Skip to main content
Version: 2.0.0

to Production

When deploying to production, you might want to work with a local PDP (A Policy-Decision-Point microservice) within your VPC. The PDP is easy to install via Docker, and will ensure zero-latency, great performance, high availability, and improved security. Like all Permit customer deployed components, the Permit PDP is open-source,

Installing the PDP

Pull our PDP container from Docker Hub (Click here to install Docker):

docker pull permitio/pdp-v2:latest

Run the container & replace the PDP_API_KEY environment variable with your API key.

docker run -it \
  -p 7766:7000 \
  --env PDP_API_KEY=<YOUR_API_KEY> \
  --env PDP_DEBUG=True
  permitio/pdp-v2:latest

Using the PDP

The PDP will listen on port 7766 by default, so all you have to do is to set your PDP_URL in our SDK initialization to http://localhost:7766 and you're good to go.

For example in Node.js:

const permit = new Permit({
    pdp: "http://localhost:7766",
    token: "<YOUR_API_KEY>",
});

Exposing OPA within the PDP

Similar to a regular run of the PDP, with the addition of a single port mapping (-p 8181:8181) Run the container & replace the PDP_API_KEY environment variable with your API key.

docker run -it \
  -p 7766:7000 \
  -p 8181:8181 \
  --env PDP_API_KEY=<YOUR_API_KEY> \
  --env PDP_DEBUG=True
  permitio/pdp-v2:latest

Reviews OPA's docs here for accessing its API.

System Requirements and Performance Optimization

When deploying your PDP in production, consider the following system requirements and performance tips to ensure optimal operation:

System Requirements

  • CPU: On average, ~200 mcores, with potential spikes up to ~1000 mcores.
  • Memory: Typically requires 512Mb; maximum observed usage is around 2.5GB.
note

These requirements can vary based on scale, data volume, concurrency, and sharding needs.

Performance Optimization

To achieve high throughput and low latency:

  • Use a Local PDP: Deploy the PDP in the same VPC as your application to minimize network latency.
  • Use Multiple PDP Replicas: Deploy multiple PDP instances behind a load balancer, such as in a Kubernetes deployment, for better performance and redundancy.
  • Disable Decision Debug Info: In production, you can turn off decision debug information to enhance performance. Disable debug logging by adding --env PDP_DEBUG=False to the PDP command line.
  • Optimize Base Policy: Tailor the base policy to your specific use case. For example, disabling ReBAC checks (if not used) can speed up policy execution (this requires our tech support). With these optimizations, you can expect several thousand RPS with less than 10ms latency per request.
tip

Always tailor your deployment to the specific needs of your application. The above guidelines provide a baseline, but your requirements may vary.

Contents