Show HN: Distr 2.0 – A year of learning how to ship to customer environments
github.comA year ago, we launched Distr here to help software vendors manage customer deployments remotely. We had agents that pulled updates, a hub with a GUI, and a lot of assumptions about what on-prem deployment needed.
It turned out things get messy when your software is running in places you can't simply SSH into.
Over the last year, we’ve also helped modernize a lot of home-baked solutions: bash scripts that email when updates fail, Excel sheets nobody trusts to track customer versions, engineers driving to customer sites to fix things in person, debug sessions over email (“can you take a screenshot of the logs and send it to me?”), customers with access to internal AWS or GCP registries because there was no better option, and deployments two major versions behind that nobody wants to touch.
We waited a year before making our first breaking change, which led to a major SemVer update—but it was eventually necessary. We needed to completely rewrite how we manage customer organizations. In Distr, we differentiate between vendors and customers. A vendor is typically the author of a software / AI application that wants to distribute it to customers. Previously, we had taken a shortcut where every customer was just a single user who owned a deployment. We’ve now introduced customer organizations. Vendors onboard customer organizations onto the platform, and customers own their internal user management, including RBAC. This change obviously broke our API, and although the migration for our cloud customers was smooth, custom solutions built on top of our APIs needed updates.
Other notable features we’ve implemented since our first launch:
- An OCI container registry built on an adapted version of https://github.com/google/go-containerregistry/, directly embedded into our codebase and served via a separate port from a single Docker image. This allows vendors to distribute Docker images and other OCI artifacts if customers want to self-manage deployments.
- License Management to restrict which customers can access which applications or artifact versions. Although “license management” is a broadly used term, the main purpose here is to codify contractual agreements between vendors and customers. In its simplest form, this is time-based access to specific software versions, which vendors can now manage with Distr.
- Container logs and metrics you can actually see without SSH access. Internally, we debated whether to use a time-series database or store all logs in Postgres. Although we had to tinker quite a bit with Postgres indexes, it now runs stably.
- Secret Management, so database passwords don’t show up in configuration steps or logs.
Distr is now used by 200+ vendors, including Fortune 500 companies, across on-prem, GovCloud, AWS, and GCP, spanning health tech, fintech, security, and AI companies. We’ve also started working on our first air-gapped environment.
For Distr 3.0, we’re working on native Terraform / OpenTofu and Zarf support to provision and update infrastructure in customers’ cloud accounts and physical environments—empowering vendors to offer BYOC and air-gapped use cases, all from a single platform.
Distr is fully open source and self-hostable: https://github.com/distr-sh/distr
Docs: https://distr.sh/docs
We’re YC S24. Happy to answer questions about on-prem deployments and would love to hear about your experience with complex customer deployments.
> A vendor is typically the author of a software / AI application
Can you explain how „AI Application“ differs from „Software“ in your model?
Sure, multiple of our customers that distribute applications with a machine learning/AI component also need to distribute their models. They can use our OCI registry to distribute large images with huge layers. We specifically reworked our registry implementation to storing in-transit blobs on disk to save memory, ensuring the application doesn’t run out of memory [1].
[1] https://github.com/distr-sh/distr/pull/1478
Man. I absolutely hate that the term AI just has to be meaninglessly sprinkled over every single piece of marketing material now.
I don't even hate the player, it's just what you gotta do to run a business now. But man I can't wait for this chapter of the game to be over.
I feel you, but a huge percentage of recently funded companies are in the AI space. Software distribution for them is even more complex due to all the moving parts, and we want to make sure these companies know that our solution is a great fit for them.
Hi HN, I am Philip, one of the creators of Distr and happy to answer questions.
How does Distr compare to Replicated?
Distr is a modern Open Source alternative to Replicated. We have a more in-depth comparison over here https://distr.sh/compare/replicated/. If you have any questions, I’m happy to help.
Any chance you would consider avoiding the SSO tax and making it available for all tiers?
SSO (Google, Microsoft, GitHub) is available on all tiers. Custom OIDC provider support is even available in our ~MIT~ (Apache2) licensed community edition if you self host Distr. Even TOTP MFA is available for all users and part of the community edition.
How can we improve in reducing SSO tax?
Starter package does not show SSO as being available. Thanks for clarifying https://distr.sh/pricing/
I see Apache 2 licensed code in your GitHub but not MIT. Is there another repo or that's what you were referring to?
Custom SSO integrations often require specific development and are therefore not available in our beginner tier.
Oh my bad. Our repository[1] is obviously Apache2.0 licensed, not MIT. Thanks for pointing that out.
[1] https://github.com/distr-sh/distr
we may be interested in it.
how does it handle very bad internet connection on-prem?
Feel free to reach out via our website[1]. Distr does not require an internet connection to keep your application running. Update commands are fetched directly from the agent and do not require any special connectivity.
Updates are pulled before the rollover to a new version is performed, so a poor internet connection may only affect the download speed of new updates. Distr is designed to operate even when no connection is available, or when connectivity is only allowed in short time slots.
[1] https://distr.sh/contact/