Parameterize a few values and add @brunnels helm chart workflow

The initial goal of this PR was to allow the user to set a few parameters such as storage, requests/limits and gpus for the pods running the application + wolf, then a few changes to the way wolf works inside kubernetes (thanks to ABeltramo) and finally adding brunnels helm chart for ease of deployment on kubernetes.

The following is the unsquashed commit log:
* [operator] add ephemeral, volumeConfig option in app crd for wolf-data

* [operator] allow user to define container resource requests/limits in user crd to configure gpus, generic-devices, etc... per user.

* [fix] add RTSPFakeIP to client, more configs and more manifests

* [operator] allow user defined volume mounts for sidecars

* [security] comment out SecurityContext

* [README] update readme and prepare for PR

* [README] add crd installation step

* [operator] use VolumeClaimTemplate, cleanup unused structs & update app manifests

* [hotfix] prevent xml marshalling of volumeClaimTemplate

* change hardcoded WOLF_RENDER_NODE

* change hardcoded WOLF_RENDER_NODE

* rename chart to direwolf
add helm-chart action
don't build arm64 for now

* fix helm workflow

* fix helm workflow

* rename chart to direwolf-operator
add crd schemas

* switch to wolf-ui branch

* add session_test.go to make it easier to see what the how the deployment will render.

* expose more wolf configs in the crds

* [operator] allow user to define securityContext for sidecars

* [ci] remove arm64 build

* uncomment the nvidia variables

* uncomment more nvidia variables

* [operator] add hostIPC flag to sidecars

* back to wolf moonlight fixes

* starting to combine workflows

* combined workflows

* fix digest file

* fix yq stage

* fix yq stage

* fix yq stage

* fix yq stage

* cleanup

* rework chart version

* rework chart version

* rework chart version

* rework chart version

* fix chart version
switch to wolf:stable

* fix chart version

* fix chart version

* fix chart version

* fix identifiers in chart

* just keep overwriting snapshot version

* [sessions] acquire ClientIP dynamically from moonlight-operator

* add schema generator script to update-codegen.sh
update crds and schemas

* switch to software renderer to see if it will work

* merge with axolotl

* dynamic image repos in values.yaml

* fix escaping for github action

* set the tag to the ref

* bad digests?

