Skip to main content

Prerequisites

  • A cluster connected to Niro (see Connect a Cluster)
  • The apply capability enabled on the cluster (NIRO_ENABLE_APPLY=1)
  • Optionally, a GitHub repo linked for GitOps (see Set Up GitOps)

1. Open the builder

In the dashboard, click Apps in the sidebar, then click Deploy app. Select the cluster you want to deploy to. If the cluster doesn’t have the apply capability enabled, you’ll see a prompt to enable it.

2. Configure the workload

The builder is organized into sections. Fill in the ones relevant to your app — you don’t need to fill in everything.

Workload (required)

FieldDescription
ImageContainer image reference, e.g. nginx:1.25 or ghcr.io/my-org/my-app:v1.2.3
NameName for the Kubernetes Deployment (and Service, if you add one)
NamespaceTarget namespace. Type to create a new one.
Command / ArgsOverride the container entrypoint or arguments
PortsContainer ports to expose
Environment variablesKey-value pairs injected as env entries
Resource requestsMinimum CPU/memory guaranteed to the container
Resource limitsMaximum CPU/memory the container can use
Liveness probeKubernetes liveness probe (HTTP, TCP, or exec)
Readiness probeKubernetes readiness probe
Set resource requests and limits to avoid policy findings and ensure predictable scheduling. A good starting point: 100m CPU / 128Mi memory requests; 500m CPU / 512Mi memory limits.

Networking (optional)

Enable a Kubernetes Service to expose your app:
FieldDescription
Service typeClusterIP (internal only), NodePort, or LoadBalancer
PortService port → container port mapping
Enable an Ingress to expose the app via HTTP(S):
FieldDescription
HostnameDomain name to route (e.g. myapp.example.com)
TLSEnable TLS termination (requires cert-manager or a Traefik TLS resolver)
PathURL path prefix (defaults to /)

Scaling (optional)

FieldDescription
ReplicasNumber of pod replicas (default: 1)
Horizontal Pod AutoscalerScale automatically based on CPU or memory usage
Min replicas / Max replicasHPA bounds
Target CPU utilizationPercentage of requested CPU that triggers scaling

Storage (optional)

Add a PersistentVolumeClaim for stateful workloads:
FieldDescription
SizeStorage size (e.g. 5Gi)
Access modeReadWriteOnce (single node) or ReadWriteMany (multi-node)
Mount pathPath inside the container where the volume is mounted
Storage classLeave empty to use the cluster default

Secrets (optional)

Reference Kubernetes Secrets or ConfigMaps as environment variables:
FieldDescription
envFromInject all keys from a Secret or ConfigMap as environment variables
secretKeyRefInject a specific key from a Secret as a named environment variable
Create or update those resources from the cluster Config panel before deploying the app. The app and the referenced Secret or ConfigMap must be in the same namespace. To inject private registry credentials, use Registry credentials instead — Niro adds imagePullSecrets automatically.

3. Review policy findings

As you fill in the form, Niro evaluates your configuration against policy rules in real time. Findings appear as inline warnings:
  • High — should be fixed before deploying to production (e.g. privileged container, mutable :latest tag on a production cluster)
  • Medium — best practice violations (e.g. missing resource limits)
  • Low / Info — informational only
Findings are advisory — they never block deployment.

4. Deploy

Choose what to do with the generated manifests:
Click Apply to cluster to send the manifests to the cluster immediately. No Git commit is created.Niro shows the apply result within a few seconds — each Kubernetes object shows whether it was created, configured (updated), or unchanged.You can still commit the manifests to Git later from the deployment detail page.

5. Monitor the deployment

After applying, Niro shows the deployment in the Apps list with its status:
  • Succeeded — all objects applied cleanly
  • Partial — some objects applied, some failed
  • Failed — the apply command failed
Click the deployment to see per-object results, the apply history, and any policy findings on the current live state.

Editing a deployment

Open the deployment detail page and click Edit. The builder reopens with the previously entered form values. Edit what you need and re-apply or commit a new PR.

Private images

If your image requires authentication (Docker Hub private, GHCR, ECR, GCR, etc.), add your credentials in Registries first. Niro will inject the appropriate imagePullSecret into the generated manifests automatically when you select that registry’s image.
Last modified on June 12, 2026