IaC/Helm (#127)

* Helm and IaC

Author: gotsysdba

.github/workflows/pytest.yml

@@ -7,8 +7,6 @@ on:
       - opened
       - synchronize
       - reopened
-    paths:
-      - "src/**"
 
   # Allows running this workflow manually
   workflow_dispatch:

.gitignore

@@ -5,16 +5,13 @@
 **/*.log
 **/requirements.txt
 app/THIRD_PARTY_LICENSES.txt
-helm/values*.yaml
-helm/service.yaml
-helm/ingress.yaml
 sbin/**
 **/*.bak
 **/tmp/**
 **/temp/**
 **/chatbot_graph.png
 **/*.sh
-!opentofu/oci/templates/cloudinit-oke.sh
+!opentofu/templates/cloudinit-oke.sh
 !src/entrypoint.sh
 !src/client/spring_ai/templates/env.sh
 
@@ -40,6 +37,20 @@ __pycache__/
 */*.egg-info
 **/build/
 
+##############################################################################
+# IaC
+##############################################################################
+**/**.tfvars
+**/.terraform*
+**/terraform.tfstate*
+opentofu/**/examples/*.yaml
+
+##############################################################################
+# Helm
+##############################################################################
+helm/values*.yaml
+!helm/values.yaml
+
 ##############################################################################
 # Random
 ##############################################################################

README.md

@@ -73,13 +73,13 @@ To run the application in a container; download the [source](https://github.com/
 
    ```bash
    cd src/
-   podman build -t oai-explorer-aio .
+   podman build -t ai-explorer-aio .
    ```
 
 1. Start the Container:
 
    ```bash
-   podman run -p 8501:8501 -it --rm oai-explorer-aio
+   podman run -p 8501:8501 -it --rm ai-explorer-aio
    ```
 
 1. Navigate to `http://localhost:8501`.

docs/content/advanced/microservices.md

@@ -20,6 +20,47 @@ The following example shows running the {{< short_app_ref >}} in [Oracle Kuberne
 
 The command to connect to the **OKE** cluster will be output as part of the **IaC**.
 
+### Images
+
+You will need to build the {{< short_app_ref >}} container images and stage them in a container registry, such as the [OCI Container Registry](https://docs.oracle.com/en-us/iaas/Content/Registry/Concepts/registryoverview.htm) (**OCIR**).
+
+1. Build the {{< short_app_ref >}} images:
+
+    From the code source `src/` directory:
+    ```bash
+    podman build --arch amd64 -f client/Dockerfile -t ai-explorer-client:latest .
+
+    podman build --arch amd64 -f server/Dockerfile -t ai-explorer-server:latest .
+    ```
+
+1. Log into your container registry:
+
+    More information on authenticating to **OCIR** can be found [here](https://docs.oracle.com/en-us/iaas/Content/Registry/Tasks/registrypushingimagesusingthedockercli.htm).
+
+    ```bash
+    podman login <registry-domain>
+    ```
+
+    Example:
+    ```bash
+    podman login iad.ocir.io
+    ```
+
+    You will be prompted for a username and token password.
+
+1. Push the {{< short_app_ref >}} images:
+
+    More information on pushing images to **OCIR** can be found [here](https://docs.oracle.com/en-us/iaas/Content/Registry/Tasks/registrypushingimagesusingthedockercli.htm).
+
+    Example (the values for `<server_repository>` and `<server_repository>` are provided from the **IaC**):
+    ```bash
+    podman tag ai-explorer-client:latest <client_repository>:latest
+    podman push <client_repository>:latest
+
+    podman tag ai-explorer-server:latest <server_repository>:latest
+    podman push <server_repository>:latest
+    ```
+
 ### Ingress
 
