feat: add Kubernetes deployment support

Add KubernetesActions deploy backend that manages ExApp lifecycle
(deploy, expose, remove) via HaRP's Kubernetes API endpoints.
Wire K8s flow into CLI commands (register/unregister daemon and ExApp)
and pass kubernetes deploy config from the Vue frontend.

Signed-off-by: Oleksander Piskun <oleksandr2088@icloud.com>

Author: oleksandr-nc

lib/Command/Daemon/RegisterDaemon.php

@@ -50,13 +50,27 @@ protected function configure(): void {
 		$this->addOption('harp_docker_socket_port', null, InputOption::VALUE_REQUIRED, '\'remotePort\' of the FRP client of the remote Docker socket proxy. There is one included in the harp container so this can be skipped for default setups.', '24000');
 		$this->addOption('harp_exapp_direct', null, InputOption::VALUE_NONE, 'Flag for the advanced setups only. Disables the FRP tunnel between ExApps and HaRP.');
 
+		// Kubernetes options
+		$this->addOption('k8s', null, InputOption::VALUE_NONE, 'Flag to indicate Kubernetes daemon (uses kubernetes-install deploy ID). Requires --harp flag.');
+		$this->addOption('k8s_expose_type', null, InputOption::VALUE_REQUIRED, 'Kubernetes Service type: nodeport|clusterip|loadbalancer|manual (default: clusterip)', 'clusterip');
+		$this->addOption('k8s_node_port', null, InputOption::VALUE_REQUIRED, 'Optional NodePort (30000-32767) for nodeport expose type');
+		$this->addOption('k8s_upstream_host', null, InputOption::VALUE_REQUIRED, 'Override upstream host for HaRP to reach ExApps. Required for manual expose type.');
+		$this->addOption('k8s_external_traffic_policy', null, InputOption::VALUE_REQUIRED, 'Cluster|Local for NodePort/LoadBalancer Service types');
+		$this->addOption('k8s_load_balancer_ip', null, InputOption::VALUE_REQUIRED, 'Optional LoadBalancer IP for loadbalancer expose type');
+		$this->addOption('k8s_node_address_type', null, InputOption::VALUE_REQUIRED, 'InternalIP|ExternalIP for auto node selection (default: InternalIP)', 'InternalIP');
+
 		$this->addUsage('harp_proxy_docker "Harp Proxy (Docker)" "docker-install" "http" "appapi-harp:8780" "http://nextcloud.local" --net nextcloud --harp --harp_frp_address "appapi-harp:8782" --harp_shared_key "some_very_secure_password" --set-default --compute_device=cuda');
 		$this->addUsage('harp_proxy_host "Harp Proxy (Host)" "docker-install" "http" "localhost:8780" "http://nextcloud.local" --harp --harp_frp_address "localhost:8782" --harp_shared_key "some_very_secure_password" --set-default --compute_device=cuda');
 		$this->addUsage('manual_install_harp "Harp Manual Install" "manual-install" "http" "appapi-harp:8780" "http://nextcloud.local" --net nextcloud --harp --harp_frp_address "appapi-harp:8782" --harp_shared_key "some_very_secure_password"');
 		$this->addUsage('docker_install "Docker Socket Proxy" "docker-install" "http" "nextcloud-appapi-dsp:2375" "http://nextcloud.local" --net=nextcloud --set-default --compute_device=cuda');
 		$this->addUsage('manual_install "Manual Install" "manual-install" "http" null "http://nextcloud.local"');
 		$this->addUsage('local_docker "Docker Local" "docker-install" "http" "/var/run/docker.sock" "http://nextcloud.local" --net=nextcloud');
 		$this->addUsage('local_docker "Docker Local" "docker-install" "http" "/var/run/docker.sock" "http://nextcloud.local" --net=nextcloud --set-default --compute_device=cuda');
+
+		// Kubernetes usage examples
+		$this->addUsage('k8s_daemon "Kubernetes HaRP" "kubernetes-install" "http" "harp.nextcloud.svc:8780" "http://nextcloud.local" --harp --harp_shared_key "secret" --harp_frp_address "harp.nextcloud.svc:8782" --k8s');
+		$this->addUsage('k8s_daemon_nodeport "K8s NodePort" "kubernetes-install" "http" "harp.example.com:8780" "http://nextcloud.local" --harp --harp_shared_key "secret" --harp_frp_address "harp.example.com:8782" --k8s --k8s_expose_type=nodeport --k8s_upstream_host="k8s-node.example.com"');
+		$this->addUsage('k8s_daemon_lb "K8s LoadBalancer" "kubernetes-install" "http" "harp.example.com:8780" "http://nextcloud.local" --harp --harp_shared_key "secret" --harp_frp_address "harp.example.com:8782" --k8s --k8s_expose_type=loadbalancer');
 	}
 
