Best Practices

Twingate Connectors run either within a Docker container, in Kubernetes (including GKE, EKS, MicroK8s) using a Helm chart, or as a Linux systemd service. The process for updating Connectors varies based on the deployment platform, but the same principles apply in all cases:

• Update one Connector at a time in a redundant pair. Updating a Connector requires you to temporarily disconnect it, so to avoid downtime for users, at least two Connectors should be deployed in each Remote network in your Twingate configuration to ensure redundancy. Multiple Connectors deployed within the same Remote network are automatically clustered for load balancing and failover. Update one Connector at a time to ensure that the Remote network remains accessible.

• Maintain the same access and refresh tokens when upgrading a Connector. Connectors are uniquely identified by the tokens individually assigned to them. When updating a Connector, ensure that the same tokens are retained during the update process, otherwise new tokens will need to be provisioned.

Deployment-specific Update Instructions

Depending on whether you have deployed Connectors as containers, using Helm or the native Linux systemd service, instructions can be found below:

-> Docker-deployed Connectors

-> Systemd-deployed Connectors

-> Helm-deployed Connectors

Update Notifications

When an update is available for any Connector in your environment, all users marked as admins will receive a notification email. This email is delivered weekly at 00:00 UTC on Mondays and includes the list of Connectors that can be updated.