Update README.md with Docker build and Kubernetes debug instructions

- Added instructions for building and pushing Docker images with specific tags.
- Included steps for creating Kubernetes secrets from local .env files.
- Provided guidance on manually creating and removing a debug pod in Kubernetes.

Dockerfile.debug

@@ -0,0 +1,19 @@
+FROM golang:1.25-bookworm AS build
+
+WORKDIR /src
+COPY go.mod go.sum ./
+RUN go mod download
+
+COPY cmd/ ./cmd/
+COPY internal/ ./internal/
+RUN CGO_ENABLED=0 GOOS=linux go build -trimpath -ldflags="-s -w" -o /out/ncore-hnr ./cmd/ncore-hnr
+
+FROM alpine:3.20
+
+RUN apk add --no-cache bash ca-certificates curl bind-tools sqlite
+
+WORKDIR /app
+COPY --from=build /out/ncore-hnr /usr/local/bin/ncore-hnr
+
+VOLUME ["/data"]
+CMD ["/bin/sh"]

Makefile

@@ -0,0 +1,25 @@
+IMAGE ?= alfonzso/ncore-hnr
+DEBUG_IMAGE ?= alfonzso/ncore-hnr-debug
+GIT_SHA := $(shell git rev-parse --short HEAD)
+EPOCH := $(shell date +%s)
+TAG ?= $(GIT_SHA)-$(EPOCH)
+
+.PHONY: docker-build docker-push docker-publish docker-debug-build docker-debug-push docker-debug-publish
+
+docker-build:
+	docker build -t $(IMAGE):$(TAG) -t $(IMAGE):latest .
+
+docker-push:
+	docker push $(IMAGE):$(TAG)
+	docker push $(IMAGE):latest
+
+docker-publish: docker-build docker-push
+
+docker-debug-build:
+	docker build -f Dockerfile.debug -t $(DEBUG_IMAGE):$(TAG) -t $(DEBUG_IMAGE):latest .
+
+docker-debug-push:
+	docker push $(DEBUG_IMAGE):$(TAG)
+	docker push $(DEBUG_IMAGE):latest
+
+docker-debug-publish: docker-debug-build docker-debug-push

README.md

@@ -101,6 +101,45 @@ docker build -t ncore-hnr:local .
 docker run --rm --env-file .env -v "$PWD/data:/data" ncore-hnr:local
 ```
 
+Build and push to Docker Hub with a tag in the form `shortgitsha-epoch`:
+
+```bash
+make docker-publish
+```
+
+Build and push the shell-capable debug image:
+
+```bash
+make docker-debug-publish
+```
+
 ## Kubernetes
 
 The `k8s/` folder contains a CronJob, PVC, and example Secret. Store real secrets out of git.
+
+For the Flux deployment, create or update the Kubernetes Secret from your local `.env` without committing the secret values:
+
+```bash
+kubectl -n media-server create secret generic ncore-hnr-secrets \
+  --from-env-file=.env \
+  --dry-run=client -o yaml | kubectl apply -f -
+```
+
+Create a temporary debug pod manually:
+
+```bash
+kubectl apply -f k8s/debug-pod.yaml
+kubectl -n media-server exec -it ncore-hnr-debug -- sh
+```
+
+Inside the pod:
+
+```bash
+ncore-hnr --dry-run=true --notification-dry-run=true --alert-after=0s
+```
+
+Remove the debug pod when finished:
+
+```bash
+kubectl -n media-server delete pod ncore-hnr-debug
+```

k8s/debug-pod.yaml

@@ -0,0 +1,43 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: ncore-hnr-debug
+  namespace: media-server
+  labels:
+    app.kubernetes.io/name: ncore-hnr-debug
+spec:
+  restartPolicy: Never
+  securityContext:
+    fsGroup: 65532
+  containers:
+    - name: ncore-hnr-debug
+      image: alfonzso/ncore-hnr-debug:latest
+      imagePullPolicy: Always
+      command: ["sh", "-c", "sleep infinity"]
+      envFrom:
+        - secretRef:
+            name: ncore-hnr-secrets
+      env:
+        - name: QBITTORRENT_URL
+          value: http://ms-qbittorrent
+        - name: APP_DB_PATH
+          value: /data/ncore-hnr.sqlite
+        - name: DRY_RUN
+          value: "true"
+        - name: NOTIFICATION_DRY_RUN
+          value: "true"
+      resources:
+        requests:
+          cpu: 50m
+          memory: 64Mi
+        limits:
+          cpu: 250m
+          memory: 256Mi
+      volumeMounts:
+        - name: data
+          mountPath: /data
+  volumes:
+    - name: data
+      hostPath:
+        path: /mnt/secure/flux-at-home/ncore-hnr/data
+        type: DirectoryOrCreate