From cbb05c7c638778acd89b0b67a37e0d075f16d64e Mon Sep 17 00:00:00 2001
From: Maximilian Jugl <Maximilian.Jugl@medizin.uni-leipzig.de>
Date: Wed, 21 Feb 2024 14:58:35 +0100
Subject: [PATCH] feat: add deployment files for result service

---
 k8s/README.md                   | 33 +++++++++++++++++++++++++++++++++
 k8s/generate-k8s-secret-yaml.sh | 18 ++++++++++++++++++
 k8s/node-result-deployment.yaml | 23 +++++++++++++++++++++++
 k8s/node-result-service.yaml    | 12 ++++++++++++
 4 files changed, 86 insertions(+)
 create mode 100644 k8s/README.md
 create mode 100755 k8s/generate-k8s-secret-yaml.sh
 create mode 100644 k8s/node-result-deployment.yaml
 create mode 100644 k8s/node-result-service.yaml

diff --git a/k8s/README.md b/k8s/README.md
new file mode 100644
index 0000000..3c2ef28
--- /dev/null
+++ b/k8s/README.md
@@ -0,0 +1,33 @@
+# Kubernetes deployment
+
+This directory contains files for setting up the Node Result Service in a k8s cluster.
+Make sure you have a k8s cluster running and accessible, e.g. by
+installing [minikube](https://minikube.sigs.k8s.io/docs/) on your local
+machine.
+
+## Secret setup to pull from ghcr.io
+
+Container images will be pulled from the GitHub container registry.
+You will need to provide the login credentials as a secret to k8s.
+[Follow the GitHub documentation on acquiring a personal access token.](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-to-the-container-registry)
+
+To save yourself some work, you'll find a script which generates the configuration file to correctly provision the
+access token to your k8s instance in this directory.
+Simply run the following commands.
+
+```
+$ ./generate-k8s-secret-yaml.sh "<GitHub username>" "<GitHub access token>" > ghcr-secret.yaml
+$ kubectl apply -f ghcr-secret.yaml
+```
+
+**It is highly encouraged to delete the resulting YAML file afterwards since it contains your access token in
+(obfuscated) plain text.**
+
+## Deploy to k8s
+
+To deploy, simply run the following commands.
+
+```
+$ kubectl apply -f ./node-result-deployment.yaml
+$ kubectl apply -f ./node-result-service.yaml
+```
diff --git a/k8s/generate-k8s-secret-yaml.sh b/k8s/generate-k8s-secret-yaml.sh
new file mode 100755
index 0000000..04451d3
--- /dev/null
+++ b/k8s/generate-k8s-secret-yaml.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+if [ "$#" -ne 2 ]; then
+  echo "usage: $0 github_username github_access_token"
+  exit 1
+fi
+
+B64_BASIC_AUTH=$(printf "%s:%s" "$1" "$2" | base64 -w0)
+B64_DOCKER_CONFIG_JSON=$(printf '{"auths": {"ghcr.io": {"auth": "%s"}}}' "$B64_BASIC_AUTH" | base64 -w0)
+
+cat <<EOF
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+apiVersion: v1
+metadata:
+  name: dockerconfigjson-github-com
+data:
+  .dockerconfigjson: $B64_DOCKER_CONFIG_JSON
+EOF
diff --git a/k8s/node-result-deployment.yaml b/k8s/node-result-deployment.yaml
new file mode 100644
index 0000000..c5cde2e
--- /dev/null
+++ b/k8s/node-result-deployment.yaml
@@ -0,0 +1,23 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: node-result-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: node-result
+  template:
+    metadata:
+      labels:
+        app: node-result
+    spec:
+      containers:
+        - name: node-result-service
+          image: ghcr.io/privateaim/node-result-service:sha-8de419a
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 8080
+              name: http-result-srv
+      imagePullSecrets:
+        - name: dockerconfigjson-github-com
diff --git a/k8s/node-result-service.yaml b/k8s/node-result-service.yaml
new file mode 100644
index 0000000..a27e3ea
--- /dev/null
+++ b/k8s/node-result-service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: node-result-service
+spec:
+  type: NodePort  # setting nodePort later is optional
+  selector:
+    app: node-result
+  ports:
+    - protocol: TCP
+      port: 8080  # port of this service
+      targetPort: http-result-srv  # port on the pod