└── README.md /README.md: -------------------------------------------------------------------------------- 1 | # `deployd`: Self-Hosted Deno Deploy 2 | 3 | Self-hosted version of Deno Deploy. `deployd` is the same edge-compute runtime that powers Deno Deploy, but running entirely in your infrastructure. It runs serverless functions and full JavaScript/TypeScript applications with production-grade sandboxing and performance using Firecracker VMs. 4 | 5 | **Status:** Beta release, running production traffic. 6 | 7 | ## Quick Start 8 | 9 | ```bash 10 | docker run -it -p 8080:8080 --privileged ghcr.io/denoland/deployd 11 | docker run -it -p 8080:8080 --privileged ghcr.io/denoland/deployd --help 12 | ``` 13 | 14 | ## Key Features 15 | 16 | - Serverless JavaScript/TypeScript applications that run in isolated Firecracker VMs 17 | - Deployments via Deno Deploy's managed control plane ([app.deno.com](http://app.deno.com/)) or directly to your own instances. 18 | - Horizontal scaling with automatic node discovery. 19 | - Built-in observability with OpenTelemetry. 20 | 21 | ## Requirements 22 | 23 | - Docker with privileged mode, or `CAP_SYS_ADMIN` capability and tun device. 24 | - Requires KVM to be available for full performance 25 | - S3-compatible object storage 26 | 27 | ## Usage 28 | 29 | Basic usage: 30 | 31 | ```bash 32 | docker run -it -p 8080:8080 --privileged ghcr.io/denoland/deployd 33 | ``` 34 | 35 | With S3 storage: 36 | 37 | ```bash 38 | docker run -it -p 8080:8080 --privileged \ 39 | -e AWS_ACCESS_KEY_ID=your_key \ 40 | -e AWS_SECRET_ACCESS_KEY=your_secret \ 41 | ghcr.io/denoland/deployd --s3-bucket=your-bucket 42 | ``` 43 | 44 | Or if you don’t want to use S3 or just running a single instance you can use a persistent volume: 45 | 46 | ```bash 47 | docker run -it -p 8080:8080 -v /path/to/data:/data --privileged ghcr.io/denoland/deployd 48 | ``` 49 | 50 | ## Deploying Applications 51 | 52 | Deploy applications by: 53 | 54 | - Linking GitHub repositories via [app.deno.com](http://app.deno.com/), or 55 | - Creating playgrounds on [app.deno.com](http://app.deno.com/), or 56 | - Using the `deno deploy` command in your project, or 57 | - Directly uploading code, avoiding Deno Deploy's control plane entirely 58 | (documentation available upon request) 59 | 60 | ## Storage Options 61 | 62 | Deployments can be stored in three ways: 63 | 64 | - S3 Storage (recommended for production): Set AWS credentials and specify 65 | bucket with `--s3-bucket` flag. 66 | - Local Storage: Mount `/data` directory to persist deployments locally. 67 | - Ephemeral Storage (default): Deployments stored in memory, lost when 68 | container stops. 69 | 70 | ## Configuration 71 | 72 | Configuration options: 73 | 74 | | **Flag** | **Environment Variable** | **Description** | 75 | | --- | --- | --- | 76 | | `--s3-bucket=` | `S3_BUCKET` | S3 bucket name | 77 | | `--aws-access-key-id` | `AWS_ACCESS_KEY_ID` | S3 access key | 78 | | `--aws-secret-access-key` | `AWS_SECRET_ACCESS_KEY` | S3 secret key | 79 | | `--aws-region` | `AWS_REGION` | S3 region | 80 | | `--s3-endpoint` | `S3_ENDPOINT` | S3-compatible endpoint | 81 | | `--isolate-threads` | `ISOLATE_THREADS` | Number of isolate threads (auto-detected if unspecified, min 8) | 82 | 83 | ## Internal Redis API 84 | 85 | Cluster state is exposed on port 3911 (`-p 3911:3911`) using the RESP2 protocol: 86 | 87 | ```bash 88 | # list all nodes 89 | $ redis-cli -p 3911 KEYS 'node/*' 90 | 1) "node/aws-eu-west-1.demo.deno-cluster.net/b193727c9ee2a868c5ae2563aa58b84f/ip" 91 | 2) "node/aws-eu-west-1.demo.deno-cluster.net/b193727c9ee2a868c5ae2563aa58b84f/num_active_isolates" 92 | 3) "node/aws-eu-west-1.demo.deno-cluster.net/b193727c9ee2a868c5ae2563aa58b84f/settings" 93 | 4) "node/aws-eu-west-1.demo.deno-cluster.net/b193727c9ee2a868c5ae2563aa58b84f/token" 94 | 5) "node/aws-eu-west-1.demo.deno-cluster.net/b193727c9ee2a868c5ae2563aa58b84f/update_time" 95 | 6) "node/aws-eu-west-1.demo.deno-cluster.net/b193727c9ee2a868c5ae2563aa58b84f/used_balloon_budget_mib" 96 | 7) "node/aws-us-east-2.demo.deno-cluster.net/c21a915f54091d23fa8d4c88052685d4/ip" 97 | 8) "node/aws-us-east-2.demo.deno-cluster.net/c21a915f54091d23fa8d4c88052685d4/num_active_isolates" 98 | 9) "node/aws-us-east-2.demo.deno-cluster.net/c21a915f54091d23fa8d4c88052685d4/settings" 99 | 10) "node/aws-us-east-2.demo.deno-cluster.net/c21a915f54091d23fa8d4c88052685d4/token" 100 | 11) "node/aws-us-east-2.demo.deno-cluster.net/c21a915f54091d23fa8d4c88052685d4/update_time" 101 | 12) "node/aws-us-east-2.demo.deno-cluster.net/c21a915f54091d23fa8d4c88052685d4/used_balloon_budget_mib" 102 | ``` 103 | 104 | Then, for example, inspect the active isolates on a `deployd` instance: 105 | 106 | ```bash 107 | $ redis-cli -p 3911 GET "node/aws-eu-west-1.demo.deno-cluster.net/b193727c9ee2a868c5ae2563aa58b84f/num_active_isolates" 108 | "19" 109 | ``` 110 | 111 | There’s a lot of stuff here, documentation provided upon request. 112 | 113 | ## Observability 114 | 115 | `deployd` emits traces, metrics, and logs through OpenTelemetry out of the box. Telemetry from your applications can optionally be viewed through Deno Deploy's managed control plane ([app.deno.com](http://app.deno.com/)), or sent to your own collector by setting standard OTEL environment variables: `OTEL_EXPORTER_OTLP_ENDPOINT`, `OTEL_EXPORTER_OTLP_PROTOCOL`, `OTEL_RESOURCE_ATTRIBUTES`,`OTEL_SERVICE_NAME`. 116 | 117 | See https://opentelemetry.io/docs/languages/sdk-configuration/otlp-exporter/ 118 | 119 | ## Who is `deployd` for? 120 | 121 | - Compliance-sensitive organizations that must keep the data plane inside 122 | their own public cloud account or on-prem servers 123 | - Platform builders who want to run serverless JavaScript code as a service 124 | - AI platforms who need a place to run LLM-generated code 125 | - Any team executing untrusted user code and requiring VM-grade isolation 126 | 127 | ## Support 128 | 129 | `deployd` is in active development. For support and feedback: [deploy@deno.com](mailto:deployd@deno.com) 130 | 131 | Commercial terms will be available closer to the public release. 132 | --------------------------------------------------------------------------------