docs(deployment): expand the deployment how-to with tested guidance

[rohitg00]

Summary

Rewrites using-iii/deployment into a complete production how-to, tested end-to-end against the 0.19.4 engine (the version now on Docker Hub). Edits the canonical docs/next/using-iii/deployment.mdx and mirrors it to the published docs/using-iii/deployment.mdx.

Covers:

• Pre-built iiidev/iii images (multi-arch, distroless, non-root UID 65532)
• Deploy with Docker: generate-docker assets, config + data volumes, and what actually ships in the image (engine + config, not your app)
• Build from source (cargo build --release) with arch/libc caveats
• Workers and adapters: in_memory to file_based, scale-out with Redis/RabbitMQ, and the restart-tier persisted-config behavior
• Hardening (bind interfaces, CORS, secrets), RBAC listener
• Reverse proxies (nginx/Caddy, subdomain + path-prefix, WS upgrade/timeouts)
• Health checks (distroless has no shell -> external TCP/tcpSocket probes)
• Observability: OTLP only (Prometheus removed; 9464 vestigial), with the gRPC (4317) vs HTTP (4318/v1/logs) protocol split
• Deploy a multi-worker product with Compose, plus engine-managed micro-VM workers (need a glibc base with iii-worker + /dev/kvm; the distroless stock image can't host them)
• Deployment checklist

Tested (0.19.4, this work)

• docker compose up: engine boot, REST/WS, config + data volumes
• file-based persistence across restart; Redis (state); RabbitMQ named-queue delivery (+ retry/DLQ)
• RBAC allow/deny gating
• Reverse proxy (Caddy): REST + worker WebSocket
• iii worker add/remove hot-reload
• OTLP traces + logs to a collector
• Build from source
• Full multi-worker product via Compose: engine + Postgres + Redis + RabbitMQ + 2 self-hosted workers (HTTP -> cross-worker -> Postgres -> queue -> state)
• Multi-stage build packaging a managed worker (found: distroless stock image can't run iii-worker -- missing libcap-ng.so.0)

Not tested (documented honestly)

• Engine-managed micro-VM workers inside a container: needs /dev/kvm, not available on Docker Desktop macOS -- verify on a Linux/KVM host.

Notes

• docs.json is intentionally not included (local-only tweak used to run the newer mint preview).
• The .mdx.skill.md sidecars are auto-generated by the render step and not hand-edited here.

Test plan

• Render preview renders both pages without MDX errors
• Validate the multi-worker Compose example on a Linux/KVM host for the engine-managed path
• Confirm OTLP http/protobuf guidance against the team's collector setup

Summary by CodeRabbit

• Documentation
  • Significantly expanded production deployment guide with end-to-end Docker/Compose walkthroughs, including multi-arch engine image usage, immutable tag pinning, and Docker asset/container run assumptions.
  • Added guidance for packaging, config.yaml usage (read-only mounting), and durable file-based state via named volumes, including flush/durability and persisted configuration precedence after first boot.
  • Expanded multi-worker deployment patterns, scaling guidance for Redis/RabbitMQ, and adapter/healthcheck-based orchestration (service-name networking).
  • Updated security hardening (bind exposure, CORS, secrets) plus RBAC WebSocket listener setup and revised reverse-proxy routing examples (including WebSocket timeouts).
  • Improved operational coverage: external health checks, observability clarifying OTLP protocol/port differences, and a detailed deployment checklist.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
iii-website	Ready	Preview, Comment	Jun 19, 2026 9:48am

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 1c7d90b5-030e-46ca-87a4-b174d67e7670

📥 Commits

Reviewing files that changed from the base of the PR and between 1545b55 and 79c5850.

📒 Files selected for processing (1)

• docs/next/using-iii/deployment.mdx

🚧 Files skipped from review as they are similar to previous changes (1)

• docs/next/using-iii/deployment.mdx

---

📝 Walkthrough

Walkthrough

Both docs/using-iii/deployment.mdx and docs/next/using-iii/deployment.mdx receive identical large expansions (+720/-36 lines each), adding production deployment guidance for the iii engine: Docker Hub pre-built image usage, asset generation, worker/adapter configuration, Redis/RabbitMQ scaling, multi-worker Compose setup, micro-VM worker constraints, security hardening, reverse proxy examples, health checks, OTLP observability, and a deployment checklist.

