Configure kubernetes deployment

.github/workflows/publish-and-release.yml

@@ -0,0 +1,131 @@
+name: Publish Image and Release Deployment
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  workflow_dispatch:
+  push:
+    branches: ['main']
+  pull_request:
+    branches: ['main']
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  get_version:
+    name: Determine Version
+    runs-on: ubuntu-latest
+    permissions:
+      checks: write
+      contents: write
+      id-token: write
+      pull-requests: write
+      security-events: write
+      statuses: write
+    outputs:
+      SemVer: ${{ steps.get-version.outputs.SemVer }}
+    steps:
+
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install GitVersion
+        uses: gittools/actions/gitversion/setup@v3.2.0
+        with:
+          versionSpec: "6.2.x"
+
+      - name: Determine Version
+        id: get-version 
+        uses: gittools/actions/gitversion/execute@v3.2.0
+
+      - name: Output Version
+        run: |
+          echo "# Version:" >> $GITHUB_STEP_SUMMARY
+          echo ${{ steps.get-version.outputs.SemVer }} >> $GITHUB_STEP_SUMMARY
+
+  push_to_registry:
+    needs: get_version
+    if: github.ref == 'refs/heads/main'
+    name: Push Docker image to GHCR
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+
+      - name: Check out the repo
+        uses: actions/checkout@v4
+
+      - name: Log in to the Github Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=${{ needs.get_version.outputs.SemVer }}
+            type=raw,value=latest
+
+      - name: Build and push Docker image
+        id: build-and-push-image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Output Image Details
+        if: steps.build-and-push-image.outcome == 'success'
+        run: |
+          echo "# Built and pushed the following images:" >> $GITHUB_STEP_SUMMARY
+          echo "${{ steps.meta.outputs.tags }}" | tr ',' '\n' >> $GITHUB_STEP_SUMMARY
+
+  merge_to_release:
+    name: Merge to Release
+    needs: push_to_registry
+    if: github.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+
+      - name: Check Out the Repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Merge main Branch Locally
+        shell: bash
+        run: |
+          git config --global user.name "$verse-ci"
+          git config --global user.email "$ci@verse.app"
+          git checkout release
+          git merge -Xtheirs --no-commit origin/main
+
+      - name: Apply Newest Version
+        shell: bash
+        run: |
+          yq -i '.version = "${{ needs.get_version.outputs.SemVer }}"' ./deployment/route96/Chart.yaml
+          yq -i '.appVersion = "${{ needs.get_version.outputs.SemVer }}"' ./deployment/route96/Chart.yaml
+          yq -i '.image.tag = "${{ needs.get_version.outputs.SemVer }}"' ./deployment/route96/values.yaml
+
+      - name: Commit and Push to Trigger Release
+        shell: bash
+        run: |
+          git tag ${{ needs.get_version.outputs.SemVer }}
+          git commit -a -m "Version ${{ needs.get_version.outputs.SemVer }} Release"
+          git push
+          git push --tags

.gitignore

@@ -1,3 +1,5 @@
 target/
 data/
-.idea/
+.idea/
+
+local/

Dockerfile

@@ -76,4 +76,4 @@ RUN ./bin/route96 --version
 
 # Entrypoint runs as root initially to fix permissions, then switches to appuser
 USER root
-ENTRYPOINT ["sh", "-c", "chown -R appuser:appgroup /app/data && exec gosu appuser /app/bin/route96 \"$@\""]
+ENTRYPOINT ["sh", "-c", "chown -R appuser:appgroup /app/data && exec gosu appuser /app/bin/route96 \"$@\""]

deployment/README.md

@@ -0,0 +1,10 @@
+# Deployment
+Verse utilizes a combination of Helm and ArgoCD to deploy this application to its Kubernetes cluster. Configuration for this deployment pattern requires the following:
+    1. The repository has a helm chart, and all required/desired templates, written and stored in its `/deployment/<chart>` directory.
+    2. An ArgoCD Application has been created that targets this repository's `/deployment/<chart>` directory.
+
+## To Deploy a change
+    1. Update the `/deployment/Chart.yaml`'s `AppVersion` file, to contain the tag for the new Docker image.
+    2. Merge this update to main.
+    3. In ArgoCD, if auto-sync is not enabled for the Application that was created (the one targeting this repo), execute the sync operation for this Application.
+    4. You should then see the new version of the application replace the old one, in ArgoCD. This reflects what is happening in the cluster.

