From e63fc2c7ccb17895c89dadff085f4c67ce2945c4 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Tue, 21 Jan 2025 18:37:37 +0100 Subject: [PATCH 01/41] feat: init ai service chart --- .gitignore | 6 +- charts/testkube-ai-service/.helmignore | 23 ++++ charts/testkube-ai-service/Chart.yaml | 13 ++ .../testkube-ai-service/templates/NOTES.txt | 22 ++++ .../templates/_helpers.tpl | 62 ++++++++++ .../templates/certificate.yaml | 18 +++ .../templates/deployment.yaml | 115 ++++++++++++++++++ charts/testkube-ai-service/templates/hpa.yaml | 32 +++++ .../templates/ingress.yaml | 64 ++++++++++ .../templates/service.yaml | 18 +++ .../templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 15 +++ charts/testkube-ai-service/values.yaml | 89 ++++++++++++++ charts/testkube-enterprise/Chart.yaml | 5 +- 14 files changed, 493 insertions(+), 2 deletions(-) create mode 100644 charts/testkube-ai-service/.helmignore create mode 100644 charts/testkube-ai-service/Chart.yaml create mode 100644 charts/testkube-ai-service/templates/NOTES.txt create mode 100644 charts/testkube-ai-service/templates/_helpers.tpl create mode 100644 charts/testkube-ai-service/templates/certificate.yaml create mode 100644 charts/testkube-ai-service/templates/deployment.yaml create mode 100644 charts/testkube-ai-service/templates/hpa.yaml create mode 100644 charts/testkube-ai-service/templates/ingress.yaml create mode 100644 charts/testkube-ai-service/templates/service.yaml create mode 100644 charts/testkube-ai-service/templates/serviceaccount.yaml create mode 100644 charts/testkube-ai-service/templates/tests/test-connection.yaml create mode 100644 charts/testkube-ai-service/values.yaml diff --git a/.gitignore b/.gitignore index 0e7382bd5..deb129b38 100644 --- a/.gitignore +++ b/.gitignore @@ -5,8 +5,12 @@ # Chart dependencies charts/testkube-cloud-api/charts/*.tgz charts/testkube-cloud-ui/charts/*.tgz -charts/testkube-enterprise/charts/*.tgz +charts/testkube-enterprise/charts/* +!charts/testkube-enterprise/charts/dex/* +!charts/testkube-enterprise/charts/minio/* +!charts/testkube-enterprise/charts/mongodb/* +!charts/testkube-enterprise/charts/nats/* # OSX .DS_Store diff --git a/charts/testkube-ai-service/.helmignore b/charts/testkube-ai-service/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/testkube-ai-service/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/testkube-ai-service/Chart.yaml b/charts/testkube-ai-service/Chart.yaml new file mode 100644 index 000000000..84dc36d3c --- /dev/null +++ b/charts/testkube-ai-service/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v2 +name: testkube-ai-service +description: A Helm chart for Testkube AI service +type: application +version: 1.0.0 +appVersion: 1.0.0 +maintainers: + - name: testkube + url: https://testkube.io +icon: https://assets.website-files.com/61e00b3936e571a4ea7a5a4c/623b2bb9387ad04955b1f82c_testkube.svg +home: https://github.com/kubeshop/testkube-cloud-charts +sources: + - https://github.com/kubeshop/testkube-ai diff --git a/charts/testkube-ai-service/templates/NOTES.txt b/charts/testkube-ai-service/templates/NOTES.txt new file mode 100644 index 000000000..65e515e9e --- /dev/null +++ b/charts/testkube-ai-service/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "testkube-ai.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "testkube-ai.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "testkube-ai.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "testkube-ai.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/charts/testkube-ai-service/templates/_helpers.tpl b/charts/testkube-ai-service/templates/_helpers.tpl new file mode 100644 index 000000000..a28ef2f39 --- /dev/null +++ b/charts/testkube-ai-service/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "testkube-ai.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "testkube-ai.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "testkube-ai.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "testkube-ai.labels" -}} +helm.sh/chart: {{ include "testkube-ai.chart" . }} +{{ include "testkube-ai.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "testkube-ai.selectorLabels" -}} +app.kubernetes.io/name: {{ include "testkube-ai.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "testkube-ai.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "testkube-ai.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/testkube-ai-service/templates/certificate.yaml b/charts/testkube-ai-service/templates/certificate.yaml new file mode 100644 index 000000000..e9dfe414b --- /dev/null +++ b/charts/testkube-ai-service/templates/certificate.yaml @@ -0,0 +1,18 @@ +{{- if eq .Values.tls.certificateProvider "cert-manager" }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "testkube-ai.fullname" . }} + labels: + {{- include "testkube-ai.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade +spec: + secretName: {{ .Values.tls.secret }} + dnsNames: + - {{ .Values.tls.host }} + issuerRef: + name: {{ required ".Values.global.certManager.issuerRef must be set when provider is cert-manager" .Values.tls.certManager.issuerRef }} + kind: {{ .Values.tls.certManager.issuerKind }} + group: {{ .Values.tls.certManager.issuerGroup }} +{{- end }} diff --git a/charts/testkube-ai-service/templates/deployment.yaml b/charts/testkube-ai-service/templates/deployment.yaml new file mode 100644 index 000000000..3bf891300 --- /dev/null +++ b/charts/testkube-ai-service/templates/deployment.yaml @@ -0,0 +1,115 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "testkube-ai.fullname" . }} + labels: + {{- include "testkube-ai.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "testkube-ai.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "testkube-ai.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "testkube-ai.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: ENV + value: "{{ .Values.env | default "production" }}" + - name: LOG_LEVEL + value: "{{ .Values.logLevel | default "info" }}" + - name: OIDC_CONFIGURATION_URL + value: "{{ .Values.oidcConfigurationUrl | default "http://dex.auth:5556/idp/.well-known/openid-configuration" }}" + - name: OAUTH_ISSUER + value: "{{ .Values.oauthIssuer }}" + - name: OAUTH_JWKS_URI + value: "{{ .Values.oauthJwksUri }}" + - name: OAUTH_AUDIENCE + value: "{{ .Values.oauthAudience | default "testkube-cloud" }}" + - name: ORIGINS + value: "{{ .Values.origins | default "*" }}" + - name: ORIGINS_REGEX + value: {{ .Values.originsRegex | default "https://.*\\.testkube\\..*" | quote }} + - name: OPENAI_API_KEY + valueFrom: + secretKeyRef: + name: testkube-ai + key: OPENAI_API_KEY + - name: LANGCHAIN_TRACING_V2 + value: "{{ .Values.langchain.tracing }}" + - name: LANGCHAIN_ENDPOINT + value: "{{ .Values.langchain.endpoint }}" + - name: LANGCHAIN_API_KEY + {{- if .Values.langchain.apiKey }} + value: "{{ .Values.langchain.apiKey }}" + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.langchain.secretRef }} + key: LANGCHAIN_API_KEY + {{- end }} + - name: LANGCHAIN_PROJECT + value: "{{ .Values.langchain.project }}" + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- if .Values.tls.serveHTTPS }} + - mountPath: /tmp/serving-cert/crt.pem + readOnly: true + name: serving-cert + subPath: tls.crt + - mountPath: /tmp/serving-cert/key.pem + readOnly: true + name: serving-cert + subPath: tls.key + {{- end }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/testkube-ai-service/templates/hpa.yaml b/charts/testkube-ai-service/templates/hpa.yaml new file mode 100644 index 000000000..e05847730 --- /dev/null +++ b/charts/testkube-ai-service/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "testkube-ai.fullname" . }} + labels: + {{- include "testkube-ai.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "testkube-ai.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/charts/testkube-ai-service/templates/ingress.yaml b/charts/testkube-ai-service/templates/ingress.yaml new file mode 100644 index 000000000..d27f2f2de --- /dev/null +++ b/charts/testkube-ai-service/templates/ingress.yaml @@ -0,0 +1,64 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "testkube-ai.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "testkube-ai.labels" . | nindent 4 }} + annotations: + {{- if eq .Values.ingress.className "nginx"}} + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/preserve-trailing-slash: "true" + nginx.ingress.kubernetes.io/proxy-body-size: 10m + nginx.ingress.kubernetes.io/client-header-timeout: "10800" + nginx.ingress.kubernetes.io/client-body-timeout: "10800" + {{- end }} + {{- with .Values.ingress.annotations }} + {{- toYaml . }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.tls.host }} + tls: + - secretName: {{ .Values.tls.secret }} + hosts: + - {{ .Values.tls.host }} + {{- end }} + rules: + {{- if .Values.tls.host }} + - host: {{ .Values.tls.host | quote }} + http: + paths: + - path: "/" + {{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: ImplementationSpecific + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- else }} +{{- end }} +{{- end }} + diff --git a/charts/testkube-ai-service/templates/service.yaml b/charts/testkube-ai-service/templates/service.yaml new file mode 100644 index 000000000..b2c8f1bf3 --- /dev/null +++ b/charts/testkube-ai-service/templates/service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "testkube-ai.fullname" . }} + labels: + {{- include "testkube-ai.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "testkube-ai.selectorLabels" . | nindent 4 }} + +--- + diff --git a/charts/testkube-ai-service/templates/serviceaccount.yaml b/charts/testkube-ai-service/templates/serviceaccount.yaml new file mode 100644 index 000000000..6f291bc0f --- /dev/null +++ b/charts/testkube-ai-service/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "testkube-ai.serviceAccountName" . }} + labels: + {{- include "testkube-ai.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/charts/testkube-ai-service/templates/tests/test-connection.yaml b/charts/testkube-ai-service/templates/tests/test-connection.yaml new file mode 100644 index 000000000..cd8b6173d --- /dev/null +++ b/charts/testkube-ai-service/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "testkube-ai.fullname" . }}-test-connection" + labels: + {{- include "testkube-ai.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "testkube-ai.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml new file mode 100644 index 000000000..678ccc403 --- /dev/null +++ b/charts/testkube-ai-service/values.yaml @@ -0,0 +1,89 @@ +replicaCount: 1 + +env: "production" +logLevel: "info" + +oidcConfigurationUrl: "http://dex.auth:5556/idp/.well-known/openid-configuration" +oauthIssuer: "" +oauthJwksUri: "" +oauthAudience: "testkube-cloud" +origins: "*" +originsRegex: "https://.*\\.testkube\\..*" + +image: + repository: kubeshop/testkube-ai + pullPolicy: IfNotPresent + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "api" + +# Configuration for LangChain tracing +langchain: + # Enable LangChain tracing + tracing: true + # Endpoint for LangChain API + endpoint: "https://api.smith.langchain.com/" + # LangChain API Key - can be provided directly or referenced from a secret + apiKey: "" + # Reference to the secret containing the LangChain API Key (`LANGCHAIN_API_KEY`) + secretRef: "testkube-ai" + # Project identifier for LangChain + project: "testkube-dev" + +serviceAccount: + create: true + automount: true + annotations: {} + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} +securityContext: {} + +service: + type: ClusterIP + port: 9090 + +tls: + serveHTTPS: true + secret: testkube-ai-tls + host: ai.testkube.dev + path: "/" + certificateProvider: "cert-manager" + certManager: + issuerRef: "letsencrypt-edge" + issuerKind: ClusterIssuer + issuerGroup: cert-manager.io + +ingress: + dnsName: ai.testkube.dev + enabled: true + className: "nginx" + annotations: {} + +resources: {} + +livenessProbe: + httpGet: + path: / + port: http +readinessProbe: + httpGet: + path: / + port: http + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + +volumes: [] +volumeMounts: [] +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/charts/testkube-enterprise/Chart.yaml b/charts/testkube-enterprise/Chart.yaml index 6311e6eb2..5f170e147 100644 --- a/charts/testkube-enterprise/Chart.yaml +++ b/charts/testkube-enterprise/Chart.yaml @@ -18,9 +18,12 @@ dependencies: - name: testkube-worker-service version: 1.54.0 repository: file://../testkube-worker-service + - name: testkube-ai-service + version: 1.0.0 + repository: file://../testkube-ai-service - name: testkube alias: testkube-agent - version: 2.1.125 + version: 2.1.128 repository: https://kubeshop.github.io/helm-charts condition: testkube-agent.enabled - name: dex From 2222187fd8e6a7976b83e813cb2616c74ed73f55 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Tue, 21 Jan 2025 18:56:13 +0100 Subject: [PATCH 02/41] feat: ai values and docs --- charts/testkube-ai-service/README.md | 81 ++++++++++++++++++++++++++ charts/testkube-ai-service/values.yaml | 26 +++++---- charts/testkube-enterprise/README.md | 59 ++++++++++++++++++- charts/testkube-enterprise/values.yaml | 77 ++++++++++++++++++++++++ 4 files changed, 231 insertions(+), 12 deletions(-) create mode 100644 charts/testkube-ai-service/README.md diff --git a/charts/testkube-ai-service/README.md b/charts/testkube-ai-service/README.md new file mode 100644 index 000000000..fc93cabf0 --- /dev/null +++ b/charts/testkube-ai-service/README.md @@ -0,0 +1,81 @@ +# testkube-ai-service + +![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) + +A Helm chart for Testkube AI service + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| testkube | | | + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| autoscaling.enabled | bool | `false` | | +| autoscaling.maxReplicas | int | `100` | | +| autoscaling.minReplicas | int | `1` | | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| env | string | `"production"` | | +| fullnameOverride | string | `"api"` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"kubeshop/testkube-ai"` | | +| image.tag | string | `""` | | +| imagePullSecrets | list | `[]` | | +| ingress.annotations | object | `{}` | | +| ingress.className | string | `"nginx"` | | +| ingress.dnsName | string | `"ai.testkube.dev"` | | +| ingress.enabled | bool | `true` | | +| langchain.apiKey | string | `""` | LangChain API Key - can be provided directly or referenced from a secret | +| langchain.endpoint | string | `"https://api.smith.langchain.com/"` | Endpoint for LangChain API | +| langchain.project | string | `"testkube-dev"` | Project identifier for LangChain | +| langchain.secretRef | string | `"testkube-ai"` | Reference to the secret containing the LangChain API Key (`LANGCHAIN_API_KEY`) | +| langchain.tracing | bool | `true` | Enable LangChain tracing | +| livenessProbe.httpGet.path | string | `"/"` | | +| livenessProbe.httpGet.port | string | `"http"` | | +| logLevel | string | `"info"` | | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| oauthAudience | string | `"testkube-cloud"` | | +| oauthIssuer | string | `""` | | +| oauthJwksUri | string | `""` | | +| oidcConfigurationUrl | string | `"http://dex.auth:5556/idp/.well-known/openid-configuration"` | | +| origins | string | `"*"` | | +| originsRegex | string | `"https://.*\\.testkube\\..*"` | | +| podAnnotations | object | `{}` | | +| podLabels | object | `{}` | | +| podSecurityContext | object | `{}` | | +| readinessProbe.httpGet.path | string | `"/"` | | +| readinessProbe.httpGet.port | string | `"http"` | | +| replicaCount | int | `1` | | +| resources | object | `{}` | | +| securityContext | object | `{}` | | +| service.port | int | `9090` | | +| service.type | string | `"ClusterIP"` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.automount | bool | `true` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `""` | | +| tls.certManager.issuerGroup | string | `"cert-manager.io"` | | +| tls.certManager.issuerKind | string | `"ClusterIssuer"` | | +| tls.certManager.issuerRef | string | `"letsencrypt-edge"` | | +| tls.certificateProvider | string | `"cert-manager"` | | +| tls.host | string | `"ai.testkube.dev"` | | +| tls.path | string | `"/"` | | +| tls.secret | string | `"testkube-ai-tls"` | | +| tls.serveHTTPS | bool | `true` | | +| tolerations | list | `[]` | | +| volumeMounts | list | `[]` | | +| volumes | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml index 678ccc403..7919a0223 100644 --- a/charts/testkube-ai-service/values.yaml +++ b/charts/testkube-ai-service/values.yaml @@ -1,3 +1,7 @@ +# Default values for testkube-ai-service. