Created with Fabric.js 5.2.4Starlake.ai
Quack on DemandServicesDeploy, secure & operate the FlightSQL gateway

Run Quack On Demand in production, with the team that builds it.

We help you stand up a multi-tenant Arrow FlightSQL gateway for DuckDB and DuckLake, from architecture and identity integration to RBAC, federation, observability, and SLA-backed managed operations.

Talk to an architectSee the product
Quack On Demand architecture - an Arrow FlightSQL edge in front of per-tenant pools of DuckDB Quack nodes, with a PostgreSQL control plane and object storage

Starflow integrates effortlessly for maximum flexibility.

airflowdagsterbigquerysnowflakeredshiftdatabricksduckdbelasticmysqlpostgressql
airflowdagsterbigquerysnowflakeredshiftdatabricksduckdbelasticmysqlpostgressql
airflowdagsterbigquerysnowflakeredshiftdatabricksduckdbelasticmysqlpostgressql
airflowdagsterbigquerysnowflakeredshiftdatabricksduckdbelasticmysqlpostgressql

What we deliver

Services across the full Quack On Demand lifecycle

From a first deployment to long-term managed operations, every engagement is staffed by the engineers who build Quack On Demand.

Deployment & Architecture

Stand up Quack On Demand the right way: sized, secured, and reproducible.

  • Docker Compose or Kubernetes (Helm) rollout
  • PostgreSQL control plane + object storage layout
  • TLS on the FlightSQL edge (CA-signed certs)
  • Pool sizing for READONLY / WRITEONLY / DUAL nodes

Multi-Tenant Onboarding

Design a tenant model that isolates data and scales cleanly.

  • Per-tenant DuckLake catalog design
  • Pool topology and capacity planning
  • Tenant provisioning and lifecycle workflows
  • Cost attribution and resource boundaries

Identity & RBAC Integration

Wire Quack On Demand into your existing identity and access model.

  • OIDC / JWT: Keycloak, Azure AD, Cognito, Google
  • RBAC graph: users, groups, roles, table & pool grants
  • Per-statement table-ref policy enforcement
  • Handshake and pool-access gating

Federation & Client Enablement

Connect your sources and get every team querying through one edge.

  • Federated access to S3, Iceberg, and Postgres
  • Client setup: JDBC, ODBC, ADBC, PyArrow, Spark
  • Query patterns and routing best practices
  • Migration from direct DuckDB access

Observability & SRE

Run it reliably with metrics, alerting, and battle-tested runbooks.

  • Prometheus + Grafana dashboards and alerts
  • Self-healing restart and resilience tuning
  • Capacity and latency monitoring
  • Incident runbooks and on-call playbooks

Security Hardening & Managed Ops

Lock it down and let us keep it healthy under an SLA.

  • Security review and boundary testing
  • Audit logging and upgrade strategy
  • SLA-backed managed operations
  • Direct line to the Quack On Demand maintainers

Deploy anywhere

On-premise or on any major cloud - the same image

Quack On Demand is portable by design. Whether you keep everything in your own data center or run on AWS, Google Cloud, or Azure, we deliver a reference architecture for your target and stand it up with you.

On-premise

Your data center, your network, your rules.

  • Docker Compose or Kubernetes on your own hardware
  • S3-compatible storage: MinIO, Ceph, NetApp
  • Self-hosted PostgreSQL control plane
  • Air-gapped and data-residency friendly

AWS

Native to the services you already run.

  • EKS or ECS Fargate rollout
  • S3 for Parquet, RDS / Aurora PostgreSQL
  • Cognito or IAM-backed identity
  • NLB / PrivateLink in front of the FlightSQL edge

Google Cloud

Stay inside Google's backbone.

  • GKE deployment
  • GCS for Parquet, Cloud SQL for PostgreSQL
  • Google / Workspace identity
  • Internal load balancer on the edge

Microsoft Azure

Wired into Entra and Azure storage.

  • AKS deployment
  • Azure Blob storage + Azure Database for PostgreSQL
  • Microsoft Entra ID (Azure AD) identity
  • Private endpoints on the FlightSQL edge

One image, every environment

Quack On Demand ships as a single containerized stack whose only external dependencies are object storage and PostgreSQL. We pin a reference architecture for your target and deliver it as code (Terraform + Helm / Compose).

Start where you are, move when you are ready

The same configuration runs on a laptop, in your data center, and in the cloud. We help you start on-premise or in one cloud and migrate later with no rewrite - your tenants, RBAC, and DuckLake catalogs come with you.

Ready to deploy Quack On Demand?

Let’s scope your gateway.

Tell us about your tenants, identity provider, and data sources. We’ll propose an architecture and a phased delivery plan.

Typical outcomes

What you can expect to have in production after an engagement.

  • A secure, multi-tenant FlightSQL gateway running in your environment
  • Identity and table-level RBAC wired into your existing IdP
  • Observability, runbooks, and a tested recovery path
  • A clear upgrade and operations plan aligned with upstream

Start with a strategy call

We’ll review your tenancy model, identity setup, and data sources, then identify the fastest path to a production gateway.

Contact us Explore the product

Prefer async? Email us at [email protected].