From 87b5a85912770c6422f73a04dcc11ffaa9234a5b Mon Sep 17 00:00:00 2001
From: John Strunk <jstrunk@redhat.com>
Date: Fri, 26 Apr 2024 20:24:37 +0000
Subject: [PATCH] Add manifest for deploying to Kubernetes

Signed-off-by: John Strunk <jstrunk@redhat.com>
---
 Dockerfile           | 12 +++++++++--
 README.md            | 51 ++++++++++++++++++++++++++++++++++++++++++--
 jira-summarizer.yaml | 47 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 106 insertions(+), 4 deletions(-)
 create mode 100644 jira-summarizer.yaml

diff --git a/Dockerfile b/Dockerfile
index b3238f1..037181c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,8 +13,16 @@ RUN pipenv --no-site-packages install -v --deploy
 ############################################################
 FROM python:3.12-slim@sha256:2be8daddbb82756f7d1f2c7ece706aadcb284bf6ab6d769ea695cc3ed6016743 as final
 
+RUN adduser --uid 19876 summarizer-bot && \
+    mkdir /app && \
+    chown summarizer-bot:summarizer-bot /app
+USER 19876
+
+# Make sure stdout gets flushed so we see it in the pod logs
+ENV PYTHONUNBUFFERED=true
+
 WORKDIR /app
-COPY --from=builder /app/.venv /app/.venv
-COPY *.py /app/
+COPY --from=builder --chown=summarizer-bot:summarizer-bot /app/.venv /app/.venv
+COPY --chown=summarizer-bot:summarizer-bot *.py /app/
 
 ENTRYPOINT ["/app/.venv/bin/python", "bot.py"]
diff --git a/README.md b/README.md
index b863c12..d22d825 100644
--- a/README.md
+++ b/README.md
@@ -6,8 +6,8 @@ Jira issue description
 ## Required environment variables
 
 It is recommended that you provide the variables via a `.env` file since they
-will contain sensitive information. There is already a `.gitignore` file that
-will ignore the `.env` file.
+will contain sensitive information. *There is already a `.gitignore` file that
+will ignore the `.env` file.*
 
 The following variables are required:
 
@@ -41,3 +41,50 @@ options:
   -n, --no-update       Do not update the Jira issues with the summaries
   -r, --regenerate      Force regeneration of summaries
 ```
+
+Summarizer bot: `bot.py`:
+
+```console
+$ pipenv run ./bot.py --help
+Loading .env environment variables...
+usage: bot.py [-h] [-d MAX_DEPTH] [--log-level
+            {DEBUG,INFO,WARNING,ERROR,CRITICAL}] [-m MODIFIED_SINCE] [-n] [-s SECONDS]
+
+Summarizer bot
+
+options:
+  -h, --help            show this help message and exit
+  -d MAX_DEPTH, --max-depth MAX_DEPTH
+                        Maximum depth to recursively examine issues while summarizing
+  --log-level {DEBUG,INFO,WARNING,ERROR,CRITICAL}
+                        Set the logging level
+  -m MODIFIED_SINCE, --modified-since MODIFIED_SINCE
+                        Summarize issues that have been modified since this date/time
+  -n, --no-update       Do not update the Jira issues with the summaries
+  -s SECONDS, --seconds SECONDS
+                        Seconds to wait between iterations
+```
+
+## Methods to run the summarizer bot
+
+Note: All these methods assume that the required environment variables are
+configured via a `.env` file, as described above.
+
+- **Run locally via pipenv**:
+  - Install pipenv: `pip install pipenv`
+  - Install the dependencies: `pipenv install`
+  - Run the bot: `pipenv run ./bot.py <bot-args>`
+- **Run locally via Docker**:
+  - Build the Docker image: `docker build -t jira-summarizer .`
+  - Run the Docker container: `docker run --env-file .env jira-summarizer
+    <bot-args>`
+- **Run in Kubernetes**:
+  - Create a Namespace for the project: `kubectl create namespace
+    jira-summarizer`
+  - Create a Kubernetes secret with the environment variables: `kubectl -n
+    jira-summarizer create secret generic jira-summarizer-secret
+    --from-env-file=.env`
+  - Apply the Kubernetes manifest: `kubectl -n jira-summarizer apply -f
+    jira-summarizer.yaml`  
+  *You may need to adjust the image specification in the manifest to point to
+  your Docker image repository*
diff --git a/jira-summarizer.yaml b/jira-summarizer.yaml
new file mode 100644
index 0000000..cf51ebf
--- /dev/null
+++ b/jira-summarizer.yaml
@@ -0,0 +1,47 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jira-summarizer
+  labels:
+    app: jira-summarizer
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: jira-summarizer
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: jira-summarizer
+    spec:
+      containers:
+        - name: summarizer
+          image: ghcr.io/johnstrunk/jira-summarizer:latest
+          args:
+            - "--log-level"
+            - "INFO"
+            - "--seconds"
+            - "300"
+          envFrom:
+            - secretRef:
+                name: jira-summarizer-secret
+                optional: false
+          resources:
+            requests:
+              memory: "64Mi"
+              cpu: "10m"
+            limits:
+              memory: "512Mi"
+              cpu: "1000m"
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+      securityContext:
+        runAsNonRoot: true
+      terminationGracePeriodSeconds: 5