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + replicaCount: 1 env: "production" @@ -20,16 +24,16 @@ nameOverride: "" fullnameOverride: "api" # Configuration for LangChain tracing -langchain: - # Enable LangChain tracing +langchain: + # -- Enable LangChain tracing tracing: true - # Endpoint for LangChain API + # -- Endpoint for LangChain API endpoint: "https://api.smith.langchain.com/" - # LangChain API Key - can be provided directly or referenced from a secret - apiKey: "" - # Reference to the secret containing the LangChain API Key (`LANGCHAIN_API_KEY`) - secretRef: "testkube-ai" - # Project identifier for LangChain + # -- LangChain API Key - can be provided directly or referenced from a secret + apiKey: "" + # -- Reference to the secret containing the LangChain API Key (`LANGCHAIN_API_KEY`) + secretRef: "testkube-ai" + # -- Project identifier for LangChain project: "testkube-dev" serviceAccount: @@ -48,9 +52,9 @@ service: type: ClusterIP port: 9090 -tls: - serveHTTPS: true - secret: testkube-ai-tls +tls: + serveHTTPS: true + secret: testkube-ai-tls host: ai.testkube.dev path: "/" certificateProvider: "cert-manager" diff --git a/charts/testkube-enterprise/README.md b/charts/testkube-enterprise/README.md index 100ad95b4..3d905ace9 100644 --- a/charts/testkube-enterprise/README.md +++ b/charts/testkube-enterprise/README.md @@ -16,6 +16,7 @@ A Helm chart for Testkube Enterprise | Repository | Name | Version | |------------|------|---------| +| file://../testkube-ai-service | testkube-ai-service | 1.0.0 | | file://../testkube-cloud-api | testkube-cloud-api | 1.139.0 | | file://../testkube-cloud-ui | testkube-cloud-ui | 1.94.0 | | file://../testkube-worker-service | testkube-worker-service | 1.54.0 | @@ -23,7 +24,7 @@ A Helm chart for Testkube Enterprise | file://./charts/minio | minio | 14.8.3-2 | | file://./charts/mongodb | mongodb | 16.2.1-1 | | file://./charts/nats | nats | 1.2.6-4 | -| https://kubeshop.github.io/helm-charts | testkube-agent(testkube) | 2.1.125 | +| https://kubeshop.github.io/helm-charts | testkube-agent(testkube) | 2.1.128 | | oci://registry-1.docker.io/bitnamicharts | common | 2.13.3 | ## Values @@ -184,6 +185,62 @@ A Helm chart for Testkube Enterprise | sharedSecretGenerator.resources | object | `{}` | Resources for the Shared Secret Generator Job | | sharedSecretGenerator.securityContext | object | `{}` | Pod Security Context for the Shared Secret Generator Job | | testkube-agent.enabled | bool | `false` | Toggle whether to install & connect Testkube Agent in the same namespace. Keep it disabled to have more control over where your agents run. See https://docs.testkube.io/articles/install/overview for more info. This relies on the `testkube-default-agent-token` shared secret. See https://docs.testkube.io/articles/install/install-with-helm#shared-secrets | +| testkube-ai-service.affinity | object | `{}` | | +| testkube-ai-service.autoscaling.enabled | bool | `false` | | +| testkube-ai-service.autoscaling.maxReplicas | int | `100` | | +| testkube-ai-service.autoscaling.minReplicas | int | `1` | | +| testkube-ai-service.autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| testkube-ai-service.env | string | `"production"` | | +| testkube-ai-service.fullnameOverride | string | `"api"` | | +| testkube-ai-service.image.pullPolicy | string | `"IfNotPresent"` | | +| testkube-ai-service.image.repository | string | `"kubeshop/testkube-ai"` | | +| testkube-ai-service.image.tag | string | `""` | | +| testkube-ai-service.imagePullSecrets | list | `[]` | | +| testkube-ai-service.ingress.annotations | object | `{}` | | +| testkube-ai-service.ingress.className | string | `"nginx"` | | +| testkube-ai-service.ingress.dnsName | string | `"ai.testkube.dev"` | | +| testkube-ai-service.ingress.enabled | bool | `true` | | +| testkube-ai-service.langchain.apiKey | string | `""` | LangChain API Key - can be provided directly or referenced from a secret | +| testkube-ai-service.langchain.endpoint | string | `"https://api.smith.langchain.com/"` | Endpoint for LangChain API | +| testkube-ai-service.langchain.project | string | `"testkube-dev"` | Project identifier for LangChain | +| testkube-ai-service.langchain.secretRef | string | `"testkube-ai"` | Reference to the secret containing the LangChain API Key (`LANGCHAIN_API_KEY`) | +| testkube-ai-service.langchain.tracing | bool | `true` | Enable LangChain tracing | +| testkube-ai-service.livenessProbe.httpGet.path | string | `"/"` | | +| testkube-ai-service.livenessProbe.httpGet.port | string | `"http"` | | +| testkube-ai-service.logLevel | string | `"info"` | | +| testkube-ai-service.nameOverride | string | `""` | | +| testkube-ai-service.nodeSelector | object | `{}` | | +| testkube-ai-service.oauthAudience | string | `"testkube-cloud"` | | +| testkube-ai-service.oauthIssuer | string | `""` | | +| testkube-ai-service.oauthJwksUri | string | `""` | | +| testkube-ai-service.oidcConfigurationUrl | string | `"http://dex.auth:5556/idp/.well-known/openid-configuration"` | | +| testkube-ai-service.origins | string | `"*"` | | +| testkube-ai-service.originsRegex | string | `"https://.*\\.testkube\\..*"` | | +| testkube-ai-service.podAnnotations | object | `{}` | | +| testkube-ai-service.podLabels | object | `{}` | | +| testkube-ai-service.podSecurityContext | object | `{}` | | +| testkube-ai-service.readinessProbe.httpGet.path | string | `"/"` | | +| testkube-ai-service.readinessProbe.httpGet.port | string | `"http"` | | +| testkube-ai-service.replicaCount | int | `1` | | +| testkube-ai-service.resources | object | `{}` | | +| testkube-ai-service.securityContext | object | `{}` | | +| testkube-ai-service.service.port | int | `9090` | | +| testkube-ai-service.service.type | string | `"ClusterIP"` | | +| testkube-ai-service.serviceAccount.annotations | object | `{}` | | +| testkube-ai-service.serviceAccount.automount | bool | `true` | | +| testkube-ai-service.serviceAccount.create | bool | `true` | | +| testkube-ai-service.serviceAccount.name | string | `""` | | +| testkube-ai-service.tls.certManager.issuerGroup | string | `"cert-manager.io"` | | +| testkube-ai-service.tls.certManager.issuerKind | string | `"ClusterIssuer"` | | +| testkube-ai-service.tls.certManager.issuerRef | string | `"letsencrypt-edge"` | | +| testkube-ai-service.tls.certificateProvider | string | `"cert-manager"` | | +| testkube-ai-service.tls.host | string | `"ai.testkube.dev"` | | +| testkube-ai-service.tls.path | string | `"/"` | | +| testkube-ai-service.tls.secret | string | `"testkube-ai-tls"` | | +| testkube-ai-service.tls.serveHTTPS | bool | `true` | | +| testkube-ai-service.tolerations | list | `[]` | | +| testkube-ai-service.volumeMounts | list | `[]` | | +| testkube-ai-service.volumes | list | `[]` | | | testkube-cloud-api.ai.secretRef | string | `""` | | | testkube-cloud-api.api.agent.healthcheck.lock | string | `"kv"` | Agent healthcheck distributed mode (one of mongo|kv) - used for pods sync to run healthchecks on single pod at once | | testkube-cloud-api.api.agent.hide | bool | `false` | | diff --git a/charts/testkube-enterprise/values.yaml b/charts/testkube-enterprise/values.yaml index 97743a843..e11e51022 100644 --- a/charts/testkube-enterprise/values.yaml +++ b/charts/testkube-enterprise/values.yaml @@ -525,6 +525,83 @@ testkube-worker-service: USE_MINIO: true # -- Specifies the path to the directory (skip the trailing slash) where CA certificates should be mounted. The mounted file should container a PEM encoded CA certificate. customCaDirPath: "" +## Testkube AI Service chart parameters +testkube-ai-service: + replicaCount: 1 + env: "production" + logLevel: "info" + oidcConfigurationUrl: "http://dex.auth:5556/idp/.well-known/openid-configuration" + oauthIssuer: "" + oauthJwksUri: "" + oauthAudience: "testkube-cloud" + origins: "*" + originsRegex: "https://.*\\.testkube\\..*" + image: + repository: kubeshop/testkube-ai + pullPolicy: IfNotPresent + tag: "" + imagePullSecrets: [] + nameOverride: "" + fullnameOverride: "api" + # Configuration for LangChain tracing + langchain: + # -- Enable LangChain tracing + tracing: true + # -- Endpoint for LangChain API + endpoint: "https://api.smith.langchain.com/" + # -- LangChain API Key - can be provided directly or referenced from a secret + apiKey: "" + # -- Reference to the secret containing the LangChain API Key (`LANGCHAIN_API_KEY`) + secretRef: "testkube-ai" + # -- Project identifier for LangChain + project: "testkube-dev" + serviceAccount: + create: true + automount: true + annotations: {} + name: "" + podAnnotations: {} + podLabels: {} + podSecurityContext: {} + securityContext: {} + service: + type: ClusterIP + port: 9090 + tls: + serveHTTPS: true + secret: testkube-ai-tls + host: ai.testkube.dev + path: "/" + certificateProvider: "cert-manager" + certManager: + issuerRef: "letsencrypt-edge" + issuerKind: ClusterIssuer + issuerGroup: cert-manager.io + ingress: + dnsName: ai.testkube.dev + enabled: true + className: "nginx" + annotations: {} + resources: {} + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + volumes: [] + volumeMounts: [] + nodeSelector: {} + tolerations: [] + affinity: {} + ## NATS chart parameter ## For more configuration parameters of NATS chart please look here: https://docs.nats.io/running-a-nats-service/nats-kubernetes/helm-charts nats: From efcc15a1ddb33ceb0adb5a92849b3fdf13a5ca56 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Tue, 21 Jan 2025 19:10:13 +0100 Subject: [PATCH 03/41] feat: enable ai service --- charts/testkube-enterprise/Chart.yaml | 1 + charts/testkube-enterprise/README.md | 1 + charts/testkube-enterprise/values.yaml | 2 ++ 3 files changed, 4 insertions(+) diff --git a/charts/testkube-enterprise/Chart.yaml b/charts/testkube-enterprise/Chart.yaml index 5f170e147..77e7d9fb0 100644 --- a/charts/testkube-enterprise/Chart.yaml +++ b/charts/testkube-enterprise/Chart.yaml @@ -21,6 +21,7 @@ dependencies: - name: testkube-ai-service version: 1.0.0 repository: file://../testkube-ai-service + condition: testkube-ai-service.enabled - name: testkube alias: testkube-agent version: 2.1.128 diff --git a/charts/testkube-enterprise/README.md b/charts/testkube-enterprise/README.md index 3d905ace9..987a6a8ad 100644 --- a/charts/testkube-enterprise/README.md +++ b/charts/testkube-enterprise/README.md @@ -190,6 +190,7 @@ A Helm chart for Testkube Enterprise | testkube-ai-service.autoscaling.maxReplicas | int | `100` | | | testkube-ai-service.autoscaling.minReplicas | int | `1` | | | testkube-ai-service.autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| testkube-ai-service.enabled | bool | `false` | Toggle whether to install the Testkube AI service | | testkube-ai-service.env | string | `"production"` | | | testkube-ai-service.fullnameOverride | string | `"api"` | | | testkube-ai-service.image.pullPolicy | string | `"IfNotPresent"` | | diff --git a/charts/testkube-enterprise/values.yaml b/charts/testkube-enterprise/values.yaml index e11e51022..9815a28a7 100644 --- a/charts/testkube-enterprise/values.yaml +++ b/charts/testkube-enterprise/values.yaml @@ -527,6 +527,8 @@ testkube-worker-service: customCaDirPath: "" ## Testkube AI Service chart parameters testkube-ai-service: + # -- Toggle whether to install the Testkube AI service + enabled: false replicaCount: 1 env: "production" logLevel: "info" From 0fae92971269a1826e98bcb91a3e0e901084d5c5 Mon Sep 17 00:00:00 2001 From: Dev Catalin <20538711+devcatalin@users.noreply.github.com> Date: Wed, 22 Jan 2025 14:19:25 +0200 Subject: [PATCH 04/41] fix: update ai image name --- charts/testkube-ai-service/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml index 7919a0223..679d1e163 100644 --- a/charts/testkube-ai-service/values.yaml +++ b/charts/testkube-ai-service/values.yaml @@ -15,7 +15,7 @@ origins: "*" originsRegex: "https://.*\\.testkube\\..*" image: - repository: kubeshop/testkube-ai + repository: kubeshop/testkube-ai-copilot pullPolicy: IfNotPresent tag: "" From 915ee446a47d31bae579b572f379cb22de8f4d4c Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Wed, 22 Jan 2025 13:52:51 +0100 Subject: [PATCH 05/41] feat: add global values that need to be implemented in ai chart --- charts/testkube-ai-service/values.yaml | 37 +++++++++++++++----------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml index 679d1e163..8ce478cc9 100644 --- a/charts/testkube-ai-service/values.yaml +++ b/charts/testkube-ai-service/values.yaml @@ -2,27 +2,43 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +global: + # TODO(emil): add the custom CA mounting + # -- Custom CA to use as a trusted CA during TLS connections. Specify a secret with the PEM encoded CA under the key specified by customCaSecretKey. + customCaSecretRef: "" + # -- Custom CA to use as a trusted CA during TLS connections. Specify a key for the secret specified under customCaSecretRef. + customCaSecretKey: "ca.crt" + # TODO(emil): add image pull secrets + # -- Global image pull secrets (provided usually by a parent chart like testkube-enterprise) + imagePullSecrets: [] + # TODO(emil): add image registry + # -- Global image registry to be prepended for to all images (usually defined in parent chart) + imageRegistry: "" + # TODO(emil): add the common labels + # -- Common labels which will be added to all resources + labels: {} + # TODO(emil): add the container security contexts + # -- Global security Context for all containers + containerSecurityContext: {} + # TODO(emil): add the pod security contexts + # -- Global security Context for all pods + podSecurityContext: {} replicaCount: 1 - env: "production" logLevel: "info" - oidcConfigurationUrl: "http://dex.auth:5556/idp/.well-known/openid-configuration" oauthIssuer: "" oauthJwksUri: "" oauthAudience: "testkube-cloud" origins: "*" originsRegex: "https://.*\\.testkube\\..*" - image: repository: kubeshop/testkube-ai-copilot pullPolicy: IfNotPresent tag: "" - imagePullSecrets: [] nameOverride: "" fullnameOverride: "api" - # Configuration for LangChain tracing langchain: # -- Enable LangChain tracing @@ -35,24 +51,18 @@ langchain: secretRef: "testkube-ai" # -- Project identifier for LangChain project: "testkube-dev" - serviceAccount: create: true automount: true annotations: {} name: "" - podAnnotations: {} podLabels: {} - podSecurityContext: {} securityContext: {} - service: type: ClusterIP port: 9090 - -tls: serveHTTPS: true secret: testkube-ai-tls host: ai.testkube.dev @@ -62,15 +72,12 @@ tls: issuerRef: "letsencrypt-edge" issuerKind: ClusterIssuer issuerGroup: cert-manager.io - ingress: dnsName: ai.testkube.dev enabled: true className: "nginx" annotations: {} - resources: {} - livenessProbe: httpGet: path: / @@ -79,13 +86,11 @@ readinessProbe: httpGet: path: / port: http - autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 - volumes: [] volumeMounts: [] nodeSelector: {} From fd57c24097672190d64b7dc971c2117a2325fed5 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Wed, 22 Jan 2025 14:11:05 +0100 Subject: [PATCH 06/41] todo --- charts/testkube-ai-service/templates/deployment.yaml | 8 ++++---- charts/testkube-ai-service/values.yaml | 2 ++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/charts/testkube-ai-service/templates/deployment.yaml b/charts/testkube-ai-service/templates/deployment.yaml index 3bf891300..b666a0663 100644 --- a/charts/testkube-ai-service/templates/deployment.yaml +++ b/charts/testkube-ai-service/templates/deployment.yaml @@ -36,7 +36,7 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - env: + env: - name: ENV value: "{{ .Values.env | default "production" }}" - name: LOG_LEVEL @@ -53,11 +53,11 @@ spec: value: "{{ .Values.origins | default "*" }}" - name: ORIGINS_REGEX value: {{ .Values.originsRegex | default "https://.*\\.testkube\\..*" | quote }} - - name: OPENAI_API_KEY + - name: OPENAI_API_KEY valueFrom: secretKeyRef: name: testkube-ai - key: OPENAI_API_KEY + key: OPENAI_API_KEY - name: LANGCHAIN_TRACING_V2 value: "{{ .Values.langchain.tracing }}" - name: LANGCHAIN_ENDPOINT @@ -69,7 +69,7 @@ spec: valueFrom: secretKeyRef: name: {{ .Values.langchain.secretRef }} - key: LANGCHAIN_API_KEY + key: LANGCHAIN_API_KEY {{- end }} - name: LANGCHAIN_PROJECT value: "{{ .Values.langchain.project }}" diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml index 8ce478cc9..020e69a7a 100644 --- a/charts/testkube-ai-service/values.yaml +++ b/charts/testkube-ai-service/values.yaml @@ -65,6 +65,7 @@ service: port: 9090 serveHTTPS: true secret: testkube-ai-tls + # TODO(emil): remove these hardcodings host: ai.testkube.dev path: "/" certificateProvider: "cert-manager" @@ -73,6 +74,7 @@ service: issuerKind: ClusterIssuer issuerGroup: cert-manager.io ingress: + # TODO(emil): remove these hardcodings dnsName: ai.testkube.dev enabled: true className: "nginx" From ca57cc7f74af0ee579bf6b9be854dd388dda2cce Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Wed, 22 Jan 2025 14:11:55 +0100 Subject: [PATCH 07/41] todo --- charts/testkube-ai-service/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml index 020e69a7a..bf344fe87 100644 --- a/charts/testkube-ai-service/values.yaml +++ b/charts/testkube-ai-service/values.yaml @@ -83,10 +83,12 @@ resources: {} livenessProbe: httpGet: path: / + # TODO(emil): does this work with tls at the pod? port: http readinessProbe: httpGet: path: / + # TODO(emil): does this work with tls at the pod? port: http autoscaling: enabled: false From 5992766222bde875ab6fe67a8a061c367aa81fef Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Wed, 22 Jan 2025 14:14:37 +0100 Subject: [PATCH 08/41] todo --- charts/testkube-ai-service/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/testkube-ai-service/templates/deployment.yaml b/charts/testkube-ai-service/templates/deployment.yaml index b666a0663..7cb15aadd 100644 --- a/charts/testkube-ai-service/templates/deployment.yaml +++ b/charts/testkube-ai-service/templates/deployment.yaml @@ -88,7 +88,7 @@ spec: {{- if .Values.tls.serveHTTPS }} - mountPath: /tmp/serving-cert/crt.pem readOnly: true - name: serving-cert + name: serving-cert # TODO(emil): where is this volume being placed? subPath: tls.crt - mountPath: /tmp/serving-cert/key.pem readOnly: true From 94ec3e449ecbfcdb9060d6a5c46925b396b689e0 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Wed, 22 Jan 2025 15:01:44 +0100 Subject: [PATCH 09/41] fix: certificate --- charts/testkube-ai-service/templates/_helpers.tpl | 11 +++++++++++ .../testkube-ai-service/templates/certificate.yaml | 4 ++-- charts/testkube-ai-service/values.yaml | 13 +++++++++++++ charts/testkube-enterprise/values.yaml | 2 ++ 4 files changed, 28 insertions(+), 2 deletions(-) diff --git a/charts/testkube-ai-service/templates/_helpers.tpl b/charts/testkube-ai-service/templates/_helpers.tpl index a28ef2f39..aee97caae 100644 --- a/charts/testkube-ai-service/templates/_helpers.tpl +++ b/charts/testkube-ai-service/templates/_helpers.tpl @@ -60,3 +60,14 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Get AI Ingress host +*/}} +{{- define "testkube-ai.ingress.host" -}} +{{- if .Values.global.domain }} +{{- printf "%s.