Aegis Orchestrator
Deployment

Pod Architecture

Complete pod topology for AEGIS platform deployment — containers, ports, health checks, persistent volumes, and inter-pod communication.

Pod Architecture

The AEGIS platform deploys as a set of Podman pods, each grouping related containers with shared networking. This page provides the complete reference for every pod, its containers, ports, health checks, and persistent volumes.

Pod Topology

┌─────────────────────────────────────────────────────────────┐
│                    aegis-network (bridge)                     │
│                                                               │
│  pod-core          pod-temporal        pod-database           │
│  ┌──────────────┐  ┌──────────────┐   ┌──────────────────┐  │
│  │aegis-runtime │  │temporal      │   │postgres          │  │
│  │:8088 :50051  │  │:7233         │   │:5432             │  │
│  │:2049 :9091   │  │temporal-ui   │   │postgres-exporter │  │
│  │              │  │:8233         │   │:9187             │  │
│  │              │  │temporal-worker│   │                  │  │
│  │              │  │:3000         │   │                  │  │
│  └──────────────┘  └──────────────┘   └──────────────────┘  │
│                                                               │
│  pod-secrets       pod-iam            pod-storage             │
│  ┌──────────────┐  ┌──────────────┐   ┌──────────────────┐  │
│  │openbao       │  │keycloak      │   │seaweedfs-master  │  │
│  │:8200         │  │:8180         │   │:9333 :19333 :9324│  │
│  │              │  │              │   │seaweedfs-volume  │  │
│  │              │  │              │   │:8080 :18080 :9325│  │
│  │              │  │              │   │seaweedfs-filer   │  │
│  │              │  │              │   │:8888 :9326       │  │
│  │              │  │              │   │seaweedfs-webdav  │  │
│  │              │  │              │   │:7333             │  │
│  └──────────────┘  └──────────────┘   └──────────────────┘  │
│                                                               │
│  pod-observability                    pod-seal-gateway        │
│  ┌──────────────────────────────┐    ┌──────────────────┐   │
│  │jaeger     :16686 :4317 :4318│    │seal-gateway      │   │
│  │prometheus :9090              │    │:8089 :50055      │   │
│  │grafana    :3300              │    │                  │   │
│  │loki       :3100              │    │                  │   │
│  │promtail   :9080              │    │                  │   │
│  └──────────────────────────────┘    └──────────────────┘   │
└─────────────────────────────────────────────────────────────┘

Proprietary add-on pods (Cortex, Zaru, Zaru Edge) are available under commercial license and are not shown here.

pod-core

The central AEGIS orchestrator. Manages agent lifecycle, execution, tool routing, NFS gateway, and all core business logic.

ContainerImagePorts
aegis-runtimeghcr.io/100monkeys-ai/aegis-runtime8088 (HTTP), 50051 (gRPC), 2049 (NFS), 9091 (metrics)

Health check: HTTP GET /health on port 8088 (30s interval)

Volumes:

  • aegis-runtime-data -> /app/data (agent execution outputs)
  • Podman socket (read-only) for spawning agent containers
  • aegis-config.yaml and runtime-registry.yaml mounted as config

Key environment variables: RUST_LOG, DATABASE_URL, AEGIS_CONTAINER_NETWORK, AEGIS_ORCHESTRATOR_URL, SEAL_PRIVATE_KEY_PATH, AEGIS_OTLP_ENDPOINT, CORTEX_GRPC_URL

pod-database

PostgreSQL and its Prometheus metrics exporter.

ContainerImagePorts
postgrespostgres:15-alpine5432
postgres-exporterprometheuscommunity/postgres-exporter:v0.19.19187

Health check: pg_isready -U aegis (10s interval)

Volumes:

  • aegis-postgres-data -> /var/lib/postgresql/data
  • Init scripts for database creation (aegis, temporal, keycloak)

Authentication: SCRAM-SHA-256

pod-temporal

Temporal workflow engine with its web UI and the AEGIS workflow worker.

ContainerImagePorts
temporaltemporalio/auto-setup:1.23.07233 (gRPC)
temporal-uitemporalio/ui:2.21.38233 (HTTP, mapped from 8080)
temporal-workerghcr.io/100monkeys-ai/aegis-temporal-worker3000 (HTTP registration API)

Health check: temporal operator cluster health (10s interval)

Volumes:

  • aegis-temporal-worker-data -> /app/data
  • Temporal dynamic config mounted

Key environment: TEMPORAL_ADDRESS, DATABASE_URL, AEGIS_RUNTIME_GRPC_URL

pod-secrets

OpenBao secrets management (open-source Vault alternative).

ContainerImagePorts
openbaoopenbao/openbao:latest8200 (HTTP)

Health check: bao status JSON query (10s interval)

Volumes:

  • aegis-openbao-data -> /openbao/data
  • openbao-config.hcl mounted

Auth method: AppRole (role_id + secret_id). Initialize with make bootstrap-secrets.

pod-iam

Keycloak OIDC identity provider.

