Implement deployemnts using docker and k8s

Author: Pavan-Rana

Dockerfile

@@ -0,0 +1,28 @@
+# Stage 1: Build
+FROM golang:1.26-alpine AS builder
+
+WORKDIR /app
+
+# Copy go modules files and download deps
+COPY go.mod go.sum ./
+RUN go mod download
+
+# Copy source code
+COPY . .
+
+# Build binary
+RUN go build -o rate-limiter ./cmd/server
+
+# Stage 2: Runtime
+FROM alpine:3.18
+
+WORKDIR /app
+
+# Copy built binary
+COPY --from=builder /app/rate-limiter .
+
+# Expose port
+EXPOSE 8080
+
+# Run the service
+CMD ["./rate-limiter"]

deploy/k8s/configmap.yaml

@@ -1 +1,12 @@
-// deploy/k8s/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: rate-limiter-config
+data:
+  # Default policy: 100 requests per minute
+  DEFAULT_LIMIT: "100"
+  DEFAULT_WINDOW: "60s"
+
+  # Example per-key overrides (extend in application config as needed)
+  # POLICY_premium-key-001: "1000/60s"
+  # POLICY_free-tier-key:   "10/60s"

deploy/k8s/deployment.yaml

@@ -1 +1,63 @@
-// deploy/k8s/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rate-limiter
+  labels:
+    app: rate-limiter
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: rate-limiter
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1   # at most 1 pod down during rollout
+      maxSurge: 1         # at most 1 extra pod during rollout
+  template:
+    metadata:
+      labels:
+        app: rate-limiter
+      annotations:
+        # Prometheus scrape annotations — picked up by kube-prometheus-stack
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "8080"
+        prometheus.io/path: "/metrics"
+    spec:
+      containers:
+        - name: rate-limiter
+          image: rate-limiter:latest
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: grpc
+              containerPort: 50051
+            - name: http
+              containerPort: 8080
+          env:
+            - name: REDIS_ADDR
+              value: "redis:6379"
+            - name: GRPC_ADDR
+              value: ":50051"
+            - name: HTTP_ADDR
+              value: ":8080"
+          readinessProbe:
+            httpGet:
+              path: /metrics
+              port: 8080
+            initialDelaySeconds: 5
+            periodSeconds: 5
+            failureThreshold: 3
+          livenessProbe:
+            httpGet:
+              path: /metrics
+              port: 8080
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            failureThreshold: 3
+          resources:
+            requests:
+              cpu: "100m"
+              memory: "64Mi"
+            limits:
+              cpu: "500m"
+              memory: "128Mi"

deploy/k8s/hpa.yaml

@@ -1 +1,28 @@
-// deploy/k8s/hpa.yaml
+# Horizontal Pod Autoscaler
+#
+# Scales replicas between 3 and 10 based on CPU utilisation.
+# Safe to scale horizontally because:
+#   - service replicas are stateless (no in-process rate-limit state)
+#   - all decisions are serialised through Redis (shared source of truth)
+# See docs/tradeoffs.md — "Stateless replicas" section.
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: rate-limiter-hpa
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: rate-limiter
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 70
+  behavior:
+    scaleDown:
+      stabilizationWindowSeconds: 60  # avoid flapping on short traffic spikes

deploy/k8s/redis.yaml

@@ -1 +1,57 @@
-// deploy/k8s/redis.yaml
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: redis
+spec:
+  serviceName: redis
+  replicas: 1
+  selector:
+    matchLabels:
+      app: redis
+  template:
+    metadata:
+      labels:
+        app: redis
+    spec:
+      containers:
+        - name: redis
+          image: redis:7-alpine
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 6379
+          command: ["redis-server", "--appendonly", "yes", "--save", "60", "1"]
+          volumeMounts:
+            - name: redis-data
+              mountPath: /data
+          resources:
+            requests:
+              cpu: "100m"
+              memory: "128Mi"
+            limits:
+              cpu: "500m"
+              memory: "256Mi"
+          readinessProbe:
+            exec:
+              command: ["redis-cli", "ping"]
+            initialDelaySeconds: 5
+            periodSeconds: 5
+  volumeClaimTemplates:
+    - metadata:
+        name: redis-data
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 1Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis
+spec:
+  selector:
+    app: redis
+  ports:
+    - port: 6379
+      targetPort: 6379
+  clusterIP: None  # headless — allows StatefulSet DNS: redis-0.redis.default.svc.cluster.local

deploy/k8s/service.yaml

@@ -1 +1,15 @@
-// deploy/k8s/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: rate-limiter
+spec:
+  selector:
+    app: rate-limiter
+  ports:
+    - name: grpc
+      port: 50051
+      targetPort: 50051
+    - name: http
+      port: 8080
+      targetPort: 8080
+  type: ClusterIP

internal/http/handler.go

@@ -5,6 +5,8 @@ import (
 	"encoding/json"
 	stdhttp "net/http"
 	"time"
+
+	"github.com/prometheus/client_golang/prometheus/promhttp"
 )
 
 type Limiter interface {
@@ -27,7 +29,7 @@ func NewRouter(lim Limiter) stdhttp.Handler {
 		ctx, cancel := context.WithTimeout(r.Context(), 50*time.Millisecond)
 		defer cancel()
 
-		// ✅ Read from header, matching what k6 sends
+		// Read from header, matching what k6 sends
 		apiKey := r.Header.Get("X-API-Key")
 		if apiKey == "" {
 			stdhttp.Error(w, "Missing X-API-Key", stdhttp.StatusBadRequest)
@@ -52,6 +54,8 @@ func NewRouter(lim Limiter) stdhttp.Handler {
 		})
 	})
 
+	mux.Handle("/metrics", promhttp.Handler())
+
 	return mux
 }