%s" .Values.global.aiApiSubdomain .Values.global.domain }} +{{- else }} +{{- .Values.host }} +{{- end }} +{{- end }} diff --git a/charts/testkube-ai-service/templates/certificate.yaml b/charts/testkube-ai-service/templates/certificate.yaml index e9dfe414b..8f4028d3f 100644 --- a/charts/testkube-ai-service/templates/certificate.yaml +++ b/charts/testkube-ai-service/templates/certificate.yaml @@ -1,4 +1,4 @@ -{{- if eq .Values.tls.certificateProvider "cert-manager" }} +{{- if and .Values.tls.serveHTTPS (eq .Values.global.certificateProvider "cert-manager") }} apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -10,7 +10,7 @@ metadata: spec: secretName: {{ .Values.tls.secret }} dnsNames: - - {{ .Values.tls.host }} + - {{ include "testkube-ai.ingress.host" . | quote }} issuerRef: name: {{ required ".Values.global.certManager.issuerRef must be set when provider is cert-manager" .Values.tls.certManager.issuerRef }} kind: {{ .Values.tls.certManager.issuerKind }} diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml index bf344fe87..1754f91e8 100644 --- a/charts/testkube-ai-service/values.yaml +++ b/charts/testkube-ai-service/values.yaml @@ -64,6 +64,7 @@ service: type: ClusterIP port: 9090 serveHTTPS: true + # TODO(emil): still needed? secret: testkube-ai-tls # TODO(emil): remove these hardcodings host: ai.testkube.dev @@ -73,6 +74,16 @@ service: issuerRef: "letsencrypt-edge" issuerKind: ClusterIssuer issuerGroup: cert-manager.io +tls: + # -- Toggle should the Application terminate TLS instead of the Ingress + serveHTTPS: true + # -- TLS secret name which contains the certificate files + tlsSecret: testkube-ai-tls + certManager: + # -- Certificate Issuer kind (only used if `provider` is set to `cert-manager`) + issuerKind: ClusterIssuer + # -- Certificate Issuer group (only used if `provider` is set to `cert-manager`) + issuerGroup: cert-manager.io ingress: # TODO(emil): remove these hardcodings dnsName: ai.testkube.dev @@ -100,3 +111,5 @@ volumeMounts: [] nodeSelector: {} tolerations: [] affinity: {} +# -- Hostname for which to create rules and TLS certificates (if omitted, the host will be generated using the global subdomain and `domain` values) +host: "" diff --git a/charts/testkube-enterprise/values.yaml b/charts/testkube-enterprise/values.yaml index 9815a28a7..7f84c6e9f 100644 --- a/charts/testkube-enterprise/values.yaml +++ b/charts/testkube-enterprise/values.yaml @@ -27,6 +27,8 @@ global: websocketApiSubdomain: "websockets" # -- Storage API subdomain which get prepended to the domain storageApiSubdomain: "storage" + # -- AI API subdomain which get prepended to the domain + aiApiSubdomain: "ai" # -- TLS certificate provider. Set to "cert-manager" for integration with cert-manager or leave empty for other methods certificateProvider: "cert-manager" certManager: From e8bf14cee9956d8322956dc6e022c697790bc372 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Wed, 22 Jan 2025 15:32:12 +0100 Subject: [PATCH 10/41] fix: ingress --- .../templates/ingress.yaml | 30 +++++++++---------- charts/testkube-ai-service/values.yaml | 2 -- 2 files changed, 15 insertions(+), 17 deletions(-) diff --git a/charts/testkube-ai-service/templates/ingress.yaml b/charts/testkube-ai-service/templates/ingress.yaml index d27f2f2de..55a23ddf3 100644 --- a/charts/testkube-ai-service/templates/ingress.yaml +++ b/charts/testkube-ai-service/templates/ingress.yaml @@ -1,6 +1,5 @@ -{{- if .Values.ingress.enabled -}} +{{- if and .Values.global.ingress.enabled .Values.ingress.enabled -}} {{- $fullName := include "testkube-ai.fullname" . -}} -{{- $svcPort := .Values.service.port -}} {{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} @@ -22,9 +21,16 @@ metadata: {{- if eq .Values.ingress.className "nginx"}} nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/preserve-trailing-slash: "true" + nginx.ingress.kubernetes.io/backend-protocol: {{ if .Values.tls.serveHTTPS }}HTTPS{{ else }}HTTP{{ end }} nginx.ingress.kubernetes.io/proxy-body-size: 10m nginx.ingress.kubernetes.io/client-header-timeout: "10800" nginx.ingress.kubernetes.io/client-body-timeout: "10800" + nginx.ingress.kubernetes.io/proxy-send-timeout: "10800" + nginx.ingress.kubernetes.io/proxy-read-timeout: "10800" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "10800" + {{- if and (not .Values.tls.serveHTTPS) (eq .Values.global.certificateProvider "cert-manager") }} + cert-manager.io/cluster-issuer: {{ required ".Values.global.certManager.issuerRef must be provided if provider is cert-manager" .Values.global.certManager.issuerRef }} + {{- end }} {{- end }} {{- with .Values.ingress.annotations }} {{- toYaml . }} @@ -33,32 +39,26 @@ spec: {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} ingressClassName: {{ .Values.ingress.className }} {{- end }} - {{- if .Values.tls.host }} tls: - - secretName: {{ .Values.tls.secret }} - hosts: - - {{ .Values.tls.host }} - {{- end }} + - hosts: + - {{ include "testkube-ai.ingress.host" . | quote }} + secretName: {{ .Values.tls.tlsSecret }} rules: - {{- if .Values.tls.host }} - - host: {{ .Values.tls.host | quote }} + - host: {{ include "testkube-ai.ingress.host" . | quote }} http: paths: - path: "/" {{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: ImplementationSpecific + pathType: Prefix {{- end }} backend: {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} service: name: {{ $fullName }} port: - number: {{ $svcPort }} + name: {{ if .Values.tls.serveHTTPS }}https{{ else }}http{{ end }} {{- else }} serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} + servicePort: {{ if .Values.tls.serveHTTPS }}https{{ else }}http{{ end }} {{- end }} - {{- else }} -{{- end }} {{- end }} - diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml index 1754f91e8..2049fa86f 100644 --- a/charts/testkube-ai-service/values.yaml +++ b/charts/testkube-ai-service/values.yaml @@ -85,8 +85,6 @@ tls: # -- Certificate Issuer group (only used if `provider` is set to `cert-manager`) issuerGroup: cert-manager.io ingress: - # TODO(emil): remove these hardcodings - dnsName: ai.testkube.dev enabled: true className: "nginx" annotations: {} From d201a98a2758981ea6afa41f4f2065b14e7993e6 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Wed, 22 Jan 2025 15:43:31 +0100 Subject: [PATCH 11/41] fix: service --- .../testkube-ai-service/templates/service.yaml | 14 +++++++++----- charts/testkube-ai-service/values.yaml | 17 ++++++----------- 2 files changed, 15 insertions(+), 16 deletions(-) diff --git a/charts/testkube-ai-service/templates/service.yaml b/charts/testkube-ai-service/templates/service.yaml index b2c8f1bf3..b70ae3e09 100644 --- a/charts/testkube-ai-service/templates/service.yaml +++ b/charts/testkube-ai-service/templates/service.yaml @@ -4,15 +4,19 @@ metadata: name: {{ include "testkube-ai.fullname" . }} labels: {{- include "testkube-ai.labels" . | nindent 4 }} + {{- with .Values.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.service.type }} ports: - port: {{ .Values.service.port }} - targetPort: http + targetPort: {{ if .Values.tls.serveHTTPS }}https{{ else }}http{{ end }} protocol: TCP - name: http + name: {{ if .Values.tls.serveHTTPS }}https{{ else }}http{{ end }} selector: {{- include "testkube-ai.selectorLabels" . | nindent 4 }} - ---- - diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml index 2049fa86f..c078f4623 100644 --- a/charts/testkube-ai-service/values.yaml +++ b/charts/testkube-ai-service/values.yaml @@ -61,19 +61,14 @@ podLabels: {} podSecurityContext: {} securityContext: {} service: + # -- Service type type: ClusterIP + # -- Additional annotations to add to the Service resource + annotations: {} + # -- Additional labels to add to the Service resource + labels: {} + # -- AI API port port: 9090 - serveHTTPS: true - # TODO(emil): still needed? - secret: testkube-ai-tls - # TODO(emil): remove these hardcodings - host: ai.testkube.dev - path: "/" - certificateProvider: "cert-manager" - certManager: - issuerRef: "letsencrypt-edge" - issuerKind: ClusterIssuer - issuerGroup: cert-manager.io tls: # -- Toggle should the Application terminate TLS instead of the Ingress serveHTTPS: true From a49026ebe154e3e39ed3bb861791116b2eaaa4a2 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Wed, 22 Jan 2025 18:05:15 +0100 Subject: [PATCH 12/41] fix: deployment --- .../templates/_helpers.tpl | 45 +++++++++++ .../templates/deployment.yaml | 75 +++++++++++++------ charts/testkube-ai-service/values.yaml | 69 ++++++++--------- 3 files changed, 129 insertions(+), 60 deletions(-) diff --git a/charts/testkube-ai-service/templates/_helpers.tpl b/charts/testkube-ai-service/templates/_helpers.tpl index aee97caae..263947fcd 100644 --- a/charts/testkube-ai-service/templates/_helpers.tpl +++ b/charts/testkube-ai-service/templates/_helpers.tpl @@ -71,3 +71,48 @@ Get AI Ingress host {{- .Values.host }} {{- end }} {{- end }} + +{{/* +Define AI API image +*/}} +{{- define "testkube-ai.image" -}} +{{- $registryName := default "docker.io" .Values.image.registry -}} +{{- $repositoryName := .Values.image.repository -}} +{{- $tag := default .Chart.AppVersion .Values.image.tag | toString -}} +{{- $separator := ":" -}} +{{- if .Values.image.digest }} + {{- $separator = "@" -}} + {{- $tag = .Values.image.digest | toString -}} +{{- end -}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s%s%s" .Values.global.imageRegistry $repositoryName $separator $tag -}} + {{- else -}} + {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Define podSecurityContext for AI API +*/}} +{{- define "testkube-ai.podSecurityContext" -}} +{{- if .Values.global.podSecurityContext }} +{{ toYaml .Values.global.podSecurityContext }} +{{- else }} +{{ toYaml .Values.podSecurityContext }} +{{- end }} +{{- end }} + +{{/* +Define containerSecurityContext for AI API +*/}} +{{- define "testkube-ai.containerSecurityContext" -}} +{{- if .Values.global.containerSecurityContext }} +{{- toYaml .Values.global.containerSecurityContext }} +{{- else }} +{{- toYaml .Values.securityContext }} +{{- end }} +{{- end }} diff --git a/charts/testkube-ai-service/templates/deployment.yaml b/charts/testkube-ai-service/templates/deployment.yaml index 7cb15aadd..9db853f51 100644 --- a/charts/testkube-ai-service/templates/deployment.yaml +++ b/charts/testkube-ai-service/templates/deployment.yaml @@ -18,24 +18,32 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- include "testkube-ai.labels" . | nindent 8 }} - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} + {{- include "testkube-ai.selectorLabels" . | nindent 8 }} spec: - {{- with .Values.imagePullSecrets }} + {{- with (default .Values.imagePullSecrets .Values.global.imagePullSecrets) }} imagePullSecrets: + {{- range . }} + {{- if typeIsLike "map[string]interface {}" . }} + - name: {{ .name | quote }} + {{- else }} + - name: {{ . | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} serviceAccountName: {{ include "testkube-ai.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + securityContext: {{ include "testkube-ai.podSecurityContext" . | nindent 8 }} containers: - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: {{ include "testkube-ai.containerSecurityContext" . | nindent 12 }} + image: {{ include "testkube-ai.image" . }} + imagePullPolicy: {{ .Values.global.imagePullPolicy | default .Values.image.pullPolicy }} env: - name: ENV value: "{{ .Values.env | default "production" }}" @@ -74,33 +82,42 @@ spec: - name: LANGCHAIN_PROJECT value: "{{ .Values.langchain.project }}" ports: - - name: http + - name: {{ if .Values.tls.serveHTTPS }}https{{ else }}http{{ end }} containerPort: {{ .Values.service.port }} protocol: TCP livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} + httpGet: + path: / + scheme: {{ if .Values.tls.serveHTTPS }}HTTPS{{ else }}HTTP{{ end }} + port: {{ if .Values.tls.serveHTTPS }}https{{ else }}http{{ end }} readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} + httpGet: + path: / + scheme: {{ if .Values.tls.serveHTTPS }}HTTPS{{ else }}HTTP{{ end }} + port: {{ if .Values.tls.serveHTTPS }}https{{ else }}http{{ end }} resources: {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.volumeMounts }} volumeMounts: + - mountPath: /tmp + readOnly: false + name: tmp {{- if .Values.tls.serveHTTPS }} - mountPath: /tmp/serving-cert/crt.pem readOnly: true - name: serving-cert # TODO(emil): where is this volume being placed? + name: serving-cert subPath: tls.crt - mountPath: /tmp/serving-cert/key.pem readOnly: true name: serving-cert subPath: tls.key {{- end }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.volumes }} - volumes: - {{- toYaml . | nindent 8 }} - {{- end }} + {{- if .Values.global.customCaSecretRef }} + {{- $certsDir := .Values.customCaDirPath | default "/etc/testkube/certs" }} + - mountPath: {{ $certsDir }}/testkube-custom-ca.pem + name: {{ .Values.global.customCaSecretRef }} + readOnly: true + subPath: {{ .Values.global.customCaSecretKey }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -113,3 +130,17 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + volumes: + - name: tmp + emptyDir: {} + {{- if .Values.tls.serveHTTPS }} + - name: serving-cert + secret: + secretName: {{ .Values.tls.tlsSecret }} + {{- end }} + {{- if .Values.global.customCaSecretRef }} + - name: {{ .Values.global.customCaSecretRef }} + secret: + secretName: {{ .Values.global.customCaSecretRef }} + defaultMode: 420 + {{- end }} diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml index c078f4623..ea03f5a9d 100644 --- a/charts/testkube-ai-service/values.yaml +++ b/charts/testkube-ai-service/values.yaml @@ -3,54 +3,38 @@ # Declare variables to be passed into your templates. global: - # TODO(emil): add the custom CA mounting # -- Custom CA to use as a trusted CA during TLS connections. Specify a secret with the PEM encoded CA under the key specified by customCaSecretKey. customCaSecretRef: "" # -- Custom CA to use as a trusted CA during TLS connections. Specify a key for the secret specified under customCaSecretRef. customCaSecretKey: "ca.crt" - # TODO(emil): add image pull secrets # -- Global image pull secrets (provided usually by a parent chart like testkube-enterprise) imagePullSecrets: [] - # TODO(emil): add image registry # -- Global image registry to be prepended for to all images (usually defined in parent chart) imageRegistry: "" + ingress: + # -- Toggle whether to enable or disable all Ingress resources (if false, all Ingress resources will be disabled and cannot be overriden) + enabled: true # TODO(emil): add the common labels # -- Common labels which will be added to all resources labels: {} - # TODO(emil): add the container security contexts # -- Global security Context for all containers containerSecurityContext: {} - # TODO(emil): add the pod security contexts # -- Global security Context for all pods podSecurityContext: {} replicaCount: 1 -env: "production" -logLevel: "info" -oidcConfigurationUrl: "http://dex.auth:5556/idp/.well-known/openid-configuration" -oauthIssuer: "" -oauthJwksUri: "" -oauthAudience: "testkube-cloud" -origins: "*" -originsRegex: "https://.*\\.testkube\\..*" +# -- Topology spread constraints can be used to define how pods should be spread across failure domains within your cluster. +topologySpreadConstraints: [] +# -- Priority class name defines the priority of this pod relative to others in the cluster. +priorityClassName: "" image: + # -- If defined, it will prepend the registry to the image name, if not, default docker.io will be prepended + registry: "" repository: kubeshop/testkube-ai-copilot pullPolicy: IfNotPresent tag: "" imagePullSecrets: [] nameOverride: "" -fullnameOverride: "api" -# Configuration for LangChain tracing -langchain: - # -- Enable LangChain tracing - tracing: true - # -- Endpoint for LangChain API - endpoint: "https://api.smith.langchain.com/" - # -- LangChain API Key - can be provided directly or referenced from a secret - apiKey: "" - # -- Reference to the secret containing the LangChain API Key (`LANGCHAIN_API_KEY`) - secretRef: "testkube-ai" - # -- Project identifier for LangChain - project: "testkube-dev" +fullnameOverride: "" serviceAccount: create: true automount: true @@ -84,25 +68,34 @@ ingress: className: "nginx" annotations: {} resources: {} -livenessProbe: - httpGet: - path: / - # TODO(emil): does this work with tls at the pod? - port: http -readinessProbe: - httpGet: - path: / - # TODO(emil): does this work with tls at the pod? - port: http autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 -volumes: [] -volumeMounts: [] nodeSelector: {} tolerations: [] affinity: {} # -- Hostname for which to create rules and TLS certificates (if omitted, the host will be generated using the global subdomain and `domain` values) host: "" + +env: "production" +logLevel: "info" +oidcConfigurationUrl: "http://dex.auth:5556/idp/.well-known/openid-configuration" +oauthIssuer: "" +oauthJwksUri: "" +oauthAudience: "testkube-cloud" +origins: "*" +originsRegex: "https://.*\\.testkube\\..