feat(#677): Helm chart to deploy HelixDB on Kubernetes

k8s/Dockerfile

@@ -0,0 +1,28 @@
+# Runtime image based on Debian
+FROM debian:bookworm-slim
+
+# Set working directory
+WORKDIR /app
+
+# Install runtime dependencies
+RUN apt-get update && apt-get install -y \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy the helix-container binary
+COPY ./helix-container /usr/local/bin/helix-container
+RUN chmod +x /usr/local/bin/helix-container
+
+# Create data directory and set permissions
+# - chown root:0 allows random OpenShift UIDs (which belong to group 0)
+# - chmod g+rwX allows write access to group 0
+RUN mkdir -p /data && chown -R root:0 /data && chmod -R g+rwX /data
+
+# Define environment variable for data path
+ENV HELIX_DATA_DIR=/data
+
+# Optional: declare a non-root default UID (still OpenShift-safe)
+USER 1001
+
+# Entry point
+ENTRYPOINT ["/usr/local/bin/helix-container"]

k8s/README.md

@@ -0,0 +1,48 @@
+# HelixDB Kubernetes Deployment
+
+This repository contains a **Helm chart** and a **Docker image** to deploy the `helixdb` binary as a containerized service on Kubernetes.
+
+The deployment is designed to run in a **minimal Debian-based container** and uses a **Persistent Volume Claim** for data storage.
+
+---
+
+## Docker Image
+
+The container image runs the `helix-container` binary which was compiled with the helix push tool previously.
+
+### Helm Chart Structure
+
+The Helm chart is located in the `helm/` directory and provides a configurable Kubernetes deployment, service, and persistent volume claim.
+
+```text
+helm/
+├── Chart.yaml          # Chart metadata
+├── values.yaml         # Default configuration values
+└── templates/
+    ├── deployment.yaml # Deployment definition
+    ├── pvc.yaml        # PersistentVolumeClaim definition
+    └── service.yaml    # Service definition
+```
+
+
+## Deploying to Kubernetes
+
+```bash
+helm install helixdb ./helm -n your-namespace --create-namespace
+```
+
+## using an existing PVC
+
+If you are using a previously created PVC, make sure it has accessModes of type ReadWriteOncePod (supported on Kubernetes 1.22 and newer) and includes the following annotations:
+
+  * app.kubernetes.io/managed-by=Helm
+  * meta.helm.sh/release-namespace=<namespace>
+  * meta.helm.sh/release-name=helixdb 
+
+##  Notes
+
+The container uses non-root UID 1001 for security and OpenShift compatibility.
+
+The HELIX_DATA_DIR environment variable points to /data, which is mounted via a PersistentVolumeClaim.
+
+All configurations are customizable via values.yaml.

k8s/helm/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: helixdb
+description: Helm chart to deploy helixdb with a single replica and ReadWriteOncePod PVC
+type: application
+version: 0.1.0
+appVersion: "2.1.2"

k8s/helm/templates/deployment.yaml

@@ -0,0 +1,56 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: helixdb
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: helixdb
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: helixdb
+  template:
+    metadata:
+      labels:
+        app: helixdb
+    spec:
+      securityContext: {}
+      containers:
+        - name: helixdb
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          command: ["/usr/local/bin/helix-container"]
+          securityContext: {}
+          ports:
+            - containerPort: {{ .Values.service.port }}
+          volumeMounts:
+            - name: data
+              mountPath: /data
+
+{{- if .Values.probes.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.probes.path }}
+              port: {{ .Values.probes.port }}
+            initialDelaySeconds: {{ .Values.probes.initialDelaySeconds }}
+            periodSeconds: {{ .Values.probes.periodSeconds }}
+
+          readinessProbe:
+            httpGet:
+              path: {{ .Values.probes.path }}
+              port: {{ .Values.probes.port }}
+            initialDelaySeconds: {{ .Values.probes.initialDelaySeconds }}
+            periodSeconds: {{ .Values.probes.periodSeconds }}
+{{- end }}
+
+
+{{- with .Values.resources }}
+          resources:
+{{ toYaml . | nindent 12 }}
+{{- end }}
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: {{ .Values.pvc.name }}
+

k8s/helm/templates/pvc.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ .Values.pvc.name }}
+  namespace: {{ .Values.namespace }}
+spec:
+  # ReadWriteOncePod requires Kubernetes >= 1.22.
+  # HelixDB needs exclusive volume access; do NOT change this mode.
+  accessModes:
+    - ReadWriteOncePod
+  resources:
+    requests:
+      storage: {{ .Values.pvc.size }}
+  {{- if .Values.pvc.storageClassName }}
+  storageClassName: {{ .Values.pvc.storageClassName }}
+  {{- end }}
+

k8s/helm/templates/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: helixdb-service
+  namespace: {{ .Values.namespace }}
+spec:
+  type: {{ .Values.service.type }}
+  selector:
+    app: helixdb
+  ports:
+    - name: helixdb
+      protocol: TCP
+      port: {{ .Values.service.port }}
+      targetPort: {{ .Values.service.port }}
+

k8s/helm/values.yaml

@@ -0,0 +1,30 @@
+# Namespace for the deployment
+namespace: helixdb 
+
+image:
+  # Image repository and tag
+  repository: "example.com/helixdb"
+  tag: "2.1.2" 
+  pullPolicy: IfNotPresent
+
+service:
+  type: ClusterIP
+  # TCP port used by the application
+  port: 6969
+
+pvc:
+  # PVC name (required)
+  name: helixdb-data
+  # Optional storage class (default = cluster default)
+  storageClassName: ""
+  # Requested storage size
+  size: "10Gi"
+
+resources: {}    
+
+probes:
+  enabled: true
+  path: /introspect
+  port: 6969
+  initialDelaySeconds: 5
+  periodSeconds: 10