diff --git a/ReleaseNotes.md b/ReleaseNotes.md
index 80e2925fc968e4b4d68ea337b4c6aa1b6715469a..c50de4a988ccb8a83d5b1f232c02a4916a751441 100644
--- a/ReleaseNotes.md
+++ b/ReleaseNotes.md
@@ -30,6 +30,7 @@
- cta/CTA#663 - Setup dev env containers for Alma9
- cta/CTA#686 - Upgrade eos-5 to eos-5.2.23-1
- cta/CTA#705 - Upgrade eos-5 to eos-5.2.24-1: fixes EOS-6112 and add archive metadata in eoscta MGM report EOS-6150
+- cta/CTA#711 - Add cta-frontend-grpc to k8s setup
### Code Quality
- cta/CTA#575 - Remove rados metrics logging
diff --git a/continuousintegration/docker/ctafrontend/opt/run/bin/ctafrontend-grpc.sh b/continuousintegration/docker/ctafrontend/opt/run/bin/ctafrontend-grpc.sh
new file mode 100755
index 0000000000000000000000000000000000000000..a5305b5db9572c8df61090c4ceddbf1da15cb292
--- /dev/null
+++ b/continuousintegration/docker/ctafrontend/opt/run/bin/ctafrontend-grpc.sh
@@ -0,0 +1,76 @@
+#!/bin/bash
+
+# @project The CERN Tape Archive (CTA)
+# @copyright Copyright © 2024 CERN
+# @license This program is free software, distributed under the terms of the GNU General Public
+# Licence version 3 (GPL Version 3), copied verbatim in the file "COPYING". You can
+# redistribute it and/or modify it under the terms of the GPL Version 3, or (at your
+# option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# In applying this licence, CERN does not waive the privileges and immunities
+# granted to it by virtue of its status as an Intergovernmental Organization or
+# submit itself to any jurisdiction.
+
+. /opt/run/bin/init_pod.sh
+
+yum-config-manager --enable cta-artifacts
+yum-config-manager --enable ceph
+
+# Install missing RPMs
+# cta-catalogueutils is needed to delete the db at the end of instance
+yum -y install cta-debuginfo cta-catalogueutils ceph-common cta-frontend-grpc
+
+
+/opt/run/bin/init_objectstore.sh
+. /tmp/objectstore-rc.sh
+
+
+echo "ObjectStore BackendPath $OBJECTSTOREURL" >/etc/cta/cta-objectstore-tools.conf
+
+
+cat <<EOF > /etc/cta/cta.conf
+ObjectStore BackendPath ${OBJECTSTOREURL}
+EOF
+
+cat <<EOF > /etc/sysconfig/cta-frontend-grpc
+#
+# Config properties of cta-frontend-grpc
+#
+# port number to accept TCP connections
+
+# change to '--tls' to enable
+GRPC_USE_TLS=""
+EOF
+
+
+/opt/run/bin/init_database.sh
+. /tmp/database-rc.sh
+
+echo ${DATABASEURL} >/etc/cta/cta-catalogue.conf
+
+
+if [ "-${CI_CONTEXT}-" == '-nosystemd-' ]; then
+ # systemd is not available
+ echo 'echo "Setting environment variables for cta-frontend"' > /tmp/cta-frontend_env
+ cat /etc/sysconfig/cta-frontend | grep -v '^\s*\t*#' | sed -e 's/^/export /' >> /tmp/cta-frontend_env
+ source /tmp/cta-frontend_env
+
+ runuser --shell='/bin/bash' --session-command='/usr/bin/cta-frontend-grpc >> /var/log/cta/cta-frontend-grpc.log' cta
+ echo "ctafrontend died"
+ sleep infinity
+else
+ # Add a DNS cache on the client as kubernetes DNS complains about `Nameserver limits were exceeded`
+ yum install -y systemd-resolved
+ systemctl start systemd-resolved
+
+ # systemd is available
+ echo "Launching frontend with systemd:"
+ systemctl start cta-frontend-grpc
+
+ echo "Status is now:"
+ systemctl status cta-frontend-grpc
+fi
diff --git a/continuousintegration/orchestration/README.md b/continuousintegration/orchestration/README.md
index bc099430eb1d75cf8ca7b647b2ddaf9953cb7445..9ca580cd990e5845c33b160e9672d76b9402458a 100644
--- a/continuousintegration/orchestration/README.md
+++ b/continuousintegration/orchestration/README.md
@@ -194,6 +194,60 @@ OK
...
