Hadrian is experimental alpha software. Do not use in production.
Hadrian
Deployment

Deployment

Production deployment guides for Hadrian Gateway

Deploy Hadrian Gateway to your infrastructure using Docker, Kubernetes, or systemd.

Quick Start

The fastest way to get started is with Docker:

# Clone the repository
git clone https://github.com/ScriptSmith/hadrian.git
cd hadrian

# Copy and configure environment variables
cp .env.example .env
# Edit .env and add your API keys

# Start with SQLite (simplest)
docker-compose -f docker-compose.sqlite.yml up -d

See the Docker guide for detailed instructions.

Deployment Options

Choosing a Configuration

ConfigurationDatabaseCacheBest For
SQLiteSQLiteNoneDevelopment, testing, single-user
SQLite + RedisSQLiteRedisEnhanced development, small teams
PostgreSQL + RedisPostgreSQLRedisProduction, multi-node, high availability

Environment Requirements

ResourceMinimumRecommendedNotes
CPU1 core2+ coresMore cores improve concurrent request handling
Memory512 MB2 GBIncrease for large vector stores or high concurrency
Disk1 GB10+ GBDepends on file uploads and database size
Network-Low latency to LLM providersGateway adds minimal overhead

Database Options

SQLite

Best for single-node deployments and getting started quickly.

  • Pros: Zero configuration, embedded, fast for single-user
  • Cons: Single-writer lock, no horizontal scaling
  • Data location: /app/data/hadrian.db in container

PostgreSQL

Recommended for production and multi-node deployments.

  • Pros: Concurrent writes, horizontal scaling, robust backups, pgvector support
  • Cons: Requires separate database service
  • Version: PostgreSQL 15+ recommended (14+ required for pgvector)

Caching with Redis

Redis is optional but recommended for:

  • API key caching: Faster authentication lookups
  • Session storage: Required for multi-node OIDC deployments
  • Rate limiting: Distributed rate limits across nodes
  • Usage tracking: Async usage record writes

For single-node deployments, the built-in memory cache is sufficient.

Build Profiles

Hadrian uses Cargo feature flags for modular compilation. Choose a profile based on your deployment needs.

Profiles

ProfileFeaturesUse Case
tinyOpenAI + Test providers only — no database, no embedded assetsStateless API proxy, smallest binary
minimaltiny + all providers (Anthropic, Azure, Bedrock, Vertex), SQLite, embedded UI, wizardDevelopment, Windows, embedded
standardminimal + PostgreSQL, Redis, OTLP, Prometheus, CEL, SSO, basic doc extraction, embedded docs, OpenAPI docs, S3, secrets managers (AWS/Azure/GCP/Vault), forecasting, JSON schema, response validation, CSV exportTypical deployment
full (default)standard + SAML, Kreuzberg (full doc extraction), ClamAV (virus scan)Production multi-tenant

Build with a specific profile:

# Smallest possible binary — stateless API proxy only
cargo build --no-default-features --features tiny

# Fast compile, small binary — great for development
cargo build --no-default-features --features minimal

# Typical production deployment
cargo build --release --no-default-features --features standard

# Everything enabled (default)
cargo build --release

Individual Feature Flags

Select individual features for a custom build by combining flags with --no-default-features --features "flag1,flag2,...".

CategoryFeatureDescriptionIncluded in
Providersprovider-openaiOpenAI-compatible APIstiny
provider-anthropicAnthropic Claudeminimal
provider-testMock provider for testingtiny
provider-bedrockAWS Bedrock (pulls in aws-sdk)minimal
provider-vertexGoogle Vertex AI (pulls in gcp-sdk)minimal
provider-azureAzure OpenAI (pulls in azure-sdk)minimal
Assetsembed-uiEmbedded web UIminimal
embed-docsEmbedded documentation sitestandard
Databasesdatabase-sqliteSQLite database supportminimal
database-postgresPostgreSQL database supportstandard
SecretsvaultHashiCorp Vaultstandard
secrets-awsAWS Secrets Managerstandard
secrets-azureAzure Key Vaultstandard
secrets-gcpGCP Secret Managerstandard
AuthssoOIDC/SAML session management, domain verification, SCIMstandard
samlSAML SSO (requires OpenSSL; implies sso)full
AuthorizationcelCEL-based RBAC policy evaluationstandard
Cache / StorageredisDistributed cache, rate limits, queuesstandard
s3-storageS3-compatible file storagestandard
Document Processingdocument-extraction-basicBuilt-in text extractionstandard
document-extraction-fullKreuzberg: PDF, DOCX, OCRfull
ObservabilityotlpOpenTelemetry OTLP export (gRPC)standard
MetricsprometheusPrometheus metrics exportstandard
Validation & Exportjson-schemaJSON schema generation (schemars)standard
response-validationResponse validation (jsonschema)standard
csv-exportCSV export for access reviewsstandard
ToolsforecastingUsage forecasting (augurs)standard
wizardInteractive setup wizard (dialoguer)minimal
DocumentationutoipaOpenAPI spec generation + Scalar docs UIstandard
Integrationsvirus-scanClamAV file scanningfull

Runtime Introspection

Check which features are enabled in a running binary:

gateway features

This lists all features and their enabled/disabled status. The gateway also logs warnings at startup when disabled features are referenced in the configuration file.

Windows builds

SAML support (saml feature) requires OpenSSL and does not compile on Windows. Use minimal or standard for Windows builds.

Docker images

Pre-built Docker images use the full profile. Feature selection only applies when building from source.

High Availability

For high availability deployments:

  1. Use PostgreSQL as the database (required for multi-node)
  2. Deploy multiple gateway instances behind a load balancer
  3. Configure Redis for shared sessions, rate limits, and cache
  4. Set up health checks for automatic failover
# Example: 3 gateway replicas
services:
  gateway:
    deploy:
      replicas: 3

See the Docker guide for detailed scaling instructions.

Next Steps

On this page