You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Deploying applications is hard. Deploying **complex, multi-service applications** is even harder. When we first built the Defang Portal, we quickly recognized the complexity required to deploy it, even with the early Defang tooling helping us simplify it a lot. But we’ve worked a lot to expand Defang’s capabilities over the last year+ so it could take on more of the work and simplify that process.
9
9
10
-
This evolution wasn’t just based on our own instincts and what we saw in the Portal—it was informed by listening to developers who have been using Defang, as well as our experience building dozens of sample projects for different frameworks and languages. Each time we build a new sample, we learn more about the different requirements of various types of applications and developers and refine Defang’s feature set accordingly. The Portal became an extension of this learning process, serving as both a proving ground and an opportunity to close any remaining gaps, since it’s one of the most complex things we’ve build with Defang.
10
+
This evolution wasn’t just based on our own instincts and what we saw in the Portal—it was informed by listening to developers who have been using Defang, as well as our experience building dozens of sample projects for different frameworks and languages. Each time we build a new sample, we learn more about the different requirements of various types of applications and developers and refine Defang’s feature set accordingly. The Portal became an extension of this learning process, serving as both a proving ground and an opportunity to close any remaining gaps, since it’s one of the most complex things we’ve built with Defang.
11
11
12
12
Finally, though, the Defang Portal—an application with six services, including two managed data stores, authentication, and a frontend—is fully deployed using just Docker Compose files and the Defang CLI using GitHub Actions.
13
13
14
14
---
15
15
16
-
###**The Initial Setup: A More Complex Deployment**
16
+
## **The Initial Setup: A More Complex Deployment**
17
17
18
18
The Portal isn’t a simple static website; it’s a **full-stack application** with the following services:
19
19
@@ -30,27 +30,47 @@ This worked, but seemed unnecessarily complex, if we had the right tooling…
30
30
31
31
---
32
32
33
-
###**The Transition: Expanding Defang to Reduce Complexity**
33
+
## **The Transition: Expanding Defang to Reduce Complexity**
34
34
35
-
We’ve made it a priority to expand Defang’s capabilities a lot over the last year so it could take on more of the heavy lifting of a more complex application. Over the past year, we’ve added load of features to handle things like:
35
+
We’ve made it a priority to expand Defang’s capabilities a lot over the last year so it could take on more of the heavy lifting of a more complex application. Over the past year, we’ve added loads of features to handle things like:
36
36
37
37
-**Provisioning databases**, including managing passwords and other secrets securely
38
38
-**Config interpolation using values stored in AWS SSM**, ensuring the same Compose file works both locally and in the cloud
39
-
-**Provisioning certs and managing dns records** from configuration in the Compose file.
39
+
-**Provisioning certs and managing DNS records** from configuration in the Compose file.
40
40
41
41
As a result, we reached a point where we no longer needed custom infrastructure definitions for most of our deployment.
42
42
43
-
###**What Changed?**
43
+
## **What Changed?**
44
44
45
-
-**Previously**: GitHub Actions ran infra-as-code scripts to provision databases, manage DNS, and define services *separately from the docker compose file we used for local dev*
46
-
-**Now**: Our [Defang Github Action](https://github.com/marketplace/actions/defang-deployment-action) targets normal compose files and deploys everything, using secrets and variables managed in GitHub Actions environments.
47
-
-**Result**: We **eliminated hundreds of lines of Infra-as-Code**, making our deployment leaner and easier to manage and reduced the differences between running the Portal locally and running it in the cloud.
45
+
-**Previously**: GitHub Actions ran infra-as-code scripts to provision databases, manage DNS, and define services *separately from the Docker Compose file we used for local dev*
46
+
-**Now**: Our [Defang GitHub Action](https://github.com/marketplace/actions/defang-deployment-action) targets normal Compose files and deploys everything, using secrets and variables managed in GitHub Actions environments.
47
+
-**Result**: We **eliminated hundreds of lines of Infra-as-Code**, making our deployment leaner and easier to manage and reducing the differences between running the Portal locally and running it in the cloud.