*" +# Configuration for LangChain tracing +langchain: + # -- Enable LangChain tracing + tracing: true + # -- Endpoint for LangChain API + endpoint: "https://api.smith.langchain.com/" + # -- LangChain API Key - can be provided directly or referenced from a secret + apiKey: "" + # -- Reference to the secret containing the LangChain API Key (`LANGCHAIN_API_KEY`) + secretRef: "testkube-ai" + # -- Project identifier for LangChain + project: "testkube-dev" From 862d9972a2b2a1384630732af702386c05466219 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Wed, 22 Jan 2025 18:08:30 +0100 Subject: [PATCH 13/41] fix: global labels --- charts/testkube-ai-service/templates/_helpers.tpl | 3 +++ charts/testkube-ai-service/values.yaml | 1 - 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/testkube-ai-service/templates/_helpers.tpl b/charts/testkube-ai-service/templates/_helpers.tpl index 263947fcd..d50eb7b00 100644 --- a/charts/testkube-ai-service/templates/_helpers.tpl +++ b/charts/testkube-ai-service/templates/_helpers.tpl @@ -40,6 +40,9 @@ helm.sh/chart: {{ include "testkube-ai.chart" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.global.labels }} +{{ toYaml .Values.global.labels }} +{{- end }} {{- end }} {{/* diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml index ea03f5a9d..bb34ddfff 100644 --- a/charts/testkube-ai-service/values.yaml +++ b/charts/testkube-ai-service/values.yaml @@ -14,7 +14,6 @@ global: ingress: # -- Toggle whether to enable or disable all Ingress resources (if false, all Ingress resources will be disabled and cannot be overriden) enabled: true - # TODO(emil): add the common labels # -- Common labels which will be added to all resources labels: {} # -- Global security Context for all containers From a923942d4eac68fc1b997e4be28bed9027e0273f Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Wed, 22 Jan 2025 18:16:05 +0100 Subject: [PATCH 14/41] fix: node env --- charts/testkube-ai-service/templates/deployment.yaml | 6 +++--- charts/testkube-ai-service/values.yaml | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/charts/testkube-ai-service/templates/deployment.yaml b/charts/testkube-ai-service/templates/deployment.yaml index 9db853f51..c76f828ee 100644 --- a/charts/testkube-ai-service/templates/deployment.yaml +++ b/charts/testkube-ai-service/templates/deployment.yaml @@ -45,10 +45,10 @@ spec: image: {{ include "testkube-ai.image" . }} imagePullPolicy: {{ .Values.global.imagePullPolicy | default .Values.image.pullPolicy }} env: - - name: ENV - value: "{{ .Values.env | default "production" }}" + - name: NODE_ENV + value: "{{ .Values.env }}" - name: LOG_LEVEL - value: "{{ .Values.logLevel | default "info" }}" + value: "{{ .Values.logLevel }}" - name: OIDC_CONFIGURATION_URL value: "{{ .Values.oidcConfigurationUrl | default "http://dex.auth:5556/idp/.well-known/openid-configuration" }}" - name: OAUTH_ISSUER diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml index bb34ddfff..c7361c267 100644 --- a/charts/testkube-ai-service/values.yaml +++ b/charts/testkube-ai-service/values.yaml @@ -78,7 +78,9 @@ affinity: {} # -- Hostname for which to create rules and TLS certificates (if omitted, the host will be generated using the global subdomain and `domain` values) host: "" +# -- Environment of deployment env: "production" +# -- Log level logLevel: "info" oidcConfigurationUrl: "http://dex.auth:5556/idp/.well-known/openid-configuration" oauthIssuer: "" From 76341d11ccf160cc8262b82c8523799955363be5 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Wed, 22 Jan 2025 18:16:48 +0100 Subject: [PATCH 15/41] fix: specify port --- charts/testkube-ai-service/templates/deployment.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/testkube-ai-service/templates/deployment.yaml b/charts/testkube-ai-service/templates/deployment.yaml index c76f828ee..702f14c5d 100644 --- a/charts/testkube-ai-service/templates/deployment.yaml +++ b/charts/testkube-ai-service/templates/deployment.yaml @@ -49,6 +49,8 @@ spec: value: "{{ .Values.env }}" - name: LOG_LEVEL value: "{{ .Values.logLevel }}" + - name: PORT + value: "{{ .Values.service.port }}" - name: OIDC_CONFIGURATION_URL value: "{{ .Values.oidcConfigurationUrl | default "http://dex.auth:5556/idp/.well-known/openid-configuration" }}" - name: OAUTH_ISSUER From b3bcc13f9ebd4526e49d6fc872be462c53216b14 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Wed, 22 Jan 2025 18:19:04 +0100 Subject: [PATCH 16/41] fix: remove unused origins vars --- charts/testkube-ai-service/templates/deployment.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/charts/testkube-ai-service/templates/deployment.yaml b/charts/testkube-ai-service/templates/deployment.yaml index 702f14c5d..f27ef11d2 100644 --- a/charts/testkube-ai-service/templates/deployment.yaml +++ b/charts/testkube-ai-service/templates/deployment.yaml @@ -59,10 +59,6 @@ spec: value: "{{ .Values.oauthJwksUri }}" - name: OAUTH_AUDIENCE value: "{{ .Values.oauthAudience | default "testkube-cloud" }}" - - name: ORIGINS - value: "{{ .Values.origins | default "*" }}" - - name: ORIGINS_REGEX - value: {{ .Values.originsRegex | default "https://.*\\.testkube\\..*" | quote }} - name: OPENAI_API_KEY valueFrom: secretKeyRef: From 8c3d7a601126a2219c3abd934c1061d961902f61 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Wed, 22 Jan 2025 18:23:05 +0100 Subject: [PATCH 17/41] fix: audience environment variable --- charts/testkube-ai-service/templates/deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/testkube-ai-service/templates/deployment.yaml b/charts/testkube-ai-service/templates/deployment.yaml index f27ef11d2..fb756935a 100644 --- a/charts/testkube-ai-service/templates/deployment.yaml +++ b/charts/testkube-ai-service/templates/deployment.yaml @@ -57,8 +57,8 @@ spec: value: "{{ .Values.oauthIssuer }}" - name: OAUTH_JWKS_URI value: "{{ .Values.oauthJwksUri }}" - - name: OAUTH_AUDIENCE - value: "{{ .Values.oauthAudience | default "testkube-cloud" }}" + - name: AUDIENCE + value: "{{ .Values.oauthAudience }}" - name: OPENAI_API_KEY valueFrom: secretKeyRef: From ec84f2b8ee73ab557d126960fd0fb07b9eea6291 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Wed, 22 Jan 2025 18:34:28 +0100 Subject: [PATCH 18/41] fix: oauth configs --- charts/testkube-ai-service/templates/deployment.yaml | 7 +++++-- charts/testkube-ai-service/values.yaml | 5 ++--- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/charts/testkube-ai-service/templates/deployment.yaml b/charts/testkube-ai-service/templates/deployment.yaml index fb756935a..78e20cb2a 100644 --- a/charts/testkube-ai-service/templates/deployment.yaml +++ b/charts/testkube-ai-service/templates/deployment.yaml @@ -51,12 +51,15 @@ spec: value: "{{ .Values.logLevel }}" - name: PORT value: "{{ .Values.service.port }}" - - name: OIDC_CONFIGURATION_URL - value: "{{ .Values.oidcConfigurationUrl | default "http://dex.auth:5556/idp/.well-known/openid-configuration" }}" + {{ if and .Values.oauthIssuer .Values.oauthJwksUri }} - name: OAUTH_ISSUER value: "{{ .Values.oauthIssuer }}" - name: OAUTH_JWKS_URI value: "{{ .Values.oauthJwksUri }}" + {{ else }} + - name: OIDC_CONFIGURATION_URL + value: "{{ .Values.oidcConfigurationUrl | default "http://dex.auth:5556/idp/.well-known/openid-configuration" }}" + {{ end }} - name: AUDIENCE value: "{{ .Values.oauthAudience }}" - name: OPENAI_API_KEY diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml index c7361c267..d854c8c1e 100644 --- a/charts/testkube-ai-service/values.yaml +++ b/charts/testkube-ai-service/values.yaml @@ -85,9 +85,8 @@ logLevel: "info" oidcConfigurationUrl: "http://dex.auth:5556/idp/.well-known/openid-configuration" oauthIssuer: "" oauthJwksUri: "" -oauthAudience: "testkube-cloud" -origins: "*" -originsRegex: "https://.*\\.testkube\\..*" +# -- OAuth audience represents the expected value of the `aud` claim in the JWT token. This is the static client ID in the Dex configuration. +oauthAudience: "" # TODO(emil): put as "testkube-enterprise" or reference to static client id value in the enterprise chart # Configuration for LangChain tracing langchain: # -- Enable LangChain tracing From 87a47c9091e6a7c683094890d6a2d984142104d5 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Wed, 22 Jan 2025 18:39:06 +0100 Subject: [PATCH 19/41] fix: oauth configs --- charts/testkube-ai-service/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml index d854c8c1e..aed4a4c7b 100644 --- a/charts/testkube-ai-service/values.yaml +++ b/charts/testkube-ai-service/values.yaml @@ -82,8 +82,11 @@ host: "" env: "production" # -- Log level logLevel: "info" +# -- Use OpenID Conect (OIDC) Discovery endpoint to fetch configurations from the identity provider oidcConfigurationUrl: "http://dex.auth:5556/idp/.well-known/openid-configuration" +# -- Specify issuer to skip OIDC Discovery oauthIssuer: "" +# -- Specify the URL to fetch the JWK set document and skip OIDC Discovery oauthJwksUri: "" # -- OAuth audience represents the expected value of the `aud` claim in the JWT token. This is the static client ID in the Dex configuration. oauthAudience: "" # TODO(emil): put as "testkube-enterprise" or reference to static client id value in the enterprise chart From 14ee82c2fcc00475655ec132c5be39029f8ef162 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Wed, 22 Jan 2025 18:51:11 +0100 Subject: [PATCH 20/41] fix: oidc discovery url --- charts/testkube-ai-service/templates/deployment.yaml | 2 +- charts/testkube-ai-service/values.yaml | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/testkube-ai-service/templates/deployment.yaml b/charts/testkube-ai-service/templates/deployment.yaml index 78e20cb2a..685b99569 100644 --- a/charts/testkube-ai-service/templates/deployment.yaml +++ b/charts/testkube-ai-service/templates/deployment.yaml @@ -58,7 +58,7 @@ spec: value: "{{ .Values.oauthJwksUri }}" {{ else }} - name: OIDC_CONFIGURATION_URL - value: "{{ .Values.oidcConfigurationUrl | default "http://dex.auth:5556/idp/.well-known/openid-configuration" }}" + value: {{ if .Values.global.dex.issuer}}{{ .Values.global.dex.issuer }}/.well-known/openid-configuration{{ else if .Values.oidcDiscoveryUri }}{{ .Values.oidcDiscoveryUri }}{{ else }}https://{{ .Values.global.restApiSubdomain }}.{{ .Values.global.domain }}/idp/.well-known/openid-configuration{{ end }} {{ end }} - name: AUDIENCE value: "{{ .Values.oauthAudience }}" diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml index aed4a4c7b..aafca4cb7 100644 --- a/charts/testkube-ai-service/values.yaml +++ b/charts/testkube-ai-service/values.yaml @@ -14,6 +14,9 @@ global: ingress: # -- Toggle whether to enable or disable all Ingress resources (if false, all Ingress resources will be disabled and cannot be overriden) enabled: true + dex: + # -- Global Dex issuer url + issuer: "" # -- Common labels which will be added to all resources labels: {} # -- Global security Context for all containers @@ -82,8 +85,8 @@ host: "" env: "production" # -- Log level logLevel: "info" -# -- Use OpenID Conect (OIDC) Discovery endpoint to fetch configurations from the identity provider -oidcConfigurationUrl: "http://dex.auth:5556/idp/.well-known/openid-configuration" +# -- Use OpenID Conect (OIDC) Discovery endpoint to fetch configurations from the identity provider. The path should end with `/.well-known/openid-configuration`. +oidcDiscoveryUri: "" # -- Specify issuer to skip OIDC Discovery oauthIssuer: "" # -- Specify the URL to fetch the JWK set document and skip OIDC Discovery From 9db14618d7aac17c178a23b4807e14ed19b01359 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Wed, 22 Jan 2025 19:00:13 +0100 Subject: [PATCH 21/41] fix: hardcoding of openai api key secret --- .../testkube-ai-service/templates/deployment.yaml | 14 +++++++++----- charts/testkube-ai-service/values.yaml | 12 +++++++++--- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/charts/testkube-ai-service/templates/deployment.yaml b/charts/testkube-ai-service/templates/deployment.yaml index 685b99569..c0c0974c5 100644 --- a/charts/testkube-ai-service/templates/deployment.yaml +++ b/charts/testkube-ai-service/templates/deployment.yaml @@ -63,14 +63,14 @@ spec: - name: AUDIENCE value: "{{ .Values.oauthAudience }}" - name: OPENAI_API_KEY + {{- if .Values.openai.apiKey }} + value: "{{ .Values.openai.apiKey }}" + {{- else }} valueFrom: secretKeyRef: - name: testkube-ai + name: {{ .Values.openai.secretRef }} key: OPENAI_API_KEY - - name: LANGCHAIN_TRACING_V2 - value: "{{ .Values.langchain.tracing }}" - - name: LANGCHAIN_ENDPOINT - value: "{{ .Values.langchain.endpoint }}" + {{- end }} - name: LANGCHAIN_API_KEY {{- if .Values.langchain.apiKey }} value: "{{ .Values.langchain.apiKey }}" @@ -80,6 +80,10 @@ spec: name: {{ .Values.langchain.secretRef }} key: LANGCHAIN_API_KEY {{- end }} + - name: LANGCHAIN_TRACING_V2 + value: "{{ .Values.langchain.tracing }}" + - name: LANGCHAIN_ENDPOINT + value: "{{ .Values.langchain.endpoint }}" - name: LANGCHAIN_PROJECT value: "{{ .Values.langchain.project }}" ports: diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml index aafca4cb7..97782c05a 100644 --- a/charts/testkube-ai-service/values.yaml +++ b/charts/testkube-ai-service/values.yaml @@ -101,7 +101,13 @@ langchain: endpoint: "https://api.smith.langchain.com/" # -- LangChain API Key - can be provided directly or referenced from a secret apiKey: "" - # -- Reference to the secret containing the LangChain API Key (`LANGCHAIN_API_KEY`) - secretRef: "testkube-ai" + # -- Reference to the secret containing the LangChain API Key. Place value into `LANGCHAIN_API_KEY` key. + secretRef: "" # -- Project identifier for LangChain - project: "testkube-dev" + project: "" +# Configuration for OpenAI API +openAi: + # -- OpenAI API Key - can be provided directly or referenced from a secret + apiKey: "" + # -- Reference to the secret containing the OpenAI API Key. Place value into `OPENAI_API_KEY` key. + secretRef: "" From 252c6c07b05f49e26727f0f438bcf2cb58c05c24 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Wed, 22 Jan 2025 19:03:24 +0100 Subject: [PATCH 22/41] fix: hpa --- charts/testkube-ai-service/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml index 97782c05a..be54d8caa 100644 --- a/charts/testkube-ai-service/values.yaml +++ b/charts/testkube-ai-service/values.yaml @@ -75,12 +75,12 @@ autoscaling: minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 + targetMemoryUtilizationPercentage: 80 nodeSelector: {} tolerations: [] affinity: {} # -- Hostname for which to create rules and TLS certificates (if omitted, the host will be generated using the global subdomain and `domain` values) host: "" - # -- Environment of deployment env: "production" # -- Log level From ae2b0ebe1a58d09fc895f5105de21c5f8a142f23 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Wed, 22 Jan 2025 19:04:49 +0100 Subject: [PATCH 23/41] fix: update enterprise values --- charts/testkube-ai-service/values.yaml | 2 +- charts/testkube-enterprise/values.yaml | 91 +++++++++++++++----------- 2 files changed, 53 insertions(+), 40 deletions(-) diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml index be54d8caa..14f358736 100644 --- a/charts/testkube-ai-service/values.yaml +++ b/charts/testkube-ai-service/values.yaml @@ -92,7 +92,7 @@ oauthIssuer: "" # -- Specify the URL to fetch the JWK set document and skip OIDC Discovery oauthJwksUri: "" # -- OAuth audience represents the expected value of the `aud` claim in the JWT token. This is the static client ID in the Dex configuration. -oauthAudience: "" # TODO(emil): put as "testkube-enterprise" or reference to static client id value in the enterprise chart +oauthAudience: "" # Configuration for LangChain tracing langchain: # -- Enable LangChain tracing diff --git a/charts/testkube-enterprise/values.yaml b/charts/testkube-enterprise/values.yaml index 7f84c6e9f..76df34072 100644 --- a/charts/testkube-enterprise/values.yaml +++ b/charts/testkube-enterprise/values.yaml @@ -532,33 +532,19 @@ testkube-ai-service: # -- Toggle whether to install the Testkube AI service enabled: false replicaCount: 1 - env: "production" - logLevel: "info" - oidcConfigurationUrl: "http://dex.auth:5556/idp/.well-known/openid-configuration" - oauthIssuer: "" - oauthJwksUri: "" - oauthAudience: "testkube-cloud" - origins: "*" - originsRegex: "https://.*\\.testkube\\..*" + # -- Topology spread constraints can be used to define how pods should be spread across failure domains within your cluster. + topologySpreadConstraints: [] + # -- Priority class name defines the priority of this pod relative to others in the cluster. + priorityClassName: "" image: - repository: kubeshop/testkube-ai + # -- If defined, it will prepend the registry to the image name, if not, default docker.io will be prepended + registry: "" + repository: kubeshop/testkube-ai-copilot pullPolicy: IfNotPresent tag: "" imagePullSecrets: [] nameOverride: "" - fullnameOverride: "api" - # Configuration for LangChain tracing - langchain: - # -- Enable LangChain tracing - tracing: true - # -- Endpoint for LangChain API - endpoint: "https://api.smith.langchain.com/" - # -- LangChain API Key - can be provided directly or referenced from a secret - apiKey: "" - # -- Reference to the secret containing the LangChain API Key (`LANGCHAIN_API_KEY`) - secretRef: "testkube-ai" - # -- Project identifier for LangChain - project: "testkube-dev" + fullnameOverride: "" serviceAccount: create: true automount: true @@ -569,43 +555,70 @@ testkube-ai-service: podSecurityContext: {} securityContext: {} service: + # -- Service type type: ClusterIP + # -- Additional annotations to add to the Service resource + annotations: {} + # -- Additional labels to add to the Service resource + labels: {} + # -- AI API port port: 9090 tls: + # -- Toggle should the Application terminate TLS instead of the Ingress serveHTTPS: true - secret: testkube-ai-tls - host: ai.testkube.dev - path: "/" - certificateProvider: "cert-manager" + # -- TLS secret name which contains the certificate files + tlsSecret: testkube-ai-tls certManager: - issuerRef: "letsencrypt-edge" + # -- Certificate Issuer kind (only used if `provider` is set to `cert-manager`) issuerKind: ClusterIssuer + # -- Certificate Issuer group (only used if `provider` is set to `cert-manager`) issuerGroup: cert-manager.io ingress: - dnsName: ai.testkube.dev enabled: true className: "nginx" annotations: {} resources: {} - livenessProbe: - httpGet: - path: / - port: http - readinessProbe: - httpGet: - path: / - port: http autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 - volumes: [] - volumeMounts: [] + targetMemoryUtilizationPercentage: 80 nodeSelector: {} tolerations: [] affinity: {} - + # -- Hostname for which to create rules and TLS certificates (if omitted, the host will be generated using the global subdomain and `domain` values) + host: "" + # -- Environment of deployment + env: "production" + # -- Log level + logLevel: "info" + # -- Use OpenID Conect (OIDC) Discovery endpoint to fetch configurations from the identity provider. The path should end with `/.well-known/openid-configuration`. + oidcDiscoveryUri: "" + # -- Specify issuer to skip OIDC Discovery + oauthIssuer: "" + # -- Specify the URL to fetch the JWK set document and skip OIDC Discovery + oauthJwksUri: "" + # -- OAuth audience represents the expected value of the `aud` claim in the JWT token. This is the static client ID in the Dex configuration. + oauthAudience: "testkube-enterprise" + # Configuration for LangChain tracing + langchain: + # -- Enable LangChain tracing + tracing: true + # -- Endpoint for LangChain API + endpoint: "https://api.smith.langchain.com/" + # -- LangChain API Key - can be provided directly or referenced from a secret + apiKey: "" + # -- Reference to the secret containing the LangChain API Key. Place value into `LANGCHAIN_API_KEY` key. + secretRef: "" + # -- Project identifier for LangChain + project: "" + # Configuration for OpenAI API + openAi: + # -- OpenAI API Key - can be provided directly or referenced from a secret + apiKey: "" + # -- Reference to the secret containing the OpenAI API Key. Place value into `OPENAI_API_KEY` key. + secretRef: "" ## NATS chart parameter ## For more configuration parameters of NATS chart please look here: https://docs.nats.io/running-a-nats-service/nats-kubernetes/helm-charts nats: From 90ed7fca604824a0af50bbb1157a2e7a04810e16 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Wed, 22 Jan 2025 19:05:51 +0100 Subject: [PATCH 24/41] docs: update --- charts/testkube-ai-service/README.md | 63 +++++++++++++++------------- charts/testkube-enterprise/README.md | 55 ++++++++++++------------ 2 files changed, 60 insertions(+), 58 deletions(-) diff --git a/charts/testkube-ai-service/README.md b/charts/testkube-ai-service/README.md index fc93cabf0..058679973 100644 --- a/charts/testkube-ai-service/README.md +++ b/charts/testkube-ai-service/README.md @@ -25,57 +25,62 @@ A Helm chart for Testkube AI service | autoscaling.maxReplicas | int | `100` | | | autoscaling.minReplicas | int | `1` | | | autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| env | string | `"production"` | | -| fullnameOverride | string | `"api"` | | +| autoscaling.targetMemoryUtilizationPercentage | int | `80` | | +| env | string | `"production"` | Environment of deployment | +| fullnameOverride | string | `""` | | +| global.containerSecurityContext | object | `{}` | Global security Context for all containers | +| global.customCaSecretKey | string | `"ca.crt"` | Custom CA to use as a trusted CA during TLS connections. Specify a key for the secret specified under customCaSecretRef. | +| global.customCaSecretRef | string | `""` | Custom CA to use as a trusted CA during TLS connections. Specify a secret with the PEM encoded CA under the key specified by customCaSecretKey. | +| global.dex.issuer | string | `""` | Global Dex issuer url | +| global.imagePullSecrets | list | `[]` | Global image pull secrets (provided usually by a parent chart like testkube-enterprise) | +| global.imageRegistry | string | `""` | Global image registry to be prepended for to all images (usually defined in parent chart) | +| global.ingress.enabled | bool | `true` | Toggle whether to enable or disable all Ingress resources (if false, all Ingress resources will be disabled and cannot be overriden) | +| global.labels | object | `{}` | Common labels which will be added to all resources | +| global.podSecurityContext | object | `{}` | Global security Context for all pods | +| host | string | `""` | Hostname for which to create rules and TLS certificates (if omitted, the host will be generated using the global subdomain and `domain` values) | | image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"kubeshop/testkube-ai"` | | +| image.registry | string | `""` | If defined, it will prepend the registry to the image name, if not, default docker.io will be prepended | +| image.repository | string | `"kubeshop/testkube-ai-copilot"` | | | image.tag | string | `""` | | | imagePullSecrets | list | `[]` | | | ingress.annotations | object | `{}` | | | ingress.className | string | `"nginx"` | | -| ingress.dnsName | string | `"ai.testkube.dev"` | | | ingress.enabled | bool | `true` | | | langchain.apiKey | string | `""` | LangChain API Key - can be provided directly or referenced from a secret | | langchain.endpoint | string | `"https://api.smith.langchain.com/"` | Endpoint for LangChain API | -| langchain.project | string | `"testkube-dev"` | Project identifier for LangChain | -| langchain.secretRef | string | `"testkube-ai"` | Reference to the secret containing the LangChain API Key (`LANGCHAIN_API_KEY`) | +| langchain.project | string | `""` | Project identifier for LangChain | +| langchain.secretRef | string | `""` | Reference to the secret containing the LangChain API Key. Place value into `LANGCHAIN_API_KEY` key. | | langchain.tracing | bool | `true` | Enable LangChain tracing | -| livenessProbe.httpGet.path | string | `"/"` | | -| livenessProbe.httpGet.port | string | `"http"` | | -| logLevel | string | `"info"` | | +| logLevel | string | `"info"` | Log level | | nameOverride | string | `""` | | | nodeSelector | object | `{}` | | -| oauthAudience | string | `"testkube-cloud"` | | -| oauthIssuer | string | `""` | | -| oauthJwksUri | string | `""` | | -| oidcConfigurationUrl | string | `"http://dex.auth:5556/idp/.well-known/openid-configuration"` | | -| origins | string | `"*"` | | -| originsRegex | string | `"https://.*\\.testkube\\..*"` | | +| oauthAudience | string | `""` | OAuth audience represents the expected value of the `aud` claim in the JWT token. This is the static client ID in the Dex configuration. | +| oauthIssuer | string | `""` | Specify issuer to skip OIDC Discovery | +| oauthJwksUri | string | `""` | Specify the URL to fetch the JWK set document and skip OIDC Discovery | +| oidcDiscoveryUri | string | `""` | Use OpenID Conect (OIDC) Discovery endpoint to fetch configurations from the identity provider. The path should end with `/.well-known/openid-configuration`. | +| openAi.apiKey | string | `""` | OpenAI API Key - can be provided directly or referenced from a secret | +| openAi.secretRef | string | `""` | Reference to the secret containing the OpenAI API Key. Place value into `OPENAI_API_KEY` key. | | podAnnotations | object | `{}` | | | podLabels | object | `{}` | | | podSecurityContext | object | `{}` | | -| readinessProbe.httpGet.path | string | `"/"` | | -| readinessProbe.httpGet.port | string | `"http"` | | +| priorityClassName | string | `""` | Priority class name defines the priority of this pod relative to others in the cluster. | | replicaCount | int | `1` | | | resources | object | `{}` | | | securityContext | object | `{}` | | -| service.port | int | `9090` | | -| service.type | string | `"ClusterIP"` | | +| service.annotations | object | `{}` | Additional annotations to add to the Service resource | +| service.labels | object | `{}` | Additional labels to add to the Service resource | +| service.port | int | `9090` | AI API port | +| service.type | string | `"ClusterIP"` | Service type | | serviceAccount.annotations | object | `{}` | | | serviceAccount.automount | bool | `true` | | | serviceAccount.create | bool | `true` | | | serviceAccount.name | string | `""` | | -| tls.certManager.issuerGroup | string | `"cert-manager.io"` | | -| tls.certManager.issuerKind | string | `"ClusterIssuer"` | | -| tls.certManager.issuerRef | string | `"letsencrypt-edge"` | | -| tls.certificateProvider | string | `"cert-manager"` | | -| tls.host | string | `"ai.testkube.dev"` | | -| tls.path | string | `"/"` | | -| tls.secret | string | `"testkube-ai-tls"` | | -| tls.serveHTTPS | bool | `true` | | +| tls.certManager.issuerGroup | string | `"cert-manager.io"` | Certificate Issuer group (only used if `provider` is set to `cert-manager`) | +| tls.certManager.issuerKind | string | `"ClusterIssuer"` | Certificate Issuer kind (only used if `provider` is set to `cert-manager`) | +| tls.serveHTTPS | bool | `true` | Toggle should the Application terminate TLS instead of the Ingress | +| tls.tlsSecret | string | `"testkube-ai-tls"` | TLS secret name which contains the certificate files | | tolerations | list | `[]` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | +| topologySpreadConstraints | list | `[]` | Topology spread constraints can be used to define how pods should be spread across failure domains within your cluster. | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/testkube-enterprise/README.md b/charts/testkube-enterprise/README.md index 987a6a8ad..53ed4a04b 100644 --- a/charts/testkube-enterprise/README.md +++ b/charts/testkube-enterprise/README.md @@ -55,6 +55,7 @@ A Helm chart for Testkube Enterprise | dex.resources | object | `{"limits":{"cpu":"250m","memory":"392Mi"},"requests":{"cpu":"50m","memory":"64Mi"}}` | Set resources requests and limits for Dex Service | | dex.securityContext | object | `{}` | Security Context for Dex container | | dex.storage | object | `{}` | Configure backend for Dex internal config (more info here https://dexidp.io/docs/storage) | +| global.aiApiSubdomain | string | `"ai"` | AI API subdomain which get prepended to the domain | | global.certManager.issuerRef | string | `""` | Certificate Issuer ref (only used if `provider` is set to `cert-manager`) | | global.certificateProvider | string | `"cert-manager"` | TLS certificate provider. Set to "cert-manager" for integration with cert-manager or leave empty for other methods | | global.containerSecurityContext | object | `{}` | Global security Context for all containers. | @@ -190,58 +191,54 @@ A Helm chart for Testkube Enterprise | testkube-ai-service.autoscaling.maxReplicas | int | `100` | | | testkube-ai-service.autoscaling.minReplicas | int | `1` | | | testkube-ai-service.autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| testkube-ai-service.autoscaling.targetMemoryUtilizationPercentage | int | `80` | | | testkube-ai-service.enabled | bool | `false` | Toggle whether to install the Testkube AI service | -| testkube-ai-service.env | string | `"production"` | | -| testkube-ai-service.fullnameOverride | string | `"api"` | | +| testkube-ai-service.env | string | `"production"` | Environment of deployment | +| testkube-ai-service.fullnameOverride | string | `""` | | +| testkube-ai-service.host | string | `""` | Hostname for which to create rules and TLS certificates (if omitted, the host will be generated using the global subdomain and `domain` values) | | testkube-ai-service.image.pullPolicy | string | `"IfNotPresent"` | | -| testkube-ai-service.image.repository | string | `"kubeshop/testkube-ai"` | | +| testkube-ai-service.image.registry | string | `""` | If defined, it will prepend the registry to the image name, if not, default docker.io will be prepended | +| testkube-ai-service.image.repository | string | `"kubeshop/testkube-ai-copilot"` | | | testkube-ai-service.image.tag | string | `""` | | | testkube-ai-service.imagePullSecrets | list | `[]` | | | testkube-ai-service.ingress.annotations | object | `{}` | | | testkube-ai-service.ingress.className | string | `"nginx"` | | -| testkube-ai-service.ingress.dnsName | string | `"ai.testkube.dev"` | | | testkube-ai-service.ingress.enabled | bool | `true` | | | testkube-ai-service.langchain.apiKey | string | `""` | LangChain API Key - can be provided directly or referenced from a secret | | testkube-ai-service.langchain.endpoint | string | `"https://api.smith.langchain.com/"` | Endpoint for LangChain API | -| testkube-ai-service.langchain.project | string | `"testkube-dev"` | Project identifier for LangChain | -| testkube-ai-service.langchain.secretRef | string | `"testkube-ai"` | Reference to the secret containing the LangChain API Key (`LANGCHAIN_API_KEY`) | +| testkube-ai-service.langchain.project | string | `""` | Project identifier for LangChain | +| testkube-ai-service.langchain.secretRef | string | `""` | Reference to the secret containing the LangChain API Key. Place value into `LANGCHAIN_API_KEY` key. | | testkube-ai-service.langchain.tracing | bool | `true` | Enable LangChain tracing | -| testkube-ai-service.livenessProbe.httpGet.path | string | `"/"` | | -| testkube-ai-service.livenessProbe.httpGet.port | string | `"http"` | | -| testkube-ai-service.logLevel | string | `"info"` | | +| testkube-ai-service.logLevel | string | `"info"` | Log level | | testkube-ai-service.nameOverride | string | `""` | | | testkube-ai-service.nodeSelector | object | `{}` | | -| testkube-ai-service.oauthAudience | string | `"testkube-cloud"` | | -| testkube-ai-service.oauthIssuer | string | `""` | | -| testkube-ai-service.oauthJwksUri | string | `""` | | -| testkube-ai-service.oidcConfigurationUrl | string | `"http://dex.auth:5556/idp/.well-known/openid-configuration"` | | -| testkube-ai-service.origins | string | `"*"` | | -| testkube-ai-service.originsRegex | string | `"https://.*\\.testkube\\..*"` | | +| testkube-ai-service.oauthAudience | string | `"testkube-enterprise"` | OAuth audience represents the expected value of the `aud` claim in the JWT token. This is the static client ID in the Dex configuration. | +| testkube-ai-service.oauthIssuer | string | `""` | Specify issuer to skip OIDC Discovery | +| testkube-ai-service.oauthJwksUri | string | `""` | Specify the URL to fetch the JWK set document and skip OIDC Discovery | +| testkube-ai-service.oidcDiscoveryUri | string | `""` | Use OpenID Conect (OIDC) Discovery endpoint to fetch configurations from the identity provider. The path should end with `/.well-known/openid-configuration`. | +| testkube-ai-service.openAi.apiKey | string | `""` | OpenAI API Key - can be provided directly or referenced from a secret | +| testkube-ai-service.openAi.secretRef | string | `""` | Reference to the secret containing the OpenAI API Key. Place value into `OPENAI_API_KEY` key. | | testkube-ai-service.podAnnotations | object | `{}` | | | testkube-ai-service.podLabels | object | `{}` | | | testkube-ai-service.podSecurityContext | object | `{}` | | -| testkube-ai-service.readinessProbe.httpGet.path | string | `"/"` | | -| testkube-ai-service.readinessProbe.httpGet.port | string | `"http"` | | +| testkube-ai-service.priorityClassName | string | `""` | Priority class name defines the priority of this pod relative to others in the cluster. | | testkube-ai-service.replicaCount | int | `1` | | | testkube-ai-service.resources | object | `{}` | | | testkube-ai-service.securityContext | object | `{}` | | -| testkube-ai-service.service.port | int | `9090` | | -| testkube-ai-service.service.type | string | `"ClusterIP"` | | +| testkube-ai-service.service.annotations | object | `{}` | Additional annotations to add to the Service resource | +| testkube-ai-service.service.labels | object | `{}` | Additional labels to add to the Service resource | +| testkube-ai-service.service.port | int | `9090` | AI API port | +| testkube-ai-service.service.type | string | `"ClusterIP"` | Service type | | testkube-ai-service.serviceAccount.annotations | object | `{}` | | | testkube-ai-service.serviceAccount.automount | bool | `true` | | | testkube-ai-service.serviceAccount.create | bool | `true` | | | testkube-ai-service.serviceAccount.name | string | `""` | | -| testkube-ai-service.tls.certManager.issuerGroup | string | `"cert-manager.io"` | | -| testkube-ai-service.tls.certManager.issuerKind | string | `"ClusterIssuer"` | | -| testkube-ai-service.tls.certManager.issuerRef | string | `"letsencrypt-edge"` | | -| testkube-ai-service.tls.certificateProvider | string | `"cert-manager"` | | -| testkube-ai-service.tls.host | string | `"ai.testkube.dev"` | | -| testkube-ai-service.tls.path | string | `"/"` | | -| testkube-ai-service.tls.secret | string | `"testkube-ai-tls"` | | -| testkube-ai-service.tls.serveHTTPS | bool | `true` | | +| testkube-ai-service.tls.certManager.issuerGroup | string | `"cert-manager.io"` | Certificate Issuer group (only used if `provider` is set to `cert-manager`) | +| testkube-ai-service.tls.certManager.issuerKind | string | `"ClusterIssuer"` | Certificate Issuer kind (only used if `provider` is set to `cert-manager`) | +| testkube-ai-service.tls.serveHTTPS | bool | `true` | Toggle should the Application terminate TLS instead of the Ingress | +| testkube-ai-service.tls.tlsSecret | string | `"testkube-ai-tls"` | TLS secret name which contains the certificate files | | testkube-ai-service.tolerations | list | `[]` | | -| testkube-ai-service.volumeMounts | list | `[]` | | -| testkube-ai-service.volumes | list | `[]` | | +| testkube-ai-service.topologySpreadConstraints | list | `[]` | Topology spread constraints can be used to define how pods should be spread across failure domains within your cluster. | | testkube-cloud-api.ai.secretRef | string | `""` | | | testkube-cloud-api.api.agent.healthcheck.lock | string | `"kv"` | Agent healthcheck distributed mode (one of mongo|kv) - used for pods sync to run healthchecks on single pod at once | | testkube-cloud-api.api.agent.hide | bool | `false` | | From 1a1b7a5dfb3aee78159aaf1b89fbed54185f5c5a Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Thu, 23 Jan 2025 17:11:12 +0100 Subject: [PATCH 25/41] fix: update chart lock file --- charts/testkube-enterprise/Chart.lock | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/testkube-enterprise/Chart.lock b/charts/testkube-enterprise/Chart.lock index 8b125e2f9..2a820e397 100644 --- a/charts/testkube-enterprise/Chart.lock +++ b/charts/testkube-enterprise/Chart.lock @@ -11,9 +11,12 @@ dependencies: - name: testkube-worker-service repository: file://../testkube-worker-service version: 1.54.0 +- name: testkube-ai-service + repository: file://../testkube-ai-service + version: 1.0.0 - name: testkube repository: https://kubeshop.github.io/helm-charts - version: 2.1.125 + version: 2.1.128 - name: dex repository: file://./charts/dex version: 0.19.1-6 @@ -26,5 +29,5 @@ dependencies: - name: minio repository: file://./charts/minio version: 14.8.3-2 -digest: sha256:88951ad6c078a2098b4f33824eb25e9a5405194cd1814b96408f07fa1ed4baca -generated: "2025-01-21T12:12:15.640672292Z" +digest: sha256:d66deba08f2f328f372ffbb95c6a1b98689471e2513dc440ac3123cfa031a2bd +generated: "2025-01-23T15:11:16.822779+01:00" From 646b495a8d0c2d7746405dbaaf8b5b8d889fd6ba Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Fri, 24 Jan 2025 11:49:08 +0100 Subject: [PATCH 26/41] fix: openai ref --- charts/testkube-ai-service/templates/deployment.