feat(k8s): add plain Kubernetes deployment manifests

serghei-dev · sergeyklay · commit 54e405cf7aae · 2026-04-07T13:44:08.000+02:00
Adds single-replica Deployment (Recreate strategy), ClusterIP Service, ReadWriteOnce PVC for SQLite data, and a sample ConfigMap embedding WORKFLOW.md. Includes liveness/readiness probes on /livez and /readyz, read-only root filesystem with an emptyDir /tmp volume, and a quick-start README following the examples/docker/ pattern. Closes #248
diff --git a/examples/k8s/README.md b/examples/k8s/README.md
@@ -0,0 +1,59 @@
+# Kubernetes Examples
+
+Plain Kubernetes manifests for deploying Sortie to a cluster. For the full
+guide — secrets, networking, storage classes, monitoring — see
+[Deploy Sortie to Kubernetes](https://docs.sortie-ai.com/guides/deploy-sortie-to-kubernetes/).
+
+## Prerequisites
+
+Build an agent-specific image using the Dockerfiles in `examples/docker/`:
+
+```sh
+docker build -f examples/docker/claude-code.Dockerfile -t sortie-claude .
+```
+
+Push it to a registry your cluster can pull from, then update the `image`
+field in `deployment.yaml`.
+
+## Quick start
+
+Create a Secret with your API keys:
+
+```sh
+kubectl create secret generic sortie-secrets \
+    --from-literal=ANTHROPIC_API_KEY="sk-..." \
+    --from-literal=SORTIE_JIRA_API_KEY="..." \
+    --from-literal=SORTIE_JIRA_ENDPOINT="https://your-org.atlassian.net" \
+    --from-literal=SORTIE_JIRA_PROJECT="PROJ"
+```
+
+Apply the manifests:
+
+```sh
+kubectl apply -f examples/k8s/
+```
+
+Verify the pod is ready:
+
+```sh
+kubectl get pods -l app.kubernetes.io/name=sortie
+```
+
+## Manifest files
+
+| File | Description |
+|---|---|
+| `deployment.yaml` | Single-replica Deployment with Recreate strategy |
+| `configmap.yaml` | Sample WORKFLOW.md mounted into the container |
+| `service.yaml` | ClusterIP Service exposing port 7678 |
+| `pvc.yaml` | 1Gi ReadWriteOnce PVC for the SQLite database |
+
+## Customization
+
+1. **Image** — replace `sortie-claude:latest` in `deployment.yaml` with your
+   registry image (e.g., `registry.example.com/sortie-claude:v1.0.0`).
+2. **Workflow** — edit the `WORKFLOW.md` content in `configmap.yaml` to match
+   your tracker and agent setup.
+3. **Secrets** — the Deployment references a Secret named `sortie-secrets`.
+   Add any environment variables your workflow requires.
+4. **Storage** — adjust the PVC size or storage class to match your cluster.
diff --git a/examples/k8s/configmap.yaml b/examples/k8s/configmap.yaml
@@ -0,0 +1,50 @@
+# ConfigMap holding the WORKFLOW.md file that Sortie loads at startup.
+# Replace the workflow content below with your own configuration.
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: sortie-workflow
+  labels:
+    app.kubernetes.io/name: sortie
+    app.kubernetes.io/component: orchestrator
+    app.kubernetes.io/part-of: sortie
+data:
+  WORKFLOW.md: |
+    ---
+    tracker:
+      kind: jira
+      endpoint: $SORTIE_JIRA_ENDPOINT
+      api_key: $SORTIE_JIRA_API_KEY
+      project: $SORTIE_JIRA_PROJECT
+      query_filter: "labels = 'agent-ready'"
+      active_states:
+        - To Do
+        - In Progress
+      in_progress_state: In Progress
+      handoff_state: Human Review
+      terminal_states:
+        - Done
+        - Won't Do
+
+    polling:
+      interval_ms: 45000
+
+    workspace:
+      root: /home/sortie/workspaces
+
+    agent:
+      kind: claude-code
+      command: claude
+      max_concurrent_agents: 2
+
+    server:
+      port: 7678
+    ---
+
+    You are a senior engineer working on {{ .issue.identifier }}: {{ .issue.title }}
+
+    {{ if .issue.description }}
+    ## Description
+
+    {{ .issue.description }}
+    {{ end }}
diff --git a/examples/k8s/deployment.yaml b/examples/k8s/deployment.yaml
@@ -0,0 +1,103 @@
+# Sortie Deployment — single-replica with Recreate strategy.
+# SQLite requires exclusive filesystem access; do not increase replicas.
+#
+# The default image assumes you have built an agent-specific image using one
+# of the Dockerfiles in examples/docker/. The base distroless image
+# (ghcr.io/sortie-ai/sortie) does not bundle an agent.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: sortie
+  labels:
+    app.kubernetes.io/name: sortie
+    app.kubernetes.io/component: orchestrator
+    app.kubernetes.io/part-of: sortie
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: sortie
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: sortie
+        app.kubernetes.io/component: orchestrator
+        app.kubernetes.io/part-of: sortie
+    spec:
+      terminationGracePeriodSeconds: 30
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+        seccompProfile:
+          type: RuntimeDefault
+      containers:
+        - name: sortie
+          # Replace with your own agent image built from examples/docker/.
+          image: sortie-claude:latest
+          args:
+            - "--host"
+            - "0.0.0.0"
+            - "--log-format"
+            - "json"
+            - "--data-dir"
+            - "/home/sortie/data"
+            - "/home/sortie/WORKFLOW.md"
+          ports:
+            - name: http
+              containerPort: 7678
+              protocol: TCP
+          envFrom:
+            - secretRef:
+                name: sortie-secrets
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop:
+                - ALL
+          startupProbe:
+            httpGet:
+              path: /readyz
+              port: http
+            failureThreshold: 30
+            periodSeconds: 2
+          livenessProbe:
+            httpGet:
+              path: /livez
+              port: http
+            periodSeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: http
+            periodSeconds: 10
+          resources:
+            requests:
+              cpu: 100m
+              memory: 256Mi
+            limits:
+              cpu: 500m
+              memory: 512Mi
+          volumeMounts:
+            - name: data
+              mountPath: /home/sortie/data
+            - name: workflow
+              mountPath: /home/sortie/WORKFLOW.md
+              subPath: WORKFLOW.md
+              readOnly: true
+            - name: tmp
+              mountPath: /tmp
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: sortie-data
+        - name: workflow
+          configMap:
+            name: sortie-workflow
+        - name: tmp
+          emptyDir:
+            sizeLimit: 64Mi
diff --git a/examples/k8s/pvc.yaml b/examples/k8s/pvc.yaml
@@ -0,0 +1,16 @@
+# PersistentVolumeClaim for the Sortie SQLite database.
+# SQLite requires exclusive access — ReadWriteOnce is mandatory.
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: sortie-data
+  labels:
+    app.kubernetes.io/name: sortie
+    app.kubernetes.io/component: orchestrator
+    app.kubernetes.io/part-of: sortie
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
diff --git a/examples/k8s/service.yaml b/examples/k8s/service.yaml
@@ -0,0 +1,18 @@
+# ClusterIP Service exposing the Sortie HTTP observability server.
+apiVersion: v1
+kind: Service
+metadata:
+  name: sortie
+  labels:
+    app.kubernetes.io/name: sortie
+    app.kubernetes.io/component: orchestrator
+    app.kubernetes.io/part-of: sortie
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: sortie
+  ports:
+    - name: http
+      port: 7678
+      targetPort: http
+      protocol: TCP
