Skip to content

feat: Add Kubernetes deployment support #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 26 commits into from
Aug 27, 2025
Merged

feat: Add Kubernetes deployment support #1

merged 26 commits into from
Aug 27, 2025

Conversation

smyrick
Copy link
Member

@smyrick smyrick commented Aug 27, 2025

🚀 Kubernetes Deployment Support

This PR adds comprehensive Kubernetes deployment support for the Apollo Supergraph with significant security improvements and local development enhancements.

🎯 Key Features

Kubernetes Deployment

  • ✅ Complete minikube deployment support for Apollo Router and Subgraphs
  • ✅ Isolated deployment options (router-only, subgraphs-only, full deployment)
  • ✅ Health checks, resource limits, and proper service configuration
  • ✅ Ingress configuration for external access

Security Improvements 🔒

  • Removed hardcoded Apollo credentials from Kubernetes manifests
  • Environment variable substitution using envsubst
  • .env file support with proper .gitignore protection
  • Template-based credential management with env.example
  • Validation of required environment variables before deployment

Local Development Enhancements

  • ✅ Docker Compose support for both router and subgraphs
  • ✅ Proper health check endpoints for subgraphs
  • ✅ Comprehensive testing and validation scripts
  • ✅ Cleanup scripts for easy resource management

📁 New Files Added

Kubernetes Manifests (k8s/)

  • namespace.yaml - Namespace definitions
  • configmaps.yaml - Configuration management
  • router-deployment.yaml - Full deployment router config
  • router-only-deployment.yaml - Isolated router deployment
  • subgraphs-deployment.yaml - Full deployment subgraphs config
  • subgraphs-only-deployment.yaml - Isolated subgraphs deployment
  • ingress.yaml - Ingress configuration

Deployment Scripts

  • deploy.sh - Full supergraph deployment
  • deploy-router-only.sh - Isolated router deployment
  • deploy-subgraphs-only.sh - Isolated subgraphs deployment
  • setup-minikube.sh - Minikube environment setup
  • cleanup.sh - Full deployment cleanup
  • cleanup-router-only.sh - Router-only cleanup
  • cleanup-subgraphs-only.sh - Subgraphs-only cleanup

Testing & Validation

  • test-deployment.sh - Full deployment testing
  • test-router-only.sh - Router-only testing
  • test-subgraphs-only.sh - Subgraphs-only testing
  • validate-external-access.sh - External access validation

Documentation

  • README-K8S.md - Comprehensive Kubernetes deployment guide
  • router/env.example - Environment variable template

🔧 Modified Files

Configuration Updates

  • router/router.yaml - Enhanced health check configuration
  • subgraphs/subgraphs.js - Added dedicated health check endpoint
  • subgraphs/Dockerfile - New containerization support
  • subgraphs/docker-compose.yaml - Local development support

🛡️ Security Features

  • Environment variable substitution prevents credential exposure
  • .env file protection via .gitignore
  • Template-based credential management
  • Validation of required environment variables
  • Clear documentation of security best practices

🧪 Testing

All deployments include comprehensive testing:

  • Health check validation
  • GraphQL endpoint testing
  • External access verification
  • Resource cleanup procedures

🚀 Quick Start

  1. Setup environment:

    cp router/env.example router/.env
# Edit router/.env with your Apollo Studio credentials

  2. Setup minikube:

    ./setup-minikube.sh

  3. Deploy:

    # Full deployment
./deploy.sh

# Or isolated deployments
./deploy-router-only.sh
./deploy-subgraphs-only.sh

📊 Impact

  • 27 files changed, 2,138 insertions
  • Production-ready Kubernetes deployment
  • Secure credential management
  • Comprehensive local development support

This implementation provides a production-ready Kubernetes deployment with proper security practices and comprehensive local development support.

smyrick added 9 commits August 26, 2025 18:53
@smyrick
Init setup
965041b
@smyrick
feat: Add Kubernetes deployment support with security improvements
3ef4932 
This commit adds comprehensive Kubernetes deployment support for the Apollo Supergraph
with significant security improvements and local development enhancements.

