feat(deploy): add kubernetes manifest

.pre-commit-config.yaml

@@ -3,6 +3,7 @@ repos:
     rev: v2.3.0
     hooks:
     -   id: check-yaml
+        args: ['--allow-multiple-documents']
     -   id: end-of-file-fixer
     -   id: trailing-whitespace
 

Makefile

@@ -1,4 +1,4 @@
-.PHONY: help venv install run test lint format clean setup-secrets
+.PHONY: help venv install run test lint format clean setup-secrets deploy-k8s
 
 PYTHON=python
 PIP=pip
@@ -15,6 +15,7 @@ help:
 	@echo "  lint            Run pre-commit hooks (includes black, yaml, gitleaks)"
 	@echo "  format          Format code with black"
 	@echo "  setup-secrets   Copy and edit secrets template for local dev"
+	@echo "  deploy-k8s      Deploy application to Kubernetes"
 	@echo "  clean           Remove Python cache and virtual environment"
 
 venv:
@@ -41,6 +42,9 @@ setup-secrets:
 	cp -n tests/secrets/nebius_secrets.py.template tests/secrets/cred.py; \
 	echo "Edit tests/secrets/cred.py to add your own API credentials."
 
+deploy-k8s:
+	./scripts/deploy-k8s.sh
+
 clean:
 	rm -rf $(VENV) __pycache__ */__pycache__ .pytest_cache .mypy_cache .coverage .hypothesis
 	find . -type f -name '*.pyc' -delete

deploy/kubernetes.yaml

@@ -0,0 +1,153 @@
+# Kubernetes manifest for Yuga Planner
+# Note: This file contains environment variable placeholders that need to be substituted before deployment
+# Use the provided deploy script or substitute manually: envsubst < kubernetes.yaml | kubectl apply -f -
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: yuga-planner-secrets
+  labels:
+    app: yuga-planner
+type: Opaque
+stringData:
+  # These values will be populated from environment variables during deployment
+  NEBIUS_API_KEY: "${NEBIUS_API_KEY}"
+  NEBIUS_MODEL: "${NEBIUS_MODEL}"
+  MODAL_TOKEN_ID: "${MODAL_TOKEN_ID}"
+  MODAL_TOKEN_SECRET: "${MODAL_TOKEN_SECRET}"
+  HF_MODEL: "${HF_MODEL}"
+  HF_TOKEN: "${HF_TOKEN}"
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: yuga-planner-config
+  labels:
+    app: yuga-planner
+data:
+  JAVA_HOME: "/usr/lib/jvm/temurin-21-jdk-amd64"
+  PATH: "/usr/lib/jvm/temurin-21-jdk-amd64/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: yuga-planner
+  labels:
+    app: yuga-planner
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: yuga-planner
+  template:
+    metadata:
+      labels:
+        app: yuga-planner
+    spec:
+      containers:
+      - name: yuga-planner
+        image: ghcr.io/blackopsrepl/yuga-planner-test:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 7860
+          name: http
+          protocol: TCP
+        env:
+        - name: JAVA_HOME
+          valueFrom:
+            configMapKeyRef:
+              name: yuga-planner-config
+              key: JAVA_HOME
+        - name: PATH
+          valueFrom:
+            configMapKeyRef:
+              name: yuga-planner-config
+              key: PATH
+        - name: NEBIUS_API_KEY
+          valueFrom:
+            secretKeyRef:
+              name: yuga-planner-secrets
+              key: NEBIUS_API_KEY
+        - name: NEBIUS_MODEL
+          valueFrom:
+            secretKeyRef:
+              name: yuga-planner-secrets
+              key: NEBIUS_MODEL
+        - name: MODAL_TOKEN_ID
+          valueFrom:
+            secretKeyRef:
+              name: yuga-planner-secrets
+              key: MODAL_TOKEN_ID
+        - name: MODAL_TOKEN_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: yuga-planner-secrets
+              key: MODAL_TOKEN_SECRET
+        - name: HF_MODEL
+          valueFrom:
+            secretKeyRef:
+              name: yuga-planner-secrets
+              key: HF_MODEL
+        - name: HF_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: yuga-planner-secrets
+              key: HF_TOKEN
+        command: ["python", "src/app.py"]
+        args:
+        - "--server-name"
+        - "0.0.0.0"
+        - "--server-port"
+        - "7860"
+        resources:
+          requests:
+            memory: "512Mi"
+            cpu: "250m"
+          limits:
+            memory: "2Gi"
+            cpu: "1000m"
+        livenessProbe:
+          httpGet:
+            path: /
+            port: 7860
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          timeoutSeconds: 5
+          failureThreshold: 3
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 7860
+          initialDelaySeconds: 10
+          periodSeconds: 5
+          timeoutSeconds: 3
+          failureThreshold: 3
+        securityContext:
+          runAsNonRoot: true
+          runAsUser: 1000
+          runAsGroup: 1000
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: false
+          capabilities:
+            drop:
+            - ALL
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: yuga-planner-service
+  labels:
+    app: yuga-planner
+spec:
+  type: NodePort
+  ports:
+  - port: 80
+    targetPort: 7860
+    nodePort: 30860
+    protocol: TCP
+    name: http
+  selector:
+    app: yuga-planner

scripts/deploy-k8s.sh

@@ -0,0 +1,134 @@
+#!/bin/bash
+set -e
+
+# Yuga Planner Kubernetes Deployment Script
+# This script loads credentials from environment variables or creds.py and deploys to Kubernetes
+
+echo "🚀 Deploying Yuga Planner to Kubernetes..."
+
+# Check if we're in the correct directory (project root)
+if [ ! -f "deploy/kubernetes.yaml" ]; then
+    echo "❌ Error: kubernetes.yaml not found. Please run this script from the project root."
+    exit 1
+fi
+
+# Function to load credentials from creds.py if environment variables are not set
+load_credentials() {
+    local creds_file="tests/secrets/creds.py"
+
+    if [ -f "$creds_file" ]; then
+        echo "📋 Loading credentials from $creds_file..."
+
+        # Extract credentials from creds.py if environment variables are not set
+        if [ -z "$NEBIUS_API_KEY" ]; then
+            export NEBIUS_API_KEY=$(python3 -c "
+import sys
+sys.path.append('tests/secrets')
+import creds
+print(creds.NEBIUS_API_KEY)
+" 2>/dev/null || echo "")
+        fi
+
+        if [ -z "$NEBIUS_MODEL" ]; then
+            export NEBIUS_MODEL=$(python3 -c "
+import sys
+sys.path.append('tests/secrets')
+import creds
+print(creds.NEBIUS_MODEL)
+" 2>/dev/null || echo "")
+        fi
+
+        if [ -z "$MODAL_TOKEN_ID" ]; then
+            export MODAL_TOKEN_ID=$(python3 -c "
+import sys
+sys.path.append('tests/secrets')
+import creds
+print(creds.MODAL_TOKEN_ID)
+" 2>/dev/null || echo "")
+        fi
+
+        if [ -z "$MODAL_TOKEN_SECRET" ]; then
+            export MODAL_TOKEN_SECRET=$(python3 -c "
+import sys
+sys.path.append('tests/secrets')
+import creds
+print(creds.MODAL_TOKEN_SECRET)
+" 2>/dev/null || echo "")
+        fi
+
+        if [ -z "$HF_MODEL" ]; then
+            export HF_MODEL=$(python3 -c "
+import sys
+sys.path.append('tests/secrets')
+import creds
+print(creds.HF_MODEL)
+" 2>/dev/null || echo "")
+        fi
+
+        if [ -z "$HF_TOKEN" ]; then
+            export HF_TOKEN=$(python3 -c "
+import sys
+sys.path.append('tests/secrets')
+import creds
+print(creds.HF_TOKEN)
+" 2>/dev/null || echo "")
+        fi
+    else
+        echo "⚠️  Warning: $creds_file not found"
+    fi
+}
+
+# Check if credentials are available in environment variables
+echo "🔍 Checking for credentials..."
+
+missing_vars=()
+required_vars=("NEBIUS_API_KEY" "NEBIUS_MODEL" "MODAL_TOKEN_ID" "MODAL_TOKEN_SECRET" "HF_MODEL" "HF_TOKEN")
+
+for var in "${required_vars[@]}"; do
+    if [ -z "${!var}" ]; then
+        missing_vars+=("$var")
+    fi
+done
+
+if [ ${#missing_vars[@]} -gt 0 ]; then
+    echo "📂 Missing environment variables: ${missing_vars[*]}"
+    echo "🔄 Attempting to load from creds.py..."
+    load_credentials
+
+    # Check again after loading from creds.py
+    missing_vars=()
+    for var in "${required_vars[@]}"; do
+        if [ -z "${!var}" ]; then
+            missing_vars+=("$var")
+        fi
+    done
+
+    if [ ${#missing_vars[@]} -gt 0 ]; then
+        echo "❌ Error: The following required environment variables are not set: ${missing_vars[*]}"
+        echo "💡 Please set them in your environment or ensure tests/secrets/creds.py exists with the required values."
+        exit 1
+    fi
+fi
+
+echo "✅ All credentials found"
+
+# Check if envsubst is available
+if ! command -v envsubst &> /dev/null; then
+    echo "❌ Error: envsubst is required but not installed. Please install gettext-base package."
+    exit 1
+fi
+
+# Check if kubectl is available
+if ! command -v kubectl &> /dev/null; then
+    echo "❌ Error: kubectl is required but not installed."
+    exit 1
+fi
+
+# Substitute environment variables and apply to Kubernetes
+echo "🔧 Substituting environment variables and deploying..."
+envsubst < deploy/kubernetes.yaml | kubectl apply -f -
+
+echo "✅ Deployment complete!"
+echo "🌐 Access the application at: http://<node-ip>:30860"
+echo "🔍 Check deployment status: kubectl get pods -l app=yuga-planner"
+echo "📋 View logs: kubectl logs -l app=yuga-planner -f"