# Kubernetes Deployment Setup

This document explains how to set up the GitHub Actions workflow for deploying your React application to a Kubernetes cluster.

## Required GitHub Secrets

You need to configure the following secrets in your GitHub repository settings (`Settings` → `Secrets and variables` → `Actions`):

### Docker Registry Secrets
- **`DOCKER_REGISTRY`**: Your Docker registry URL (e.g., `docker.io`, `ghcr.io`, `your-registry.com`)
- **`DOCKER_REPOSITORY`**: Your Docker repository name (e.g., `username/www-cialloo-com`)
- **`DOCKER_USERNAME`**: Username for Docker registry authentication
- **`DOCKER_PASSWORD`**: Password or access token for Docker registry authentication

### Kubernetes Secrets
- **`KUBECONFIG`**: Base64-encoded kubeconfig file for your Kubernetes cluster

## Setting up GitHub Secrets

### 1. Docker Registry Configuration

#### For Docker Hub:
```bash
DOCKER_REGISTRY=docker.io
DOCKER_REPOSITORY=yourusername/www-cialloo-com
DOCKER_USERNAME=yourusername
DOCKER_PASSWORD=your-docker-hub-token
```

#### For GitHub Container Registry:
```bash
DOCKER_REGISTRY=ghcr.io
DOCKER_REPOSITORY=yourusername/www-cialloo-com
DOCKER_USERNAME=yourusername
DOCKER_PASSWORD=your-github-token
```

### 2. Kubernetes Configuration

To get your base64-encoded kubeconfig:

```bash
# Encode your kubeconfig file
cat ~/.kube/config | base64 -w 0
```

Copy the output and paste it as the value for the `KUBECONFIG` secret.

## GitHub Environments (Optional but Recommended)

You can set up GitHub environments for better security and approval workflows:

1. Go to `Settings` → `Environments`
2. Create environments: `production`, `staging`
3. Configure protection rules (e.g., required reviewers)
4. Add environment-specific secrets if needed

## Kubernetes Cluster Requirements

Your Kubernetes cluster should have the following components:

### 1. Traefik Ingress Controller
```bash
# Install Traefik using Helm
helm repo add traefik https://traefik.github.io/charts
helm repo update
helm install traefik traefik/traefik

# Or using kubectl with CRDs
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
```

### 2. Cert-Manager (for SSL certificates)
```bash
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.yaml
```

### 3. Docker Registry Secret
Create a secret for pulling images from your private registry:

```bash
kubectl create secret docker-registry docker-registry-secret \
  --docker-server=your-registry.com \
  --docker-username=your-username \
  --docker-password=your-password \
  --docker-email=your-email@example.com \
  -n www-cialloo-com-production
```

## Customization

### Update Domain Name
In `k8s/ingress.yaml`, replace `www.cialloo.com` with your actual domain:

```yaml
spec:
  tls:
  - hosts:
    - your-domain.com  # Change this
    secretName: www-cialloo-com-tls
  rules:
  - host: your-domain.com  # Change this
```

### Adjust Resource Limits
In `k8s/deployment.yaml`, modify resource requests and limits based on your needs:

```yaml
resources:
  requests:
    memory: "64Mi"
    cpu: "50m"
  limits:
    memory: "128Mi"
    cpu: "100m"
```

### Scaling
Adjust the number of replicas in `k8s/deployment.yaml`:

```yaml
spec:
  replicas: 2  # Change this number
```

## Manual Deployment

To manually trigger the deployment:

1. Go to your GitHub repository
2. Click on "Actions" tab
3. Select "Deploy to Kubernetes" workflow
4. Click "Run workflow"
5. Choose environment and optionally specify an image tag
6. Click "Run workflow"

## Monitoring and Troubleshooting

### Check deployment status:
```bash
kubectl get pods -n www-cialloo-com-production
kubectl get services -n www-cialloo-com-production
kubectl get ingress -n www-cialloo-com-production
```

### View logs:
```bash
kubectl logs -l app=www-cialloo-com -n www-cialloo-com-production
```

### Describe problematic pods:
```bash
kubectl describe pod <pod-name> -n www-cialloo-com-production
```

## Security Considerations

1. **Least Privilege**: Ensure your kubeconfig has minimal required permissions
2. **Secret Rotation**: Regularly rotate Docker registry credentials and kubeconfig
3. **Environment Separation**: Use different namespaces/clusters for production and staging
4. **Network Policies**: Consider implementing Kubernetes network policies
5. **RBAC**: Configure proper Role-Based Access Control in your cluster

## Workflow Features

- **Manual Trigger Only**: Workflow only runs when manually dispatched
- **Environment Selection**: Choose between production and staging
- **Custom Image Tags**: Optionally specify custom Docker image tags
- **Health Checks**: Includes liveness and readiness probes
- **Rolling Updates**: Zero-downtime deployments
- **Status Reporting**: Detailed deployment status in GitHub Actions summary