Deploy Applications
Prepare Kubernetes workloads for clean, repeatable delivery on Kupe Cloud.
For the Argo CD wiring itself, see Create Argo CD Applications.
What a deployable app should include
Section titled “What a deployable app should include”Before a workload is promoted beyond a first test environment, it should usually have:
- health probes
- resource requests and limits
- a
Servicefor in-cluster traffic - an
HTTPRouteif the app needs external traffic - structured logs and metrics where possible
- everything defined in Git
Example workload
Section titled “Example workload”This example shows a small web service with sensible runtime defaults:
apiVersion: apps/v1kind: Deploymentmetadata: name: web namespace: webspec: replicas: 2 selector: matchLabels: app: web template: metadata: labels: app: web annotations: k8s.grafana.com/scrape: "true" k8s.grafana.com/metrics.path: "/metrics" k8s.grafana.com/metrics.portNumber: "8080" spec: containers: - name: web image: ghcr.io/your-org/web:1.2.3 ports: - containerPort: 8080 resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 512Mi readinessProbe: httpGet: path: /readyz port: 8080 livenessProbe: httpGet: path: /healthz port: 8080---apiVersion: v1kind: Servicemetadata: name: web namespace: webspec: selector: app: web ports: - port: 80 targetPort: 8080If the app needs external traffic
Section titled “If the app needs external traffic”Add an HTTPRoute that attaches to the shared public gateway:
apiVersion: gateway.networking.k8s.io/v1kind: HTTPRoutemetadata: name: web namespace: webspec: parentRefs: - name: external-gateway namespace: kube-system hostnames: - web.<cluster>.<tenant>.clusters.kupe.cloud rules: - matches: - path: type: PathPrefix value: / backendRefs: - name: web port: 80App hostnames must sit under your cluster’s dedicated subdomain
*.<cluster>.<tenant>.clusters.kupe.cloud — a platform hostname outside it is rejected at
admission. For custom domains, keep the same route model and follow Custom Domains.
Rollout validation
Section titled “Rollout validation”Once Argo CD syncs the application, check the basics in order:
- Argo CD shows the app as
SyncedandHealthy. - The workload reaches the expected replica count.
- Service endpoints are ready.
- The route is accepted if the app is exposed externally.
- Logs and metrics look normal after the rollout.
Useful cluster-side checks:
kubectl get deploy,pods,svc -n <namespace>kubectl rollout status deploy/<name> -n <namespace>kubectl get httproute -n <namespace>Common causes of a failed first deploy
Section titled “Common causes of a failed first deploy”- the container is not listening on the port the
Serviceexpects - readiness or liveness probes point at the wrong path
- resource limits are missing or too low for the workload
- the application is deployed to the wrong namespace
- the
HTTPRoutepoints at the wrongServiceor port - image pull credentials or image tags are wrong