# Architecture

* **Highflame Platform Features**:
  * Runtime guardrails for robust agent operations.
  * Typed Cedar policy enforcement ensures secure interactions.
  * Agent identity management for secure authentication.
  * MCP gateway security for protecting communication channels.
  * Model supply chain scanning for integrity verification.
  * Adversarial red teaming to test system defenses.
  * Unified detection and observability layer for comprehensive monitoring.

<figure><img src="/files/F98RKxMClI6p3nKOpKDu" alt=""><figcaption></figcaption></figure>

### Deployment Architecture <a href="#deployment-architecture" id="deployment-architecture"></a>

#### Overview

Highflame leverages Kubernetes for container orchestration, using Helm charts to streamline application deployments. This approach ensures consistent and repeatable deployments across different cloud infrastructures, enabling high availability and easy scaling.

#### Key Components

* **Kubernetes Cluster**: Acts as the foundational layer, providing the orchestration platform for containerized applications.
* **Helm Charts**: Simplifies deployments with pre-configured templates, ensuring version control and facilitating rollback capabilities.
* **Cloud Provider Support**: Compatible with AWS, GCP, and Azure, allowing for flexible hosting and integration with native services.

### &#x20;Infrastructure Components <a href="#infrastructure-components" id="infrastructure-components"></a>

<table><thead><tr><th width="216.7734375">Key Components</th><th>Description</th><th>Resource Options</th></tr></thead><tbody><tr><td>Highflame modules</td><td>Highflame components for serving</td><td>Deployed as Kubernetes pods with high availability configurations, such as Pod Disruption Budgets (PDB) and Horizontal Pod Autoscalers (HPA).</td></tr><tr><td>Transactional database</td><td>Store the application data</td><td>Managed postgres from the cloud providers</td></tr><tr><td>Analytical database</td><td>Optimize storage for rapid analysis of large datasets.</td><td>Clickhouse in kubernetes</td></tr><tr><td>Cache system</td><td>Optimize application performance by caching data to expedite internal communication.</td><td>Redis cluster solution from the cloud providers</td></tr><tr><td>Authentication</td><td>For Application authentication and authorization</td><td>Clerk (Highflame team will setup this at the time of onboarding)</td></tr><tr><td>Blob store</td><td>Backup store for clickhouse database server from the kubernetes</td><td>Cloud native blob stores such as AWS S3, Azure blobe store, Google GCS</td></tr><tr><td>Ingress</td><td>Application load balancing for accessing the service by the end users</td><td>Application load balancer or other load balancer can integrate with kubernetes</td></tr><tr><td>Logging system</td><td>For storing the logs of the application</td><td>Cloud native logging integration with K8s</td></tr></tbody></table>

### Infrastructure Requirements

* **Kubernetes Cluster:** K8s 1.32+ with minimum 6 worker nodes and Helm 3.x
* **Postgres Server** v17.2
* **Redis cluster** v7.1
* **Outbound connectivity to**
  * ghcr.io for pulling the application images
  * Clerk endpoints for authentication and authorization
* **Recommended Resource Requirements**:
  * CPU: 8-16 cores, Memory: 16-32GB per k8s worker nodes
  * Memory: 4 GB per Redis node
  * CPU: 4 vCPU, Memory 8 GB Postgres

### Data Security & Encryption

* All data remains within your network
* All data in Highflame is encrypted at rest (If your cloud resources are configured to encrypt, such as the Database server, K8s worker nodes, Redis server, etc)
* Communication between the Highflame services over the ingress uses TLS encryption in transit
* Highflame service-to-service communication is happening within the K8s cluster and not leaving the K8s
* Sensitive data, such as an AI model's API keys, is stored in K8s secrets

<figure><img src="/files/x08805NGbFcUniHXCC8h" alt=""><figcaption></figcaption></figure>

### Highflame Infra Setup

{% content-ref url="/pages/fEZyCqQC80NW7CPtXgjF" %}
[AWS](/deployment-guides/aws.md)
{% endcontent-ref %}

{% content-ref url="/pages/3wrMDhXlUhaJNz3kI7AD" %}
[Azure](/deployment-guides/azure.md)
{% endcontent-ref %}

{% content-ref url="/pages/vD9lMIAb9qOMxs1EAIRy" %}
[GCP](/deployment-guides/gcp.md)
{% endcontent-ref %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.highflame.ai/deployment-guides/architecture.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.