gooseek/backend/deploy/k8s/deploy.sh

#!/bin/bash
set -e

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
BACKEND_DIR="$(cd "$SCRIPT_DIR/../.." && pwd)"
ROOT_DIR="$(cd "$BACKEND_DIR/.." && pwd)"
ENV_FILE="$ROOT_DIR/.env"

REGISTRY="localhost:5000"
IMAGE_TAG="${IMAGE_TAG:-latest}"

echo "=== GooSeek K8s Deployment ==="
echo "Backend dir: $BACKEND_DIR"
echo "Registry:    $REGISTRY"
echo "Tag:         $IMAGE_TAG"

# Load .env
if [ -f "$ENV_FILE" ]; then
  echo "Loading env from $ENV_FILE"
  set -a
  source "$ENV_FILE"
  set +a
fi

# Check required secrets
if [ -z "$OLLAMA_API_TOKEN" ]; then
  echo "Warning: OLLAMA_API_TOKEN not set. Generating random token..."
  OLLAMA_API_TOKEN=$(openssl rand -hex 32)
  echo "OLLAMA_API_TOKEN=$OLLAMA_API_TOKEN" >> "$ENV_FILE"
  echo "Token saved to .env"
fi

if [ -z "$GRAFANA_ADMIN_PASSWORD" ]; then
  echo "Warning: GRAFANA_ADMIN_PASSWORD not set. Generating random password..."
  GRAFANA_ADMIN_PASSWORD=$(openssl rand -base64 24)
  echo "GRAFANA_ADMIN_PASSWORD=$GRAFANA_ADMIN_PASSWORD" >> "$ENV_FILE"
  echo "Grafana password saved to .env"
fi

# Check kubectl
if ! command -v kubectl &> /dev/null; then
    echo "Error: kubectl not found"
    exit 1
fi

# Build and push backend image
echo ""
echo "=== Building Go backend image ==="
cd "$BACKEND_DIR"
docker build -f deploy/docker/Dockerfile.all \
  -t "$REGISTRY/gooseek/backend:$IMAGE_TAG" \
  -t "$REGISTRY/gooseek/backend:latest" \
  .

echo "=== Pushing backend to registry ==="
docker push "$REGISTRY/gooseek/backend:$IMAGE_TAG"
docker push "$REGISTRY/gooseek/backend:latest"

# Build and push webui image
echo ""
echo "=== Building webui image ==="
docker build \
  -f "$BACKEND_DIR/webui/Dockerfile" \
  --build-arg "NEXT_PUBLIC_ENABLED_ROUTES=${NEXT_PUBLIC_ENABLED_ROUTES:-}" \
  --build-arg "NEXT_PUBLIC_TWOGIS_API_KEY=${NEXT_PUBLIC_TWOGIS_API_KEY:-}" \
  -t "$REGISTRY/gooseek/webui:$IMAGE_TAG" \
  -t "$REGISTRY/gooseek/webui:latest" \
  "$BACKEND_DIR/webui"

echo "=== Pushing webui to registry ==="
docker push "$REGISTRY/gooseek/webui:$IMAGE_TAG"
docker push "$REGISTRY/gooseek/webui:latest"

# Generate configmap/secrets from .env via envsubst
echo ""
echo "=== Generating K8s manifests from .env ==="
if command -v envsubst &> /dev/null && [ -f "$ENV_FILE" ]; then
    envsubst < "$SCRIPT_DIR/configmap.yaml" > "$SCRIPT_DIR/_generated_configmap.yaml"
    kubectl apply -f "$SCRIPT_DIR/_generated_configmap.yaml" -n gooseek

    # Generate monitoring manifests
    envsubst < "$SCRIPT_DIR/monitoring.yaml" > "$SCRIPT_DIR/_generated_monitoring.yaml"
fi

# Apply sandbox-namespace resources separately (not via kustomize to preserve namespace)
echo ""
echo "=== Applying sandbox namespace resources ==="
kubectl apply -f "$SCRIPT_DIR/sandbox-namespace.yaml"
kubectl apply -f "$SCRIPT_DIR/opensandbox-sandbox-ns.yaml"

# Clean up misplaced sandbox resources from gooseek namespace (legacy fix)
kubectl delete resourcequota sandbox-quota -n gooseek --ignore-not-found=true 2>/dev/null || true
kubectl delete limitrange sandbox-limits -n gooseek --ignore-not-found=true 2>/dev/null || true
kubectl delete networkpolicy sandbox-isolation -n gooseek --ignore-not-found=true 2>/dev/null || true

# Apply kustomization
echo ""
echo "=== Applying K8s manifests ==="
cd "$SCRIPT_DIR"
kubectl apply -k .

# Apply monitoring stack
echo ""
echo "=== Deploying Monitoring Stack ==="
if [ -f "$SCRIPT_DIR/_generated_monitoring.yaml" ]; then
    kubectl apply -f "$SCRIPT_DIR/_generated_monitoring.yaml"
    kubectl apply -f "$SCRIPT_DIR/grafana-dashboards.yaml"
fi

# Rolling restart to pull new images
echo ""
echo "=== Rolling restart deployments ==="
kubectl -n gooseek rollout restart deployment/api-gateway
kubectl -n gooseek rollout restart deployment/webui
kubectl -n gooseek rollout restart deployment/chat-svc
kubectl -n gooseek rollout restart deployment/agent-svc
kubectl -n gooseek rollout restart deployment/discover-svc
kubectl -n gooseek rollout restart deployment/search-svc
kubectl -n gooseek rollout restart deployment/llm-svc
kubectl -n gooseek rollout restart deployment/learning-svc
kubectl -n gooseek rollout restart deployment/medicine-svc
kubectl -n gooseek rollout restart deployment/travel-svc
kubectl -n gooseek rollout restart deployment/sandbox-svc

# Ollama: не рестартим без необходимости (модели хранятся на PVC)
# Модели загружаются один раз и сохраняются между деплоями
# Для загрузки новых моделей: kubectl apply -f ollama-models.yaml

# Wait for rollout
echo ""
echo "=== Waiting for rollouts ==="
kubectl -n gooseek rollout status deployment/api-gateway --timeout=180s || true
kubectl -n gooseek rollout status deployment/chat-svc --timeout=120s || true
kubectl -n gooseek rollout status deployment/agent-svc --timeout=120s || true

# Show status
echo ""
echo "=== Deployment Status ==="
kubectl -n gooseek get pods -o wide
echo ""
kubectl -n gooseek get svc
echo ""
kubectl -n gooseek get ingress

# Show monitoring status
echo ""
echo "=== Monitoring Status ==="
kubectl -n monitoring get pods 2>/dev/null || echo "Monitoring namespace not ready yet"
kubectl -n monitoring get ingress 2>/dev/null || true

echo ""
echo "=== Done ==="
echo "API:     https://api.gooseek.ru"
echo "Web:     https://gooseek.ru"
echo "Grafana: https://grafana.gooseek.ru"
echo ""
echo "Grafana credentials:"
echo "  User: admin"
echo "  Pass: (see GRAFANA_ADMIN_PASSWORD in .env)"