Mrc-4908 k8s setup

.github/workflows/shiny-image-push.yaml

@@ -0,0 +1,24 @@
+name: Build and push Shiny server image
+
+on:
+  push:
+    branches:
+      - "main"
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Build and push
+        run: shiny/build-and-push

.gitignore

@@ -1 +1,2 @@
 apache/ssl
+k8s/ssl

README.md

@@ -2,60 +2,21 @@
 
 This is a temporary repo designed to give an easy-to-understand deployment of the apache / haproxy / shiny stack; it does not include configurable applications or anything like that. See it online at https://shiny-dev.dide.ic.ac.uk (DIDE network only).
 
-## The components
 
-Some of these are docker images, and they are not set to pull, so you will want to rebuild. All build very quickly.
+## Running in Kubernetes
 
-### apache
+The following is guide to run the shiny server in kubernetes. They are based on running a Kind cluster. The configuration may
+nee to be adjusted for other k8s clusters.
 
-Running an unmodified httpd container (previously was 2.4, we'll update once we know this works). The configuration ([`apache/httpd.conf`](httpd/httpd.conf)) and certificates (`apache/ssl`) will be read-only mounted into the container. You need to fetch the ssl key and certificate, run `./apache/configure_ssl` to do this (only needs to be done if they change or if the `ssl` directory is deleted)
+### Prerequisites
 
-### haproxy
+A k8s kubernetes cluster using k3s is needed to be setup first. To setup a k8s cluster follow the guide [here](https://mrc-ide.myjetbrains.com/youtrack/articles/RESIDE-A-31/Setting-up-Kubernetes-k8s-Cluster).
 
-Build the image with `./haproxy/build` which builds `mrcide/haproxy` with a configuration that can be seen in [`haproxy/haproxy.cfg`](haproxy/haproxy.cfg) and some utilities which enable some degree of dynamic scaling of shiny servers.
+Run `start-k8s-shiny <env>` to run the shint server in k8s.
 
-### shiny
+#### Teardown
 
-A lightly modified version of the official shiny container; the original version was more extensively modified
+Run the following: 
 
-### apps
-
-Some applications (copied over from the original deployment are in `apps`). These will want to be in a volume; run `./apps/create_volume` to copy them into the volume
-
-### Summary
-
-```
-./apache/configure_ssl
-./haproxy/build
-./shiny/build
-./apps/create_volume
-```
-
-## Bringing the bits up
-
-```
-docker network create twinkle 2> /dev/null || /bin/true
-docker volume create shiny_logs
-docker run -d --name haproxy --network twinkle mrcide/haproxy:dev
-docker run -d --name apache --network twinkle \
-  -p 80:80 \
-  -p 443:443 \
-  -p 9000:9000 \
-  -v "${PWD}/apache/httpd.conf:/usr/local/apache2/conf/httpd.conf:ro" \
-  -v "${PWD}/apache/auth:/usr/local/apache2/conf/auth:ro" \
-  -v "${PWD}/apache/ssl:/usr/local/apache2/conf/ssl:ro" \
-  httpd:2.4
-docker run -d --name shiny-1 --network=twinkle \
-  -v twinkle_apps:/shiny/apps \
-  -v twinkle_logs:/shiny/logs \
-  -p 3838:3838 \
-  mrcide/shiny-server:dev
-docker exec haproxy update_shiny_servers shiny 1
-```
-
-Teardown
-
-```
-docker rm -f haproxy apache shiny-1
-docker network rm twinkle
-```
+1. `kubectl delete -k k8s/overlays/<env>`. Replace <env> with testing or production. 
+2. `kubectl  delete ns twinkle` to remove namespace. 

k8s/base/deployment.yaml

@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: shiny-deploy
+  labels:
+    app: shiny
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: shiny
+  template:
+    metadata:
+      labels:
+        app: shiny
+    spec:
+      initContainers:
+        - name: init-shiny
+          image: busybox:1.28
+          command: ["sh", "-c", "mkdir -p /shiny/logs /shiny/apps"]
+          volumeMounts:
+            - name: shiny-data
+              mountPath: /shiny
+      containers:
+        - name: shiny
+          image: mrcide/shiny-server:dev # todo: change to actual one!!! mrcide-
+          volumeMounts:
+            - name: shiny-data
+              mountPath: /shiny
+          # todo: create appropriate resource requests
+          # resources:
+          #   requests:
+          #     memory: "128Mi"
+          #     cpu: "250m"
+      volumes:
+        - name: shiny-data
+          persistentVolumeClaim:
+            claimName: shiny-pvc

k8s/base/ingress.yaml

@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-shiny
+  annotations:
+    nginx.ingress.kubernetes.io/affinity: "cookie"
+    nginx.ingress.kubernetes.io/session-cookie-name: "shinycookie"
+    nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
+    nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - shiny-dev.dide.ic.ac.uk
+      secretName: tls-secret
+  rules:
+    - host: shiny-dev.dide.ic.ac.uk
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: shiny-svc
+                port:
+                  number: 3838