kubeshop · ed382 · Jan 31, 2025 · Jan 21, 2025 · Jan 21, 2025 · Jan 21, 2025
@@ -6,6 +6,7 @@ on:
       [
         trigger-workflow-testkube-cloud-services,
         trigger-workflow-testkube-cloud-ui-main,
+        trigger-workflow-testkube-ai-service,
         trigger-workflow-testkube-agent-main
       ]
 
@@ -44,6 +45,12 @@ jobs:
           # update application version
           ./scripts/update.sh -c "testkube-cloud-ui" -a ${{ github.event.client_payload.appVersion }} --verbose
 
+      - name: Update Helm chart with changes for testkube-ai service
+        if: github.event.action != 'trigger-workflow-testkube-agent-main' && github.event.action != 'trigger-workflow-testkube-ai-service'
+        run: |
+          # update application version
+          ./scripts/update.sh -c "testkube-ai-service" -a ${{ github.event.client_payload.appVersion }} --verbose
+
       - name: Update Agent version
         if: github.event.action == 'trigger-workflow-testkube-agent-main'
         run: |

@@ -5,8 +5,12 @@
 # Chart dependencies
 charts/testkube-cloud-api/charts/*.tgz
 charts/testkube-cloud-ui/charts/*.tgz
-charts/testkube-enterprise/charts/*.tgz
 
+charts/testkube-enterprise/charts/*
+!charts/testkube-enterprise/charts/dex/*
+!charts/testkube-enterprise/charts/minio/*
+!charts/testkube-enterprise/charts/mongodb/*
+!charts/testkube-enterprise/charts/nats/*
 