 To access the {{< short_app_ref >}} GUI and API Server, you can either use a port-forward or an Ingress service.  For demonstration purposes, the [Ingress-Nginx Controller](https://kubernetes.github.io/ingress-nginx/deploy/) will be used to create a [Flexible LoadBalancer](https://docs.oracle.com/en-us/iaas/Content/NetworkLoadBalancer/overview.htm) in **OCI**.
@@ -104,47 +145,6 @@ These will be output as part of the **IaC** but can be removed from the code if
     kubectl apply -f service.yaml
     ```
 
-### Images
-
-You will need to build the {{< short_app_ref >}} container images and stage them in a container registry, such as the [OCI Container Registry](https://docs.oracle.com/en-us/iaas/Content/Registry/Concepts/registryoverview.htm) (**OCIR**).
-
-1. Build the {{< short_app_ref >}} images:
-
-    From the code source `src/` directory:
-    ```bash
-    podman build --arch amd64 -f client/Dockerfile -t ai-explorer-client:latest .
-
-    podman build --arch amd64 -f server/Dockerfile -t ai-explorer-server:latest .
-    ```
-
-1. Log into your container registry:
-
-    More information on authenticating to **OCIR** can be found [here](https://docs.oracle.com/en-us/iaas/Content/Registry/Tasks/registrypushingimagesusingthedockercli.htm).
-
-    ```bash
-    podman login <registry-domain>
-    ```
-
-    Example:
-    ```bash
-    podman login iad.ocir.io
-    ```
-
-    You will be prompted for a username and token password.
-
-1. Push the {{< short_app_ref >}} images:
-
-    More information on pushing images to **OCIR** can be found [here](https://docs.oracle.com/en-us/iaas/Content/Registry/Tasks/registrypushingimagesusingthedockercli.htm).
-
-    Example (the values for `<server_repository>` and `<server_repository>` are provided from the **IaC**):
-    ```bash
-    podman tag ai-explorer-client:latest <client_repository>:latest
-    podman push <client_repository>:latest
-
-    podman tag ai-explorer-server:latest <server_repository>:latest
-    podman push <server_repository>:latest
-    ```
-
 ### The {{< short_app_ref >}}
 
 The {{< short_app_ref >}} can be deployed using the [Helm](https://helm.sh/) chart provided with the source:

helm/Chart.yaml

@@ -7,20 +7,21 @@ description: A Helm chart Oracle AI Explorer for Apps
 type: application
 version: 0.1.0
 appVersion: "0.1.0"
+icon: https://github.com/oracle-samples/ai-explorer/blob/main/src/client/media/logo.png
 maintainers:
   - name: Oracle
     email: [email protected]
     url: https://github.com/oracle-samples/ai-explorer
 
 dependencies:
-  - name: ai-explorer-server
+  - name: server
     version: 0.1.0
-    repository: file://charts/ai-explorer-server
-    condition: ai-explorer-server.enabled
-  - name: ai-explorer-client
+    repository: file://charts/server
+    condition: server.enabled
+  - name: client
     version: 0.1.0
-    repository: file://charts/ai-explorer-client
-    condition: ai-explorer-client.enabled
+    repository: file://charts/client
+    condition: client.enabled
   - name: ollama
     version: 0.1.0
     repository: file://charts/ollama

helm/README.md

@@ -6,7 +6,7 @@ This Helm Chart requires three Kubernetes Secrets to be created prior to install
 
 ### Registry Credentials
 
-**Note**: This requirement maybe deprecated in OCI/OKE: [Credential Provider](https://github.com/oracle-devrel/oke-credential-provider-for-ocir/issues/2)
+**Note**: This requirement is deprecated in OCI/OKE when using the IaC from opentofu: [Credential Provider](https://github.com/oracle-devrel/oke-credential-provider-for-ocir)
 
 ```yaml
 apiVersion: v1
@@ -21,7 +21,7 @@ stringData:
 Example:
 
