Deploy an app

Everything you create lives in your namespace (tenant-<you>). You don’t need to specify it — your kubeconfig already defaults to it.

Deploy a public image

The quickest possible deploy — a stock nginx:

kubectl create deployment hello --image=nginx
kubectl expose deployment hello --port=80
kubectl get pods

You should see a hello-... pod go Running. That’s a live container on the cluster.

To use a manifest instead (recommended for anything real), kubectl apply -f deploy.yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: hello
spec:
  replicas: 1
  selector:
    matchLabels: { app: hello }
  template:
    metadata:
      labels: { app: hello }
    spec:
      containers:
        - name: hello
          image: nginx
          ports:
            - containerPort: 80
          # Always set resource requests — see Limits & rules.
          resources:
            requests: { cpu: 50m, memory: 64Mi }
            limits: { cpu: 250m, memory: 128Mi }

Push your own image

The cluster runs a private container registry at 10.1.1.2:30500, reachable over the tailnet.

1. Build your image, tagged for the registry:

   docker build -t 10.1.1.2:30500/<you>/myapp:v1 .

2. Allow the insecure registry. It serves plain HTTP (it’s tailnet-only), so your Docker daemon needs to trust it. Add to /etc/docker/daemon.json and restart Docker:

   { "insecure-registries": ["10.1.1.2:30500"] }

3. Push:

   docker push 10.1.1.2:30500/<you>/myapp:v1

4. Reference it in your Deployment:

   image: 10.1.1.2:30500/<you>/myapp:v1

Namespacing your images

Prefix your image names with your own handle (10.1.1.2:30500/<you>/...) so the shared registry stays tidy.

Managing your stuff

kubectl get all                      # everything in your namespace
kubectl logs deploy/hello            # logs
kubectl describe pod <pod>           # why isn't it starting?
kubectl delete deployment hello      # clean up

Want it reachable from the internet? → Make an app public.