Skip to main content

Kubernetes

Use deploy/k8s.yaml as the starting manifest: a single-replica Deployment + Service with liveness/readiness probes on /healthz and a 30-second termination grace period around chukei's 5-second SIGTERM drain budget.

kubectl create secret generic chukei-config --from-file=chukei.yaml
kubectl create secret tls chukei-tls --cert=tls.crt --key=tls.key
kubectl apply -f deploy/k8s.yaml

Keep replicas: 1 for the pilot — the cache and savings ledger are per-instance. The manifest runs as the distroless non-root user and sets fsGroup: 65532 so the data volume is writable. The pilot profile persists no result data at rest, so the data volume can stay emptyDir.

A Kubernetes operator with CRDs (Chukei, ChukeiPlugin, ChukeiPolicy) is on the roadmap.