Add Kubernetes configurations for OpenHands deployment

k8s/README.md

@@ -0,0 +1,69 @@
+# OpenHands Kubernetes Deployment
+
+This directory contains Kubernetes configurations for deploying OpenHands in a Kubernetes cluster.
+
+## Components
+
+- `namespace.yaml`: Creates a dedicated namespace for OpenHands
+- `configmap.yaml`: Contains configuration for OpenHands application
+- `deployment.yaml`: Deploys the OpenHands application container
+- `pvc.yaml`: Persistent Volume Claim for OpenHands state
+- `service.yaml`: Service and Ingress configurations for accessing OpenHands
+
+## Prerequisites
+
+1. A Kubernetes cluster
+2. kubectl configured to access your cluster
+3. Storage class available in your cluster
+4. Ingress controller installed (if using the provided Ingress configuration)
+
+## Deployment Steps
+
+1. Create the namespace:
+```bash
+kubectl apply -f namespace.yaml
+```
+
+2. Create the ConfigMap:
+```bash
+kubectl apply -f configmap.yaml
+```
+
+3. Create the PVC:
+```bash
+kubectl apply -f pvc.yaml
+```
+
+4. Deploy the application:
+```bash
+kubectl apply -f deployment.yaml
+```
+
+5. Create the Service and Ingress:
+```bash
+kubectl apply -f service.yaml
+```
+
+Or apply all at once:
+```bash
+kubectl apply -f .
+```
+
+## Configuration
+
+1. Update `configmap.yaml` with your desired configuration values
+2. Modify storage class in `pvc.yaml` according to your cluster's available options
+3. Adjust the Ingress configuration in `service.yaml` based on your cluster's setup
+
+## Important Notes
+
+- The deployment requires access to the Docker socket (`/var/run/docker.sock`) for running sandboxed environments
+- The container runs in privileged mode to access Docker
+- Persistent storage is used to maintain OpenHands state
+- Default storage request is 1Gi, adjust as needed
+
+## Security Considerations
+
+- The deployment runs in privileged mode and has access to the Docker socket. Ensure proper security measures are in place.
+- Consider implementing network policies to restrict pod communication
+- Review and adjust RBAC permissions as needed for your environment

k8s/configmap.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: openhands-config
+  namespace: openhands
+data:
+  SANDBOX_RUNTIME_CONTAINER_IMAGE: "docker.all-hands.dev/all-hands-ai/runtime:0.26-nikolaik"
+  LOG_ALL_EVENTS: "true"
+  # Add other configuration options as needed
+  # These can be overridden by environment variables in the deployment

k8s/deployment.yaml

@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: openhands
+  namespace: openhands
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: openhands
+  template:
+    metadata:
+      labels:
+        app: openhands
+    spec:
+      containers:
+      - name: openhands
+        image: docker.all-hands.dev/all-hands-ai/openhands:0.26
+        ports:
+        - containerPort: 3000
+        envFrom:
+        - configMapRef:
+            name: openhands-config
+        volumeMounts:
+        - name: docker-sock
+          mountPath: /var/run/docker.sock
+        - name: openhands-state
+          mountPath: /.openhands-state
+        securityContext:
+          privileged: true  # Required for Docker socket access
+      volumes:
+      - name: docker-sock
+        hostPath:
+          path: /var/run/docker.sock
+          type: Socket
+      - name: openhands-state
+        persistentVolumeClaim:
+          claimName: openhands-state-pvc

k8s/namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: openhands
+  labels:
+    name: openhands

k8s/pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: openhands-state-pvc
+  namespace: openhands
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: standard  # Adjust based on your cluster's available storage classes

k8s/service.yaml

@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: openhands
+  namespace: openhands
+spec:
+  selector:
+    app: openhands
+  ports:
+  - port: 3000
+    targetPort: 3000
+    protocol: TCP
+    name: http
+  type: NodePort  # Using NodePort to expose the service externally
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: openhands
+  namespace: openhands
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
+spec:
+  rules:
+  - http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: openhands
+            port:
+              number: 3000