Skip to main content

Deployment

The Connector is availabe to customers as a statically linked binary package in a multi-architecture distroless Docker image.

Infrastructure Requirements

  • Operating System: Linux environment
  • Architecture: AMD64 or ARM64
  • Container Runtime: Docker or compatible container runtime

Network Requirements

The Connector requires:
  • Network access to api.joinformal.com (Formal Control Plane)
  • Outbound access to your protected resources
  • Inbound access from clients on configured listener ports

Resource Requirements

The Connector requires adequate resources to apply policies with minimal latency and maintain all necessary context in RAM (control plane data, queries metadata, responses data, etc.).
SpecMinimumRecommended
CPU1 core2 cores per node (2 nodes)
RAM2 GB4 GB per node (2 nodes)
CPU Throttling Warning: If you don’t allocate entire CPU cores to the Connector and rely on CPU throttling (e.g., CFS quotas on Linux, CPU limits in Kubernetes), you will most likely experience increased latency and timeouts during peak loads.

Production Recommendations

For production deployments, we recommend:
  • High Availability: Run at least 2 nodes behind a load balancer
  • Resource Allocation: 2 CPU cores and 4 GB RAM per node
  • Load Distribution: Distribute traffic across multiple Connector instances
CPU and RAM requirements vary based on usage patterns, query types, traffic volume, and enforced policies. Monitor your Connector performance and scale resources as needed.
When deploying multiple instances, Connectors attempt automatically to form a cluster with shared state. It enables Connectors to coordinate rate limiting across all instances. See the Clustering page for details.

AWS ECS Fargate

Deploy as a Fargate service behind a Network Load Balancer with multi-AZ availability

Kubernetes

Deploy using Helm charts on any K8s cluster (EKS, GKE, AKS, on-prem)

Docker

Run as a standalone container (development/testing only)
See the Quickstart guide for step-by-step deployment instructions.

Environment Variables

The Connector is configured primarily through the Control Plane, but requires the following environment variable:
VariableTypeDescription
FORMAL_CONTROL_PLANE_API_KEYStringAPI token to authenticate with the Control Plane (obtained when creating the Connector)