```
+### Launching a cta-frontend-grpc pod
+A grpc frontend pod can be added to the cluster manually.
+
+The `create_instance.sh` command creates a temporary directory, under `tmp`, that contains the pod files updated with the image to use in the instance.
+
+```
+[cirunner@ctadevpoliverc01 orchestration]$ ll /tmp/tmp.M600U1fz9K/
+total 52
+-rw-r--r--. 1 cirunner cirunner 1030 May 29 16:44 pod-client.yaml
+-rw-r--r--. 1 cirunner cirunner 917 May 29 16:44 pod-ctacli.yaml
+-rw-r--r--. 1 cirunner cirunner 1346 May 29 16:44 pod-ctaeos.yaml
+-rw-r--r--. 1 cirunner cirunner 1584 May 29 16:44 pod-ctafrontend-grpc.yaml
+-rw-r--r--. 1 cirunner cirunner 1562 May 29 16:44 pod-ctafrontend.yaml
+-rwxr-xr-x. 1 cirunner cirunner 1505 May 29 16:44 pod-dbupdatetest.yaml
+-rw-r--r--. 1 cirunner cirunner 1509 May 29 16:44 pod-externaltapetests.yaml
+-rw-r--r--. 1 cirunner cirunner 1560 May 29 16:44 pod-init.yaml
+-rw-r--r--. 1 cirunner cirunner 905 May 29 16:44 pod-kdc.yaml
+-rw-r--r--. 1 cirunner cirunner 1392 May 29 16:44 pod-oracleunittests.yaml
+-rw-r--r--. 1 cirunner cirunner 2289 May 29 16:44 pod-tpsrv01.yaml
+-rw-r--r--. 1 cirunner cirunner 2289 May 29 16:44 pod-tpsrv02.yaml
+-rw-r--r--. 1 cirunner cirunner 2096 May 29 16:44 pod-tpsrv.yaml
+```
+
+The grpc pod is then created by running `kubectl create -f ${poddir}/pod-ctafrontend-grpc.yaml --namespace=$NAMESCPACE` where `poddir` is this temporary directory.
+
+```
+[cirunner@ctadevpoliverc01 orchestration]$ kubectl -n cta get pods
+NAME READY STATUS RESTARTS AGE
+client 1/1 Running 0 2m25s
+ctacli 1/1 Running 0 2m25s
+ctaeos 1/1 Running 0 2m25s
+ctafrontend 1/1 Running 0 2m24s
+init 0/1 Completed 0 2m44s
+kdc 1/1 Running 0 2m24s
+postgres 1/1 Running 0 2m55s
+tpsrv01 2/2 Running 0 2m25s
+tpsrv02 2/2 Running 0 2m25s
+
+[cirunner@ctadevpoliverc01 orchestration]$ kubectl create -f pod-ctafrontend-grpc.yaml --namespace=cta
+pod/ctafrontend-grpc created
+
+[cirunner@ctadevpoliverc01 orchestration]$ kubectl -n cta get pods
+NAME READY STATUS RESTARTS AGE
+client 1/1 Running 0 4m9s
+ctacli 1/1 Running 0 4m9s
+ctaeos 1/1 Running 0 4m9s
+ctafrontend 1/1 Running 0 4m8s
+ctafrontend-grpc 1/1 Running 0 44s
+init 0/1 Completed 0 4m28s
+kdc 1/1 Running 0 4m8s
+postgres 1/1 Running 0 4m39s
+tpsrv01 2/2 Running 0 4m9s
+tpsrv02 2/2 Running 0 4m9s
+```
# Running a simple test
diff --git a/continuousintegration/orchestration/pod-ctafrontend-grpc.yaml b/continuousintegration/orchestration/pod-ctafrontend-grpc.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b4b828b243c4e28cbb7e35646ba9ce7524ddc2c7
--- /dev/null
+++ b/continuousintegration/orchestration/pod-ctafrontend-grpc.yaml
@@ -0,0 +1,69 @@
+apiVersion: v1
+kind: Pod
+metadata:
+ name: ctafrontend-grpc
+ labels:
+ k8s-app: ctafrontend-grpc
+spec:
+ restartPolicy: Never
+ containers:
+ - name: ctafrontend-grpc
+ image: gitlab-registry.cern.ch/cta/ctageneric:78673git921a9300
+ stdin: true
+ env:
