DevOps

Self-Hosting Feature Flags: The Complete Infrastructure Guide

Why self-host? Data sovereignty for air-gapped environments, predictable costs at scale, and full control over your deployment topology. We cover the architecture — a single Go binary backed by PostgreSQL, zero external service dependencies — plus Docker Compose quick start (3 minutes to production), Kubernetes with Helm, reverse proxy setup with Caddy or Nginx, backup and disaster recovery, and Prometheus/Grafana monitoring with pre-built dashboards.

FeatureSignals Infrastructure Team

·Infrastructure Engineering·January 2026·11 min read

Why Self-Host?

Self-hosting isn't for everyone. If you're a 5-person startup shipping a single application, our Cloud Edition gives you everything with zero operational overhead. But for many teams, self-hosting is the right choice: financial services with data residency requirements, healthcare companies governed by HIPAA, defense contractors in air-gapped environments, and large enterprises that want predictable infrastructure costs at scale.

Architecture: One Binary, One Database

FeatureSignals is deliberately simple to operate. The entire server is a single statically-linked Go binary. Its only required dependency is a PostgreSQL database (version 14+). There are no message queues to manage, no Redis clusters to maintain, no separate services to orchestrate. The binary handles the management API, the evaluation API, the migration runner, and the health endpoint — all from one process.

yaml

# docker-compose.yml — 3 minutes to production
version: "3.9"

services:
  db:
    image: postgres:16-alpine
    environment:
      POSTGRES_DB: featuresignals
      POSTGRES_USER: fs
      POSTGRES_PASSWORD: ${DB_PASSWORD}
    volumes:
      - pgdata:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U fs -d featuresignals"]
      interval: 5s
      retries: 5

  server:
    image: featuresignals/server:latest
    ports:
      - "8080:8080"
    environment:
      DATABASE_URL: postgres://fs:${DB_PASSWORD}@db:5432/featuresignals?sslmode=disable
      JWT_SECRET: ${JWT_SECRET}
      PORT: "8080"
      LOG_LEVEL: info
      LOG_FORMAT: json
    depends_on:
      db:
        condition: service_healthy

volumes:
  pgdata:

Kubernetes Deployment

For Kubernetes deployments, we provide an official Helm chart with production-ready defaults: 3 replicas for high availability, pod anti-affinity to spread across nodes, resource requests and limits tuned for evaluation workloads, Prometheus annotations for automatic metric scraping, and configurable ingress with TLS termination. The chart supports all major Kubernetes distributions (EKS, GKE, AKS, OpenShift, Rancher).

Backup and Disaster Recovery

Your flag configuration is business-critical. Back up PostgreSQL with `pg_dump` on a schedule (daily minimum, hourly for high-change environments). Store backups in object storage (S3, GCS, Azure Blob) with retention policies. Test restoration quarterly — an untested backup is not a backup. For disaster recovery, maintain a warm standby in a different availability zone with streaming replication.

Monitoring with Prometheus and Grafana

FeatureSignals exposes Prometheus metrics at `/metrics`. We provide pre-built Grafana dashboards for: evaluation latency (p50/p99/p999), evaluation throughput, cache hit rates, database query performance, active connections, and Go runtime metrics. Import the dashboard JSON from our GitHub repository and you'll have production-grade monitoring in minutes.