Hacker News new | past | comments | ask | show | jobs | submit login

Kubernetes no thanks. Terraform + Kamal [1] on Digital Ocean is the way I deploy/run apps now.

[1] https://kamal-deploy.org/




Plain Podman systemd integration is way more powerful and secure, as it does not mess with firewall and allows to run rootless containers using services. It's even possible to run healthchecks and enforce building images just before starting service making on-demand containers using systemd-proxyd possible. Check example: https://github.com/Mati365/hetzner-podman-bunjs-deploy


> way more powerful and secure

I don't care about powerful. That's the opposite of what I want. I could just use k8s if I cared about that.


It looks like you don't even care about opening documentation before pressing reply. Podman is a simple hammer without any moving parts, that used properly can be used to build fancy stuff without much knowledge.


I'm aware of what Podman and Systemd are. Apparently you are not aware of what Kamal is. Open documentation, then press reply.


Be nice folks, we are all here to learn :)


Does it support zero downtime deploys?


Why not? Install trafeik or any other load balancer, setup two services, and restart one after one.


https://kamal-deploy.org/docs/configuration/proxy/

I think GP's point was that Kamal has all of these things already, so you don't have to set them up.


Precisely. I've been implementing some kind of blue-green deployment with both systemd and dockerd, but it was an imperfect and incomplete solution. Kamal put much more effort into it and it seems more convenient and reliable (but I haven't tried it yet in production).


Ah yes my favourite thing to have to do, rolling my own deploys and rollbacks.

It’s stuff like this that’s just a thousand papercuts that dissuades me from using these “simpler” tools. By the time you’ve rebuilt by hand what you need, you’ve just created a worse version of the “more complex” solution.

I get it if your workload is so simple ir low requirement that zero-downtime deploys, rollbacks, health/liveness, automatic volumes, monitoring etc are features you don’t want or need, but “it’s just as good, just DIY all the things” doesn’t make it a viable alternative in my mind.


Sure but Kumal getting all those features means it strays close to Kubernetes in complexity and it quickly because "Why not Kubernetes? At least that is massive popular with a ton of support."


I disagree. An opinionated tool can be as powerful as, but much simpler than a generic tool.


Kamal is doing most of this, but on a single node. This is the limitation that differentiates it from k8s, but also makes it much simpler.


I've looked into Kamal but it feels so "It's as complex as Kubernetes but isn't so support is going to be nightmarish."

Why is this better then Ansible + Docker Compose?


You could certainly implement Kamal just with Ansible and Docker Compose. It's just an abstraction that does it for you and handles all the edge-cases. (Kamal doesn't use Ansible, it has its own SSH lib).


Technically, it’s not much different from using Ansible to run Docker on remote hosts.

What it provides is a set of conventions based on what most web apps look like.

Eg. built-in proxy with automatic TLS and zero downtime deployments, first-class support for a DB and cache, encrypted secrets, etc.

It’s definitely not for every use case, but for your typical 3-tier monolith on a handful of servers I found it does the job well.


Kamal is simply NIH K8s made by an unreliable company with poor leadership. No thanks, not for my prod infra!


I don't trust any project with a Discord listed so prominently

Give me a forum (even Discourse will do) , I'm tired of needing 3rd party spyware to interact with developers. That it is all closed off from search engines makes it even worse




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: