Add initial Kubernetes deployment setup with GitHub Actions workflow, Dockerfile, and necessary Kubernetes manifests

DEPLOYMENT.md

@@ -0,0 +1,172 @@
+# Kubernetes Deployment Setup
+
+This document explains how to set up the GitHub Actions workflow for deploying your React application to a Kubernetes cluster.
+
+## Required GitHub Secrets
+
+You need to configure the following secrets in your GitHub repository settings (`Settings` → `Secrets and variables` → `Actions`):
+
+### Docker Registry Secrets
+- **`DOCKER_REGISTRY`**: Your Docker registry URL (e.g., `docker.io`, `ghcr.io`, `your-registry.com`)
+- **`DOCKER_REPOSITORY`**: Your Docker repository name (e.g., `username/www-cialloo-com`)
+- **`DOCKER_USERNAME`**: Username for Docker registry authentication
+- **`DOCKER_PASSWORD`**: Password or access token for Docker registry authentication
+
+### Kubernetes Secrets
+- **`KUBECONFIG`**: Base64-encoded kubeconfig file for your Kubernetes cluster
+
+## Setting up GitHub Secrets
+
+### 1. Docker Registry Configuration
+
+#### For Docker Hub:
+```bash
+DOCKER_REGISTRY=docker.io
+DOCKER_REPOSITORY=yourusername/www-cialloo-com
+DOCKER_USERNAME=yourusername
+DOCKER_PASSWORD=your-docker-hub-token
+```
+
+#### For GitHub Container Registry:
+```bash
+DOCKER_REGISTRY=ghcr.io
+DOCKER_REPOSITORY=yourusername/www-cialloo-com
+DOCKER_USERNAME=yourusername
+DOCKER_PASSWORD=your-github-token
+```
+
+### 2. Kubernetes Configuration
+
+To get your base64-encoded kubeconfig:
+
+```bash
+# Encode your kubeconfig file
+cat ~/.kube/config | base64 -w 0
+```
+
+Copy the output and paste it as the value for the `KUBECONFIG` secret.
+
+## GitHub Environments (Optional but Recommended)
+
+You can set up GitHub environments for better security and approval workflows:
+
+1. Go to `Settings` → `Environments`
+2. Create environments: `production`, `staging`
+3. Configure protection rules (e.g., required reviewers)
+4. Add environment-specific secrets if needed
+
+## Kubernetes Cluster Requirements
+
+Your Kubernetes cluster should have the following components:
+
+### 1. Traefik Ingress Controller
+```bash
+# Install Traefik using Helm
+helm repo add traefik https://traefik.github.io/charts
+helm repo update
+helm install traefik traefik/traefik
+
+# Or using kubectl with CRDs
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
+```
+
+### 2. Cert-Manager (for SSL certificates)
+```bash
+kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.yaml
+```
+
+### 3. Docker Registry Secret
+Create a secret for pulling images from your private registry:
+
+```bash
+kubectl create secret docker-registry docker-registry-secret \
+  --docker-server=your-registry.com \
+  --docker-username=your-username \
+  --docker-password=your-password \
+  --docker-email=your-email@example.com \
+  -n www-cialloo-com-production
+```
+
+## Customization
+
+### Update Domain Name
+In `k8s/ingress.yaml`, replace `www.cialloo.com` with your actual domain:
+
+```yaml
+spec:
+  tls:
+  - hosts:
+    - your-domain.com  # Change this
+    secretName: www-cialloo-com-tls
+  rules:
+  - host: your-domain.com  # Change this
+```
+
+### Adjust Resource Limits
+In `k8s/deployment.yaml`, modify resource requests and limits based on your needs:
+
+```yaml
+resources:
+  requests:
+    memory: "64Mi"
+    cpu: "50m"
+  limits:
+    memory: "128Mi"
+    cpu: "100m"
+```
+
+### Scaling
+Adjust the number of replicas in `k8s/deployment.yaml`:
+
+```yaml
+spec:
+  replicas: 2  # Change this number
+```
+
+## Manual Deployment
+
+To manually trigger the deployment:
+
+1. Go to your GitHub repository
+2. Click on "Actions" tab
+3. Select "Deploy to Kubernetes" workflow
+4. Click "Run workflow"
+5. Choose environment and optionally specify an image tag
+6. Click "Run workflow"
+
+## Monitoring and Troubleshooting
+
+### Check deployment status:
+```bash
+kubectl get pods -n www-cialloo-com-production
+kubectl get services -n www-cialloo-com-production
+kubectl get ingress -n www-cialloo-com-production
+```
+
+### View logs:
+```bash
+kubectl logs -l app=www-cialloo-com -n www-cialloo-com-production
+```
+
+### Describe problematic pods:
+```bash
+kubectl describe pod <pod-name> -n www-cialloo-com-production
+```
+
+## Security Considerations
+
+1. **Least Privilege**: Ensure your kubeconfig has minimal required permissions
+2. **Secret Rotation**: Regularly rotate Docker registry credentials and kubeconfig
+3. **Environment Separation**: Use different namespaces/clusters for production and staging
+4. **Network Policies**: Consider implementing Kubernetes network policies
+5. **RBAC**: Configure proper Role-Based Access Control in your cluster
+
+## Workflow Features
+
+- **Manual Trigger Only**: Workflow only runs when manually dispatched
+- **Environment Selection**: Choose between production and staging
+- **Custom Image Tags**: Optionally specify custom Docker image tags
+- **Health Checks**: Includes liveness and readiness probes
+- **Rolling Updates**: Zero-downtime deployments
+- **Status Reporting**: Detailed deployment status in GitHub Actions summary