Add Kubernetes Deployment Infrastructure

[tgrunnagle]

Closes #87

Summary

Implements a complete Kubernetes deployment solution for the go-towerfall application stack (backend, frontend, and bot2) with Cloudflare Tunnel integration for external access. The deployment uses templated manifests with environment variable substitution, supports both Windows and Linux/Mac development environments, and includes automated Task commands for streamlined cluster setup and management.

Changes Made

k8s/ Directory Structure

• Added complete Kubernetes manifest templates in templates/ directory
  • namespace.yaml - towerfall namespace
  • secrets/cloudflare-tunnel.yaml - Cloudflare tunnel credentials
  • configmaps/ - frontend config.js and cloudflared routing configuration
  • services/ - ClusterIP services for backend (port 4000) and frontend (port 4001)
  • deployments/ - backend, frontend, bot2, and cloudflared deployments
• Created install.sh and install.ps1 scripts for cross-platform manifest generation using envsubst
• Added .env.example template with all required environment variables
• Comprehensive README.md with step-by-step deployment instructions for local kind clusters

bot2/ Python Project

• Added Dockerfile with CUDA runtime base for GPU support
• Updated bot2 code to read server URLs from environment variables:
  • game_client.py
  • http_client.py
  • towerfall_env.py
  • vectorized_env.py
  • server_manager.py
• All URLs default to http://localhost:4000 for local development, overridable via GAME_SERVER_HTTP_URL and GAME_SERVER_WS_URL

Taskfile.yml

• Added k8s:install-envsubst task for Windows envsubst installation via Go
• Added k8s:install-kind task for local Kubernetes cluster setup
• Added k8s:cluster-create, k8s:cluster-destroy for cluster lifecycle management
• Added k8s:build-load to rebuild all Docker images and load into kind cluster
• Added k8s:deploy to generate and apply manifests using install scripts
• Added k8s:cluster-setup for one-command cluster creation and full deployment
• Added k8s:logs and k8s:status for monitoring deployed resources

Implementation Details

Manifest Templating

• All manifest templates use ${VARIABLE} placeholders for environment-specific values
• install.sh (bash) and install.ps1 (PowerShell) process templates using envsubst
• Generated manifests output to generated/ directory (gitignored)
• Required environment variables: CF_TUNNEL_ID, CF_ACCOUNT_TAG, CF_TUNNEL_SECRET, API_DOMAIN, FRONTEND_DOMAIN, IMAGE_REGISTRY

Frontend Configuration

• Frontend ConfigMap injects runtime configuration via config.js
• Backend URLs use template variables: wss://${API_DOMAIN} and https://${API_DOMAIN}
• Custom nginx.conf with /health endpoint for readiness/liveness probes
• Allows changing backend URLs without rebuilding frontend image

Cloudflare Tunnel Routing

• Cloudflared deployment routes traffic from two domains:
  • ${API_DOMAIN} → backend-service:4000 (WebSocket + REST API)
  • ${FRONTEND_DOMAIN} → frontend-service:4001 (static frontend)
• 2 replicas for high availability
• No LoadBalancer/NodePort needed; all external access through tunnel

Local Development with kind

• Uses IMAGE_REGISTRY=towerfall for local development
• Images built locally and loaded into kind cluster with kind load docker-image
• imagePullPolicy: IfNotPresent to use loaded images
• Full rebuild/redeploy cycle: task k8s:build-load

Testing

• Manual testing performed on local kind cluster
• Verified all pods start successfully with health probes
• Confirmed environment variable substitution works in both bash and PowerShell scripts
• Tested image loading into kind cluster and deployment rollout

Additional Notes

• bot2 deployment includes optional GPU support (commented out by default)
• bot2 runs FastAPI service on port 8080 with /health endpoint for Kubernetes probes
• All services use ClusterIP (internal only); Cloudflare Tunnel handles external exposure
• Windows users must run task k8s:install-envsubst before using deployment scripts
• .env file excluded from git; users must copy .env.example and configure with their Cloudflare credentials