Changes

Production Deployment Documentation

Layer / File(s)	Summary
Docker Hub pre-built images and deploy intro docs/next/using-iii/deployment.mdx, docs/using-iii/deployment.mdx	Adds "Pre-built images on Docker Hub" section with docker pull instructions, distroless/non-root image characteristics, multi-arch support details, and immutable tag pinning guidance; expands "Deploy with Docker" intro describing the generated image contents and distinction between in-process and containerized workers.
Asset generation, Dockerfile template, and port mapping docs/next/using-iii/deployment.mdx, docs/using-iii/deployment.mdx	Reworks asset-generation guidance to describe idempotent re-runs; adds a concrete generated Dockerfile template showing config.yaml bake-in; documents transport port/surface mappings and the historical 9464 Prometheus exposure; includes "Start the stack" instructions and command examples.
Configuration mounting, data persistence, and build from source docs/next/using-iii/deployment.mdx, docs/using-iii/deployment.mdx	Adds read-only config.yaml mounting, durable named-volume instructions for UID 65532, and specific guidance for crash-loop prevention via required /data write permissions; introduces build-from-source Dockerfile pattern and custom binary workflows with platform/libc constraints.
Worker and adapter configuration docs/next/using-iii/deployment.mdx	Introduces worker/storage/adapter matrix describing which workers map to which backends; warns against in-memory adapter defaults for production; lists worker storage responsibilities and adapter capabilities.
Scaling with Redis and RabbitMQ docs/next/using-iii/deployment.mdx, docs/using-iii/deployment.mdx	Adds workload-to-backend matching rules; documents Compose healthcheck-driven depends_on wiring; clarifies that backends must be referenced by Compose service name (not localhost) and that persisted configuration must be updated when switching adapter types after first boot; includes environment variable forwarding guidance.
Multi-worker Compose deployment and engine-managed micro-VM workers docs/next/using-iii/deployment.mdx, docs/using-iii/deployment.mdx	Adds production worker manifest tuning for scripts, install behavior, and sandbox resource settings; expands multi-worker Compose section with WebSocket-connected external worker wiring and registration code snippets; introduces engine-managed micro-VM worker guidance covering distroless image constraints, build-time artifact baking, /dev/kvm requirements, and macOS/Docker Desktop limitations.
Hardening, RBAC, and reverse proxy routing docs/next/using-iii/deployment.mdx, docs/using-iii/deployment.mdx	Adds interface binding, CORS restriction, and environment-variable secret guidance; expands RBAC with separate iii-worker-manager listener requirement, expose_functions/auth_function_id/middleware_function_id configuration fields, and access-gating flow for WebSocket connections; rewrites reverse proxy section with subdomain-per-surface and path-prefix routing models, Nginx examples for both patterns, and Caddy handle_path equivalent.
Health checks, observability, and deployment checklist docs/next/using-iii/deployment.mdx, docs/using-iii/deployment.mdx	Adds health checks section explaining external TCP/HTTP probing (no in-container shell-based HEALTHCHECK); documents WebSocket proxy read-timeout expectations; expands observability with memory/otlp exporter selection, clarifies OTLP protocol/port differences for gRPC traces/metrics versus HTTP logs, documents removed Prometheus scrape endpoint; appends comprehensive deployment checklist covering image pinning, persistence/UID correctness, worker production settings, networking/security, external health checks, observability exporter choice, and restart policy.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• iii-hq/iii#98: Establishes the Dockerfile/Compose and multi-platform Docker build pipeline whose outputs (ports, entrypoint/CMD, pre-built multi-arch images) are now described in this documentation expansion.

Poem

🐇 Hop, hop, the docs grow tall,
From Docker Hub to RBAC hall,
Named volumes, KVM, and Caddy too,
A checklist long, a deploy true.
Pin your tags, the rabbit says—
Production waits for no more delays! 🎉

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: expanding deployment documentation with tested production guidance.
Description check	✅ Passed	The description follows the template with What/Why/Notes sections, providing comprehensive context about the documentation expansion, testing scope, and known limitations.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/deployment-guide

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

skill-check — docs

2 verified, 517 skipped.

2 errors across the verified workers.

File	Approximate line	Severity	Violation
docs/next/using-iii/deployment.mdx	~367	error	[Terminology.EmDash] Avoid em dashes ('—'). Rewrite with commas, parentheses, periods, or colons. (error)
docs/next/using-iii/deployment.mdx	~513	error	[Terminology.EmDash] Avoid em dashes ('—'). Rewrite with commas, parentheses, periods, or colons. (error)

Caution

2 in-scope rendered artifact(s) are out of date — sources this PR touches changed without re-rendering.

• docs/next/using-iii/deployment.mdx.skill.md
• docs/using-iii/deployment.mdx.skill.md

• Re-render this branch and commit rendered artifacts

Check the box above to trigger a workflow run that re-renders and pushes a commit with the artifacts.
This will add an additional commit on this branch — run git pull to sync your local copy before making further changes.

Note

Additionally, 104 unrelated stale artifact(s) exist on main outside this PR's scope. Not blocking this PR; a maintainer should re-render them in a separate chore PR.