* bad path

* implement Albetro's suggestion to use wolf only for wayland session

* remove douplicate RuntimeWolfVariables and update apps

* allow user the ability to define env vars for wolf

* add nvidia examples

* update chart home in preparation for merging

---------

Co-authored-by: brunnels <kraven@kraven.org>

Author: axolotlite

.github/workflows/builder.yml

@@ -0,0 +1,206 @@
+name: Build and Push Docker Images
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+  release:
+    types: [released]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  packages: write
+
+jobs:
+  build_and_push_containers:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        app:
+          - wolf-agent
+          - moonlight-proxy
+          - operator
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3.6.0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3.10.0
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3.3.0
+        if: ${{ !github.event.pull_request.head.repo.fork }}
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Generate docker image tags
+        id: metadata
+        uses: docker/metadata-action@v5
+        with:
+          flavor: |
+            # Disable latest tag
+            latest=false
+          images: |
+            name=ghcr.io/${{ github.repository_owner }}/fenrir/${{ matrix.app == 'operator' && 'direwolf-operator' || matrix.app }}
+
+      - name: Build and push image
+        id: build
+        uses: docker/build-push-action@v6.15.0
+        with:
+          platforms: linux/amd64
+          push: ${{ !github.event.pull_request.head.repo.fork }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          tags: ${{ steps.metadata.outputs.tags }}
+          labels: ${{ steps.metadata.outputs.labels }}
+          build-args: |
+            APP_NAME=${{ matrix.app }}
+          
+      - name: Write image digest file
+        if: ${{ steps.build.outputs.digest }}
+        run: |
+          echo "${{ steps.build.outputs.digest }}" > "image-digest-${{ matrix.app }}.txt"
+
+      - name: Upload image digest artifact
+        if: ${{ steps.build.outputs.digest }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: image-digest-${{ matrix.app }}
+          path: image-digest-${{ matrix.app }}.txt
+
+  build_and_push_chart:
+    runs-on: ubuntu-latest
+    needs: build_and_push_containers
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: 'v3.12.0'
+
+      - name: Get chart version
+        id: get_version
+        uses: mikefarah/yq@master
+        with:
+          cmd: |
+            set -euo pipefail
+                        
+            REF="${{ github.ref }}"
+            CHART_PATH="charts/direwolf-operator"
+
+            if [[ "$REF" == refs/tags/* ]]; then
+              FULL_VERSION="${{ github.ref_name }}"
+            else
+              if [ ! -f "$CHART_PATH/Chart.yaml" ]; then
+                echo "Chart.yaml not found at $CHART_PATH" >&2
+                exit 1
+              fi
+            
+              BASE_VERSION="$(yq e '.version' "${CHART_PATH}/Chart.yaml")"
+              if [ -z "$BASE_VERSION" ]; then
+                echo "Could not determine chart version" >&2
+                exit 1
+              fi
+              RUN_ID="${{ github.run_id }}"
+              FULL_VERSION="${BASE_VERSION}-${RUN_ID}-SNAPSHOT"
+              #FULL_VERSION="${BASE_VERSION}-SNAPSHOT"
+            fi
+            
+            echo "Full Version: $FULL_VERSION"          
+            yq e -i ".version = \\"$FULL_VERSION\\"" "${CHART_PATH}/Chart.yaml"
+            echo "version=$FULL_VERSION" >> "$GITHUB_OUTPUT"
+
+      - name: Copy CRDs into chart
+        run: |
+          # Ensure the chart CRDs directory exists and copy repository CRDs there. This makes them part of the packaged chart.
+          mkdir -p charts/direwolf-operator/crds
+          if compgen -G "crds/*.yaml" > /dev/null; then
+            cp crds/*.yaml charts/direwolf-operator/crds/
+          else
+            echo "No CRDs found in repository crds/ - continuing"
+          fi
+
+      - name: Download image digest artifact (operator)
+        uses: actions/download-artifact@v4
+        with:
+          name: image-digest-operator
+          path: operator-artifact
+
+      - name: Download image digest artifact (moonlight-proxy)
+        uses: actions/download-artifact@v4
+        with:
+          name: image-digest-moonlight-proxy
+          path: proxy-artifact
+
+      - name: Download image digest artifact (wolf-agent)
+        uses: actions/download-artifact@v4
+        with:
+          name: image-digest-wolf-agent
+          path: agent-artifact
+
+      - name: Update Helm chart image tags
+        uses: mikefarah/yq@master
+        with:
+          cmd: |   
+            VALUES_FILE=charts/direwolf-operator/values.yaml
+            
+            OP_DIGEST="$(cat operator-artifact/image-digest-operator.txt)"
+            yq e -i ".controllers.direwolf_operator.containers.operator.image.repository = \\"ghcr.io/${{ github.repository_owner }}/fenrir/direwolf-operator\\"" "$VALUES_FILE"
+            yq e -i ".controllers.direwolf_operator.containers.operator.image.tag = \\"${{ github.ref_name }}@${OP_DIGEST}\\"" "$VALUES_FILE"
+            
+            AG_DIGEST="$(cat agent-artifact/image-digest-wolf-agent.txt)"
+            yq e -i ".controllers.direwolf_operator.containers.operator.env.AGENT_IMAGE = \\"ghcr.io/${{ github.repository_owner }}/fenrir/wolf-agent:${{ github.ref_name }}@${AG_DIGEST}\\"" "$VALUES_FILE"
+
+            PX_DIGEST="$(cat proxy-artifact/image-digest-moonlight-proxy.txt)"
+            yq e -i ".controllers.moonlight_proxy.containers.proxy.image.tag = \\"${{ github.ref_name }}@${PX_DIGEST}\\"" "$VALUES_FILE"
+            yq e -i ".controllers.moonlight_proxy.containers.proxy.image.repository = \\"ghcr.io/${{ github.repository_owner }}/fenrir/moonlight-proxy\\"" "$VALUES_FILE"
+            
+            echo "Updated $VALUES_FILE"
+
+      - name: Package Helm chart
+        run: |
+          mkdir -p packaged
+          helm dependency update charts/direwolf-operator
+          helm package charts/direwolf-operator -d packaged
+          ls -lah packaged
+
+      - name: Login to GHCR for Helm OCI
+        if: ${{ !github.event.pull_request.head.repo.fork }}
+        run: |
+          set -euo pipefail
+          echo "Logging in to ghcr.io with helm registry login"
+          echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io -u "${{ github.repository_owner }}" --password-stdin
+
+      - name: Push packaged chart with Helm (OCI)
+        env:
+          CHART_VERSION: ${{ steps.get_version.outputs.version }}
+        run: |
+          set -euo pipefail
+          chart_file=$(ls packaged/*.tgz | head -n1)
+          if [ -z "$chart_file" ]; then
+            echo "No packaged chart found" >&2
+            exit 1
+          fi
+          chart_ref="oci://ghcr.io/${{ github.repository_owner }}/charts"
+          echo "Pushing $chart_file to $chart_ref"
+          helm push "$chart_file" "$chart_ref"
+
+      - name: Verify pushed artifact
+        run: |
+          chart_ref="oci://ghcr.io/${{ github.repository_owner }}/charts:${{ steps.get_version.outputs.version }}"
+          echo "Pushed chart $chart_ref"
+

