Hacker News: ajayvk

New comment by ajayvk in "Ask HN: What are you working on? (June 2026)"

ajayvk — Sun, 14 Jun 2026 16:38:27 +0000

Been working on making it much easier for application deployments to get access to a isolated database/schema. The usual pattern currently is to assume that each app creates a new database, which ignores the backups, monitoring etc required for each database. Implemented support for Postgres and MySQL.

Wrote up more details at https://openrun.dev/blog/service-binding/

New comment by ajayvk in "Service Binding – Easy database access for apps"

ajayvk — Sun, 14 Jun 2026 15:53:00 +0000

I have been building the OpenRun https://github.com/openrundev/openrun project over the last three years. Recently added support for Postgres and MySQL service bindings. After you configure the admin credentials for your database service, any new app can just ask for a binding and get a unique schema/database. Backups, monitoring, capacity planning etc can be done once for the main database, instead of repeating it for every new app.

Service Binding – Easy database access for apps

ajayvk — Sun, 14 Jun 2026 15:49:38 +0000

Article URL: https://openrun.dev/blog/service-binding/

Comments URL: https://news.ycombinator.com/item?id=48528556

Points: 2

# Comments: 1

New comment by ajayvk in "Service Bindings for Postgres: Per-App Roles and Grants"

ajayvk — Fri, 12 Jun 2026 19:37:15 +0000

Service binding is a feature that only large systems like Cloud Foundry support till now. Even Kubernetes does not have a functional implementation, the Red Hat operator is deprecated. It is a very useful feature, it allows you to configure a Postgres/MySQL service once and then each new app can easily bind and get a unique schema/database within the main database instance. Much simpler than the alternative of managing a separate database service for each app or sharing a service by either using same credentials or manually provisioning unique credentials.

I have been building the OpenRun https://github.com/openrundev/openrun project over the last three years. Recently added support for Postgres and MySQL service bindings. The flow is configure the admin credentials for your database service. After that, any new app can just ask for a binding and get a unique schema/database. Backups, monitoring, capacity planning etc can be done once for the main database, instead of repeating it for every new app.

Service Bindings for Postgres: Per-App Roles and Grants

ajayvk — Fri, 12 Jun 2026 19:17:17 +0000

Article URL: https://openrun.dev/blog/service-binding/

Comments URL: https://news.ycombinator.com/item?id=48508307

Points: 3

# Comments: 1

Blocking Copy Fail (CVE-2026-31431) in Kubernetes with Tetragon

ajayvk — Sun, 03 May 2026 00:11:18 +0000

Article URL: https://isala.me/blog/mitigating-copy-fail-with-tetragon/

Comments URL: https://news.ycombinator.com/item?id=47991862

Points: 1

# Comments: 0

New comment by ajayvk in "I am building a cloud"

ajayvk — Fri, 24 Apr 2026 00:27:58 +0000

Kubernetes offers powerful low-level primitives that can support virtually any deployment architecture. However, working with these primitives directly requires significant YAML wrangling. It makes sense to build specialized solutions on top of Kubernetes that simplify common deployment patterns. Knative is one such solution. Any solution that tries to expose all underlying primitives will inevitably become as complex as Kubernetes itself.

I have been building https://github.com/openrundev/openrun, which provides a declarative solution to deploy internal web apps for teams (with SAML/OAuth and RBAC). OpenRun runs on a single-machine with Docker or it can deploy apps to Kubernetes.

New comment by ajayvk in "Microsoft offers buyouts up to 7% of US employees"

ajayvk — Thu, 23 Apr 2026 21:15:28 +0000

Makes no sense if you look at the start menu as an interface to the operating system.

Makes perfect sense if you look at it as one more place to show ads

GitHub's Fake Star Economy

ajayvk — Tue, 14 Apr 2026 19:22:35 +0000

Article URL: https://awesomeagents.ai/news/github-fake-stars-investigation/

Comments URL: https://news.ycombinator.com/item?id=47770182

Points: 4

# Comments: 3

New comment by ajayvk in "Ask HN: What Are You Working On? (March 2026)"

ajayvk — Mon, 09 Mar 2026 01:21:18 +0000

Have been building a project https://github.com/openrundev/openrun/ which aims to make it easy for teams to easily deploy internal tools/webapps. While creating new apps has gotten easier, securely deploying them across teams remains a challenge. OpenRun runs as a proxy which adds SAML/OAuth based auth with RBAC. OpenRun deploys containerized apps to a single machine with Docker or onto Kubernetes.

Currently adding support for exposing Postgres schemas for each app to use. The goal is that with a shared Postgres instance, each app should be able to either get a dedicated schema or get limited/full access to another app's schema, with row level security rules being supported.

New comment by ajayvk in "Migrating from Heroku to Magic Containers"

ajayvk — Sat, 07 Mar 2026 16:49:10 +0000

Cloud Run makes lots of sense when running lots of small apps, apps scale to zero automatically.

I have been building https://github.com/openrundev/openrun which provides similar scale down to zero functionality, on a single machine with Docker or on top of Kubernetes.

