Skip to main content

Deploying

Plane is meant to be more of an ingredient than a recipe -- the specifics of deployment will depend on your needs and how you'd like Plane to interact with the rest of the system.

Eventually, this page will provide a detailed guide to deploying Plane in production. Until then, we're happy to answer questions about deployment via GitHub discussions and Discord.

NATS

All components in Plane interact over NATS, an open-source message bus. Plane delegates persistence and authentication to NATS, so you immediately have all the flexibility that NATS offers out of the box.

The only requirement that Plane imposes on your NATS cluster is that you enable Jetstream.

For more information on deploying NATS, see their deployment guide.

Sandboxing

Plane uses a Docker daemon as its backend. By default, Docker uses the runc container runtime, which uses Linux primitives to isolate the process but is not hardened against kernel vulnerabilites. If you are running untrusted code, you should consider using gVisor to intercept syscalls and configure iptables to limit network access as appropriate.