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/testkube-ai-service/templates/deployment.yaml b/charts/testkube-ai-service/templates/deployment.yaml index c0c0974c5..bf7e1f908 100644 --- a/charts/testkube-ai-service/templates/deployment.yaml +++ b/charts/testkube-ai-service/templates/deployment.yaml @@ -63,12 +63,12 @@ spec: - name: AUDIENCE value: "{{ .Values.oauthAudience }}" - name: OPENAI_API_KEY - {{- if .Values.openai.apiKey }} - value: "{{ .Values.openai.apiKey }}" + {{- with .Values.openAi.apiKey }} + value: "{{ . }}" {{- else }} valueFrom: secretKeyRef: - name: {{ .Values.openai.secretRef }} + name: {{ .Values.openAi.secretRef }} key: OPENAI_API_KEY {{- end }} - name: LANGCHAIN_API_KEY From deb815ee09ac98f4bd41352b128e409324940b8a Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Fri, 24 Jan 2025 11:52:18 +0100 Subject: [PATCH 27/41] fix: issue ref check --- charts/testkube-ai-service/templates/certificate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/testkube-ai-service/templates/certificate.yaml b/charts/testkube-ai-service/templates/certificate.yaml index 8f4028d3f..ce7661684 100644 --- a/charts/testkube-ai-service/templates/certificate.yaml +++ b/charts/testkube-ai-service/templates/certificate.yaml @@ -12,7 +12,7 @@ spec: dnsNames: - {{ include "testkube-ai.ingress.host" . | quote }} issuerRef: - name: {{ required ".Values.global.certManager.issuerRef must be set when provider is cert-manager" .Values.tls.certManager.issuerRef }} + name: {{ required ".Values.global.certManager.issuerRef must be set when provider is cert-manager" .Values.global.certManager.issuerRef }} kind: {{ .Values.tls.certManager.issuerKind }} group: {{ .Values.tls.certManager.issuerGroup }} {{- end }} From 73f415d8e85aa727bab5d1d12d6aeaedfe2b780f Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Fri, 24 Jan 2025 12:00:45 +0100 Subject: [PATCH 28/41] fix: tls secret name --- charts/testkube-ai-service/templates/certificate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/testkube-ai-service/templates/certificate.yaml b/charts/testkube-ai-service/templates/certificate.yaml index ce7661684..6c89b94a8 100644 --- a/charts/testkube-ai-service/templates/certificate.yaml +++ b/charts/testkube-ai-service/templates/certificate.yaml @@ -8,7 +8,7 @@ metadata: annotations: "helm.sh/hook": pre-install,pre-upgrade spec: - secretName: {{ .Values.tls.secret }} + secretName: {{ .Values.tls.tlsSecret }} dnsNames: - {{ include "testkube-ai.ingress.host" . | quote }} issuerRef: From 4fdb97c469806ab77cace73118d5e016ed32d76c Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Fri, 24 Jan 2025 13:22:29 +0100 Subject: [PATCH 29/41] fix: add the ssl_cert_dir env variable --- charts/testkube-ai-service/templates/deployment.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/charts/testkube-ai-service/templates/deployment.yaml b/charts/testkube-ai-service/templates/deployment.yaml index bf7e1f908..763a7fda1 100644 --- a/charts/testkube-ai-service/templates/deployment.yaml +++ b/charts/testkube-ai-service/templates/deployment.yaml @@ -86,6 +86,11 @@ spec: value: "{{ .Values.langchain.endpoint }}" - name: LANGCHAIN_PROJECT value: "{{ .Values.langchain.project }}" + {{- if or .Values.global.customCaSecretRef .Values.customCaDirPath }} + {{- $certsDir := .Values.customCaDirPath | default "/etc/testkube/certs" }} + - name: SSL_CERT_DIR + value: "{{ $certsDir }}" + {{- end }} ports: - name: {{ if .Values.tls.serveHTTPS }}https{{ else }}http{{ end }} containerPort: {{ .Values.service.port }} From 36e8ff1b51195fa394b39f3d33a05fa4903b439d Mon Sep 17 00:00:00 2001 From: Dev Catalin <20538711+devcatalin@users.noreply.github.com> Date: Mon, 27 Jan 2025 15:06:26 +0200 Subject: [PATCH 30/41] chore: add control plane endpoint env var --- charts/testkube-ai-service/templates/deployment.yaml | 2 ++ charts/testkube-ai-service/values.yaml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/charts/testkube-ai-service/templates/deployment.yaml b/charts/testkube-ai-service/templates/deployment.yaml index 763a7fda1..7750e9913 100644 --- a/charts/testkube-ai-service/templates/deployment.yaml +++ b/charts/testkube-ai-service/templates/deployment.yaml @@ -45,6 +45,8 @@ spec: image: {{ include "testkube-ai.image" . }} imagePullPolicy: {{ .Values.global.imagePullPolicy | default .Values.image.pullPolicy }} env: + - name: CONTROL_PLANE_ENDPOINT + value: "{{ .Values.controlPlaneEndpoint }}" - name: NODE_ENV value: "{{ .Values.env }}" - name: LOG_LEVEL diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml index 14f358736..b80cbe53e 100644 --- a/charts/testkube-ai-service/values.yaml +++ b/charts/testkube-ai-service/values.yaml @@ -81,6 +81,8 @@ tolerations: [] affinity: {} # -- Hostname for which to create rules and TLS certificates (if omitted, the host will be generated using the global subdomain and `domain` values) host: "" +# -- Endpoint to Testkube's control plane api (e.g. https://api.testkube.io) +controlPlaneEndpoint: "" # -- Environment of deployment env: "production" # -- Log level From 2c9477ac7fe0146cc740381be190db938cc7a7be Mon Sep 17 00:00:00 2001 From: Dev Catalin <20538711+devcatalin@users.noreply.github.com> Date: Mon, 27 Jan 2025 16:01:28 +0200 Subject: [PATCH 31/41] fix: default ssl cert dir --- charts/testkube-ai-service/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/testkube-ai-service/templates/deployment.yaml b/charts/testkube-ai-service/templates/deployment.yaml index 7750e9913..719c8de19 100644 --- a/charts/testkube-ai-service/templates/deployment.yaml +++ b/charts/testkube-ai-service/templates/deployment.yaml @@ -89,7 +89,7 @@ spec: - name: LANGCHAIN_PROJECT value: "{{ .Values.langchain.project }}" {{- if or .Values.global.customCaSecretRef .Values.customCaDirPath }} - {{- $certsDir := .Values.customCaDirPath | default "/etc/testkube/certs" }} + {{- $certsDir := .Values.customCaDirPath | default "/tmp/serving-cert" }} - name: SSL_CERT_DIR value: "{{ $certsDir }}" {{- end }} From 76d553a7172f93e1a6c472cf6fb54d4fcabee938 Mon Sep 17 00:00:00 2001 From: Dev Catalin <20538711+devcatalin@users.noreply.github.com> Date: Mon, 27 Jan 2025 16:13:11 +0200 Subject: [PATCH 32/41] fix: set USE_TLS, TLS_CERT and TLS_KEY env vars --- charts/testkube-ai-service/templates/deployment.yaml | 8 +++++++- charts/testkube-ai-service/values.yaml | 4 ++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/charts/testkube-ai-service/templates/deployment.yaml b/charts/testkube-ai-service/templates/deployment.yaml index 719c8de19..e8aaefede 100644 --- a/charts/testkube-ai-service/templates/deployment.yaml +++ b/charts/testkube-ai-service/templates/deployment.yaml @@ -88,8 +88,14 @@ spec: value: "{{ .Values.langchain.endpoint }}" - name: LANGCHAIN_PROJECT value: "{{ .Values.langchain.project }}" + - name: USE_TLS + value: "{{ .Values.api.tls.serveHTTPS }}" + - name: TLS_CERT + value: "{{ .Values.api.tls.certPath }}" + - name: TLS_KEY + value: "{{ .Values.api.tls.keyPath }}" {{- if or .Values.global.customCaSecretRef .Values.customCaDirPath }} - {{- $certsDir := .Values.customCaDirPath | default "/tmp/serving-cert" }} + {{- $certsDir := .Values.customCaDirPath | default "/etc/testkube/certs" }} - name: SSL_CERT_DIR value: "{{ $certsDir }}" {{- end }} diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml index b80cbe53e..dd5e4c174 100644 --- a/charts/testkube-ai-service/values.yaml +++ b/charts/testkube-ai-service/values.yaml @@ -65,6 +65,10 @@ tls: issuerKind: ClusterIssuer # -- Certificate Issuer group (only used if `provider` is set to `cert-manager`) issuerGroup: cert-manager.io + # -- certificate path + certPath: /tmp/serving-cert/crt.pem + # -- certificate key path + keyPath: /tmp/serving-cert/key.pem ingress: enabled: true className: "nginx" From 103852d593476c0813b6f71e14d5bc3306977916 Mon Sep 17 00:00:00 2001 From: Dev Catalin <20538711+devcatalin@users.noreply.github.com> Date: Mon, 27 Jan 2025 17:08:46 +0200 Subject: [PATCH 33/41] fix: add control plane endpoint and TLS configuration --- charts/testkube-ai-service/templates/deployment.yaml | 8 ++++++++ charts/testkube-ai-service/values.yaml | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/charts/testkube-ai-service/templates/deployment.yaml b/charts/testkube-ai-service/templates/deployment.yaml index 763a7fda1..e8aaefede 100644 --- a/charts/testkube-ai-service/templates/deployment.yaml +++ b/charts/testkube-ai-service/templates/deployment.yaml @@ -45,6 +45,8 @@ spec: image: {{ include "testkube-ai.image" . }} imagePullPolicy: {{ .Values.global.imagePullPolicy | default .Values.image.pullPolicy }} env: + - name: CONTROL_PLANE_ENDPOINT + value: "{{ .Values.controlPlaneEndpoint }}" - name: NODE_ENV value: "{{ .Values.env }}" - name: LOG_LEVEL @@ -86,6 +88,12 @@ spec: value: "{{ .Values.langchain.endpoint }}" - name: LANGCHAIN_PROJECT value: "{{ .Values.langchain.project }}" + - name: USE_TLS + value: "{{ .Values.api.tls.serveHTTPS }}" + - name: TLS_CERT + value: "{{ .Values.api.tls.certPath }}" + - name: TLS_KEY + value: "{{ .Values.api.tls.keyPath }}" {{- if or .Values.global.customCaSecretRef .Values.customCaDirPath }} {{- $certsDir := .Values.customCaDirPath | default "/etc/testkube/certs" }} - name: SSL_CERT_DIR diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml index 14f358736..dd5e4c174 100644 --- a/charts/testkube-ai-service/values.yaml +++ b/charts/testkube-ai-service/values.yaml @@ -65,6 +65,10 @@ tls: issuerKind: ClusterIssuer # -- Certificate Issuer group (only used if `provider` is set to `cert-manager`) issuerGroup: cert-manager.io + # -- certificate path + certPath: /tmp/serving-cert/crt.pem + # -- certificate key path + keyPath: /tmp/serving-cert/key.pem ingress: enabled: true className: "nginx" @@ -81,6 +85,8 @@ tolerations: [] affinity: {} # -- Hostname for which to create rules and TLS certificates (if omitted, the host will be generated using the global subdomain and `domain` values) host: "" +# -- Endpoint to Testkube's control plane api (e.g. https://api.testkube.io) +controlPlaneEndpoint: "" # -- Environment of deployment env: "production" # -- Log level From 86c2ff3986d43ee9e77b778eebd1266f3b26e8d4 Mon Sep 17 00:00:00 2001 From: Dev Catalin <20538711+devcatalin@users.noreply.github.com> Date: Mon, 27 Jan 2025 17:11:08 +0200 Subject: [PATCH 34/41] fix: Values tls object paths --- charts/testkube-ai-service/templates/deployment.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/testkube-ai-service/templates/deployment.yaml b/charts/testkube-ai-service/templates/deployment.yaml index e8aaefede..6449f58b7 100644 --- a/charts/testkube-ai-service/templates/deployment.yaml +++ b/charts/testkube-ai-service/templates/deployment.yaml @@ -89,11 +89,11 @@ spec: - name: LANGCHAIN_PROJECT value: "{{ .Values.langchain.project }}" - name: USE_TLS - value: "{{ .Values.api.tls.serveHTTPS }}" + value: "{{ .Values.tls.serveHTTPS }}" - name: TLS_CERT - value: "{{ .Values.api.tls.certPath }}" + value: "{{ .Values.tls.certPath }}" - name: TLS_KEY - value: "{{ .Values.api.tls.keyPath }}" + value: "{{ .Values.tls.keyPath }}" {{- if or .Values.global.customCaSecretRef .Values.customCaDirPath }} {{- $certsDir := .Values.customCaDirPath | default "/etc/testkube/certs" }} - name: SSL_CERT_DIR From 39cafa8277b7262e4525abb00716c143d64af6c1 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Tue, 28 Jan 2025 18:39:23 +0100 Subject: [PATCH 35/41] fix: indentation issue in ingress --- charts/testkube-ai-service/templates/ingress.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/testkube-ai-service/templates/ingress.yaml b/charts/testkube-ai-service/templates/ingress.yaml index 55a23ddf3..5b73cec80 100644 --- a/charts/testkube-ai-service/templates/ingress.yaml +++ b/charts/testkube-ai-service/templates/ingress.yaml @@ -33,7 +33,7 @@ metadata: {{- end }} {{- end }} {{- with .Values.ingress.annotations }} - {{- toYaml . }} + {{- toYaml . | nindent 4 }} {{- end }} spec: {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} From c59fbbb00efa68fafec7053c1ac96d070523cd4e Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Tue, 28 Jan 2025 18:54:40 +0100 Subject: [PATCH 36/41] fix: use values for cert/key --- charts/testkube-ai-service/templates/deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/testkube-ai-service/templates/deployment.yaml b/charts/testkube-ai-service/templates/deployment.yaml index 6449f58b7..2cf57c1a1 100644 --- a/charts/testkube-ai-service/templates/deployment.yaml +++ b/charts/testkube-ai-service/templates/deployment.yaml @@ -120,11 +120,11 @@ spec: readOnly: false name: tmp {{- if .Values.tls.serveHTTPS }} - - mountPath: /tmp/serving-cert/crt.pem + - mountPath: "{{ .Values.tls.certPath }}" readOnly: true name: serving-cert subPath: tls.crt - - mountPath: /tmp/serving-cert/key.pem + - mountPath: "{{ .Values.tls.keyPath }}" readOnly: true name: serving-cert subPath: tls.key From 032224fa1f623a1cc580517a3fdbe7afa47215ee Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Tue, 28 Jan 2025 19:08:13 +0100 Subject: [PATCH 37/41] feat: automagically set CONTROL_PLANE_ENDPOINT --- charts/testkube-ai-service/README.md | 6 ++++++ .../testkube-ai-service/templates/deployment.yaml | 2 +- charts/testkube-ai-service/values.yaml | 13 ++++++++++--- charts/testkube-enterprise/README.md | 3 +++ charts/testkube-enterprise/values.yaml | 6 ++++++ 5 files changed, 26 insertions(+), 4 deletions(-) diff --git a/charts/testkube-ai-service/README.md b/charts/testkube-ai-service/README.md index 058679973..eada823de 100644 --- a/charts/testkube-ai-service/README.md +++ b/charts/testkube-ai-service/README.md @@ -26,17 +26,21 @@ A Helm chart for Testkube AI service | autoscaling.minReplicas | int | `1` | | | autoscaling.targetCPUUtilizationPercentage | int | `80` | | | autoscaling.targetMemoryUtilizationPercentage | int | `80` | | +| controlPlaneEndpoint | string | `""` | Endpoint to Testkube's control plane REST API (e.g. https://api.testkube.io) | | env | string | `"production"` | Environment of deployment | | fullnameOverride | string | `""` | | | global.containerSecurityContext | object | `{}` | Global security Context for all containers | | global.customCaSecretKey | string | `"ca.crt"` | Custom CA to use as a trusted CA during TLS connections. Specify a key for the secret specified under customCaSecretRef. | | global.customCaSecretRef | string | `""` | Custom CA to use as a trusted CA during TLS connections. Specify a secret with the PEM encoded CA under the key specified by customCaSecretKey. | | global.dex.issuer | string | `""` | Global Dex issuer url | +| global.dex.issuer | string | `""` | Global Dex issuer url which is configured both in Dex and API | +| global.domain | string | `""` | Domain under which endpoints are exposed | | global.imagePullSecrets | list | `[]` | Global image pull secrets (provided usually by a parent chart like testkube-enterprise) | | global.imageRegistry | string | `""` | Global image registry to be prepended for to all images (usually defined in parent chart) | | global.ingress.enabled | bool | `true` | Toggle whether to enable or disable all Ingress resources (if false, all Ingress resources will be disabled and cannot be overriden) | | global.labels | object | `{}` | Common labels which will be added to all resources | | global.podSecurityContext | object | `{}` | Global security Context for all pods | +| global.restApiSubdomain | string | `"api"` | REST API subdomain which get prepended to the domain | | host | string | `""` | Hostname for which to create rules and TLS certificates (if omitted, the host will be generated using the global subdomain and `domain` values) | | image.pullPolicy | string | `"IfNotPresent"` | | | image.registry | string | `""` | If defined, it will prepend the registry to the image name, if not, default docker.io will be prepended | @@ -77,6 +81,8 @@ A Helm chart for Testkube AI service | serviceAccount.name | string | `""` | | | tls.certManager.issuerGroup | string | `"cert-manager.io"` | Certificate Issuer group (only used if `provider` is set to `cert-manager`) | | tls.certManager.issuerKind | string | `"ClusterIssuer"` | Certificate Issuer kind (only used if `provider` is set to `cert-manager`) | +| tls.certPath | string | `"/tmp/serving-cert/crt.pem"` | Mount path for the certificate | +| tls.keyPath | string | `"/tmp/serving-cert/key.pem"` | Mount path for the certificate private key | | tls.serveHTTPS | bool | `true` | Toggle should the Application terminate TLS instead of the Ingress | | tls.tlsSecret | string | `"testkube-ai-tls"` | TLS secret name which contains the certificate files | | tolerations | list | `[]` | | diff --git a/charts/testkube-ai-service/templates/deployment.yaml b/charts/testkube-ai-service/templates/deployment.yaml index 2cf57c1a1..f0af4eefb 100644 --- a/charts/testkube-ai-service/templates/deployment.yaml +++ b/charts/testkube-ai-service/templates/deployment.yaml @@ -46,7 +46,7 @@ spec: imagePullPolicy: {{ .Values.global.imagePullPolicy | default .Values.image.pullPolicy }} env: - name: CONTROL_PLANE_ENDPOINT - value: "{{ .Values.controlPlaneEndpoint }}" + value: {{ if .Values.controlPlaneEndpoint }}{{ .Values.controlPlaneEndpoint }}{{ else }}https://{{ .Values.global.restApiSubdomain }}.