Deployment Guide

Reference architecture#

Deployment Overview

System requirements#

As a rule of thumb, if you want to profile your whole cloud infrastructure, expect to spend about 1% of your cloud budget on Pyroscope server.

ResourceMore of resource equals
CPUhigher write bandwidth
RAMhigher write bandwidth, support for more individual apps
Disk throughputhigher write bandwidth
Disk Spacehigher data retention (ability to store profiling data for longer periods of time)

Networking requirements#

These are the ports used by pyroscope server. Make sure you allow access to these ports from the outside:

PortDescription
TCP :4040HTTP API, used for both data ingestion and web UI

Currently there's no authentication mechanism in pyroscope. Possible workarounds are:

  • use other access control solutions, for example OAuth2 Proxy (recommended)
  • use a reverse proxy with Basic Authentication (e.g nginx)
  • only allow access from select IPs
  • set up an ssh tunnel, e.g ssh <user>@<remote-address> -L 4040:127.0.0.1:4040 -N