Qruiq Tke Deployment

3. Auto-detect parameters

kubectl config current-context
kubectl get namespaces --no-headers -o custom-columns=NAME:.metadata.name
kubectl get svc -n ingress-nginx ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
cat package.json | grep '"name"'

Parameters

Steps

Execute all steps directly. Do not list as TODOs. Pause at step 3 for user confirmation.

1. Copy K8s config files

mkdir -p k8s/scripts
cp ~/.qruiq/skills/skills/qruiq-tke-deployment/template/k8s/*.yaml k8s/
cp ~/.qruiq/skills/skills/qruiq-tke-deployment/template/k8s/scripts/init-namespace.sh k8s/scripts/
chmod +x k8s/scripts/init-namespace.sh

2. Replace placeholders

sed -i '' "s/__APP_NAME__/<APP_NAME>/g" k8s/*.yaml
sed -i '' "s/__TCR_NAMESPACE__/<TCR_NAMESPACE>/g" k8s/*.yaml
sed -i '' "s/__IMAGE_NAME__/<APP_NAME>/g" k8s/*.yaml
sed -i '' "s/__DOMAIN__/<DOMAIN>/g" k8s/*.yaml

3. [PAUSE] Wait for user to initialize Namespace

Instruct user to prepare .env.dev (must contain DATABASE_URL, NEXTAUTH_SECRET, NEXTAUTH_URL, GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET) and TCR_USERNAME/TCR_PASSWORD, then run:

export TCR_USERNAME=<tcr-username>
export TCR_PASSWORD=<tcr-password>
./k8s/scripts/init-namespace.sh <APP_NAME> dev

Wait for user confirmation before continuing.

4. Verify deployment

Execute all verification — do not leave for user to check.

4a. Wait for pods

kubectl rollout status deployment/<APP_NAME>-web -n <APP_NAME>-dev --timeout=5m

On failure, diagnose:

kubectl get pods -n <APP_NAME>-dev
kubectl describe pod -n <APP_NAME>-dev -l app=<APP_NAME>,component=web
kubectl logs -n <APP_NAME>-dev -l app=<APP_NAME>,component=web --tail=50

4b. Health check (in-cluster)

POD=$(kubectl get pod -n <APP_NAME>-dev -l app=<APP_NAME>,component=web -o jsonpath='{.items[0].metadata.name}')
kubectl exec -n <APP_NAME>-dev $POD -- wget -q -O - http://localhost:3000/api/health

4c. External access

If DOMAIN configured:

curl -sf https://<DOMAIN>/api/health

If not, use LB IP + Host header:

LB_IP=$(kubectl get svc -n ingress-nginx ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
curl -sf -H "Host: <APP_NAME>.qruiq.app" http://$LB_IP/api/health

4d. Report results

Deployment: SUCCESS / FAILED
Pod status: <Running / failure reason>
Health check: <passed / failure reason>
External access: <URL / pending items>

User action required:
- <DNS config, domain binding, etc.>

Placeholder conventions

Template files use __UPPERCASE__ placeholders:

Namespace convention

<project-name>-dev    # Dev/test environment
<project-name>-prod   # Production (optional)

Resource manifest (deploy order)

1. Namespace — k8s/namespace.yaml
2. TCR Secret — kubectl create secret docker-registry tcr-secret ...
3. ConfigMap — k8s/configmap.yaml
4. App Secret — kubectl create secret generic <app>-secrets --from-env-file=.env.dev
5. Deployment — k8s/deployment.yaml (health probes on /api/health:3000)
6. Service — k8s/service.yaml (ClusterIP, port 80 → 3000)
7. Ingress — k8s/ingress.yaml (nginx ingress class)

Cluster reference

Notes

• Only domains with NS on Cloudflare can route to nginx ingress. qruiq.app works; ufcenter.xyz (NS on afternic) does not.
• kubectl get ingress ADDRESS field may be inaccurate — always check ingress-nginx-controller Service EXTERNAL-IP.
• TKE CBS storage only supports ReadWriteOnce. For multi-pod shared storage, use CFS (NFS).

Common operations

kubectl get pods -n <namespace>
kubectl logs -f deployment/<project>-web -n <namespace>
kubectl rollout restart deployment/<project>-web -n <namespace>
kubectl set image deployment/<project>-web web=<image>:<version> -n <namespace>