{{ .Values.global.domain }}{{ end }} - name: NODE_ENV value: "{{ .Values.env }}" - name: LOG_LEVEL diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml index dd5e4c174..8140e3581 100644 --- a/charts/testkube-ai-service/values.yaml +++ b/charts/testkube-ai-service/values.yaml @@ -3,6 +3,13 @@ # Declare variables to be passed into your templates. global: + # -- Domain under which endpoints are exposed + domain: "" + # -- REST API subdomain which get prepended to the domain + restApiSubdomain: "api" + dex: + # -- Global Dex issuer url which is configured both in Dex and API + issuer: "" # -- Custom CA to use as a trusted CA during TLS connections. Specify a secret with the PEM encoded CA under the key specified by customCaSecretKey. customCaSecretRef: "" # -- Custom CA to use as a trusted CA during TLS connections. Specify a key for the secret specified under customCaSecretRef. @@ -65,9 +72,9 @@ tls: issuerKind: ClusterIssuer # -- Certificate Issuer group (only used if `provider` is set to `cert-manager`) issuerGroup: cert-manager.io - # -- certificate path + # -- Mount path for the certificate certPath: /tmp/serving-cert/crt.pem - # -- certificate key path + # -- Mount path for the certificate private key keyPath: /tmp/serving-cert/key.pem ingress: enabled: true @@ -85,7 +92,7 @@ tolerations: [] affinity: {} # -- Hostname for which to create rules and TLS certificates (if omitted, the host will be generated using the global subdomain and `domain` values) host: "" -# -- Endpoint to Testkube's control plane api (e.g. https://api.testkube.io) +# -- Endpoint to Testkube's control plane REST API (e.g. https://api.testkube.io) controlPlaneEndpoint: "" # -- Environment of deployment env: "production" diff --git a/charts/testkube-enterprise/README.md b/charts/testkube-enterprise/README.md index 53ed4a04b..4480f9328 100644 --- a/charts/testkube-enterprise/README.md +++ b/charts/testkube-enterprise/README.md @@ -192,6 +192,7 @@ A Helm chart for Testkube Enterprise | testkube-ai-service.autoscaling.minReplicas | int | `1` | | | testkube-ai-service.autoscaling.targetCPUUtilizationPercentage | int | `80` | | | testkube-ai-service.autoscaling.targetMemoryUtilizationPercentage | int | `80` | | +| testkube-ai-service.controlPlaneEndpoint | string | `""` | Endpoint to Testkube's control plane REST API (e.g. https://api.testkube.io) | | testkube-ai-service.enabled | bool | `false` | Toggle whether to install the Testkube AI service | | testkube-ai-service.env | string | `"production"` | Environment of deployment | | testkube-ai-service.fullnameOverride | string | `""` | | @@ -235,6 +236,8 @@ A Helm chart for Testkube Enterprise | testkube-ai-service.serviceAccount.name | string | `""` | | | testkube-ai-service.tls.certManager.issuerGroup | string | `"cert-manager.io"` | Certificate Issuer group (only used if `provider` is set to `cert-manager`) | | testkube-ai-service.tls.certManager.issuerKind | string | `"ClusterIssuer"` | Certificate Issuer kind (only used if `provider` is set to `cert-manager`) | +| testkube-ai-service.tls.certPath | string | `"/tmp/serving-cert/crt.pem"` | Mount path for the certificate | +| testkube-ai-service.tls.keyPath | string | `"/tmp/serving-cert/key.pem"` | Mount path for the certificate private key | | testkube-ai-service.tls.serveHTTPS | bool | `true` | Toggle should the Application terminate TLS instead of the Ingress | | testkube-ai-service.tls.tlsSecret | string | `"testkube-ai-tls"` | TLS secret name which contains the certificate files | | testkube-ai-service.tolerations | list | `[]` | | diff --git a/charts/testkube-enterprise/values.yaml b/charts/testkube-enterprise/values.yaml index 76df34072..e0b21a0ab 100644 --- a/charts/testkube-enterprise/values.yaml +++ b/charts/testkube-enterprise/values.yaml @@ -573,6 +573,10 @@ testkube-ai-service: issuerKind: ClusterIssuer # -- Certificate Issuer group (only used if `provider` is set to `cert-manager`) issuerGroup: cert-manager.io + # -- Mount path for the certificate + certPath: /tmp/serving-cert/crt.pem + # -- Mount path for the certificate private key + keyPath: /tmp/serving-cert/key.pem ingress: enabled: true className: "nginx" @@ -589,6 +593,8 @@ testkube-ai-service: affinity: {} # -- Hostname for which to create rules and TLS certificates (if omitted, the host will be generated using the global subdomain and `domain` values) host: "" + # -- Endpoint to Testkube's control plane REST API (e.g. https://api.testkube.io) + controlPlaneEndpoint: "" # -- Environment of deployment env: "production" # -- Log level From 30cdb48ec0ec82f68c91fe38188f990b818d9e4f Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Tue, 28 Jan 2025 19:14:50 +0100 Subject: [PATCH 38/41] fix: dups --- charts/testkube-ai-service/values.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml index 8140e3581..0a07f112b 100644 --- a/charts/testkube-ai-service/values.yaml +++ b/charts/testkube-ai-service/values.yaml @@ -21,9 +21,6 @@ global: ingress: # -- Toggle whether to enable or disable all Ingress resources (if false, all Ingress resources will be disabled and cannot be overriden) enabled: true - dex: - # -- Global Dex issuer url - issuer: "" # -- Common labels which will be added to all resources labels: {} # -- Global security Context for all containers From a429006e43df919e41a632876f7f07adfa27a897 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Tue, 28 Jan 2025 19:32:41 +0100 Subject: [PATCH 39/41] feat: automagically set TK_AI_URI --- charts/testkube-ai-service/README.md | 1 - charts/testkube-cloud-api/values.yaml | 1 + charts/testkube-cloud-ui/README.md | 8 ++++---- charts/testkube-cloud-ui/templates/deployment.yaml | 2 +- charts/testkube-cloud-ui/values.yaml | 8 ++++---- charts/testkube-enterprise/README.md | 6 ++++++ charts/testkube-enterprise/values.yaml | 13 +++++++++++++ 7 files changed, 29 insertions(+), 10 deletions(-) diff --git a/charts/testkube-ai-service/README.md b/charts/testkube-ai-service/README.md index eada823de..0258a9e5c 100644 --- a/charts/testkube-ai-service/README.md +++ b/charts/testkube-ai-service/README.md @@ -32,7 +32,6 @@ A Helm chart for Testkube AI service | global.containerSecurityContext | object | `{}` | Global security Context for all containers | | global.customCaSecretKey | string | `"ca.crt"` | Custom CA to use as a trusted CA during TLS connections. Specify a key for the secret specified under customCaSecretRef. | | global.customCaSecretRef | string | `""` | Custom CA to use as a trusted CA during TLS connections. Specify a secret with the PEM encoded CA under the key specified by customCaSecretKey. | -| global.dex.issuer | string | `""` | Global Dex issuer url | | global.dex.issuer | string | `""` | Global Dex issuer url which is configured both in Dex and API | | global.domain | string | `""` | Domain under which endpoints are exposed | | global.imagePullSecrets | list | `[]` | Global image pull secrets (provided usually by a parent chart like testkube-enterprise) | diff --git a/charts/testkube-cloud-api/values.yaml b/charts/testkube-cloud-api/values.yaml index e39ac191f..883e63291 100644 --- a/charts/testkube-cloud-api/values.yaml +++ b/charts/testkube-cloud-api/values.yaml @@ -159,6 +159,7 @@ analytics: apiKey: "" # -- HubSpot secret ref (secret must contain key HUBSPOT_API_KEY) (default is `testkube-cloud-analytics-secret`) secretRef: "" +# TODO(emil): what is this for? can it be removed? ai: # -- AI config secret ref secretRef: "openai-api-key" diff --git a/charts/testkube-cloud-ui/README.md b/charts/testkube-cloud-ui/README.md index a85d74a43..ef8546819 100644 --- a/charts/testkube-cloud-ui/README.md +++ b/charts/testkube-cloud-ui/README.md @@ -32,12 +32,12 @@ A Helm chart for Testkube Cloud UI | externalSecrets.keys | object | `{}` | | | externalSecrets.refreshInterval | string | `"5m"` | | | fullnameOverride | string | `""` | | -| global.ai | object | `{"enabled":false,"kind":"openai","model":"gpt-4o-mini","secretRef":"testkube-ai","uri":"https://ai.testkube.dev"}` | Testkube AI service settings (ALPHA - for Kubecon purpose only for now) | +| global.ai | object | `{"enabled":false,"kind":"openai","model":"gpt-4o-mini","secretRef":"testkube-ai","uri":""}` | Testkube AI service settings (ALPHA - for Kubecon purpose only for now) | | global.ai.enabled | bool | `false` | Enable Testkube AI keys for frontend | -| global.ai.kind | string | `"openai"` | LLM kind (openaai | ollama) | +| global.ai.kind | string | `"openai"` | LLM kind (openai | ollama) | | global.ai.model | string | `"gpt-4o-mini"` | LLM model - LLM need to support it | -| global.ai.secretRef | string | `"testkube-ai"` | Secret name | -| global.ai.uri | string | `"https://ai.testkube.dev"` | API URI | +| global.ai.secretRef | string | `"testkube-ai"` | Secret name TODO(emil) describe what this secret needs to contain | +| global.ai.uri | string | `""` | Testkube AI API URI | | global.certManager.issuerRef | string | `""` | Certificate Issuer ref (only used if `provider` is set to `cert-manager`) | | global.certificateProvider | string | `""` | TLS provider (possible values: "", "cert-manager") | | global.containerSecurityContext | object | `{}` | Global security Context for all containers | diff --git a/charts/testkube-cloud-ui/templates/deployment.yaml b/charts/testkube-cloud-ui/templates/deployment.yaml index d2e07c0fd..75a42e966 100644 --- a/charts/testkube-cloud-ui/templates/deployment.yaml +++ b/charts/testkube-cloud-ui/templates/deployment.yaml @@ -67,7 +67,7 @@ spec: {{- end }} {{- if .Values.global.ai.enabled }} - name: TK_AI_URI - value: {{ .Values.global.ai.uri }} + value: {{ if .Values.global.ai.uri }}{{ .Values.global.ai.uri }}{{ else }}https://{{ .Values.global.aiApiSubdomain }}.{{ .Values.global.domain }}{{ end }} - name: TK_AI_KIND value: {{ .Values.global.ai.kind }} - name: TK_AI_MODEL diff --git a/charts/testkube-cloud-ui/values.yaml b/charts/testkube-cloud-ui/values.yaml index b7c13881a..8e15245c8 100644 --- a/charts/testkube-cloud-ui/values.yaml +++ b/charts/testkube-cloud-ui/values.yaml @@ -35,13 +35,13 @@ global: ai: # -- Enable Testkube AI keys for frontend enabled: false - # -- API URI - uri: "https://ai.testkube.dev" - # -- LLM kind (openaai | ollama) + # -- Testkube AI API URI + uri: "" + # -- LLM kind (openai | ollama) kind: "openai" # -- LLM model - LLM need to support it model: "gpt-4o-mini" - # -- Secret name + # -- Secret name TODO(emil) describe what this secret needs to contain secretRef: testkube-ai replicaCount: 1 # -- Topology spread constraints can be used to define how pods should be spread across failure domains within your cluster. diff --git a/charts/testkube-enterprise/README.md b/charts/testkube-enterprise/README.md index 4480f9328..3890c9bfc 100644 --- a/charts/testkube-enterprise/README.md +++ b/charts/testkube-enterprise/README.md @@ -55,6 +55,12 @@ A Helm chart for Testkube Enterprise | dex.resources | object | `{"limits":{"cpu":"250m","memory":"392Mi"},"requests":{"cpu":"50m","memory":"64Mi"}}` | Set resources requests and limits for Dex Service | | dex.securityContext | object | `{}` | Security Context for Dex container | | dex.storage | object | `{}` | Configure backend for Dex internal config (more info here https://dexidp.io/docs/storage) | +| global.ai | object | `{"enabled":false,"kind":"openai","model":"gpt-4o-mini","secretRef":"testkube-ai","uri":""}` | Testkube AI service settings (ALPHA - for Kubecon purpose only for now) | +| global.ai.enabled | bool | `false` | Enable Testkube AI keys for frontend | +| global.ai.kind | string | `"openai"` | LLM kind (openai | ollama) | +| global.ai.model | string | `"gpt-4o-mini"` | LLM model - LLM need to support it | +| global.ai.secretRef | string | `"testkube-ai"` | Secret name TODO(emil) describe what this secret needs to contain | +| global.ai.uri | string | `""` | Testkube AI API URI | | global.aiApiSubdomain | string | `"ai"` | AI API subdomain which get prepended to the domain | | global.certManager.issuerRef | string | `""` | Certificate Issuer ref (only used if `provider` is set to `cert-manager`) | | global.certificateProvider | string | `"cert-manager"` | TLS certificate provider. Set to "cert-manager" for integration with cert-manager or leave empty for other methods | diff --git a/charts/testkube-enterprise/values.yaml b/charts/testkube-enterprise/values.yaml index e0b21a0ab..7785b8b33 100644 --- a/charts/testkube-enterprise/values.yaml +++ b/charts/testkube-enterprise/values.yaml @@ -116,6 +116,18 @@ global: # functionality that applies job changes through force Delete/Create instead Replace. # job: # nameSuffixOverride: '{{ dateInZone "2006-01-02-15-04-05" (now) "UTC" }}' + # -- Testkube AI service settings (ALPHA - for Kubecon purpose only for now) + ai: + # -- Enable Testkube AI keys for frontend + enabled: false + # -- Testkube AI API URI + uri: "" + # -- LLM kind (openai | ollama) + kind: "openai" + # -- LLM model - LLM need to support it + model: "gpt-4o-mini" + # -- Secret name TODO(emil) describe what this secret needs to contain + secretRef: testkube-ai # Testkube requires a variety of secrets to operate. # Any secret not provided manually will be automatically generated with a random value by the shared secret job. sharedSecretGenerator: @@ -280,6 +292,7 @@ testkube-cloud-api: annotations: {} # -- The name of the service account to use. If not set and create is true, a name is generated using the fullname template name: "" + # TODO(emil): what is this for? can it be removed? ai: secretRef: "" audit: From 7df276731d39e47268e51feef821bc555f102c38 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Thu, 30 Jan 2025 15:03:06 +0100 Subject: [PATCH 40/41] fix: clean up of values --- charts/testkube-ai-service/README.md | 2 +- .../templates/deployment.yaml | 2 +- charts/testkube-ai-service/values.yaml | 4 +-- charts/testkube-cloud-api/README.md | 3 -- .../templates/deployment.yaml | 10 ------- charts/testkube-cloud-api/values.yaml | 7 ----- charts/testkube-cloud-ui/README.md | 9 ++---- .../templates/deployment.yaml | 15 ++-------- charts/testkube-cloud-ui/values.yaml | 19 +++++-------- charts/testkube-enterprise/README.md | 15 ++++------ charts/testkube-enterprise/values.yaml | 28 ++++++------------- 11 files changed, 30 insertions(+), 84 deletions(-) diff --git a/charts/testkube-ai-service/README.md b/charts/testkube-ai-service/README.md index 0258a9e5c..b1a520fc3 100644 --- a/charts/testkube-ai-service/README.md +++ b/charts/testkube-ai-service/README.md @@ -26,7 +26,7 @@ A Helm chart for Testkube AI service | autoscaling.minReplicas | int | `1` | | | autoscaling.targetCPUUtilizationPercentage | int | `80` | | | autoscaling.targetMemoryUtilizationPercentage | int | `80` | | -| controlPlaneEndpoint | string | `""` | Endpoint to Testkube's control plane REST API (e.g. https://api.testkube.io) | +| controlPlaneRestApiUri | string | `""` | URI to Testkube's control plane REST API (e.g. https://api.testkube.io) | | env | string | `"production"` | Environment of deployment | | fullnameOverride | string | `""` | | | global.containerSecurityContext | object | `{}` | Global security Context for all containers | diff --git a/charts/testkube-ai-service/templates/deployment.yaml b/charts/testkube-ai-service/templates/deployment.yaml index f0af4eefb..81558f137 100644 --- a/charts/testkube-ai-service/templates/deployment.yaml +++ b/charts/testkube-ai-service/templates/deployment.yaml @@ -46,7 +46,7 @@ spec: imagePullPolicy: {{ .Values.global.imagePullPolicy | default .Values.image.pullPolicy }} env: - name: CONTROL_PLANE_ENDPOINT - value: {{ if .Values.controlPlaneEndpoint }}{{ .Values.controlPlaneEndpoint }}{{ else }}https://{{ .Values.global.restApiSubdomain }}.{{ .Values.global.domain }}{{ end }} + value: {{ if .Values.controlPlaneRestApiUri }}{{ .Values.controlPlaneRestApiUri }}{{ else }}https://{{ .Values.global.restApiSubdomain }}.{{ .Values.global.domain }}{{ end }} - name: NODE_ENV value: "{{ .Values.env }}" - name: LOG_LEVEL diff --git a/charts/testkube-ai-service/values.yaml b/charts/testkube-ai-service/values.yaml index 0a07f112b..54ea62013 100644 --- a/charts/testkube-ai-service/values.yaml +++ b/charts/testkube-ai-service/values.yaml @@ -89,8 +89,8 @@ tolerations: [] affinity: {} # -- Hostname for which to create rules and TLS certificates (if omitted, the host will be generated using the global subdomain and `domain` values) host: "" -# -- Endpoint to Testkube's control plane REST API (e.g. https://api.testkube.io) -controlPlaneEndpoint: "" +# -- URI to Testkube's control plane REST API (e.g. https://api.testkube.io) +controlPlaneRestApiUri: "" # -- Environment of deployment env: "production" # -- Log level diff --git a/charts/testkube-cloud-api/README.md b/charts/testkube-cloud-api/README.md index 2362917fc..1a947eb5c 100644 --- a/charts/testkube-cloud-api/README.md +++ b/charts/testkube-cloud-api/README.md @@ -22,9 +22,6 @@ A Helm chart for Testkube Cloud API |-----|------|---------|-------------| | additionalEnv | object | `{}` | Additional env vars to be added to the deployment | | affinity | object | `{}` | | -| ai.apiKey | string | `""` | or use api key instead two above | -| ai.secretKey | string | `"key"` | | -| ai.secretRef | string | `"openai-api-key"` | AI config secret ref | | analytics.hubspot.apiKey | string | `""` | HubSpot write key | | analytics.hubspot.enabled | bool | `false` | Toggle whether to enable HubSpot sync | | analytics.hubspot.secretRef | string | `""` | HubSpot secret ref (secret must contain key HUBSPOT_API_KEY) (default is `testkube-cloud-analytics-secret`) | diff --git a/charts/testkube-cloud-api/templates/deployment.yaml b/charts/testkube-cloud-api/templates/deployment.yaml index f1973d7b4..f899deea3 100644 --- a/charts/testkube-cloud-api/templates/deployment.yaml +++ b/charts/testkube-cloud-api/templates/deployment.yaml @@ -84,16 +84,6 @@ spec: - name: ENABLE_GRPC_KEEP_ALIVE value: "true" {{- end }} - {{- if .Values.ai.secretRef }} - - name: OPENAI_API_KEY - valueFrom: - secretKeyRef: - key: {{ .Values.ai.secretKey }} - name: {{ .Values.ai.secretRef }} - {{- else if .Values.ai.apiKey }} - - name: OPENAI_API_KEY - value: "{{ .Values.ai.apiKey }}" - {{- end }} - name: HEALTHCHECK_DISTRIBUTED_LOCK value: "{{ .Values.api.agent.healthcheck.lock }}" - name: INVITE_MODE diff --git a/charts/testkube-cloud-api/values.yaml b/charts/testkube-cloud-api/values.yaml index 883e63291..34217eec2 100644 --- a/charts/testkube-cloud-api/values.yaml +++ b/charts/testkube-cloud-api/values.yaml @@ -159,13 +159,6 @@ analytics: apiKey: "" # -- HubSpot secret ref (secret must contain key HUBSPOT_API_KEY) (default is `testkube-cloud-analytics-secret`) secretRef: "" -# TODO(emil): what is this for? can it be removed? -ai: - # -- AI config secret ref - secretRef: "openai-api-key" - secretKey: "key" - # -- or use api key instead two above - apiKey: "" payments: # -- Toggle whether to enable payments service enabled: false diff --git a/charts/testkube-cloud-ui/README.md b/charts/testkube-cloud-ui/README.md index ef8546819..31a353121 100644 --- a/charts/testkube-cloud-ui/README.md +++ b/charts/testkube-cloud-ui/README.md @@ -22,6 +22,8 @@ A Helm chart for Testkube Cloud UI |-----|------|---------|-------------| | additionalEnv | object | `{}` | | | affinity | object | `{}` | | +| ai.aiServiceApiUri | string | `""` | Testkube AI service API URI | +| ai.enabled | bool | `false` | Enable Testkube AI features | | autoscaling.enabled | bool | `false` | | | autoscaling.maxReplicas | int | `10` | | | autoscaling.minReplicas | int | `1` | | @@ -32,12 +34,7 @@ A Helm chart for Testkube Cloud UI | externalSecrets.keys | object | `{}` | | | externalSecrets.refreshInterval | string | `"5m"` | | | fullnameOverride | string | `""` | | -| global.ai | object | `{"enabled":false,"kind":"openai","model":"gpt-4o-mini","secretRef":"testkube-ai","uri":""}` | Testkube AI service settings (ALPHA - for Kubecon purpose only for now) | -| global.ai.enabled | bool | `false` | Enable Testkube AI keys for frontend | -| global.ai.kind | string | `"openai"` | LLM kind (openai | ollama) | -| global.ai.model | string | `"gpt-4o-mini"` | LLM model - LLM need to support it | -| global.ai.secretRef | string | `"testkube-ai"` | Secret name TODO(emil) describe what this secret needs to contain | -| global.ai.uri | string | `""` | Testkube AI API URI | +| global.aiApiSubdomain | string | `"ai"` | AI API subdomain which get prepended to the domain | | global.certManager.issuerRef | string | `""` | Certificate Issuer ref (only used if `provider` is set to `cert-manager`) | | global.certificateProvider | string | `""` | TLS provider (possible values: "", "cert-manager") | | global.containerSecurityContext | object | `{}` | Global security Context for all containers | diff --git a/charts/testkube-cloud-ui/templates/deployment.yaml b/charts/testkube-cloud-ui/templates/deployment.yaml index 75a42e966..3ae21ae81 100644 --- a/charts/testkube-cloud-ui/templates/deployment.yaml +++ b/charts/testkube-cloud-ui/templates/deployment.yaml @@ -65,20 +65,9 @@ spec: - name: REACT_APP_AUTH_STRATEGY value: {{ .Values.ui.authStrategy }} {{- end }} - {{- if .Values.global.ai.enabled }} + {{- if .Values.ai.enabled }} - name: TK_AI_URI - value: {{ if .Values.global.ai.uri }}{{ .Values.global.ai.uri }}{{ else }}https://{{ .Values.global.aiApiSubdomain }}.