Deployment
Native installer (Windows / macOS / Linux), Docker for sovereign and Kubernetes deployments, air-gapped installs, reverse proxy, TLS, and production hardening.
Last updated: 19 maggio 2026
Deployment Modes
Dryade ships in three deployment modes. Pick the one that matches your operator profile.
1. Native Installer (recommended for solo developers and teams)
A single-binary click-install bundles Dryade core, the workbench UI, the plugin manager, an embedded inference runtime, and a local KV/vector store. No separate database to configure, no Docker daemon required.
| OS | Download | Notes |
|---|---|---|
| Windows 11+ | Dryade-<version>.exe | Authenticode-signed via Azure Trusted Signing (Dryade-PM profile) |
| macOS (Apple Silicon) | Dryade-<version>.pkg | Developer ID signed + notarized |
| Linux (glibc-2.35+) | dryade_<version>_amd64.deb | Tested on Ubuntu 24.04; works on any glibc-2.35+ host |
Get the installer at dryade.ai/download.
After install, drop a license file (license.dryadelicense) anywhere on disk and Dryade picks it up automatically. The free tier runs without a license; team and enterprise features unlock when a signed license is present.
2. Docker / Docker Compose (sovereign, cloud, and Kubernetes)
For operators who need to run Dryade inside their own orchestration plane — sovereign deployments, custom cloud topologies, Kubernetes — Dryade ships a multi-arch OCI image at ghcr.io/dryadeai/dryade.
This path expects you to provide the runtime dependencies (Postgres or pgvector, an inference endpoint, etc.) yourself. The native installer’s bundled-dependencies posture is not available on this path by design.
See dryade.ai/deploy for the docker-compose template, the Helm chart for Kubernetes, and the operator runbook.
3. Air-Gapped Deployment (sovereign tier)
For environments with no outbound internet:
- Download the offline installer bundle on a connected machine (license required).
- Transfer the bundle to the air-gapped host via the operator’s chosen sneakernet.
- Run the installer; it loads pre-signed plugin allowlists and pre-pulled model weights from the bundle — no marketplace connectivity needed during install or runtime.
Air-gapped deployments require an enterprise / sovereign license forged at the operator’s chosen offline-grace window. See the operator runbook for forging and license-lifecycle detail.
Reverse Proxy
The native installer terminates TLS itself (Caddy embedded). For Docker / Kubernetes deployments where you front Dryade with your own ingress:
- Caddy — automatic HTTPS via ACME (recommended for sovereign single-node)
- Nginx — use the
nginx.conftemplate atdryade.ai/deploy/nginx - Traefik — compatible with the standard Docker labels
mTLS support is available for enterprise deployments — see the operator runbook.
TLS Configuration
- Automatic TLS via Caddy’s ACME integration (default for native installer and the Caddy preset)
- Bring-your-own certificate for internal CAs
- mTLS for service-to-service auth on enterprise deployments
Production Hardening
- Configure log rotation on the host
- Schedule backups for the embedded KV/vector store (native installer) or your Postgres instance (Docker / Kubernetes path)
- Enable the health check endpoints used by your orchestrator
- Wire metrics to your observability stack — Dryade exposes Prometheus-compatible counters at
/metrics - Rotate the platform secret at install time and store it in your secret manager