Merge pull request #20 from PrivateAIM/16-add-k8s-deployment-files

Add k8s deployment files
PrivateAIM · Feb 22, 2024 · 7e21a96 · 7e21a96
2 parents 6e919c5 + 6f20775
commit 7e21a96
Show file tree

Hide file tree

Showing 6 changed files with 139 additions and 0 deletions.
diff --git a/k8s/README.md b/k8s/README.md
@@ -0,0 +1,35 @@
+# Kubernetes deployment
+
+This directory contains files for setting up the Node Result Service in a k8s cluster.
+Make sure you have a k8s cluster running and accessible, e.g. by
+installing [minikube](https://minikube.sigs.k8s.io/docs/) on your local
+machine.
+
+## Secret setup to pull from ghcr.io
+
+Container images will be pulled from the GitHub container registry.
+You will need to provide the login credentials as a secret to k8s.
+[Follow the GitHub documentation on acquiring a personal access token.](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-to-the-container-registry)
+
+To save yourself some work, you'll find a script which generates the configuration file to correctly provision the
+access token to your k8s instance in this directory.
+Simply run the following commands.
+
+```
+$ ./generate-k8s-secret-yaml.sh "<GitHub username>" "<GitHub access token>" > ghcr-secret.yaml
+$ kubectl apply -f ghcr-secret.yaml
+```
+
+**It is highly encouraged to delete the resulting YAML file afterwards since it contains your access token in
+(obfuscated) plain text.**
+
+## Deploy to k8s
+
+To deploy, simply run the following commands.
+
+```
+$ kubectl apply -f ./minio-deployment.yaml
+$ kubectl apply -f ./minio-service.yaml
+$ kubectl apply -f ./node-result-deployment.yaml
+$ kubectl apply -f ./node-result-service.yaml
+```
diff --git a/k8s/generate-k8s-secret-yaml.sh b/k8s/generate-k8s-secret-yaml.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+if [ "$#" -ne 2 ]; then
+  echo "usage: $0 github_username github_access_token"
+  exit 1
+fi
+
+B64_BASIC_AUTH=$(printf "%s:%s" "$1" "$2" | base64 -w0)
+B64_DOCKER_CONFIG_JSON=$(printf '{"auths": {"ghcr.io": {"auth": "%s"}}}' "$B64_BASIC_AUTH" | base64 -w0)
+
+cat <<EOF
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+apiVersion: v1
+metadata:
+  name: dockerconfigjson-github-com
+data:
+  .dockerconfigjson: $B64_DOCKER_CONFIG_JSON
+EOF
diff --git a/k8s/minio-deployment.yaml b/k8s/minio-deployment.yaml
@@ -0,0 +1,28 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: local-minio-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: minio
+  template:
+    metadata:
+      labels:
+        app: minio
+    spec:
+      containers:
+        - name: local-minio
+          image: bitnami/minio:2024.1.16
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 9000
+              name: http-s3
+          env:
+            - name: MINIO_ROOT_USER
+              value: admin
+            - name: MINIO_ROOT_PASSWORD
+              value: s3cr3t_p4ssw0rd
+            - name: MINIO_DEFAULT_BUCKETS
+              value: flame
diff --git a/k8s/minio-service.yaml b/k8s/minio-service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: local-minio-service
+spec:
+  type: NodePort  # setting nodePort later is optional
+  selector:
+    app: minio
+  ports:
+    - protocol: TCP
+      port: 9000  # port of this service
+      targetPort: http-s3  # port on the pod
diff --git a/k8s/node-result-deployment.yaml b/k8s/node-result-deployment.yaml
@@ -0,0 +1,34 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: node-result-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: node-result
+  template:
+    metadata:
+      labels:
+        app: node-result
+    spec:
+      containers:
+        - name: node-result-service
+          image: ghcr.io/privateaim/node-result-service:sha-8de419a
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 8080
+              name: http-result-srv
+          env:
+            - name: MINIO__ENDPOINT
+              value: local-minio
+            - name: MINIO__ACCESS_KEY
+              value: admin
+            - name: MINIO__SECRET_KEY
+              value: s3cr3t_p4ssw0rd
+            - name: MINIO__USE_SSL
+              value: false
+            - name: MINIO__BUCKET
+              value: flame
+      imagePullSecrets:
+        - name: dockerconfigjson-github-com
diff --git a/k8s/node-result-service.yaml b/k8s/node-result-service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: node-result-service
+spec:
+  type: NodePort  # setting nodePort later is optional
+  selector:
+    app: node-result
+  ports:
+    - protocol: TCP
+      port: 8080  # port of this service
+      targetPort: http-result-srv  # port on the pod