Kubernetes Deployment
EnterpriseZephyr's Kubernetes deployment option allows you to run the Zephyr edge worker on your own Kubernetes infrastructure. This deployment model provides maximum control over your infrastructure while leveraging Zephyr's deployment and versioning capabilities.
Kubernetes deployment is available exclusively for Enterprise customers. If you're interested in deploying Zephyr on your own K8S infrastructure, please contact our sales team to discuss your requirements.
Overview
The Kubernetes edge worker is a containerized service that handles asset uploads and serves your deployed applications. It integrates with:
- S3-compatible storage (AWS S3, MinIO, Ceph, etc.) for asset storage
- Redis-compatible KV store for environment configuration and snapshots
- OpenTelemetry-compatible collectors for OTLP HTTP traces, metrics, and logs
Configuration
The recommended way to configure the worker is using a JSON config file mounted as a Kubernetes Secret. This approach keeps all your configuration in one place and makes it easier to manage secrets securely.
Alternatively, you can use environment variables directly, though this is less recommended for production deployments.
JSON Config File (Recommended)
Create a JSON file containing all your configuration. Worker-specific keys use the ZE_WORKER_ prefix; OpenTelemetry keys use the standard OTEL_ prefix:
Health Check Endpoints
The worker exposes the following health check endpoints for Kubernetes probes:
Observability
The Kubernetes worker emits OpenTelemetry traces, metrics, and logs over OTLP HTTP. Enable telemetry with any OTEL_EXPORTER_OTLP_* endpoint or by explicitly setting a signal exporter such as OTEL_TRACES_EXPORTER=otlp.
If you set only OTEL_EXPORTER_OTLP_ENDPOINT, the worker treats it as the collector base URL and sends each signal to:
- Traces:
<endpoint>/v1/traces - Metrics:
<endpoint>/v1/metrics - Logs:
<endpoint>/v1/logs
Use the signal-specific endpoint variables when your collector exposes separate routes:
Signal-specific endpoint variables export only their configured signal unless a shared base endpoint is also set.
For collectors that require authentication, set OTLP headers using comma-separated key=value pairs. Percent-encode spaces and other special characters:
Store header values that contain tokens, API keys, or tenant credentials in a Kubernetes Secret.
Set OTEL_SDK_DISABLED=true to force telemetry off, even when endpoints are configured.
Worker stdout is structured JSON:
Configuration Reference
Below is the complete reference for all available configuration options. These can be set in your JSON config file or as environment variables.
Bootstrap Option
Required Options
Server Options
OpenTelemetry Options
S3 Options
Redis Options
The curly braces {} in the default prefixes enable Redis Cluster hash tags. This ensures all keys with the same hash tag are stored on the same cluster node, enabling multi-key operations, transactions, and better performance. For standalone Redis instances, the braces have no special meaning but don't cause issues.
Replication Options
Replication is enabled when ZE_WORKER_REPLICA_NAME is set. The replica name identifies this worker instance in logs.
Using Environment Variables
While the JSON config file is recommended, you can also configure the worker using environment variables directly. This can be useful for simple setups or when integrating with external secret management systems.
Set ZE_WORKER_CONFIG_JSON to the path of your config file. If both are provided, values in the JSON file take precedence over environment variables.
Scaling and Replication
Zephyr workers support two scaling modes that can be used independently or combined:
Check worker logs on startup to verify replication:
Same-Region Scaling
Multiple workers sharing the same S3 bucket and Redis instance. All workers read/write to the same storage, so no data replication is needed.
All workers use identical config. Only ZE_WORKER_REPLICA_NAME differs:
Multi-Region Replication
Each region has its own S3 and Redis. One primary worker per region replicates data to other regions' primaries via HTTP sync.
Each region lists other regions' load balancer URLs:
Combined: Multi-Region with Scaling
Multiple workers per region (shared storage) + cross-region replication. All workers in a region replicate to one worker per other region.
All workers have ZE_WORKER_REPLICAS_URLS pointing to other regions' load balancers:
- Same JWT secret: All workers across all regions must share
ZE_WORKER_JWT_SECRET - One target per region: Include only one URL per region in
ZE_WORKER_REPLICAS_URLS(typically the load balancer) - Eventual consistency: Cross-region replication is asynchronous
Troubleshooting
Common Issues
Worker fails to start
- Verify all required configuration options are set
- Check that S3 endpoint is reachable from within the cluster
- Ensure Redis host is resolvable and accessible
- Check the worker logs using kubectl
Readiness probe failing
- Check S3 bucket exists and credentials have read/write access
- Verify Redis connection (host, port, password, TLS settings)
- Review worker logs for specific error messages
Telemetry is not reaching the collector
- Confirm the collector accepts OTLP HTTP, not only OTLP gRPC
- Verify the worker pod can resolve and connect to the collector service
- Use the collector base URL for
OTEL_EXPORTER_OTLP_ENDPOINT, for examplehttp://otel-collector:4318 - Include the full
/v1/traces,/v1/metrics, or/v1/logspath when using signal-specific endpoints - Configure OTLP headers when the collector requires a bearer token, API key, or tenant header
- Confirm
OTEL_SDK_DISABLEDis not set totrue
Logs are too verbose
Set ZE_WORKER_LOG_LEVEL to warn or error. You can keep OpenTelemetry enabled while reducing stdout and exported log volume.
Assets not serving correctly
- Confirm
ZE_WORKER_DELIMITERmatches your DNS configuration - Verify S3 bucket policy allows the worker to read objects
- Check that the Ingress or load balancer is routing traffic correctly
Getting Help
If you encounter issues with your Kubernetes deployment, reach out to your Zephyr account representative or contact us on Discord.