Show HN: Clace – Application Server with support for scaling down to zero (github.com)
Compared to application servers like Nginx Unit, Clace has the advantage of being able to work with any application, without requiring any dependency or packaging changes. Clace provides a blue-green staged deployment model for apps. Not just code changes, even configuration changes are staged and can be verified before being made live.
Clace is not a PaaS solution, it does not support deploying databases and other auxiliary services. It does share the fact that it manages containers with PaaS solutions. Clace is different in that it builds its own reverse proxy, instead of depending on Traefik/Nginx. This allows Clace to implement features like shutting down idle apps and adding app level OAuth authentication. Clace runs natively on Windows/OSX in addition to Linux. Clace works with Docker/Podman/Orbstack.
Clace allows you to run hundreds of apps on a single machine. Since app containers are shut down when not in use, there is no CPU/memory resource usage when the apps are idle. It provides a Google Cloud Run type interface on your own hardware.
https://clace.io/ has a demo video and docs. Do let me know any feedback.
28 comments
[ 3.6 ms ] story [ 91.4 ms ] threadUsing --spec container allows you to deploy code from any github repo which has a Containerfile. There are also language specific specs (mainly python currently). For example
creates a FastHTML based app, building the image and starting the container. Checking out the source code and using local path allows you to setup a dev environment by adding the --dev option. No dependencies have to installed on the dev machine for this. Docker/Podman is the only dependency. For example The goal with Clace is to build an application server for easily and securely managing internal tools.I use Kubernetes in <day-job> and while I'm a big fan, it's incredible overkill for running a few services ala. Syncthing and Vaultwarden.
Clace is targeting use cases where you have external databases/REST API/CLI tools etc already and want to build and deploy multiple apps pointing to them. AppServer for deploying internal tools for use across a team is a target use case. For local dev, one use case is that Clace helps you set up a dev environment for webapps, with auto-reload, without having to setup any dependencies.
I'm building it for exactly that reason. Multihost and supports k8s manifests.
https://docs.podman.io/en/latest/markdown/podman-kube-play.1...
I suppose I could tighten things up at my end anyway though.
Cold starts for JIT languages are problematic for anything customer facing so one must be kept running. So now I have two platforms and that always sucks as the SRE.
I will be adding multi-node support soon. The user will have to bring their own Postgres database and load balancer. Multiple Clace instances will run in parallel, each spinning up containers locally using Docker/Podman. For the internal tools use case, I think that should scale to support most workloads.
There will be cases where delegating container management to Kubernetes might make sense. Container management in Clace is a thin layer, it should be possible to use a K8S service/deployment wrapper instead of using local Docker or Podman.
The auto-idle feature might cause latency for services with a high startup cost. For most apps, it should be fine. It can be disabled individually for apps.
At an abstract level, Kubernetes is used for managing compute (applications) and storage (databases/queues/file stores/volumes), stateless services and stateful data stores. Compute by itself is easy to scale. Managing storage and stateful data stores are where some of the complexity of K8s comes from.
For many workloads, it makes sense to use a managed database (RDS/managed Redis/S3 etc). Data backups, performance etc are easier to handle with a managed service, at the cost of how much you pay. If the stateful data stores are externally managed, using K8s for compute might be overkill, especially when you consider the extras (like ArgoCD, Service Mesh, IDP etc) which need to added to make it a useful developer experience.
Clace aims to provide a scalable solution for compute only scenarios, providing a great developer experience while targeting internal tools as the primary initial use case.
You can create a database container and pass the database details to Clace apps as params. Clace itself does not support creating database containers currently. The database has to be managed outside of Clace. The reverse proxy implemented by Clace is a HTTP proxy, it does not support proxying non HTTP protocols.
You could create an app with a small idle value like 10 for container.idle_shutdown_secs https://clace.io/docs/container/config/, default is 180. That way, for every API call, a container is started (unless one is already running) and then immediately shutdown, giving a serverless function type of experience. There is no way currently to ensure that parallel API calls each run in a separate container.
For background jobs and cron jobs, some kind of cron job can be defined in the app, to wake up the container. This is not supported currently. If an app has background jobs or idle check is not accurate, the auto-pause can be disabled.
Two questions:
1. Do you support client certificates for authenticating clients? 2. Do you have some performance benchmarks?
https://clace.io/docs/configuration/authentication/ lists the supported auth mechanisms for apps. A builtin system account is the default. The OAuth providers supported are : github google digitalocean bitbucket amazon azuread microsoftonline gitlab auth0 okta oidc. Any other provider supported by https://github.com/markbates/goth can be easily added, with a small code change.
For admin operations (creating/updating apps) using the client CLI, a unix domain socket is used. No other auth is used for UDS other than the file system level permissions. A REST API for admin operations can be optionally enabled, in which case it will use the system account https://clace.io/docs/configuration/security/#admin-api-acce....
Client cert based auth is not supported currently. Were you wanting that for app access or for admin API access?
In terms of performance, I did some testing few months back. The app access API does not hit the database (sqlite), everything is cached after the first call. So the performance will be limited by the API performance of the downstream container. The Clace server itself should not be a bottleneck. First API call to a containerized app builds the image and starts the container. That depends on how fast the image build and container startup are.
Our use-case is review apps, i.e. <some-feature>.example.com should only be accessible by users with a valid client cert. Currently we use Caddy, but I'd like to give clace a shot for this. :)
Release v0.7.5 has the change