Kamal Proxy – A minimal HTTP proxy for zero-downtime deployments
Kamal Proxy is a minimal HTTP proxy that enables zero-downtime deployments, supports host-based routing, manages TLS certificates automatically, and allows configuration via environment variables for containerized environments.
Read original article
Kamal Proxy is a minimal HTTP proxy designed to enable zero-downtime deployments for web applications. Its primary function is to facilitate the deployment of new application instances without interrupting ongoing traffic, making it particularly beneficial for developers and DevOps teams. Kamal Proxy can be integrated with the Kamal deployment framework or used independently. Key features include host-based routing, which allows multiple applications to run on a single server, and automatic TLS certificate management for secure connections. Users can configure the proxy using environment variables, which is advantageous in containerized environments. Basic commands for running the proxy, deploying instances, and enabling TLS are provided for ease of use. Additionally, Kamal Proxy can be built locally or within Docker containers, with a sample Docker Compose setup available for testing purposes.
- Kamal Proxy enables zero-downtime deployments for web applications.
- It supports host-based routing for multiple applications on a single server.
- Automatic TLS certificate management is included for secure connections.
- Configuration can be done using environment variables, suitable for containerized setups.
- Basic commands are provided for running and deploying applications easily.
Related
Inspect TLS encrypted traffic using mitmproxy and Wireshark
The article details inspecting TLS traffic with mitmproxy and Wireshark, highlighting challenges and setup steps. It explains using wireguard-tools for connection and decrypting traffic for real-time validation. The author encourages community engagement.
Show HN: Burrow is a globally distributed, serverless HTTP proxy
Burrow is a serverless HTTP proxy for Go on AWS Lambda, supporting round-robin transport and Terraform deployment in 17 regions. Future updates will include API key authentication and user-driven features.
Show HN: Browser Based RDP and SSH
Apache Guacamole is a clientless remote desktop gateway. This guide details its installation and configuration using Docker on Linux, covering prerequisites, Docker installation, and accessing the web interface.
Show HN: Kardinal – Building light-weight Kubernetes dev ephemeral environments
Kardinal is an open-source framework that consolidates pre-production Kubernetes clusters, enabling isolated development workflows and simplifying environment management with single-command setups and integration with tracing systems.
Show HN: A CLI tool I made to self-host any app with two commands on a VPS
Sidekick is a command-line tool for deploying applications on a VPS, offering features like zero downtime deployment, automatic SSL, and secure secret management, aimed at developers seeking production-ready solutions.
19 comments>To route traffic through the proxy to a web application, you *deploy* instances of the application to the proxy. *Deploying* an instance makes it available to the proxy, and replaces the instance it was using before (if any).
>e.g. `kamal-proxy deploy service1 --target web-1:3000`
'Deploy' is a fairly overloaded term already. Fun conversations ahead. Is the app deployed? Yes? No I mean is it deployed to the proxy? Hmm our Kamal proxy script is gonna need some changes and a redeployment so that it deploys the deployed apps to the proxy correctly.
Unsure why they couldn't have picked something like 'bind', or 'intercept', or even just 'proxy'... why 'deploy'..
I don't know why Kamal chose Swarm over k8s or k3s (simplicity perhaps?) but then, complexity needs a home, you can push it around but cannot hide it, hence a home grown proxy.
I have not tried Kamal proxy to know, but I am highly skeptical of something like this, because I am pretty sure I will be chasing it for support for anything from WebSockets to SSE, to HTTP/3 to various types of compression and encryption.
I guess both versions of the app must be running simultaneously, with new traffic being routed to the new version of the app.
But what about DB migrations? Assuming the app uses a single database, and the new version of the app introduces changes to the DB schema, the new app version would modify the schema during startup via a migration script. However, the previous version of the app still expects the old schema. How is that handled?
Following the example, it starts 4 replicas of a 'web' service. You can create a service by running a deploy to one of the replicas, let's say example-web-1. What does the other 3 replicas do?
Now, let's say I update 'web'. Let's assume I want to do a zero-downtime deployment. That means I should be able to run a build command on the 'web' service, start this service somehow (maybe by adding an extra replica), and then run a deploy against the new target?
If I run a `docker compose up --build --force-recreate web` this will bring down the old replica, turning everything moot.
Instructions unclear, can anyone chime in and help me understand?
That’s where you have a proxy which effectively pauses traffic for a few seconds - incoming requests appear to take a couple of seconds longer than usual, but are still completed after that short delay.
During those couple of seconds you can run a blocking infrastructure change - could be a small database migration, or could be something a little more complex as long as you can get it finished in less than about 5 seconds.
But this looks like somehow a re-invention of what Kubernetes provides.
Kubernetes has come a long way in terms of ease of deployment on bare metal.
Uber, for example, moved to the cloud. I feel like in the span between them there are far more companies for which Kamal is not enough.
I hope I'm wrong, though. It'll be nice for many companies to be have the choice of exiting the cloud.
Related
Inspect TLS encrypted traffic using mitmproxy and Wireshark
The article details inspecting TLS traffic with mitmproxy and Wireshark, highlighting challenges and setup steps. It explains using wireguard-tools for connection and decrypting traffic for real-time validation. The author encourages community engagement.
Show HN: Burrow is a globally distributed, serverless HTTP proxy
Burrow is a serverless HTTP proxy for Go on AWS Lambda, supporting round-robin transport and Terraform deployment in 17 regions. Future updates will include API key authentication and user-driven features.
Show HN: Browser Based RDP and SSH
Apache Guacamole is a clientless remote desktop gateway. This guide details its installation and configuration using Docker on Linux, covering prerequisites, Docker installation, and accessing the web interface.
Show HN: Kardinal – Building light-weight Kubernetes dev ephemeral environments
Kardinal is an open-source framework that consolidates pre-production Kubernetes clusters, enabling isolated development workflows and simplifying environment management with single-command setups and integration with tracing systems.
Show HN: A CLI tool I made to self-host any app with two commands on a VPS
Sidekick is a command-line tool for deploying applications on a VPS, offering features like zero downtime deployment, automatic SSL, and secure secret management, aimed at developers seeking production-ready solutions.