48
48
49
49
This wasn’t just about reducing complexity—it was also a validation exercise. We knew that Defang had evolved enough to take over much of our deployment, but by going through the transition process ourselves, we could identify and close the remaining gaps and make sure our users could really make use of Defang for complex production-ready apps.
50
50
51
51
---
52
52
53
-
### **How Deployment Works Today**
53
+
## **Looking Ahead: Scaling Beyond Compose with Pulumi**
54
+
55
+
We’ve come a long way since we started this journey. What used to be a complicated, infrastructure-heavy deployment is now dramatically simpler. But as any product grows, so does its complexity. The Defang Portal will evolve over time, and we know that certain deployment needs will extend beyond our current Compose-based workflow.
56
+
57
+
That’s why we’ve been planning ahead.
58
+
59
+
While Defang’s current iteration expanded what can be deployed with just a Compose file, we recognize that some things won’t fit neatly into this model in the future. Some applications will need to integrate with SaaS providers, deploy across multiple clouds, or require more specialized infrastructure. Instead of forcing these needs into our existing tooling, we’re taking a more flexible approach.
60
+
61
+
Enter the **Defang Pulumi provider**.
62
+
63
+
We’re rebuilding our provider from the ground up to extend the power of Docker Compose across cloud platforms, SaaS integrations, and external APIs. With it, developers will be able to:
64
+
65
+
- Seamlessly integrate infrastructure provisioning into their existing Compose files.
66
+
- Deploy across multiple clouds while maintaining the simplicity of the Defang workflow.
67
+
- Adapt to compliance requirements and other constraints without losing automation benefits.
68
+
69
+
Our goal is simple: to **preserve the ease of using Compose while removing its traditional limits**. Whether you need a simple monolithic deployment or a complex, multi-cloud setup, Defang will continue to streamline the process and make sure you can deploy applications on your terms.
70
+
71
+
---
72
+
73
+
## **How Deployment Works Today**
54
74
55
75
### **Config & Secrets Management**
56
76
@@ -64,7 +84,7 @@ This wasn’t just about reducing complexity—it was also a validation exercise
64
84
65
85
### **DNS & Certs**
66
86
67
-
- When we first setup the portal (before we even released the private beta) dns and certs had to be managed outside the Defang context. Now, [**we can provision certs](https://docs.defang.io/docs/concepts/domains) using ACM or Let’s Encrypt.**
87
+
- When we first set up the portal (before we even released the private beta) DNS and certs had to be managed outside the Defang context. Now, [**we can provision certs](https://docs.defang.io/docs/concepts/domains) using ACM or Let’s Encrypt.**
68
88
69
89
### **CI/CD Integration**
70
90
@@ -74,33 +94,7 @@ This wasn’t just about reducing complexity—it was also a validation exercise
74
94
75
95
---
76
96
77
-
### **A Flexible Multi-Compose Workflow**
78
-
79
-
One key part of our setup is how we **organize our Compose files** using the `extends` syntax.
80
-
81
-
-**A base `compose.yaml` file** defines core services and configurations.
82
-
-**Environment-specific files (`compose.dev.yaml`, `compose.staging.yaml`, etc.)** extend the base file extending each of its services. In the following example, you see how we load a .env.dev file just for the local development compose file `compose.dev.yaml` :
83
-
84
-
```yaml
85
-
# compose.dev.yaml
86
-
services:
87
-
auth:
88
-
extends:
89
-
file: compose.yaml
90
-
service: auth
91
-
env_file: .env.dev
92
-
```
93
-
94
-
- **Shared environment variables** are stored at the **project level**, not per service.
95
-
- This ensures consistency across environments.
96
-
- Example: Postgres credentials are stored once and referenced by multiple services which need to connect.
97
-
- **Environment-specific tweaks** (like enabling Hasura’s console in staging) are handled in the corresponding Compose file, making them easy to manage.
98
-
99
-
This setup allows us to **treat each environment as a simple Compose file** while keeping configurations DRY and maintainable.
100
-
101
-
---
102
-
103
-
### **The Takeaway: Why This Matters**
97
+
## **The Takeaway: Why This Matters**
104
98
105
99
By transitioning to **fully Compose-based deployments**, we:
0 commit comments