• docs/0-18-0/creating-workers/channels.mdx.skill.md
• docs/0-18-0/creating-workers/functions.mdx.skill.md
• docs/0-18-0/creating-workers/index.mdx.skill.md
• docs/0-18-0/creating-workers/triggers.mdx.skill.md
• docs/0-18-0/creating-workers/workers-registry.mdx.skill.md
• docs/0-18-0/creating-workers/workers.mdx.skill.md
• docs/0-18-0/how-to/build-a-realtime-todo-app.mdx.skill.md
• docs/0-18-0/how-to/schedule-cron-task.mdx.skill.md
• docs/0-18-0/how-to/use-trigger-conditions.mdx.skill.md
• docs/0-18-0/patterns/adapter-pattern.mdx.skill.md
• docs/0-18-0/patterns/reactive-state-pattern.mdx.skill.md
• docs/0-18-0/sdk-reference/browser-sdk.mdx.skill.md
• …and 92 more (see the workflow logs)

[mintlify]

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
iii	🟢 Ready	View Preview	Jun 17, 2026, 5:22 PM

💡 Tip: Enable Workflows to automatically generate PRs for you.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

docs/next/using-iii/deployment.mdx (1)

350-366: ⚡ Quick win

Add the strict iii.worker.yaml validation workflow to this production section.

This section should explicitly call out that manifest validation is strict in current engine behavior (unknown keys fail validation/start), and include the worker::validate/worker::schema operational workflow so operators can preflight manifests before deploy.

As per coding guidelines, “worker add validates the iii.worker.yaml strictly… unknown keys are rejected… validation also re-runs at start” and “worker::validate/worker::schema provide dry-run/schema workflows.”

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/next/using-iii/deployment.mdx` around lines 350 - 366, The production
section "Adjust the worker manifest for production" is missing critical
information about strict iii.worker.yaml validation behavior. Add content that
explicitly explains that manifest validation is strict and unknown keys will
fail during validation and start, then include information about the
worker::validate and worker::schema operational workflows that operators can use
to preflight and validate manifests before deployment. This addition should
clarify that validation occurs both during the dry-run workflow and at start
time to help operators catch configuration errors early.

Source: Coding guidelines

docs/using-iii/deployment.mdx (1)

350-366: ⚡ Quick win

Add the strict iii.worker.yaml validation workflow to this production section.

This section should explicitly call out that manifest validation is strict in current engine behavior (unknown keys fail validation/start), and include the worker::validate/worker::schema operational workflow so operators can preflight manifests before deploy.

As per coding guidelines, “worker add validates the iii.worker.yaml strictly… unknown keys are rejected… validation also re-runs at start” and “worker::validate/worker::schema provide dry-run/schema workflows.”

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/using-iii/deployment.mdx` around lines 350 - 366, In the "Adjust the
worker manifest for production" section, add content explaining that the engine
performs strict validation of the iii.worker.yaml manifest, where unknown keys
are rejected and validation fails at both manifest load time and worker start
time. Include information about the worker::validate and worker::schema
operational workflows that operators can use to preflight and validate manifests
before deployment. This should be added as a new bullet point or warning section
that clearly states the strict validation behavior and references these
validation workflows as the recommended approach for dry-run validation before
deploying workers to production.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/next/using-iii/deployment.mdx`:
- Around line 97-103: The deployment documentation contains inconsistent port
numbers across multiple sections that will cause configuration errors. Review
the port table at lines 97-103 (showing ports 49134 and 49135), then check the
contradicting references at lines 563-574 and 605-610 where ports 49334 and
49335 appear instead. Determine the correct port numbers that should be used
consistently throughout the document for the SDK WebSocket/worker connections
and RBAC listener, then update all references in all three sections to use the
same port mapping uniformly.

In `@docs/using-iii/deployment.mdx`:
- Around line 97-103: The documentation contains inconsistent port mappings
across multiple sections, with RBAC listener and trusted worker-manager ports
defined differently in the port table (lines 97-103) versus the configuration
examples in later sections (563-574, 605-610). Standardize all port references
throughout the document by selecting one consistent port number for the RBAC
listener (choose between 49135 or 49335) and one for trusted worker-manager
traffic (choose between 49134 or 49334), then update all occurrences in the port
table, configuration examples, and any other references in the mentioned
sections to use the unified mapping.

---

Nitpick comments:
In `@docs/next/using-iii/deployment.mdx`:
- Around line 350-366: The production section "Adjust the worker manifest for
production" is missing critical information about strict iii.worker.yaml
validation behavior. Add content that explicitly explains that manifest
validation is strict and unknown keys will fail during validation and start,
then include information about the worker::validate and worker::schema
operational workflows that operators can use to preflight and validate manifests
before deployment. This addition should clarify that validation occurs both
during the dry-run workflow and at start time to help operators catch
configuration errors early.

In `@docs/using-iii/deployment.mdx`:
- Around line 350-366: In the "Adjust the worker manifest for production"
section, add content explaining that the engine performs strict validation of
the iii.worker.yaml manifest, where unknown keys are rejected and validation
fails at both manifest load time and worker start time. Include information
about the worker::validate and worker::schema operational workflows that
operators can use to preflight and validate manifests before deployment. This
should be added as a new bullet point or warning section that clearly states the
strict validation behavior and references these validation workflows as the
recommended approach for dry-run validation before deploying workers to
production.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: aab5f5eb-1e6c-4f78-a611-41d79ab3e292

📥 Commits

Reviewing files that changed from the base of the PR and between 4115f41 and d6e718f.

📒 Files selected for processing (2)

• docs/next/using-iii/deployment.mdx
• docs/using-iii/deployment.mdx