fix: add helm chart, exclude from yaml check

.pre-commit-config.yaml

@@ -8,6 +8,7 @@ repos:
       - id: check-toml
       - id: check-yaml
         args: [ --unsafe ]
+        exclude: ^k8s/helm/node-result-service/
       - id: end-of-file-fixer
       - id: trailing-whitespace
   - repo: https://github.com/astral-sh/ruff-pre-commit

k8s/helm/node-result-service/.helmignore

@@ -0,0 +1,101 @@
+### VisualStudioCode template
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+!.vscode/*.code-snippets
+
+# Local History for Visual Studio Code
+.history/
+
+# Built Visual Studio Code Extensions
+*.vsix
+
+### JetBrains template
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/**/usage.statistics.xml
+.idea/**/dictionaries
+.idea/**/shelf
+
+# AWS User-specific
+.idea/**/aws.xml
+
+# Generated files
+.idea/**/contentModel.xml
+
+# Sensitive or high-churn files
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+.idea/**/dbnavigator.xml
+
+# Gradle
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/artifacts
+# .idea/compiler.xml
+# .idea/jarRepositories.xml
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+# *.iml
+# *.ipr
+
+# CMake
+cmake-build-*/
+
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# SonarLint plugin
+.idea/sonarlint/
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests
+
+# Android studio 3.1+ serialized cache file
+.idea/caches/build_file_checksums.ser
+
+### Example user template template
+### Example user template
+
+# IntelliJ project files
+.idea
+*.iml
+out
+gen

k8s/helm/node-result-service/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: flame-result-service
+description: A Helm Chart for the FLAME Node Result Service
+type: application
+version: 0.1.0
+appVersion: latest

k8s/helm/node-result-service/templates/minio-deployment.yaml

@@ -0,0 +1,28 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}-local-minio-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}-minio
+  template:
+    metadata:
+      labels:
+        app: {{ .Release.Name }}-minio
+    spec:
+      containers:
+        - name: {{ .Release.Name }}-local-minio
+          image: bitnami/minio:2024.1.16
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 9000
+              name: http-s3
+          env:
+            - name: MINIO_ROOT_USER
+              value: {{ required "MinIO user must be set." .Values.env.MINIO_ACCESS_KEY | quote }}
+            - name: MINIO_ROOT_PASSWORD
+              value: {{ required "MinIO password must be set." .Values.env.MINIO_SECRET_KEY | quote }}
+            - name: MINIO_DEFAULT_BUCKETS
+              value: {{ required "MinIO bucket must be set." .Values.env.MINIO_BUCKET | quote }}

k8s/helm/node-result-service/templates/minio-service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}-local-minio-service
+spec:
+  type: NodePort  # setting nodePort later is optional
+  selector:
+    app: {{ .Release.Name }}-minio
+  ports:
+    - protocol: TCP
+      port: 9000  # port of this service
+      targetPort: http-s3  # port on the pod

k8s/helm/node-result-service/templates/node-result-deployment.yaml

@@ -0,0 +1,54 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}-node-result-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}-node-result
+  template:
+    metadata:
+      labels:
+        app: {{ .Release.Name }}-node-result
+    spec:
+      containers:
+        - name: {{ .Release.Name }}-node-result-service
+          image: ghcr.io/privateaim/node-result-service:sha-7740b53
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 8080
+              name: http-result-srv
+          env:
+            - name: MINIO__ENDPOINT
+              value: {{ .Release.Name }}-local-minio-service
+            - name: MINIO__ACCESS_KEY
+              value: {{ required "MinIO user must be set." .Values.env.MINIO_ACCESS_KEY | quote }}
+            - name: MINIO__SECRET_KEY
+              value: {{ required "MinIO password must be set." .Values.env.MINIO_SECRET_KEY | quote }}
+            - name: MINIO__USE_SSL
+              value: {{ .Values.env.MINIO_USE_SSL | default false | quote }}
+            - name: MINIO__BUCKET
+              value: {{ required "MinIO bucket must be set." .Values.env.MINIO_BUCKET | quote }}
+            - name: HUB__AUTH_USERNAME
+              value: {{ required "Hub username must be set." .Values.env.HUB_USERNAME | quote }}
+            - name: HUB__AUTH_PASSWORD
+              value: {{ required "Hub password must be set." .Values.env.HUB_PASSWORD | quote }}
+            - name: OIDC__CERTS_URL
+              value: {{ required "OIDC endpoint must be set." .Values.env.OIDC_CERTS_URL | quote }}
+            # Change this to "1" for testing purposes. This will cause the value of OIDC__CERTS_URL to be
+            # ignored. You will still need to set this variable for the service to start up correctly.
+            - name: OIDC__SKIP_JWT_VALIDATION
+              value: "0"
+          startupProbe:
+            httpGet:
+              path: /healthz
+              port: http-result-srv
+            failureThreshold: 5
+            periodSeconds: 5
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: http-result-srv
+            failureThreshold: 3
+            periodSeconds: 10

k8s/helm/node-result-service/templates/node-result-service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}-node-result-service
+spec:
+  type: NodePort  # setting nodePort later is optional
+  selector:
+    app: node-result
+  ports:
+    - protocol: TCP
+      port: 8080  # port of this service
+      targetPort: http-result-srv  # port on the pod

k8s/helm/node-result-service/values.yaml

@@ -0,0 +1,11 @@
+api:
+  version: 0.1.0
+  domain: localhost
+env:
+  HUB_USERNAME: foobar
+  HUB_PASSWORD: sup3r_s3cr3t
+  MINIO_ACCESS_KEY: admin
+  MINIO_SECRET_KEY: s3cr3t_p4ssw0rd
+  MINIO_USE_SSL: false
+  MINIO_BUCKET: flame
+  OIDC_CERTS_URL: http://keycloak-service/realms/flame/protocol/openid-connect/certs