 # OSX
 .DS_Store

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
@@ -0,0 +1,13 @@
+apiVersion: v2
+name: testkube-ai-service
+description: A Helm chart for Testkube AI service
+type: application
+version: 1.0.0
+appVersion: 1.0.0
+maintainers:
+  - name: testkube
+    url: https://testkube.io
+icon: https://assets.website-files.com/61e00b3936e571a4ea7a5a4c/623b2bb9387ad04955b1f82c_testkube.svg
+home: https://github.com/kubeshop/testkube-cloud-charts
+sources:
+  - https://github.com/kubeshop/testkube-ai
@@ -0,0 +1,91 @@
+# testkube-ai-service
+
+![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
+
+A Helm chart for Testkube AI service
+
+**Homepage:** <https://github.com/kubeshop/testkube-cloud-charts>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| testkube |  | <https://testkube.io> |
+
+## Source Code
+
+* <https://github.com/kubeshop/testkube-ai>
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| autoscaling.enabled | bool | `false` |  |
+| autoscaling.maxReplicas | int | `100` |  |
+| autoscaling.minReplicas | int | `1` |  |
+| autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
+| autoscaling.targetMemoryUtilizationPercentage | int | `80` |  |
+| controlPlaneRestApiUri | string | `""` | URI to Testkube's control plane REST API (e.g. https://api.testkube.io) |
+| env | string | `"production"` | Environment of deployment |
+| fullnameOverride | string | `""` |  |
+| global.containerSecurityContext | object | `{}` | Global security Context for all containers |
+| global.customCaSecretKey | string | `"ca.crt"` | Custom CA to use as a trusted CA during TLS connections. Specify a key for the secret specified under customCaSecretRef. |
+| global.customCaSecretRef | string | `""` | Custom CA to use as a trusted CA during TLS connections. Specify a secret with the PEM encoded CA under the key specified by customCaSecretKey. |
+| global.dex.issuer | string | `""` | Global Dex issuer url which is configured both in Dex and API |
+| global.domain | string | `""` | Domain under which endpoints are exposed |
+| global.imagePullSecrets | list | `[]` | Global image pull secrets (provided usually by a parent chart like testkube-enterprise) |
+| global.imageRegistry | string | `""` | Global image registry to be prepended for to all images (usually defined in parent chart) |
+| global.ingress.enabled | bool | `true` | Toggle whether to enable or disable all Ingress resources (if false, all Ingress resources will be disabled and cannot be overriden) |
+| global.labels | object | `{}` | Common labels which will be added to all resources |
+| global.podSecurityContext | object | `{}` | Global security Context for all pods |
+| global.restApiSubdomain | string | `"api"` | REST API subdomain which get prepended to the domain |
+| host | string | `""` | Hostname for which to create rules and TLS certificates (if omitted, the host will be generated using the global subdomain and `domain` values) |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.registry | string | `""` | If defined, it will prepend the registry to the image name, if not, default docker.io will be prepended |
+| image.repository | string | `"kubeshop/testkube-ai-copilot"` |  |
+| image.tag | string | `""` |  |
+| imagePullSecrets | list | `[]` |  |
+| ingress.annotations | object | `{}` |  |
+| ingress.className | string | `"nginx"` |  |
+| ingress.enabled | bool | `true` |  |
+| langchain.apiKey | string | `""` | LangChain API Key - can be provided directly or referenced from a secret |
+| langchain.endpoint | string | `"https://api.smith.langchain.com/"` | Endpoint for LangChain API |
+| langchain.project | string | `""` | Project identifier for LangChain |
+| langchain.secretRef | string | `""` | Reference to the secret containing the LangChain API Key. Place value into `LANGCHAIN_API_KEY` key. |
+| langchain.tracing | bool | `true` | Enable LangChain tracing |
+| logLevel | string | `"info"` | Log level |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| oauthAudience | string | `""` | OAuth audience represents the expected value of the `aud` claim in the JWT token. This is the static client ID in the Dex configuration. |
+| oauthIssuer | string | `""` | Specify issuer to skip OIDC Discovery |
+| oauthJwksUri | string | `""` | Specify the URL to fetch the JWK set document and skip OIDC Discovery |
+| oidcDiscoveryUri | string | `""` | Use OpenID Conect (OIDC) Discovery endpoint to fetch configurations from the identity provider. The path should end with `/.well-known/openid-configuration`. |
+| openAi.apiKey | string | `""` | OpenAI API Key - can be provided directly or referenced from a secret |
+| openAi.secretRef | string | `""` | Reference to the secret containing the OpenAI API Key. Place value into `OPENAI_API_KEY` key. |
+| podAnnotations | object | `{}` |  |
+| podLabels | object | `{}` |  |
+| podSecurityContext | object | `{}` |  |
+| priorityClassName | string | `""` | Priority class name defines the priority of this pod relative to others in the cluster. |
+| replicaCount | int | `1` |  |
+| resources | object | `{}` |  |
+| securityContext | object | `{}` |  |
+| service.annotations | object | `{}` | Additional annotations to add to the Service resource |
+| service.labels | object | `{}` | Additional labels to add to the Service resource |
+| service.port | int | `9090` | AI API port |
+| service.type | string | `"ClusterIP"` | Service type |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.automount | bool | `true` |  |
+| serviceAccount.create | bool | `true` |  |
+| serviceAccount.name | string | `""` |  |
+| tls.certManager.issuerGroup | string | `"cert-manager.io"` | Certificate Issuer group (only used if `provider` is set to `cert-manager`) |
+| tls.certManager.issuerKind | string | `"ClusterIssuer"` | Certificate Issuer kind (only used if `provider` is set to `cert-manager`) |
+| tls.certPath | string | `"/tmp/serving-cert/crt.pem"` | Mount path for the certificate |
+| tls.keyPath | string | `"/tmp/serving-cert/key.pem"` | Mount path for the certificate private key |
+| tls.serveHTTPS | bool | `true` | Toggle should the Application terminate TLS instead of the Ingress |
+| tls.tlsSecret | string | `"testkube-ai-tls"` | TLS secret name which contains the certificate files |
+| tolerations | list | `[]` |  |
+| topologySpreadConstraints | list | `[]` | Topology spread constraints can be used to define how pods should be spread across failure domains within your cluster. |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "testkube-ai.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "testkube-ai.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "testkube-ai.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "testkube-ai.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}
@@ -0,0 +1,121 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "testkube-ai.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "testkube-ai.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "testkube-ai.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "testkube-ai.labels" -}}
+helm.sh/chart: {{ include "testkube-ai.chart" . }}
+{{ include "testkube-ai.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.global.labels }}
+{{ toYaml .Values.global.labels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "testkube-ai.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "testkube-ai.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "testkube-ai.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "testkube-ai.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Get AI Ingress host
+*/}}
+{{- define "testkube-ai.ingress.host" -}}
+{{- if .Values.global.domain }}
+{{- printf "%s.%s" .Values.global.aiApiSubdomain .Values.global.domain }}
+{{- else }}
+{{- .Values.host }}
+{{- end }}
+{{- end }}
+
+{{/*
+Define AI API image
+*/}}
+{{- define "testkube-ai.image" -}}
+{{- $registryName := default "docker.io" .Values.image.registry -}}
+{{- $repositoryName := .Values.image.repository -}}
+{{- $tag := default .Chart.AppVersion .Values.image.tag | toString -}}
+{{- $separator := ":" -}}
+{{- if .Values.image.digest }}
+    {{- $separator = "@" -}}
+    {{- $tag = .Values.image.digest | toString -}}
+{{- end -}}
+{{- if .Values.global }}
+    {{- if .Values.global.imageRegistry }}
+        {{- printf "%s/%s%s%s" .Values.global.imageRegistry $repositoryName $separator $tag -}}
+    {{- else -}}
+        {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $tag -}}
+    {{- end -}}
+{{- else -}}
+    {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $tag -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Define podSecurityContext for AI API
+*/}}
+{{- define "testkube-ai.podSecurityContext" -}}
+{{- if .Values.global.podSecurityContext }}
+{{ toYaml .Values.global.podSecurityContext }}
+{{- else }}
+{{ toYaml .Values.podSecurityContext }}
+{{- end }}
+{{- end }}
+
+{{/*
+Define containerSecurityContext for AI API
+*/}}
+{{- define "testkube-ai.containerSecurityContext" -}}
+{{- if .Values.global.containerSecurityContext }}
+{{- toYaml .Values.global.containerSecurityContext }}
+{{- else }}
+{{- toYaml .Values.securityContext }}
+{{- end }}
+{{- end }}
@@ -0,0 +1,18 @@
+{{- if and .Values.tls.serveHTTPS (eq .Values.global.certificateProvider "cert-manager") }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ include "testkube-ai.fullname" . }}
+  labels:
+    {{- include "testkube-ai.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+spec:
+  secretName: {{ .Values.tls.tlsSecret }}
+  dnsNames:
+    - {{ include "testkube-ai.ingress.host" . | quote }}
+  issuerRef:
+    name: {{ required ".Values.global.certManager.issuerRef must be set when provider is cert-manager" .Values.global.certManager.issuerRef }}
+    kind: {{ .Values.tls.certManager.issuerKind }}
+    group: {{ .Values.tls.certManager.issuerGroup }}
+{{- end }}