 	protected function execute(InputInterface $input, OutputInterface $output): int {
@@ -67,6 +81,7 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 		$host = $input->getArgument('host');
 		$nextcloudUrl = $input->getArgument('nextcloud_url');
 		$isHarp = $input->getOption('harp');
+		$isK8s = $input->getOption('k8s');
 
 		if (($protocol !== 'http') && ($protocol !== 'https')) {
 			$output->writeln('Value error: The protocol must be `http` or `https`.');
@@ -81,6 +96,67 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 			return 1;
 		}
 
+		// Kubernetes validation
+		if ($isK8s) {
+			if (!$isHarp) {
+				$output->writeln('Value error: Kubernetes daemon (--k8s) requires --harp flag. K8s always uses HaRP.');
+				return 1;
+			}
+			// Override accepts-deploy-id for K8s
+			if ($acceptsDeployId !== 'kubernetes-install') {
+				$output->writeln('<comment>Note: --k8s flag detected. Overriding accepts-deploy-id to "kubernetes-install".</comment>');
+				$acceptsDeployId = 'kubernetes-install';
+			}
+
+			$k8sExposeType = $input->getOption('k8s_expose_type');
+			$validExposeTypes = ['nodeport', 'clusterip', 'loadbalancer', 'manual'];
+			if (!in_array($k8sExposeType, $validExposeTypes)) {
+				$output->writeln(sprintf('Value error: Invalid k8s_expose_type "%s". Must be one of: %s', $k8sExposeType, implode(', ', $validExposeTypes)));
+				return 1;
+			}
+
+			$k8sNodePort = $input->getOption('k8s_node_port');
+			if ($k8sNodePort !== null) {
+				$k8sNodePort = (int)$k8sNodePort;
+				if ($k8sExposeType !== 'nodeport') {
+					$output->writeln('Value error: --k8s_node_port is only valid with --k8s_expose_type=nodeport');
+					return 1;
+				}
+				if ($k8sNodePort < 30000 || $k8sNodePort > 32767) {
+					$output->writeln('Value error: --k8s_node_port must be between 30000 and 32767');
+					return 1;
+				}
+			}
+
+			$k8sLoadBalancerIp = $input->getOption('k8s_load_balancer_ip');
+			if ($k8sLoadBalancerIp !== null && $k8sExposeType !== 'loadbalancer') {
+				$output->writeln('Value error: --k8s_load_balancer_ip is only valid with --k8s_expose_type=loadbalancer');
+				return 1;
+			}
+
+			$k8sUpstreamHost = $input->getOption('k8s_upstream_host');
+			if ($k8sExposeType === 'manual' && $k8sUpstreamHost === null) {
+				$output->writeln('Value error: --k8s_upstream_host is required for --k8s_expose_type=manual');
+				return 1;
+			}
+
+			$k8sExternalTrafficPolicy = $input->getOption('k8s_external_traffic_policy');
+			if ($k8sExternalTrafficPolicy !== null) {
+				$validPolicies = ['Cluster', 'Local'];
+				if (!in_array($k8sExternalTrafficPolicy, $validPolicies)) {
+					$output->writeln(sprintf('Value error: Invalid k8s_external_traffic_policy "%s". Must be one of: %s', $k8sExternalTrafficPolicy, implode(', ', $validPolicies)));
+					return 1;
+				}
+			}
+
+			$k8sNodeAddressType = $input->getOption('k8s_node_address_type');
+			$validNodeAddressTypes = ['InternalIP', 'ExternalIP'];
+			if (!in_array($k8sNodeAddressType, $validNodeAddressTypes)) {
+				$output->writeln(sprintf('Value error: Invalid k8s_node_address_type "%s". Must be one of: %s', $k8sNodeAddressType, implode(', ', $validNodeAddressTypes)));
+				return 1;
+			}
+		}
+
 		if ($acceptsDeployId === 'manual-install' && !$isHarp && str_contains($host, ':')) {
 			$output->writeln('<comment>Warning: The host contains a port, which will be ignored for manual-install daemons. The ExApp\'s port from --json-info will be used instead.</comment>');
 		}
@@ -94,18 +170,32 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 			? $input->getOption('harp_shared_key')
 			: $input->getOption('haproxy_password') ?? '';
 
