Skip to main content

Deploy lifecycle

note

Start on your provider's page — it walks you through the full deployment and links here for the shared steps. This page links to the one-time setup and the deploy-and-verify steps, and covers DNS, first sign-in, updating, and tearing down.

Provider-specific prerequisites, configuration, and cost notes are on each provider's page.

What every deployment includes

Regardless of provider, when nic deploy finishes your cluster will have:

  • Automatic TLS for every service you publish (cert-manager + Let's Encrypt).
  • Single sign-on across all services (Keycloak).
  • Ingress routing for any service you expose (Envoy Gateway).
  • GitOps-driven updates: roll out or roll back apps by committing to your GitOps repo — ArgoCD reconciles the cluster to match (ArgoCD).

Each provider adds storage and cluster-type specifics — see the provider pages for details.

Set up your repository and credentials

Before deploying, create your GitOps repository and .env credentials: see Prepare to deploy.

Deploy and verify

Download a starter config, validate it, provision the cluster, retrieve a kubeconfig, and confirm the cluster is healthy: see Deploy a cluster.

DNS

After deploy completes, your cluster needs DNS records to be reachable: see Cloudflare DNS.

First sign-in

nic does not create an end-user account, so create one in Keycloak before you can sign in: see Keycloak authentication.

Update an existing deployment

To change a running cluster, edit your config and re-run nic deploy: see Update a cluster.

Destroy

When you're done with the cluster, tear it down with nic destroy: see Destroy a cluster.