ContainerImagePorts
keycloakquay.io/keycloak/keycloak:24.08180 (HTTP)

Health check: HTTP GET /health/ready on port 8180 (15s interval)

Database: PostgreSQL (aegis-database:5432/keycloak)

Key environment: KEYCLOAK_ADMIN, KEYCLOAK_ADMIN_PASSWORD, KC_DB_URL

Initialize realms and clients with make bootstrap-keycloak.

pod-storage

SeaweedFS distributed storage with master, volume server, filer, and WebDAV.

ContainerImagePorts
seaweedfs-masterchrislusf/seaweedfs:latest9333 (HTTP), 19333 (gRPC), 9324 (metrics)
seaweedfs-volumechrislusf/seaweedfs:latest8080 (HTTP), 18080 (gRPC), 9325 (metrics)
seaweedfs-filerchrislusf/seaweedfs:latest8888 (HTTP), 18888 (gRPC), 9326 (metrics)
seaweedfs-webdavchrislusf/seaweedfs:latest7333 (HTTP)

Health checks: HTTP on respective ports (10s interval)

Volumes:

  • aegis-seaweedfs-master-data -> /data
  • aegis-seaweedfs-volume-data -> /data
  • aegis-seaweedfs-filer-data -> /data

pod-observability

Full monitoring stack: distributed tracing, metrics, dashboards, and log aggregation.

ContainerImagePorts
jaegerjaegertracing/all-in-one:1.5516686 (UI), 4317 (OTLP gRPC), 4318 (OTLP HTTP)
prometheusprom/prometheus:v2.51.09090
grafanagrafana/grafana:10.4.03300 (mapped from 3000)
lokigrafana/loki:3.0.03100
promtailgrafana/promtail:3.0.09080

Health checks: HTTP on respective ports (10s interval)

Volumes:

  • aegis-prometheus-data -> /prometheus (15-day retention)
  • aegis-grafana-data -> /var/lib/grafana
  • aegis-loki-data -> /loki (7-day retention)
  • Config mounts for Prometheus, Grafana datasources/dashboards, Loki, Promtail

Grafana access: Port 3300, anonymous viewer access enabled by default.

pod-seal-gateway

SEAL tooling gateway for REST workflow macros, API explorer, and ephemeral CLI tools.

ContainerImagePorts
seal-gatewayghcr.io/100monkeys-ai/aegis-seal-gateway8089 (HTTP), 50055 (gRPC)

Health check: HTTP GET / on port 8089 (10s interval)

Volumes:

  • aegis-seal-gateway-data -> /app/data (SQLite database)
  • Podman socket (for ephemeral container execution)

Persistent Volume Summary

VolumePodMount PointRetention
aegis-postgres-datadatabase/var/lib/postgresql/dataPermanent
aegis-runtime-datacore/app/dataPermanent
aegis-openbao-datasecrets/openbao/dataPermanent
aegis-prometheus-dataobservability/prometheus15 days
aegis-grafana-dataobservability/var/lib/grafanaPermanent
aegis-loki-dataobservability/loki7 days
aegis-seaweedfs-master-datastorage/dataPermanent
aegis-seaweedfs-volume-datastorage/dataPermanent
aegis-seaweedfs-filer-datastorage/dataPermanent
aegis-seal-gateway-dataseal-gateway/app/dataPermanent
aegis-temporal-worker-datatemporal/app/dataPermanent

Inter-Pod Communication

All pods share the aegis-network Podman bridge network. Containers within the same pod communicate via localhost. Cross-pod communication uses pod DNS names:

FromToProtocolPurpose
pod-corepod-databaseTCP :5432State persistence
pod-corepod-temporalgRPC :7233Workflow execution
pod-corepod-secretsHTTP :8200Credential resolution
pod-corepod-iamHTTP :8180JWT validation
pod-corepod-storageHTTP :8888Volume backend (SeaweedFS filer)
pod-corepod-observabilitygRPC :4317OTLP trace/log export
pod-temporal (worker)pod-coregRPC :50051Worker activity execution
pod-temporal (worker)pod-databaseTCP :5432Workflow state
pod-iampod-databaseTCP :5432Realm/user persistence
pod-observability (promtail)pod-observability (loki)HTTP :3100Log shipping
pod-observability (prometheus)All podsHTTP (various)Metrics scraping
pod-observability (grafana)pod-observabilityHTTP :9090, :3100, :16686Data queries
pod-seal-gatewaypod-databaseTCP :5432Tool registry

See Also

Deployment Profiles

Profile-based deployment for AEGIS — minimal, development, and full profiles with pod composition, use cases, and environment configuration.

Configuration Reference

Full annotated aegis-config.yaml with all supported keys, types, defaults, and descriptions.

On this page

Pod ArchitecturePod Topologypod-corepod-databasepod-temporalpod-secretspod-iampod-storagepod-observabilitypod-seal-gatewayPersistent Volume SummaryInter-Pod CommunicationSee Also