Deployment of applications and infrastructure is a complex process and requires coordination from Infra and application developer teams. An internal developer platform helps both teams move fast with fewer mistakes — resulting in increased productivity with a higher amount of stability.
A deployment platform that can serve as the internal developer platform for a company. The goal here is to make it really easy for developers to deploy and maintain their applications without detailed knowledge of infrastructure and also making it easy for infra / devops teams to create policies to enforce engineering and security best practices.
Different methods of Deployment across clouds:
Different workloads can be suitable for different methods of deployment based on the traffic pattern, cpu and memory consumption. The goal is to provide a single interface for deploying across multiple systems — like service on kubernetes, jobs on Kubernetes, AWS Lambda, serverless on Kubernetes (Knative), Google Cloud Run, model servers. Truefoundry integrates with git repositories to allow deployment directly from any Git repo.
Logging and Visualizing metrics and Graphs across jobs
TrueFoundry allows developers to log details metrics, parameters, images, plots, artifacts which allows them to compare job runs using the detailed dashboards.
Software Canary / Shadow Testing
TrueFoundry makes it really easy to test new versions of the software on live data without hurting existing production — by shadow testing. It also allows canary rollout of software by gradually shifting traffic to the new versions.
Secrets Management
Developers will be able to create secrets and reference them in their applications. Some of the key features of secrets management:
Access control on secrets — Viewers can see the keys of secrets but not the values of the secrets. This way devops / infra team can share the keys with the developers without worrying about exposing the values of secrets.
Multi-Cluster Management and Deployment
Truefoundry allows integration with multiple clusters and managing access control across them. Truefoundry doesn’t store the cluster credentials anywhere with itself, making it secure for different users in the company.
Access control on Kubernetes for different teams
Truefoundry makes it easy to put access control on Kubernetes namespaces and allocate them to different teams with resource quotas which enables developers to be more autonomous while ensuring that the infra remains stable, cost-controlled and secure.
Basic Monitoring and Logging UIs directly viewable on the platform
TrueFoundry doesn’t come up with any opinions on the logging or metrics platform that you want to use. The goal here instead is to integrate with a few common logging and monitoring solutions so that we can show a quick glance on the platform itself. For more detailed and customizable views, we do recommend using the existing monitoring solutions like Prometheus, Loki, ELK, Datadog or NewRelic.
Unified view of all services deployed and running (Service Catalog)
Cost estimation and optimization on a per service level / team / engineer level.
We want to enable to track cost estimation and optimization on a per service or team level. Just exposing the visibility of cost to every single engineer creates the awareness to optimize the costs and remove the burden from a single team.
Deploy any terraform module (hence enabling deployment of any managed database, queue or caching services)
We want to enable deployment of Cloud services using terraform modules written by devops or Infra team. For e.g. the devops team can create a terraform module for creating a database and developers can provision a database from the UI based on the terraform module for RDS. This will rely on the plugin framework mentioned below and a terraform controller on Kubernetes.
At TrueFoundry we don’t want to reinvent the wheel and use existing systems as much as possible. Thats why we integrate with a lot of existing infrastructure tools so that users can bring their own infrastructure or customize Truefoundry according to their own needs.
If you don’t see any name here on the list, we will be happy to work with you and add more integrations to the list.
POLP Principle
We follow and make it easy for infra teams to enforce POLP principle throughout the stack. Developers can be added to whatever workspaces they need access to — and their changes will be constrained to those workspaces.
No Secrets, passwords stored on Truefoundry platform
Truefoundry doesn’t store any sensitive information with itself like Kubernetes credentials, secrets. All data is encrypted at REST. We recommend providing all access through service accounts
We also plan to provide complete audit logs which helps teams understand all the actions taken across platforms.
Kubernetes Cluster is in your control
TrueFoundry exposes the raw Kubernetes cluster that it deploys workloads on and provides full access (including kubectl with proper permission access) to customers. This allows anyone to pretty much do whatever they want in addition to Truefoundry without ever blocking them.
Apart from this, we also support a plugin framework using which its easy to build further plugins — similar to CRDs on Kubernetes.
Building Custom Plugins on TrueFoundry
TrueFoundry supports each deployment methodology as a custom plugin:
To create a plugin, user has to write 3 parts:
Currently the input spec and output spec need to be in Cue Lang and the processor needs to be in Go. However in the future, we can allow input and output schemas also possible in JSON Schema and the processors to be written in any language.
We auto-generate the UI and the python interfaces from the input cue files.
Setting up of infrastructure by infra/devops teams:
TrueFoundry has 2 components — control plane and a workload cluster agent. This enables TrueFoundry to orchestrate workloads across multiple clusters.
We very deeply integrate into application, jobs, ML deployment. This translates a lot of infra knowledge to developer terminology. A lot of the other platforms do this by building abstractions and reducing the infra concepts — whereas we try to do by simplification and not hiding things.
Argonaut adopts this approach of bringing both infra and application deployment together — but this will be a 2–3 year product cycle. They have started with more on the infra side.
Our plugin based architecture is based on the Kubernetes CRD framework with our own flavour of CueLang. This gives us the power to get plugins out on CLI, UI and all languages really fast. This was inspired by the design at Kubevela (an open source repo) — we don’t know of any other player that has figured out this pattern. This is one of our proprietory things that will also allow us to build much faster than other players.
We try to be as transparent as possible by giving complete source code out — which makes it really easy to migrate off of us. Porter and purple.sh only seems to gaurantee this — rest all are very closed systems.
We are already showing unique insights and preventing the most common bugs in software deployment like not changing environment variables on deployment. We don’t know of any other platform that is doing this or can do this as we can because of us knowing both secret history and deployment history. We can also generate a lot of insights on cost, stability, developer producitvity since we see the pipeline of code from source control to production.
Our platform is designed to be more like what platform teams build internally. It addresses the key issues of resource allocation, security and abstractions for developers. Porter, Northflank are more similar to Heroku. Qovery, Argonaut is more like a substitute for Devops for smaller companies. Humanitec, shipa are more designed for platform teams but we found their abstractions quite hard to reason about and understand.
Join AI/ML leaders for the latest on product, community, and GenAI developments