New comment by ajayvk in "State of Show HN: 2025"

ajayvk — Tue, 17 Feb 2026 17:10:21 +0000

Another recent article on this topic https://www.arthurcnops.blog/death-of-show-hn/

Show HN: OpenRun – Declarative Deployments to Docker or Kubernetes

ajayvk — Tue, 10 Feb 2026 19:41:37 +0000

I have been building https://github.com/openrundev/openrun for the last few years and recently added Kubernetes support https://openrun.dev/docs/container/kubernetes. OpenRun is a declarative web app deployment platform, built for teams to deploy internal tools.

There are many tools which try to simplify application deployments, but not many support declarative deployments. Even if app sources are fetched from git, creating new apps or updating app config requires imperative commands. Kubernetes is the dominant declarative approach, but it takes too much YAML to manage an app with Kubernetes. OpenRun supports a limited use case, deploying web apps for internal users across a team. For that use case, it supports declarative deployments on top of Docker/Podman or Kubernetes, with a very simple config.

Some of the unique features of OpenRun are:

- All apps have a staging env, code and config changes are staged before being promoted to prod

- Supports OIDC/SAML integration, allowing you to control access to apps using RBAC policies

- Full solution which handles builds, CD and request routing. Does not require additional tooling like Jenkins/ArgoCD etc

OpenRun can run on a single machine, in which case it directly deploys the container to Docker/Podman. When deployed to Kubernetes, OpenRun builds the images using Kaniko and deploys apps as a Kubernetes deployment, using server side apply to make updates.

The whole Starlark based config for creating apps is just:

    app(path="/streamlit/uber", source="github.com/streamlit/demo-uber-nyc-pickups",
        spec="python-streamlit") # python-streamlit knows how route requests for Streamlit
    app(path="/myapp", source="github.com/example/example",
        spec="container") # container spec works for any app which has a Dockerfile

While mainly built for teams, OpenRun is the easiest way to deploy web apps and share them with friends and family https://openrun.dev/docs/use-cases/personal/. You can limit who has access to the apps using OAuth authentication.

Comments URL: https://news.ycombinator.com/item?id=46965662

Points: 21

# Comments: 0

New comment by ajayvk in "RIP Low-Code 2014-2025"

ajayvk — Mon, 26 Jan 2026 23:07:03 +0000

Authentication and authorization are important requirements for internal tools. Low-code platforms support authn/authz for app access. Building internal tools with code is much easier now with GenAI, but ensuring proper RBAC access controls remains a challenge.

I have been building https://github.com/openrundev/openrun to try and solve internal tooling deployment challenges. OpenRun provides a declarative deployment platform which supports RBAC access controls and auditing. OpenRun integrates with OIDC and SAML, giving your code based apps authn/authz features like low-code platforms.

New comment by ajayvk in "Ask HN: What Are You Working On? (Nov 2025)"

ajayvk — Mon, 10 Nov 2025 02:28:42 +0000

Building https://github.com/openrundev/openrun, a platform for declarative deployment of web apps.

OpenRun runs as a web server, which does GitOps driven app deployments. You can currently deploy apps on a standalone machine, on top of Docker/Podman. Working on adding support for deploying on top of Kubernetes. On Kubernetes, OpenRun will replace your build jobs (Jenkins/Actions etc), CD (ArgoCD etc) and IDP (Backstage etc). The same declarative config which works on a standalone machine will work on Kubernetes, with no YAML to maintain.

New comment by ajayvk in "Replacing a $3000/mo Heroku bill with a $55/mo server"

ajayvk — Wed, 22 Oct 2025 02:49:05 +0000

https://devpu.sh/ is another alternative, it has a nice UI built with Hypermedia (HTMX).

I am building https://github.com/openrundev/openrun/. Main difference is that OpenRun has a declarative interface, no need for manual CLI commands or UI operations to manage apps. Another difference is that OpenRun is implemented as a proxy, it does not depend on Traefik/Nginx etc. This allows OpenRun to implement features like scaling down to zero, RBAC access control for app access, audit logs etc.

Downside with OpenRun is that is does not plan to support deploying pre-packaged apps, no Docker compose support. Streamlit/Gradio/FastHTML/Shiny/NiceGUI apps for teams are the target use case. Coolify has the best support and catalog of pre-packaged apps.

New comment by ajayvk in "Python as a Configuration Language Using Starlark"

ajayvk — Fri, 17 Oct 2025 19:40:49 +0000

This post looks at the experience with using Starlark as against YAML for deployment configuration.

Starlark can result in much more concise and flexible config. It does require extra work on the part of the developers who are writing the code (to read the config), but it can make things easier for end users writing the config.

Python as a Configuration Language Using Starlark

ajayvk — Fri, 17 Oct 2025 19:36:35 +0000

Article URL: https://openrun.dev/blog/starlark/

Comments URL: https://news.ycombinator.com/item?id=45621063

Points: 2

# Comments: 1

New comment by ajayvk in "Python as a Configuration Language Using Starlark"

ajayvk — Thu, 16 Oct 2025 19:08:25 +0000

There has been lots of discussions about the issues with YAML and other config languages. This post looks at the experience with using Starlark as the configuration language for infrastructure deployment using OpenRun.

Starlark can result in much more concise and flexible config for end-users. It does require extra work on the part of the developers who are writing the code which reads the Starlark based config.

Python as a Configuration Language Using Starlark

ajayvk — Thu, 16 Oct 2025 19:02:41 +0000

Article URL: https://openrun.dev/blog/starlark/

Comments URL: https://news.ycombinator.com/item?id=45609363

Points: 4

# Comments: 1