Kamal Proxy – A minimal HTTP proxy for zero-downtime deployments

Original Article ↗ Hacker News Discussion ↗

Project purpose and target use cases

  • Kamal Proxy is presented as a minimal HTTP proxy to enable zero‑downtime deployments, especially in a “simple Docker on bare metal” setup.
  • Many commenters argue this is well‑suited to the vast majority of companies with steady, non‑“unicorn” traffic, especially B2B SaaS with predictable load.
  • Others note the docs and examples are confusing, particularly how multiple replicas and versioned services are intended to work in practice.

Cloud vs bare metal cost and performance

  • Strong theme: major public clouds are seen as overpriced for typical workloads; running over‑provisioned dedicated servers 24/7 can still be cheaper.
  • Several emphasize that cloud hardware (especially storage) is relatively slow; local NVMe and better single‑thread CPU can dramatically improve performance.
  • Counterpoint: for many apps, network latency and overall stack complexity dominate disk latency, so bare‑metal wins may be marginal at user level.

Zero‑downtime deployments and database migrations

  • Consensus: ZDD requires both app versions running concurrently and a load balancer shifting traffic.
  • Database schema changes must be backwards‑compatible for at least one deploy cycle.
  • Recommended practices:
    • Decouple migrations from deploys and run them manually or in controlled steps.
    • Separate schema vs data migrations; avoid long‑locking operations.
    • Use tools that enforce “safe” migrations and/or multi‑version schema strategies.
  • Some argue that for many orgs, brief maintenance windows are effectively “zero enough.”

Simplicity vs Kubernetes and accusations of NIH

  • Kamal (and Kamal Proxy) are framed as a simpler, imperative alternative to Kubernetes/Swarm.
  • Critics see it as re‑implementing features that mature proxies and orchestrators (Kubernetes, k3s, Swarm + ingress) already provide.
  • Concerns include long‑term complexity creep, “resume‑driven” or NIH development, and tech debt compared to battle‑tested software.

Proxy implementation, SSL, and robustness

  • Kamal Proxy uses Go and automatic TLS; some praise the minimalism.
  • Others, including maintainers of competing proxies, call it “undercooked”:
    • Auto‑SSL via basic libraries without shared storage complicates horizontal scaling and rate limits.
    • Limited handling of issuer fallback, rate‑limit avoidance, ARI, and trusted proxy headers.
  • Multiple commenters say existing tools like Caddy, Traefik, HAProxy, or nginx already solve zero‑downtime, health checks, and “traffic pausing” more robustly.