+		// For K8s, 'net' is not used (K8s has its own networking), default to 'bridge' to avoid validation issues
+		$defaultNet = $isK8s ? 'bridge' : 'host';
 		$deployConfig = [
-			'net' => $input->getOption('net') ?? 'host',
+			'net' => $input->getOption('net') ?? $defaultNet,
 			'nextcloud_url' => $nextcloudUrl,
 			'haproxy_password' => $secret,
 			'computeDevice' => $this->buildComputeDevice($input->getOption('compute_device') ?? 'cpu'),
 			'harp' => null,
+			'kubernetes' => null,
 		];
 		if ($isHarp) {
 			$deployConfig['harp'] = [
 				'frp_address' => $input->getOption('harp_frp_address') ?? '',
 				'docker_socket_port' => $input->getOption('harp_docker_socket_port'),
-				'exapp_direct' => (bool)$input->getOption('harp_exapp_direct'),
+				'exapp_direct' => $isK8s ? true : (bool)$input->getOption('harp_exapp_direct'), // K8s always uses direct (Service-based) routing
+			];
+		}
+		if ($isK8s) {
+			$k8sNodePort = $input->getOption('k8s_node_port');
+			$deployConfig['kubernetes'] = [
+				'expose_type' => $input->getOption('k8s_expose_type') ?? 'clusterip',
+				'node_port' => $k8sNodePort !== null ? (int)$k8sNodePort : null,
+				'upstream_host' => $input->getOption('k8s_upstream_host'),
+				'external_traffic_policy' => $input->getOption('k8s_external_traffic_policy'),
+				'load_balancer_ip' => $input->getOption('k8s_load_balancer_ip'),
+				'node_address_type' => $input->getOption('k8s_node_address_type') ?? 'InternalIP',
 			];
 		}
 

