Introducing: Deis Workflow

The Kubernetes-native PaaS


So What is Deis Workflow?

Deis Workflow is an open source PaaS that makes it easy to deploy and manage applications on your own servers. Workflow builds upon Kubernetes and Docker to provide a lightweight PaaS with a Heroku-inspired workflow.

Explore Deis Workflow

triangle square circle
Why Use Workflow?

Fast & Easy

Supercharge your team with a platform that deploys applications as fast as you can create them.


Benefit from the latest distributed systems technology thanks to a platform that is constantly evolving.

Fully Open Source

Maintain your independence with an open source platform that runs on public cloud, private cloud or bare metal.

Explore the Features >

What Are Users Saying?

"Deis gives our developers a self-service platform backed by a strong open source community. We are excited about Deis' potential at Mozilla."

Benjamin Sternthal, Mozilla
Benjamin Sternthal

"Deis enables us to deploy Docker-based microservices on our own private PaaS within seconds without human involvement."

Fredrik Björk, TheRealReal
Fredrik Björk

Trusted By:

  • Appspark
  • Cloqworq
  • Cloudmine
  • Instore
  • HotelQuickly
  • villamedia
  • Soficom
  • Bartec Pixavi
  • Democracy OS
  • Socialradar
  • Excel Micro
  • Codaisseur

Deis is built with (and loved by) the community at large.

triangle square circle
Recent Blog Posts

  • Scheduling Your Kubernetes Pods With Elixir

    27 Jul 2016

    Kelsey Hightower gave a really interesting talk at ContainerSched about how to create your own scheduler using the Kubernetes HTTP API.

    The talk was awesome. It's incredible to see what kind of things you can do with a base system as good as Kubernetes.

    However, I missed one thing. The example provided by Kelsey was a Go application. Which is the main language used with Kubernetes. So, if check that code without any context, you might think it's using some kind of Kubernetes internal packages. But it's not! It's a standalone piece of code that happens to make some HTTP calls.

    To illustrate this point, I decided to write my own scheduler, in a different language. In my case, Elixir, because that's the language I happen to be learning at the moment.

    This post isn't an intro to Elixir, but the code should be easy to follow.

    Also, I'm going to use localhost when accessing the Kubernetes API. Why? For simplicity. If we run kubectl proxy on a computer connected to the Kubernetes master, we will not need to deal with authorization, hosts, and so on. The proxy command will do it for us.

    So, let's dive in.

  • Deis Workflow 2.2 Release

    25 Jul 2016

    It may be the hottest July on record but we've got some new cool stuff in the latest release of Deis Workflow. Sit back, grab a cold drink, and check out the latest Workflow release.

  • Docker Storage: An Introduction

    22 Jul 2016

    There are lots of places inside Docker (both at the engine level and container level) that use or work with storage.

    In this post, I'll take a broad look at a few of them, including: image storage, the copy-on-write mechanism, union file systems, storage drivers, and volumes.

    You'll need Docker installed locally on your machine if you want to try out some of the commands in this post. Check out the official docs for how to install Docker on Linux, or our previous post showing how to install Docker on a non-Linux machine.

    Let's dive in.

  • Deploying a Simple and Secure Docker Registry

    15 Jul 2016

    There comes a time in everybody's life where they realize they have to run their own Docker Registry. Unfortunately there's not a lot of good information on how to run one. Docker's documentation is pretty good, but is verbose and spread across a lot of different pages. This means having half a dozen tabs open and searching for the right information.

    It's common to run the Docker Registry with little to no security settings, and fronting it with NGINX or Apache to provide this security. But there is another way.

    In this post, I will show how to run the Docker Registry securely by itself with both TLS certificate backed encryption and certificate based endpoint authorization.

    If you need to do advanced stuff like authenticate against LDAP, you'll still want to go down the reverse proxy road.

    For simplicity, I will will assume a single registry running on the local filesystem and will avoid using OS specific init systems by focusing just on the docker commands themselves. This should work on any system capable of running Docker.

  • Securing Docker With TLS Certificates

    14 Jul 2016

    By default, Docker has no authentication or authorization for its API, instead relying on the filesystem security of its UNIX socket, /var/run/docker.sock, which by default is only accessible by the root user.

    This is fine for the basic use case of only accessing the Docker API on the local machine via the socket as the root user. However if you wish to use the Docker API over TCP, you'll want to secure it so you don't have to give out root access to anyone that happens to poke you on the TCP port.

    Docker supports using TLS certificates (both on the server and the client) to provide proof of identity. When set up correctly it will only allow clients and servers with a certificate signed by a specific CA to talk to eachother.

    While not providing fine grained access permissions, it does at least allow us to listen on a TCP socket and restrict access with the bonus of also providing encryption.

    In this post, I will detail what is required to secure Docker running on a CoreOS server. I will assume you already have a CoreOS server set up and running. If not, check out this previous Deis blog post covering CoreOS and VirtualBox.

triangle square circle

Deis Workflow: The Kubernetes-native PaaS.

See how it works >