deployment/route96/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

deployment/route96/Chart.yaml

@@ -0,0 +1,16 @@
+apiVersion: v2
+name: route96
+description: The Helm chart for deploying the Blossom media server from Verse's route96 repository.
+
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 1.0.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.0.0"

deployment/route96/templates/config.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: blossom-config
+  namespace: blossom
+data:
+  config: |
+    listen: "REPLACED_BY_ENV"
+    database: "REPLACED_BY_ENV"
+    filesystem:
+      storage_dir: "REPLACED_BY_ENV"
+    max_upload_bytes: 0
+    public_url: "REPLACED_BY_ENV"
+    nip29_relay:
+      url: "REPLACED_BY_ENV"
+      private_key: "REPLACED_BY_ENV"
+      cache_expiration: 0

deployment/route96/templates/deployment.yaml

@@ -0,0 +1,91 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: blossom-deployment
+  namespace: blossom
+  labels:
+    app.kubernetes.io/name: blossom
+    app.kubernetes.io/part-of: blossom
+    app.kubernetes.io/managed-by: Helm
+spec:
+  replicas: { { .Values.replicaCount } }
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: blossom
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: blossom
+        app.kubernetes.io/part-of: blossom
+        app.kubernetes.io/managed-by: Helm
+    spec:
+      containers:
+        - name: my-container
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: { { .Values.image.pullPolicy | default "Always" } }
+          env:
+            - name: APP__LISTEN
+              value: 0.0.0.0:8000
+            - name: APP__FILESYSTEM__STORAGE_DIR
+              value: /app/data
+            - name: APP__MAX_UPLOAD_BYTES
+              value: "5000000000"
+            - name: APP__PUBLIC_URL
+              value: http://localhost:8000
+            - name: APP__NIP29_RELAY__URL
+              value: wss://communities.nos.social
+            - name: APP__NIP29_RELAY__CACHE_EXPIRATION
+              value: "300"
+            - name: APP__NIP29_RELAY__PRIVATE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: "blossom-secret"
+                  key: app_nip29_relay_private_key
+            - name: APP__DATABASE
+              valueFrom:
+                secretKeyRef:
+                  name: "blossom-secret"
+                  key: database_connection_string
+          resources:
+            requests:
+              memory: "512Mi"
+              cpu: "1"
+            limits:
+              memory: "1028Mi"
+              cpu: "2"
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: 8000
+            initialDelaySeconds: 30
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: 8000
+            initialDelaySeconds: 5
+            timeoutSeconds: 3
+          ports:
+            - containerPort: 8000
+              protocol: TCP
+          volumeMounts:
+            - name: blossom-config
+              mountPath: /app/config.yaml
+              subPath: config
+            - name: blossom-storage
+              mountPath: /app/data
+            - name: database-cacert
+              mountPath: /app/ca.pem
+      volumes:
+        - name: blossom-config
+          configMap:
+            name: blossom-config
+        - name: blossom-storage
+          persistentVolumeClaim:
+            claimName: blossom-pvc
+        - name: database-cacert
+          secret:
+            secretName: blossom-secret
+            items:
+              - key: database_cacert
+                path: ca.pem

deployment/route96/templates/hpa.yaml

@@ -0,0 +1,27 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: blossom-hpa
+  namespace: blossom
+  labels:
+    app.kubernetes.io/part-of: blossom
+    app.kubernetes.io/managed-by: Helm
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: blossom-deployment
+  minReplicas: { { .Values.autoscaling.minReplicas | default 1 } }
+  maxReplicas: { { .Values.autoscaling.maxReplicas | default 10 } }
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization:
+            {
+              {
+                .Values.autoscaling.targetCPUUtilizationPercentage | default 80,
+              },
+            }