Running production workloads
Use this checklist when a demo app is ready to become a real workload.
Work through each area once per app. Each card links to the feature or guide page that covers it in depth — there is no new content on this page.
Make it robust
Section titled “Make it robust” Set requests, limits, and probes What a production-ready Deployment looks like on Kupe Cloud.
GitOps delivery patterns Promote changes between environments with Argo CD and Git.
Expose it safely
Section titled “Expose it safely” HTTP routes Route traffic with Gateway API HTTPRoutes on the shared gateway.
Custom domains Serve the app on your own domain, with DNS automation.
TLS and certificates Automatic certificates for `*...clusters.kupe.cloud` hostnames and your own domains.
Handle secrets
Section titled “Handle secrets” Managed secrets Store values once and sync them into one or more clusters.
Create and sync secrets Step-by-step walkthrough of the sync flow.
Observe it properly
Section titled “Observe it properly” Alerting Write alert rules that fire on symptoms your users feel.
Notifications Route alerts to Slack, PagerDuty, Teams, email, or webhooks.
Dashboards Built-in dashboards and how to customise them for your app.
Secure it
Section titled “Secure it” Cluster policies Policies enforced by the platform on every tenant cluster.
Vulnerability scanning Continuous CVE and misconfiguration scanning for your workloads.
Network isolation How tenant and namespace boundaries are enforced on the network.
Keep it running
Section titled “Keep it running” Upgrade clusters Day-2 upgrades of the Kubernetes version and platform components.
Platform limits Practical bounds to plan capacity against.