{{ .Values.global.domain }}{{ end }} - - name: TK_AI_KIND - value: {{ .Values.global.ai.kind }} - - name: TK_AI_MODEL - value: {{ .Values.global.ai.model }} - - name: TK_AI_KEY - {{- if .Values.global.ai.secretRef }} - valueFrom: - secretKeyRef: - name: {{ .Values.global.ai.secretRef }} - key: "TK_AI_KEY" - {{- end }} + value: {{ if .Values.ai.aiServiceApiUri }}{{ .Values.ai.aiServiceApiUri }}{{ else }}https://{{ .Values.global.aiApiSubdomain }}.{{ .Values.global.domain }}{{ end }} {{- end }} {{- if .Values.sentry.enabled }} - name: REACT_APP_SENTRY_KEY diff --git a/charts/testkube-cloud-ui/values.yaml b/charts/testkube-cloud-ui/values.yaml index 8e15245c8..1dc6b8107 100644 --- a/charts/testkube-cloud-ui/values.yaml +++ b/charts/testkube-cloud-ui/values.yaml @@ -13,6 +13,8 @@ global: redirectSubdomain: "app" # -- REST API subdomain restApiSubdomain: "api" + # -- AI API subdomain which get prepended to the domain + aiApiSubdomain: "ai" # -- TLS provider (possible values: "", "cert-manager") certificateProvider: "" certManager: @@ -31,18 +33,6 @@ global: containerSecurityContext: {} # -- Global security Context for all pods podSecurityContext: {} - # -- Testkube AI service settings (ALPHA - for Kubecon purpose only for now) - ai: - # -- Enable Testkube AI keys for frontend - enabled: false - # -- Testkube AI API URI - uri: "" - # -- LLM kind (openai | ollama) - kind: "openai" - # -- LLM model - LLM need to support it - model: "gpt-4o-mini" - # -- Secret name TODO(emil) describe what this secret needs to contain - secretRef: testkube-ai replicaCount: 1 # -- Topology spread constraints can be used to define how pods should be spread across failure domains within your cluster. topologySpreadConstraints: [] @@ -81,6 +71,11 @@ ui: writeKey: "" # -- Force disabling telemetry on the UI disableTelemetry: false +ai: + # -- Enable Testkube AI features + enabled: false + # -- Testkube AI service API URI + aiServiceApiUri: "" additionalEnv: {} externalSecrets: enabled: false diff --git a/charts/testkube-enterprise/README.md b/charts/testkube-enterprise/README.md index 3890c9bfc..5376ed169 100644 --- a/charts/testkube-enterprise/README.md +++ b/charts/testkube-enterprise/README.md @@ -55,12 +55,6 @@ A Helm chart for Testkube Enterprise | dex.resources | object | `{"limits":{"cpu":"250m","memory":"392Mi"},"requests":{"cpu":"50m","memory":"64Mi"}}` | Set resources requests and limits for Dex Service | | dex.securityContext | object | `{}` | Security Context for Dex container | | dex.storage | object | `{}` | Configure backend for Dex internal config (more info here https://dexidp.io/docs/storage) | -| global.ai | object | `{"enabled":false,"kind":"openai","model":"gpt-4o-mini","secretRef":"testkube-ai","uri":""}` | Testkube AI service settings (ALPHA - for Kubecon purpose only for now) | -| global.ai.enabled | bool | `false` | Enable Testkube AI keys for frontend | -| global.ai.kind | string | `"openai"` | LLM kind (openai | ollama) | -| global.ai.model | string | `"gpt-4o-mini"` | LLM model - LLM need to support it | -| global.ai.secretRef | string | `"testkube-ai"` | Secret name TODO(emil) describe what this secret needs to contain | -| global.ai.uri | string | `""` | Testkube AI API URI | | global.aiApiSubdomain | string | `"ai"` | AI API subdomain which get prepended to the domain | | global.certManager.issuerRef | string | `""` | Certificate Issuer ref (only used if `provider` is set to `cert-manager`) | | global.certificateProvider | string | `"cert-manager"` | TLS certificate provider. Set to "cert-manager" for integration with cert-manager or leave empty for other methods | @@ -198,10 +192,10 @@ A Helm chart for Testkube Enterprise | testkube-ai-service.autoscaling.minReplicas | int | `1` | | | testkube-ai-service.autoscaling.targetCPUUtilizationPercentage | int | `80` | | | testkube-ai-service.autoscaling.targetMemoryUtilizationPercentage | int | `80` | | -| testkube-ai-service.controlPlaneEndpoint | string | `""` | Endpoint to Testkube's control plane REST API (e.g. https://api.testkube.io) | +| testkube-ai-service.controlPlaneRestApiUri | string | `""` | URI to Testkube's control plane REST API (e.g. https://api.testkube.io) | | testkube-ai-service.enabled | bool | `false` | Toggle whether to install the Testkube AI service | | testkube-ai-service.env | string | `"production"` | Environment of deployment | -| testkube-ai-service.fullnameOverride | string | `""` | | +| testkube-ai-service.fullnameOverride | string | `"testkube-enterprise-ai-service"` | | | testkube-ai-service.host | string | `""` | Hostname for which to create rules and TLS certificates (if omitted, the host will be generated using the global subdomain and `domain` values) | | testkube-ai-service.image.pullPolicy | string | `"IfNotPresent"` | | | testkube-ai-service.image.registry | string | `""` | If defined, it will prepend the registry to the image name, if not, default docker.io will be prepended | @@ -222,7 +216,7 @@ A Helm chart for Testkube Enterprise | testkube-ai-service.oauthAudience | string | `"testkube-enterprise"` | OAuth audience represents the expected value of the `aud` claim in the JWT token. This is the static client ID in the Dex configuration. | | testkube-ai-service.oauthIssuer | string | `""` | Specify issuer to skip OIDC Discovery | | testkube-ai-service.oauthJwksUri | string | `""` | Specify the URL to fetch the JWK set document and skip OIDC Discovery | -| testkube-ai-service.oidcDiscoveryUri | string | `""` | Use OpenID Conect (OIDC) Discovery endpoint to fetch configurations from the identity provider. The path should end with `/.well-known/openid-configuration`. | +| testkube-ai-service.oidcDiscoveryUri | string | `""` | Use OpenID Connect (OIDC) Discovery URI to fetch configurations from the identity provider. The path should end with `/.well-known/openid-configuration`. | | testkube-ai-service.openAi.apiKey | string | `""` | OpenAI API Key - can be provided directly or referenced from a secret | | testkube-ai-service.openAi.secretRef | string | `""` | Reference to the secret containing the OpenAI API Key. Place value into `OPENAI_API_KEY` key. | | testkube-ai-service.podAnnotations | object | `{}` | | @@ -248,7 +242,6 @@ A Helm chart for Testkube Enterprise | testkube-ai-service.tls.tlsSecret | string | `"testkube-ai-tls"` | TLS secret name which contains the certificate files | | testkube-ai-service.tolerations | list | `[]` | | | testkube-ai-service.topologySpreadConstraints | list | `[]` | Topology spread constraints can be used to define how pods should be spread across failure domains within your cluster. | -| testkube-cloud-api.ai.secretRef | string | `""` | | | testkube-cloud-api.api.agent.healthcheck.lock | string | `"kv"` | Agent healthcheck distributed mode (one of mongo|kv) - used for pods sync to run healthchecks on single pod at once | | testkube-cloud-api.api.agent.hide | bool | `false` | | | testkube-cloud-api.api.agent.host | string | `""` | Agent host (without protocol) is used for building agent install commands (if blank, api will autogenerate it based on the value of `global.domain`) | @@ -339,6 +332,8 @@ A Helm chart for Testkube Enterprise | testkube-cloud-api.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | testkube-cloud-api.testConnection.enabled | bool | `false` | | | testkube-cloud-api.topologySpreadConstraints | list | `[]` | Topology spread constraints can be used to define how pods should be spread across failure domains within your cluster. | +| testkube-cloud-ui.ai.aiServiceApiUri | string | `""` | Testkube AI service API URI | +| testkube-cloud-ui.ai.enabled | bool | `false` | Enable Testkube AI features | | testkube-cloud-ui.fullnameOverride | string | `"testkube-enterprise-ui"` | | | testkube-cloud-ui.image.registry | string | `""` | If defined, it will prepend the registry to the image name, if not, default docker.io will be prepended | | testkube-cloud-ui.image.repository | string | `"kubeshop/testkube-enterprise-ui"` | | diff --git a/charts/testkube-enterprise/values.yaml b/charts/testkube-enterprise/values.yaml index 7785b8b33..2fda2b819 100644 --- a/charts/testkube-enterprise/values.yaml +++ b/charts/testkube-enterprise/values.yaml @@ -116,18 +116,6 @@ global: # functionality that applies job changes through force Delete/Create instead Replace. # job: # nameSuffixOverride: '{{ dateInZone "2006-01-02-15-04-05" (now) "UTC" }}' - # -- Testkube AI service settings (ALPHA - for Kubecon purpose only for now) - ai: - # -- Enable Testkube AI keys for frontend - enabled: false - # -- Testkube AI API URI - uri: "" - # -- LLM kind (openai | ollama) - kind: "openai" - # -- LLM model - LLM need to support it - model: "gpt-4o-mini" - # -- Secret name TODO(emil) describe what this secret needs to contain - secretRef: testkube-ai # Testkube requires a variety of secrets to operate. # Any secret not provided manually will be automatically generated with a random value by the shared secret job. sharedSecretGenerator: @@ -292,9 +280,6 @@ testkube-cloud-api: annotations: {} # -- The name of the service account to use. If not set and create is true, a name is generated using the fullname template name: "" - # TODO(emil): what is this for? can it be removed? - ai: - secretRef: "" audit: cleanup: # -- Toggle whether to enable audit log cleanup @@ -458,6 +443,11 @@ testkube-cloud-ui: ui: # -- Auth strategy to use (possible values: "" (default), "gitlab", "github"), setting to "" enables all auth strategies, if you use a custom Dex connector, set this to the id of the connector authStrategy: "" + ai: + # -- Enable Testkube AI features + enabled: false + # -- Testkube AI service API URI + aiServiceApiUri: "" image: # -- If defined, it will prepend the registry to the image name, if not, default docker.io will be prepended registry: "" @@ -542,6 +532,7 @@ testkube-worker-service: customCaDirPath: "" ## Testkube AI Service chart parameters testkube-ai-service: + fullnameOverride: testkube-enterprise-ai-service # -- Toggle whether to install the Testkube AI service enabled: false replicaCount: 1 @@ -557,7 +548,6 @@ testkube-ai-service: tag: "" imagePullSecrets: [] nameOverride: "" - fullnameOverride: "" serviceAccount: create: true automount: true @@ -606,13 +596,13 @@ testkube-ai-service: affinity: {} # -- Hostname for which to create rules and TLS certificates (if omitted, the host will be generated using the global subdomain and `domain` values) host: "" - # -- Endpoint to Testkube's control plane REST API (e.g. https://api.testkube.io) - controlPlaneEndpoint: "" + # -- URI to Testkube's control plane REST API (e.g. https://api.testkube.io) + controlPlaneRestApiUri: "" # -- Environment of deployment env: "production" # -- Log level logLevel: "info" - # -- Use OpenID Conect (OIDC) Discovery endpoint to fetch configurations from the identity provider. The path should end with `/.well-known/openid-configuration`. + # -- Use OpenID Connect (OIDC) Discovery URI to fetch configurations from the identity provider. The path should end with `/.well-known/openid-configuration`. oidcDiscoveryUri: "" # -- Specify issuer to skip OIDC Discovery oauthIssuer: "" From c0e19bc691f09d74fd70bbfe9142ec7a446816f1 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Thu, 30 Jan 2025 19:13:52 +0100 Subject: [PATCH 41/41] feat: auto update ai/enterprise charts --- .github/workflows/update-charts-dispatch.yaml | 7 +++++++ scripts/sync.sh | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/.github/workflows/update-charts-dispatch.yaml b/.github/workflows/update-charts-dispatch.yaml index 0f6afec1b..f71e60ffc 100644 --- a/.github/workflows/update-charts-dispatch.yaml +++ b/.github/workflows/update-charts-dispatch.yaml @@ -6,6 +6,7 @@ on: [ trigger-workflow-testkube-cloud-services, trigger-workflow-testkube-cloud-ui-main, + trigger-workflow-testkube-ai-service, trigger-workflow-testkube-agent-main ] @@ -44,6 +45,12 @@ jobs: # update application version ./scripts/update.sh -c "testkube-cloud-ui" -a ${{ github.event.client_payload.appVersion }} --verbose + - name: Update Helm chart with changes for testkube-ai service + if: github.event.action != 'trigger-workflow-testkube-agent-main' && github.event.action != 'trigger-workflow-testkube-ai-service' + run: | + # update application version + ./scripts/update.sh -c "testkube-ai-service" -a ${{ github.event.client_payload.appVersion }} --verbose + - name: Update Agent version if: github.event.action == 'trigger-workflow-testkube-agent-main' run: | diff --git a/scripts/sync.sh b/scripts/sync.sh index 43ececaad..5e11314be 100755 --- a/scripts/sync.sh +++ b/scripts/sync.sh @@ -6,19 +6,23 @@ update_script=$script_dir/update.sh export enterprise_api_chart_version export enterprise_ui_chart_version export enterprise_worker_service_chart_version +export enterprise_ai_service_chart_version export enterprise_api_app_version export enterprise_ui_app_version export enterprise_worker_service_app_version +export enterprise_ai_service_app_version # Extract the version from the respective charts enterprise_api_chart_version=$("$update_script" -c testkube-cloud-api --print-chart-version) enterprise_ui_chart_version=$("$update_script" -c testkube-cloud-ui --print-chart-version) enterprise_worker_service_chart_version=$("$update_script" -c testkube-worker-service --print-chart-version) +enterprise_ai_service_chart_version=$("$update_script" -c testkube-ai-service --print-chart-version) # Extract the appVersion from the respective charts enterprise_api_app_version=$("$update_script" -c testkube-cloud-api --print-app-version) enterprise_ui_app_version=$("$update_script" -c testkube-cloud-ui --print-app-version) enterprise_worker_service_app_version=$("$update_script" -c testkube-worker-service --print-app-version) +enterprise_ai_service_app_version=$("$update_script" -c testkube-ai-service --print-app-version) # Update the values.yaml in the enterprise chart echo "Updating testkube-cloud-api version in testkube-enterprise Helm chart to $enterprise_api_app_version" @@ -43,12 +47,15 @@ echo "Updating testkube-cloud-ui version in testkube-cloud-ui values.yaml to $en yq eval -i '.image.tag = env(enterprise_ui_app_version)' "charts/testkube-cloud-ui/values.yaml" echo "Updating testkube-worker-service version in testkube-worker-service values.yaml to $enterprise_worker_service_app_version" yq eval -i '.image.tag = env(enterprise_worker_service_app_version)' "charts/testkube-worker-service/values.yaml" +echo "Updating testkube-ai-service version in testkube-ai-service values.yaml to $enterprise_ai_service_app_version" +yq eval -i '.image.tag = env(enterprise_ai_service_app_version)' "charts/testkube-ai-service/values.yaml" # Update the dependencies field in Chart.yaml echo "Updating dependencies in Chart.yaml" yq -i '.dependencies[] |= select(.name == "testkube-cloud-api") |= .version = env(enterprise_api_chart_version)' "charts/testkube-enterprise/Chart.yaml" yq -i '.dependencies[] |= select(.name == "testkube-cloud-ui") |= .version = env(enterprise_ui_chart_version)' "charts/testkube-enterprise/Chart.yaml" yq -i '.dependencies[] |= select(.name == "testkube-worker-service") |= .version = env(enterprise_worker_service_chart_version)' "charts/testkube-enterprise/Chart.yaml" +yq -i '.dependencies[] |= select(.name == "testkube-ai-service") |= .version = env(enterprise_ai_service_chart_version)' "charts/testkube-enterprise/Chart.yaml" echo "Updating dependencies in testkube-enterprise Helm chart" helm dependency update charts/testkube-enterprise