Deploy lifecycle
Start on your provider's page — it walks you through the full deployment and links here for the shared steps. This page links to the one-time setup and the deploy-and-verify steps, and covers DNS, first sign-in, updating, and tearing down.
Provider-specific prerequisites, configuration, and cost notes are on each provider's page.
What every deployment includes
Regardless of provider, when nic deploy finishes your cluster will have:
- Automatic TLS for every service you publish (cert-manager + Let's Encrypt).
- Single sign-on across all services (Keycloak).
- Ingress routing for any service you expose (Envoy Gateway).
- GitOps-driven updates: roll out or roll back apps by committing to your GitOps repo — ArgoCD reconciles the cluster to match (ArgoCD).
Each provider adds storage and cluster-type specifics — see the provider pages for details.
Set up your repository and credentials
Before deploying, create your GitOps repository and .env credentials: see Prepare to deploy.
Deploy and verify
Download a starter config, validate it, provision the cluster, retrieve a kubeconfig, and confirm the cluster is healthy: see Deploy a cluster.
DNS
After deploy completes, your cluster needs DNS records to be reachable: see Cloudflare DNS.
First sign-in
nic does not create an end-user account, so create one in Keycloak before you can sign in: see Keycloak authentication.
Update an existing deployment
To change a running cluster, edit your config and re-run nic deploy: see Update a cluster.
Destroy
When you're done with the cluster, tear it down with nic destroy: see Destroy a cluster.