Administration Guide

This administration guide gives you a better understanding on Trustify’s deployment options, installing the Trustify services locally, and reference information for Trustify’s OpenAPI structures.

Trustify relies on external services for storage and authentication. Trustify’s services can use Amazon’s S3 APIs to store object data. You do not need to run Trustify on Amazon Web Services (AWS), because other cloud vendors, such as Google Cloud Storage (GCS) and MinIO, implement Amazon’s S3 API.

It also is possible to run Trustify on bare metal. Either on a server, or a local desktop/laptop, for trying it out.

Deployment options

You have several deployment options to choose from for running Trustify.

Bare metal

Running Trustify on bare-metal servers requires you to download the trustd binary from source found on the Trustify releases page.

There currently exist two variants of this binary, trustd and trustd-pm. The -pm version includes a few embedded services, such as PostgreSQL and an OIDC issuer, which make it easier to run Trustify locally for trying it out. However, this might be insecure, dangerous, and is not production ready. Still, it is great for trying it out and demoing it without too much trouble.

Container image

Trustify services are available in an image, ghcr.io/trustification/trustd.

Kubernetes

Since Kubernetes runs containers, running Trustify on Kubernetes is easy! We do not provide any out-of-the-box charts or an installation script, since many of the configuration options are specific to the running environment.

We keep a Helm chart in the https://github.com/trustification/trustify-helm-charts to deploy a Trustify instance. You can use this Helm chart as a starting point for your specific environment.