure account has permissions to:
    • Create and manage AKS clusters
    • Create and manage resource groups
    • Create and manage virtual networks

GCP

  1. Install and configure Google Cloud SDK
  2. Enable the required APIs in your Google Cloud project:
    • Kubernetes Engine API
    • Compute Engine API
    • IAM API
  3. Ensure your GCP account has permissions to:
    • Create and manage GKE clusters
    • Create and manage VPC networks
    • Create and manage service accounts

Project Structure

The deployment repository is organized as follows:

/
├── README.md                     # Project overview
├── rulebricks-chart/             # Helm chart for the application
│   ├── Chart.yaml                # Chart metadata
│   ├── templates/                # Kubernetes resource templates
│   │   ├── app-configmap.yaml    # Application configuration
│   │   ├── app-deployment.yaml   # Application deployment
│   │   ├── app-secret.yaml       # Application secrets
│   │   ├── app-service.yaml      # Application service
│   │   ├── hpa.yaml              # Horizontal Pod Autoscaler
│   │   ├── ingress.yaml          # Ingress resource
│   │   ├── redis-deployment.yaml # Redis deployment
│   │   ├── redis-pvc.yaml        # Redis persistent volume claim
│   │   └── ...                   # Other resources
│   ├── traefik-values-no-tls.yaml # Traefik config without TLS
│   ├── traefik-values-tls.yaml   # Traefik config with TLS
│   └── values.yaml               # Default chart values
├── setup.sh                      # Deployment script
├── supabase/                     # Supabase configuration
│   ├── config.example.toml       # Supabase configuration template
│   ├── emails/                   # Email templates
│   └── migrations/               # Database migrations
│       └── 20250328_init.sql     # Initial database schema
├── teardown.sh                   # Uninstallation script
└── terraform/                    # Infrastructure as code
    ├── aws/                      # AWS-specific configuration
    ├── azure/                    # Azure-specific configuration
    └── gcp/                      # GCP-specific configuration

Configuration Variables

Important Configuration Files

  1. Terraform Variables (terraform/<provider>/variables.tf):

    • region - Cloud provider region
    • cluster_name - Name for your Kubernetes cluster
    • node_instance_type - VM size for cluster nodes
    • min_capacity, max_capacity, desired_capacity - Autoscaling configuration

  2. Helm Chart Values (rulebricks-chart/values.yaml):

    • app.resources - CPU and memory resources for Rulebricks
    • app.autoscaling - Horizontal scaling settings
    • redis.persistence - Storage settings for Redis
    • ingress - Ingress controller configuration

  3. Supabase Configuration (supabase/config.example.toml):

    • Authentication settings
    • Customize email templates (supabase/emails)
    • API access configuration

User-Provided Variables (During Setup)

When running the setup script, you'll be prompted to provide:

  1. Cloud Provider - Choose between AWS, Azure, or GCP
  2. Domain Name - The domain where Rulebricks will be hosted
  3. Admin Email - Email address for the administrator account
  4. License Key - Your Rulebricks license key
  5. Supabase Region - Geographic region for your Supabase project – We recommend colocating with your Kubernetes cluster

Deployment Instructions

Step 1: Clone the Repository

Clone the private deployment repository to your local machine.

Step 2: Prepare Your Environment

Ensure all prerequisite tools are installed and configured:

# Verify installed tools
kubectl version --client
helm version
terraform version
supabase --version
openssl version

Step 3: Run the Setup Script

Execute the setup script:

sh ./setup.sh

The script will:

  1. Check for required tools
  2. Prompt for configuration values
  3. Create a Supabase project
  4. Provision a Kubernetes cluster on your selected cloud provider
  5. Install Traefik ingress controller
  6. Deploy the Rulebricks application with Helm
  7. Configure TLS using Let's Encrypt

Step 4: Configure DNS

During setup, you'll be provided with a load balancer endpoint. Create a DNS record for your domain:

  • Record Type: A or CNAME (depending on the load balancer address)
  • Name: Your domain or subdomain (e.g., rulebricks.yourdomain.com)
  • Value: The load balancer endpoint provided during setup

The script will wait for DNS propagation before completing the setup.

Post-Deployment Verification

After the deployment completes, verify that everything is working correctly:

Check Kubernetes Resources

# Verify pods are running
kubectl get pods -n rulebricks
 
# Check services
kubectl get services -n rulebricks
 
# Verify ingress is configured
kubectl get ingress -n rulebricks
 
# Check horizontal pod autoscaler
kubectl get hpa -n rulebricks

Verify Application Access

  1. Open your browser and navigate to your domain (https://your-domain.com)
  2. Sign up using the admin email you provided during setup
  3. Verify that you can access the Rulebricks dashboard

Check Application Logs

# Get pod names
kubectl get pods -n rulebricks
 
# Check logs for the application pod
kubectl logs -n rulebricks <rulebricks-app-pod-name>
 
# Check logs for the Redis pod
kubectl logs -n rulebricks <redis-pod-name>

Monitor Resource Usage

# Check pod resource usage
kubectl top pods -n rulebricks
 
# Check node resource usage
kubectl top nodes

Teardown Process

If you need to remove the Rulebricks deployment while preserving the underlying infrastructure, use the teardown script:

sh ./teardown.sh <your-domain-name>

The teardown script:

  1. Uninstalls the Rulebricks Helm chart
  2. Removes associated Kubernetes resources
  3. Deletes persistent volume claims
  4. Removes the Traefik ingress controller
  5. Optionally deletes the associated Supabase project

Note: The teardown script does NOT remove the Kubernetes cluster created by Terraform. This allows you to quickly redeploy Rulebricks without waiting for infrastructure provisioning.

Complete Infrastructure Removal

If you want to completely remove all infrastructure, continue by using Terraform to destroy the resources:

cd terraform/<provider>  # aws, azure, or gcp
terraform destroy

Troubleshooting

Common Issues

Pod Startup Failures

If pods fail to start, check for resource constraints:

kubectl describe pod <pod-name> -n rulebricks

Connection Issues

If you can't connect to the application:

  1. Verify DNS is correctly configured
  2. Check if TLS certificate was provisioned correctly:
kubectl get certificate -n traefik
  1. Check Traefik logs:
kubectl logs -n traefik $(kubectl get pods -n traefik -l app.kubernetes.io/name=traefik -o jsonpath='{.items[0].metadata.name}')
  1. Use the teardown script and try deploying Rulebricks again

License Validation Issues

If pods show ImagePullBackOff errors:

  1. Verify the license key was correctly specified during setup

Support Resources

If you encounter any issues with your private deployment:

Getting AccessArchitecture