## �� New Features

### Kubernetes Deployment
- Add complete minikube deployment support for Apollo Router and Subgraphs
- Create isolated deployment options (router-only, subgraphs-only, full deployment)
- Implement health checks, resource limits, and proper service configuration
- Add ingress configuration for external access

### Security Improvements
- Remove hardcoded Apollo credentials from Kubernetes manifests
- Implement environment variable substitution using envsubst
- Add .env file support with proper gitignore protection
- Create env.example template for secure credential management
- Update deployment scripts to source credentials from .env files

### Local Development Enhancements
- Add Docker Compose support for both router and subgraphs
- Implement proper health check endpoints for subgraphs
- Create comprehensive testing and validation scripts
- Add cleanup scripts for easy resource management

## 📁 New Files

### Kubernetes Manifests
- k8s/namespace.yaml - Namespace definitions
- k8s/configmaps.yaml - Configuration management
- k8s/router-deployment.yaml - Full deployment router config
- k8s/router-only-deployment.yaml - Isolated router deployment
- k8s/subgraphs-deployment.yaml - Full deployment subgraphs config
- k8s/subgraphs-only-deployment.yaml - Isolated subgraphs deployment
- k8s/ingress.yaml - Ingress configuration

### Deployment Scripts
- deploy.sh - Full supergraph deployment
- deploy-router-only.sh - Isolated router deployment
- deploy-subgraphs-only.sh - Isolated subgraphs deployment
- setup-minikube.sh - Minikube environment setup
- cleanup.sh - Full deployment cleanup
- cleanup-router-only.sh - Router-only cleanup
- cleanup-subgraphs-only.sh - Subgraphs-only cleanup

### Testing & Validation
- test-deployment.sh - Full deployment testing
- test-router-only.sh - Router-only testing
- test-subgraphs-only.sh - Subgraphs-only testing
- validate-external-access.sh - External access validation

### Documentation
- README-K8S.md - Comprehensive Kubernetes deployment guide
- router/env.example - Environment variable template

## 🔧 Modified Files

### Configuration Updates
- router/router.yaml - Enhanced health check configuration
- subgraphs/subgraphs.js - Added dedicated health check endpoint
- subgraphs/Dockerfile - New containerization support
- subgraphs/docker-compose.yaml - Local development support

## 🛡️ Security Features

- Environment variable substitution prevents credential exposure
- .env file protection via .gitignore
- Template-based credential management
- Validation of required environment variables
- Clear documentation of security best practices

## 🧪 Testing

All deployments include comprehensive testing:
- Health check validation
- GraphQL endpoint testing
- External access verification
- Resource cleanup procedures

This implementation provides a production-ready Kubernetes deployment
with proper security practices and comprehensive local development support.
@smyrick
chore: Add IDE files to .gitignore
ed54b01
@smyrick
feat: complete repository cleanup and optimization
543ed4f 
- Reorganized documentation structure (README.md, SETUP.md, README-K8S.md)
- Standardized script naming (run-*, test-* patterns)
- Optimized GitHub Actions workflows (removed duplication)
- Enhanced .gitignore with comprehensive exclusions
- Added shared utilities in scripts/utils.sh
- Improved testing coverage and script organization
- Cleaned up all temporary files and artifacts
- Ready for production deployment
@smyrick
fix: add --validate=false to kubectl commands in GitHub Actions
6049def 
- Fixes kubectl validation error in CI environment
- Allows manifest validation without requiring API server
- Resolves 'connection refused' error on localhost:8080
@smyrick
fix: add KinD cluster setup for Kubernetes manifest validation
543cf84 
- Add KinD cluster setup before kubectl commands
- Remove --validate=false flags since we now have a real cluster
- Fixes 'connection refused' error by providing actual Kubernetes API server
- Ensures proper manifest validation in CI environment
@smyrick
fix: add --accept-license flag to Rover CLI commands
4b2633c 
- Add --accept-license to rover supergraph compose in router/compose.sh
- Add --accept-license to rover dev in router/rover-dev.sh
- Fixes ELv2 license acceptance requirement in CI and local development
- Ensures Rover commands work without manual license acceptance
@smyrick
Delete schemas
476cee9
@smyrick
simplify: replace complex kubectl validation with basic YAML and Dock…
53241be 
…er testing