+ - name: MY_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: MY_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: INSTANCE_NAME
+ value: "$(MY_NAMESPACE)"
+ - name: TERM
+ value: "xterm"
+ command: ['/opt/run/bin/ctafrontend-grpc.sh']
+ args: ["none"]
+ volumeMounts:
+ - mountPath: /shared
+ name: shared
+ - mountPath: /etc/config/objectstore
+ name: myobjectstore
+ - mountPath: /etc/config/database
+ name: mydatabase
+ - mountPath: /etc/config/library
+ name: mylibrary
+ - mountPath: /mnt/logs
+ name: logstorage
+ - mountPath: /etc/config/eoscta
+ name: eosctaconfig
+ securityContext:
+ # RW access needed to volumes
+ privileged: true
+ ports:
+ - containerPort: 17017
+ name: ctafront-grpc
+ protocol: TCP
+ volumes:
+ - name: shared
+ hostPath:
+ path: /opt/cta
+ - name: myobjectstore
+ configMap:
+ name: objectstore-config
+ - name: mydatabase
+ configMap:
+ name: database-config
+ - name: mylibrary
+ configMap:
+ name: library-config
+ - name: logstorage
+ persistentVolumeClaim:
+ claimName: claimlogs
+ - name: eosctaconfig
+ configMap:
+ name: eoscta-config
+
+ imagePullSecrets:
+ - name: ctaregsecret
diff --git a/frontend-grpc/cta.conf.example b/frontend-grpc/cta.conf.example
new file mode 100644
index 0000000000000000000000000000000000000000..afa36f249df730ab14f82085b16e1932e18947b0
--- /dev/null
+++ b/frontend-grpc/cta.conf.example
@@ -0,0 +1,53 @@
+# @project The CERN Tape Archive (CTA)
+# @copyright Copyright © 2024 CERN
+# @license This program is free software, distributed under the terms of the GNU General Public
+# Licence version 3 (GPL Version 3), copied verbatim in the file "COPYING". You can
+# redistribute it and/or modify it under the terms of the GPL Version 3, or (at your
+# option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# In applying this licence, CERN does not waive the privileges and immunities
+# granted to it by virtue of its status as an Intergovernmental Organization or
+# submit itself to any jurisdiction.
+
+ObjectStore BackendPath /path/to/local/objectstore
+
+####################################
+# TLS related variables. Only used when frontend is run with TLS (-t/--tls flag).
+####################################
+# TLS service key file
+#gRPC TlsKey /path/to/key
+#
+# TLS service certificate file
+#gRPC TlsCert /path/to/cert
+#
+# TLS CA chain file
+#gRPC TlsChain /path/to/CA/chain
+#
+
+####################################
+# CTA Scheduler DB cache timeout options
+####################################
+#SchedulerDB TapeCacheMaxAgeSecs 600
+#SchedulerDB RetrieveQueueCacheMaxAgeSecs 10
+
+####################################
+# Variables used by cta-frontend-async-grpc
+####################################
+# The port the gRPC frotnend is listening to
+#gRPC port 17017
+
+# The ca-cert file path
+#gRPC SslRoot /path/to/ca/cert
+
+# Ssl Key file
+#gRPC SslKey /path/to/ssl/key
+
+# Ssl certificate file
+#gRPC SslCert /path/to/ssl/cert
+
+# keytab file
+#gRPC Keytab /path/to/keytab