lib/Command/ExApp/Register.php

@@ -11,6 +11,7 @@
 
 use OCA\AppAPI\AppInfo\Application;
 use OCA\AppAPI\DeployActions\DockerActions;
+use OCA\AppAPI\DeployActions\KubernetesActions;
 use OCA\AppAPI\DeployActions\ManualActions;
 use OCA\AppAPI\Fetcher\ExAppArchiveFetcher;
 use OCA\AppAPI\Service\AppAPIService;
@@ -33,6 +34,7 @@ public function __construct(
 		private readonly DaemonConfigService $daemonConfigService,
 		private readonly DockerActions $dockerActions,
 		private readonly ManualActions $manualActions,
+		private readonly KubernetesActions $kubernetesActions,
 		private readonly IAppConfig $appConfig,
 		private readonly ExAppService $exAppService,
 		private readonly ISecureRandom $random,
@@ -132,6 +134,7 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 		$actionsDeployIds = [
 			$this->dockerActions->getAcceptsDeployId(),
 			$this->manualActions->getAcceptsDeployId(),
+			$this->kubernetesActions->getAcceptsDeployId(),
 		];
 		if (!in_array($daemonConfig->getAcceptsDeployId(), $actionsDeployIds)) {
 			$this->logger->error(sprintf('Daemon config %s actions for %s not found.', $daemonConfigName, $daemonConfig->getAcceptsDeployId()));
@@ -200,6 +203,46 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 				(int)explode('=', $deployParams['container_params']['env'][6])[1],
 				$auth,
 			);
+		} elseif ($daemonConfig->getAcceptsDeployId() === $this->kubernetesActions->getAcceptsDeployId()) {
+			$deployParams = $this->kubernetesActions->buildDeployParams($daemonConfig, $appInfo);
+			$this->kubernetesActions->initGuzzleClient($daemonConfig);
+			$deployResult = $this->kubernetesActions->deployExApp($exApp, $daemonConfig, $deployParams);
+			if ($deployResult) {
+				$this->logger->error(sprintf('ExApp %s K8s deployment failed. Error: %s', $appId, $deployResult));
+				if ($outputConsole) {
+					$output->writeln(sprintf('ExApp %s K8s deployment failed. Error: %s', $appId, $deployResult));
+				}
+				$this->exAppService->setStatusError($exApp, $deployResult);
+				$this->_unregisterExApp($appId, $isTestDeployMode);
+				return 1;
+			}
+
+			// For K8s, expose the ExApp (create Service) and get upstream endpoint
+			$k8sConfig = $daemonConfig->getDeployConfig()['kubernetes'] ?? [];
+			$exposeResult = $this->kubernetesActions->exposeExApp(
+				$this->kubernetesActions->buildHarpK8sUrl($daemonConfig),
+				$appId,
+				(int)$appInfo['port'],
+				$k8sConfig
+			);
+			if (isset($exposeResult['error'])) {
+				$this->logger->error(sprintf('ExApp %s K8s expose failed. Error: %s', $appId, $exposeResult['error']));
+				if ($outputConsole) {
+					$output->writeln(sprintf('ExApp %s K8s expose failed. Error: %s', $appId, $exposeResult['error']));
+				}
+				$this->exAppService->setStatusError($exApp, $exposeResult['error']);
+				$this->_unregisterExApp($appId, $isTestDeployMode);
+				return 1;
+			}
+
+			$exAppUrl = $this->kubernetesActions->resolveExAppUrl(
+				$appId,
+				$daemonConfig->getProtocol(),
+				$daemonConfig->getHost(),
+				$daemonConfig->getDeployConfig(),
+				(int)$appInfo['port'],
+				$auth,
+			);
 		} else {
 			$this->manualActions->deployExApp($exApp, $daemonConfig);
 			$exAppUrl = $this->manualActions->resolveExAppUrl(

lib/Command/ExApp/Unregister.php

@@ -10,6 +10,7 @@
 namespace OCA\AppAPI\Command\ExApp;
 
 use OCA\AppAPI\DeployActions\DockerActions;
+use OCA\AppAPI\DeployActions\KubernetesActions;
 
 use OCA\AppAPI\Service\AppAPIService;
 use OCA\AppAPI\Service\DaemonConfigService;
@@ -26,6 +27,7 @@ public function __construct(
 		private readonly AppAPIService $service,
 		private readonly DaemonConfigService $daemonConfigService,
 		private readonly DockerActions $dockerActions,
+		private readonly KubernetesActions $kubernetesActions,
 		private readonly ExAppService $exAppService,
 	) {
 		parent::__construct();
@@ -142,6 +144,24 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 					}
 				}
 			}
+		} elseif ($daemonConfig->getAcceptsDeployId() === $this->kubernetesActions->getAcceptsDeployId()) {
+			$this->kubernetesActions->initGuzzleClient($daemonConfig);
+			$removeResult = $this->kubernetesActions->removeExApp(
+				$this->kubernetesActions->buildHarpK8sUrl($daemonConfig),
+				$exApp->getAppid(),
+				removeData: $rmData
+			);
+			if ($removeResult) {
+				if (!$silent) {
+					$output->writeln(sprintf('Failed to remove K8s ExApp %s: %s', $appId, $removeResult));
+					$output->writeln('Hint: If the K8s deployment was already removed manually, use --force to remove from AppAPI.');
+				}
+				if (!$force) {
+					return 1;
+				}
+			} elseif (!$silent) {
+				$output->writeln(sprintf('ExApp %s K8s resources successfully removed', $appId));
+			}
 		}
 
 		if (!$this->exAppService->unregisterExApp($appId)) {