SDR Orchestrator
Some capabilities shown here may require additional enablement or licensing. Contact your Atlan representative for details.
The SDR (Self-Deployed Runtime) Orchestrator manages the full lifecycle of Atlan connector apps—install, upgrade, and automatic update. You deploy one orchestrator; it manages all your apps. Once it's running, every additional connector app is installed and managed from the Atlan UI, with no per-app terminal work.
The SDR Orchestrator runs on two platforms:
- Docker/Podman:a single container on a Linux VM that manages sibling app containers via the local Docker or Podman socket.
- Kubernetes:a Helm-deployed pod that manages app Deployments via the Kubernetes API and Helm CLI.
The core architecture is the same on both platforms—a Temporal worker receives commands from Atlan and acts on them locally. The difference is in how apps are deployed and managed at the runtime layer.
Why SDR Orchestrator
Without the SDR Orchestrator, deploying each connector app means repeating the same manual steps for every app: generate OAuth credentials, download deployment artifacts, fill in configuration, run docker compose up or helm install. For one app, that's manageable. For many, it becomes a maintenance burden—and every upgrade repeats the process.
The SDR Orchestrator solves this by automating steps 2–6 of that process. You configure it once, provide your infrastructure details in a single configuration file, and every app after that's deployed and upgraded automatically—credential provisioning, lifecycle management, and health verification included. See What SDR handles automatically for every app for a detailed breakdown.
For single-app evaluation or environments that require full manual control, see Docker Compose or Kubernetes.
What SDR handles automatically for every app
From the moment you click Install in the Atlan UI, the SDR takes over—no manual steps, no terminal commands, no per-app configuration needed.
Uses shared OAuth credentials to authenticate with Atlan—no manual API calls.
Downloads artifacts, generates config from the workflow payload, and runs the configurator.
On Docker: pulls the image, creates a container, and mounts Dapr components. On Kubernetes: runs
helm upgrade --install with the bundled chart.Reports deployment success and updates the UI. The app is ready to use.
Platform comparison
| Aspect | Docker / Podman | Kubernetes |
|---|---|---|
| Runs on | Linux VM with Docker or Podman | Any CNCF-conformant K8s cluster (EKS, GKE, AKS, k3s, etc.) |
| App deployment | Docker container via Unix socket | Helm release via Kubernetes API |
| Dapr | Runs inside the app container; components mounted as YAML files | Runs inside the app container; components delivered as ConfigMap |
| Self-update | Blue-green container swap (6 steps) | helm upgrade --reuse-values (K8s rolling update) |
| Registry auth | CONTAINER_REGISTRY_USERNAME/PASSWORD env vars | imagePullSecrets (K8s docker-registry secret) |
| Port conflicts | Yes (host port binding) | No (pod network namespace) |
| Multi-app scaling | Limited by single host | K8s scheduler distributes across nodes |
| Configuration | config.yaml + .env | values.yaml (Helm) |
| Security model | Docker socket access (docker group) | Namespace-scoped RBAC, no privileged access |
| Best for | Quick setup, single VM, environments without Kubernetes | Production workloads, existing K8s clusters, enterprise scale |
Security
The SDR Orchestrator inherits the same security model as all Self-Deployed Runtime deployments—outbound-only networking (no inbound ports, no VPN tunnels), non-root execution, and OAuth 2.0 credentials shared across all apps deployed by the SDR. For full details, see Security and Configure network security.
On Kubernetes, the SDR additionally benefits from namespace-scoped RBAC (no cluster-wide access), Kubernetes network policies, automounted ServiceAccount tokens, and non-root pod execution (runAsUser: 1000).
Platform-specific details
Pick your deployment platform below to see the runtime connection, app management, install and upgrade flow, automatic updates, design principles, and one-time setup for that platform. Kubernetes additionally includes RBAC permissions, Helm chart resources, environment variables, and supported distributions.
Select Docker / Podman or Kubernetes to view platform-specific details.
See also
- Install SDR Orchestrator on Docker/Podman: Step-by-step Docker setup guide.
- Install SDR Orchestrator on Kubernetes: Step-by-step Kubernetes setup guide.
- SDR Orchestrator FAQ: Troubleshooting, monitoring, and supported platforms.
- Architecture: Core architecture for all Self-Deployed Runtime deployments.