.github/workflows/docker.yml

@@ -23,3 +23,11 @@ go.work.sum
 
 # env file
 .env
+
+.idea/
+
+charts/*/Chart.lock
+charts/*/crds/
+charts/*/charts/
+
+packaged/

.gitignore

@@ -129,3 +129,57 @@ The basic idea would be that we dont need to forward any ports if we implement
 the RTSP handshake, RTP PING in `moonlight-proxy`. Once direwolf gets the
 IP/PORT of the moonlight client it can have `wolf` just start uploading a stream,
 as long as it can fake the source IP of the packets from `wolf`.
+
+## Getting started:
+Before you start you should install metallb and configure a loadbalancing ip pool.
+
+
+Then, install the operator to the your k8s cluster:  
+`kubectl apply -f examples/install.yaml`
+
+after which you'll need to install the CRDs:  
+`kubectl create -f crds/`
+
+### Using Generic Devices to pass the gpu to the pods  
+In order for wolf to render / stream the images you need to pass it a device that can do it, I've an AMD gpu, so I opted to use generic devices to pass the `dri` device
+
+first check the content of `/dev/dri`:  
+```
+$ ls /dev/dri/
+>by-path  card1  renderD128
+```
+then go to the `examples/generic-devices.yaml` to edit the dri device path to be the same as the desired card.  
+```
+- path: /dev/dri/renderD128 |->|- path: /dev/dri/renderD128
+- path: /dev/dri/cardX      |->|- path: /dev/dri/card1
+```
+
+finally apply it:  
+`kubectl apply -f examples/generic-devices.yaml`
+This should add the gpu as a sharable resource that can be used in the next step.
+
+### Creating a user  
+as of now, alex is the hardcoded user, don't change the name in the `examples/user.yaml` or `examples/user_generic_device_gpu.yaml`
+
+However you can change the resources and volume mounts for the sidecars:
+- wolf: This one requires a gpu for encoding
+- wolf-agent
+- pulseaudio
+
+
+To create a user:  
+`kubectl apply -f examples/user_generic_device_gpu.yaml`
+
+### Adding an application and pairing with moonlight  
+add the app the to cluster using:  
+`kubectl apply -f examples/testball.yaml`
+
+Next get the ip of the loadbalancer service to connect with moonlight:  
+`kubectl get svc direwolf -n direwolf -o jsonpath='{.status.loadBalancer.ingress[0].ip}'`
+
+open moonlight to pair with the acquired ip  
+then get the moonlight-proxy pairing url through the logs:  
+`kubectl logs -n direwolf deployments/direwolf-moonlight-proxy`
+
+use it to pair and then connect with the app, it'll take a moment to pull the image, so the first pairing might fail.  
+

README.md

@@ -0,0 +1,25 @@
+---
+apiVersion: v2
+appVersion: 0.0.1
+description: Streams graphic applications/games (retroarch, firefox, steam) running on Kubernetes
+name: direwolf-operator
+version: 0.0.1
+kubeVersion: ">=1.28.0-0"
+keywords:
+  - games-on-whales
+  - steam
+  - X11
+  - pulse
+  - stream
+  - retroarch
+home: https://github.com/users/games-on-whales/packages/container/package/charts%2Fdirewolf-operator
+icon: https://images.opencollective.com/games-on-whales/33a2797/logo/128.png
+sources:
+  - https://github.com/games-on-whales/wolf
+maintainers:
+  - name: brunnels
+    email: kraven@kraven.org
+dependencies:
+  - name: common
+    repository: https://bjw-s-labs.github.io/helm-charts
+    version: 4.4.0

charts/direwolf-operator/Chart.yaml

@@ -0,0 +1,14 @@
+---
+{{- include "bjw-s.common.loader.init" . }}
+
+{{- define "app-template.hardcodedValues" -}}
+# Set the nameOverride based on the release name if no override has been set
+{{ if not .Values.global.nameOverride }}
+global:
+  nameOverride: "{{ .Release.Name }}"
+{{ end }}
+{{- end -}}
+{{- $_ := mergeOverwrite .Values (include "app-template.hardcodedValues" . | fromYaml) -}}
+
+{{/* Render the templates */}}
+{{ include "bjw-s.common.loader.generate" . }}