Skip to content
Tentacular Tentacular

Deploy a Tentacle

Goal

Section titled “Goal”

Deploy a tentacle from local development to a running Kubernetes cluster.

Prerequisites

Section titled “Prerequisites”
  • tntc CLI installed and configured with an MCP endpoint
  • A tentacle project that passes tntc validate
  • Docker installed (for image builds)
  • Secrets configured (.secrets.yaml or .secrets/)

Steps

Section titled “Steps”

1. Validate the Tentacle

Section titled “1. Validate the Tentacle”
Terminal window
tntc validate
tntc test
tntc secrets check

Ensure no validation errors, all tests pass, and all secrets are provisioned.

2. Check Cluster Readiness

Section titled “2. Check Cluster Readiness”
Terminal window
tntc cluster check

This validates:

  • MCP server is reachable
  • Namespace can be created
  • gVisor RuntimeClass exists (warning if missing)
  • NetworkPolicy support is available

3. Build the Image

Section titled “3. Build the Image”

Option A: Full build + push

Terminal window
tntc build --push

Creates a workflow-specific image with the Deno engine embedded and pushes to your configured registry.

Option B: Reuse existing image

Terminal window
tntc deploy --image ghcr.io/yourorg/tentacular-engine:latest

Skips the build step — only updates the ConfigMap with code changes. ~5-10 second deployment.

4. Deploy

Section titled “4. Deploy”
Terminal window
tntc deploy

This:

  1. Parses and validates workflow.yaml
  2. Resolves the base image
  3. Generates ConfigMap with workflow.yaml + nodes/*.ts
  4. Generates K8s manifests (Deployment, Service, NetworkPolicy)
  5. Provisions secrets to K8s
  6. Ensures enclave exists (via MCP enclave_provision if needed)
  7. Applies all manifests (via MCP wf_apply)

5. Verify Deployment

Section titled “5. Verify Deployment”
Terminal window
# Check deployment status
tntc status my-tentacle --detail


# View logs
tntc logs my-tentacle --tail 20


# Trigger a manual run
tntc run my-tentacle


# Security audit
tntc audit my-tentacle

Verification

Section titled “Verification”
  • tntc status shows healthy deployment with ready replicas
  • tntc logs shows clean startup with no errors
  • tntc run returns expected output
  • tntc audit shows clean RBAC, NetworkPolicy, and PSA

Failure Modes

Section titled “Failure Modes”
FailureCauseResolution
MCP not configuredMissing endpoint in configRun tntc configure with --env
image pull errorWrong registry or tagCheck --image flag or .tentacular/base-image.txt
secret not foundSecrets not provisionedRun tntc secrets check and fix
NetworkPolicy denyContract missing dependencyAdd dependency to contract.dependencies
RuntimeClass not foundgVisor not installedDeploy with --runtime-class "" or install gVisor
namespace not readyMCP server permissionsCheck MCP server RBAC
Section titled “Related”