Skip to main content
The operator is distributed as a Helm chart and a Docker image hosted on ECR.

Installation

Add the Formal Helm repository: 
helm repo add formal https://formalco.github.io/helm-charts
Install the operator: 
helm install formal-kubernetes-operator formal/kubernetes-operator \
  --set formalAPIKey=<your-formal-api-key>
This will:
  1. Install the CRDs (FormalResource, FormalListener, FormalNativeUser)
  2. Create a ServiceAccount with the necessary RBAC permissions
  3. Deploy the operator

Configuration

ParameterDefaultDescription
formalAPIKey""Formal API key (required)
image.taglatestDocker image tag
image.pullPolicyAlwaysImage pull policy
replicaCount1Number of operator replicas
pullWithCredentialsfalseSet to true if using the ecr-cred chart to fetch ECR credentials
resourcesSee belowCPU/memory requests and limits
metricsPort8080Bind port for the metrics server
Default resource requests and limits: 
resources:
  requests:
    cpu: 100m
    memory: 128Mi
  limits:
    cpu: 500m
    memory: 256Mi

Non-AWS Environments

If your cluster cannot pull from ECR directly, deploy the ecr-cred Helm chart first, then set pullWithCredentials=true: 
helm install formal-kubernetes-operator formal/kubernetes-operator \
  --set formalAPIKey=<your-formal-api-key> \
  --set pullWithCredentials=true