FlightDeck stays local-first: this directory is optional packaging for demos, staging, or a trusted private network. Read SECURITY.md before exposing HTTP beyond loopback.
Build (from this directory):
docker build -t flightdeck-serve:local .The image installs flightdeck-ai from PyPI and runs flightdeck serve on 0.0.0.0:8765 inside the container.
entrypoint.sh creates a default flightdeck.yaml in /workspace on first start (flightdeck init) if the mounted volume is empty.
cd examples/deploy
docker compose up --build- UI + API:
http://127.0.0.1:8765/(static UI +/v1/*). - Health:
GET http://127.0.0.1:8765/health. - Compose healthcheck:
docker-compose.ymlprobes/healthso orchestrators can mark the service ready (seehealthcheck:in that file). - Data: named Docker volume
fd_workspace(SQLite under.flightdeck/inside the volume). Remove withdocker compose down -vwhen you want a clean ledger.
FlightDeck stores the ledger in .flightdeck/flightdeck.db under the workspace root. For a hot copy while the server is stopped or idle, run from the workspace directory:
flightdeck doctor --backup ./backups/flightdeck-$(date -u +%Y%m%dT%H%M%SZ).dbInside the Compose stack, exec into the running container with /workspace as cwd (same layout as local flightdeck init), or run a one-shot sidecar that mounts the same volume and invokes flightdeck doctor --backup /workspace/backups/snapshot.db. Schedule with cron or your platform scheduler; keep backups off the primary volume when possible.
Set FLIGHTDECK_LOCAL_API_TOKEN in your environment before docker compose up (or in an .env file beside docker-compose.yml). Clients must send Authorization: Bearer … for ledger writes: POST /v1/promote*, POST /v1/rollback, and POST /v1/events. With no token configured, those routes accept only loopback callers. POST /v1/diff stays unauthenticated (read-only); still treat network placement as a trust boundary.
A minimal chart lives under chart/flightdeck/. It runs one replica of flightdeck serve with an emptyDir workspace (ephemeral); for a persistent ledger, replace the volume in templates/deployment.yaml with a PVC or mount your own image init.
docker build -t flightdeck-serve:local .
helm install fd ./chart/flightdeck --namespace flightdeck --create-namespaceTune values.yaml (image, resources, service.type) for your cluster.
To reuse an existing directory that already contains flightdeck.yaml and .flightdeck/, replace the volumes entry with:
volumes:
- /path/on/host/my-workspace:/workspaceUse an absolute path on Linux/macOS; on Windows Docker Desktop, use a path Docker can mount.
Compose sets a healthcheck on /health plus restart: unless-stopped on the service; for systemd/Kubernetes, reuse the same image and run /entrypoint.sh (or invoke flightdeck serve directly with a prepared workspace directory).
- Logs:
docker compose logs -f flightdeck(or your platform log stream) when debugging ingest or policy failures. - State: one
flightdeck serveinstance per workspace SQLite file; do not run two writers against the same volume. - Upgrades: rebuild the image on semver bumps; keep
/workspacemounted so the ledger survives container recreation.
- examples/integration/README.md — emit
RunEventtraffic into a running server. - examples/ci/README.md — CI policy gates without
serve; approval-gated promote script promote_with_approval.sh and workflow samples. - SECURITY.md — trust boundaries before exposing
/v1/*beyond loopback.