- Remove KinD cluster setup and kubectl validation
- Add Docker build testing for subgraphs
- Add YAML format validation using yamllint
- Add basic Kubernetes manifest structure validation
- Focus on reliable, fast CI tests that don't require full K8s cluster
- Ensures CI passes consistently without complex dependencies
@smyrick smyrick changed the title feat: Add Kubernetes deployment support with security improvements feat: Add Kubernetes deployment support Aug 27, 2025
smyrick added 17 commits August 27, 2025 13:23
@smyrick
Fix accept license
3a8d1af
@smyrick
refactor: update all references to cleanup.sh to cleanup-k8s.sh
d790dc5 
- Update README.md cleanup script reference
- Update README-K8S.md cleanup script references (3 locations)
- Update SETUP.md cleanup script reference
- Update AI_INSTRUCTIONS.md cleanup script reference
- Update GitHub Actions workflows cleanup script references
- Maintains consistent naming convention with run-k8s.sh and test-k8s.sh
@smyrick
Cleanup readme
50b0f37
@smyrick
fix: add explicit kind cluster creation and verification in K8s deplo…
203c767 
…yment workflow

- Add explicit 'kind create cluster --name kind' command
- Add cluster verification steps (kind get clusters, kubectl get nodes)
- Add node readiness check with kubectl wait
- Add cluster status verification before deployment
- Ensures kind cluster is properly created and ready before K8s operations
- Fixes 'no nodes found for cluster kind' error
@smyrick
fix: correct YAML formatting in k8s/ingress.yaml
2270249 
- Add document start marker '---' at the top
- Fix indentation on rules section (4 spaces instead of 2)
- Fix indentation on paths section (8 spaces instead of 6)
- Ensures YAML linting passes in GitHub Actions
- Maintains proper Kubernetes ingress structure
@smyrick
fix: add document start markers to all Kubernetes YAML files
0397c49 
- Add '---' to k8s/namespace.yaml
- Add '---' to k8s/subgraphs-deployment-clusterip.yaml
- Add '---' to k8s/router-deployment-clusterip.yaml
- Ensures all K8s manifests pass YAML linting validation
- Follows YAML best practices for multi-document files
@smyrick
fix: correct YAML indentation in router-deployment-clusterip.yaml
c026891 
- Fix array formatting for args (proper YAML array syntax)
- Fix indentation for ports section (consistent 2-space indentation)
- Fix indentation for env section (consistent 2-space indentation)
- Fix indentation for volumeMounts section (consistent 2-space indentation)
- Fix indentation for volumes section (consistent 2-space indentation)
- Fix indentation for service ports section (consistent 2-space indentation)
- Ensures YAML linting passes with proper formatting
@smyrick
feat: add YAML linting to local tests
1746b62 
- Add --yaml option to test-local.sh for YAML formatting tests
- Include YAML linting in default 'all' tests
- Test Kubernetes manifests in k8s/ directory
- Test router configuration YAML file
- Auto-install yamllint if not available
- Update test summary to include YAML formatting results
@smyrick
fix: use python3 -m yamllint for more reliable YAML linting
233bd40 
- Replace binary yamllint lookup with python3 -m yamllint
- This avoids PATH issues when yamllint is installed via pip
- More reliable across different Python environments
- Maintains the same functionality but with better compatibility
@smyrick
fix: simplify YAML linting to avoid installation issues
c1dde7e 
- Remove automatic yamllint installation which was causing problems
- Check for yamllint availability via python3 -m yamllint or PATH
- Skip YAML linting tests gracefully if yamllint is not available
- Provide helpful message on how to install yamllint manually
- Makes the script more reliable and less prone to installation failures
@smyrick
fix: correct YAML indentation in router-deployment-clusterip.yaml
d4fabde 
- Fix volumeMounts indentation (proper 2-space indentation)
- Fix args indentation (proper 2-space indentation)
- Fix resources indentation (proper 2-space indentation)
- Fix livenessProbe indentation (proper 2-space indentation)
- Fix readinessProbe indentation (proper 2-space indentation)
- Ensures all container spec elements are properly aligned
- Resolves yamllint indentation and syntax errors
@smyrick
Update linter
425ca24
@smyrick
Lint GH actions files
00ff653
@smyrick
Run docker builds only
3d51039
@smyrick
Rename file
1527522
@smyrick
Fix yaml
cb9648d
@smyrick
Duplicate tests
ed359aa
@smyrick smyrick merged commit 6aacccf into main Aug 27, 2025
5 checks passed
@smyrick smyrick deleted the feat/kubernetes-deployment branch August 27, 2025 21:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@smyrick