 ```bash
-docker login iad.ocir.io -u <username>
+podman login iad.ocir.io -u <username>
 kubectl create secret docker-registry regcred --from-file=.dockerconfigjson=/run/user/1002/containers/auth.json
 ```
 
@@ -60,11 +60,11 @@ stringData:
 ## Install
 
 ```bash
-helm upgrade --install oai-explorer .
+helm upgrade --install ai-explorer .
 ```
 
 ## Uninstall
 
 ```bash
-helm uninstall oai-explorer
+helm uninstall ai-explorer
 ```

helm/charts/oaim-sandbox/Chart.yaml renamed to helm/charts/client/Chart.yaml

@@ -2,7 +2,7 @@
 ## Licensed under the Universal Permissive License v1.0 as shown at http://oss.oracle.com/licenses/upl.
 
 apiVersion: v2
-name: ai-explorer-client
+name: client
 description: A Helm chart Oracle AI Explorer for Apps - GUI
 type: application
 version: 0.1.0

helm/charts/oaim-sandbox/templates/configmap.yaml renamed to helm/charts/client/templates/configmap.yaml

@@ -4,9 +4,9 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "oai.fullname" . }}-st-config
+  name: {{ include "app.fullname" . }}-st-config
   labels: 
-    {{- include "oai.labels" . | nindent 4 }}
+    {{- include "app.labels" . | nindent 4 }}
 data:
   config.toml: |
     [global]

helm/charts/oaim-sandbox/templates/deployment.yaml renamed to helm/charts/client/templates/deployment.yaml

@@ -4,24 +4,24 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "oai.fullname" . }}
+  name: {{ include "app.fullname" . }}
   labels:
-    {{- include "oai.labels" . | nindent 4 }}
+    {{- include "app.labels" . | nindent 4 }}
 spec:
   {{- if not .Values.autoscaling.enabled }}
   replicas: {{ .Values.replicaCount }}
   {{- end }}
   selector:
     matchLabels:
-      {{- include "oai.selectorLabels" . | nindent 6 }}
+      {{- include "app.selectorLabels" . | nindent 6 }}
   template:
     metadata:
       {{- with .Values.podAnnotations }}
       annotations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       labels:
-        {{- include "oai.labels" . | nindent 8 }}
+        {{- include "app.labels" . | nindent 8 }}
         {{- with .Values.podLabels }}
         {{- toYaml . | nindent 8 }}
         {{- end }}
@@ -30,7 +30,7 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      serviceAccountName: {{ include "oai.serviceAccountName" . }}
+      serviceAccountName: {{ include "app.serviceAccountName" . }}
       securityContext:
         fsGroup: 10001
       containers:
@@ -45,21 +45,21 @@ spec:
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.imagePullPolicy | default "IfNotPresent" }}
           ports:
-            - name: http
+            - name: client-port
               containerPort: 8501
               protocol: TCP
           livenessProbe:
             httpGet:
               path: {{ include "getPath" . }}ping
-              port: http
+              port: client-port
             initialDelaySeconds: 20
             periodSeconds: 20
             timeoutSeconds: 1
             failureThreshold: 3
           readinessProbe:
             httpGet:
               path: {{ include "getPath" . }}ping
-              port: http
+              port: client-port
             initialDelaySeconds: 10
             periodSeconds: 15
             timeoutSeconds: 1
@@ -76,7 +76,7 @@ spec:
             {{- end }}
             {{- end }}
             - name: API_SERVER_URL
-              value: {{ include "ai-explorer-server.serviceUrl" . }}
+              value: {{ include "server.serviceUrl" . }}
             - name: API_SERVER_PORT
               value: "8000"
             - name: API_SERVER_KEY
@@ -97,7 +97,7 @@ spec:
           emptyDir: {}
         - name: streamlit-config
           configMap:
-            name: {{ include "oai.fullname" . }}-st-config
+            name: {{ include "app.fullname" . }}-st-config
       {{- with .Values.volumes }}
         {{- toYaml . | nindent 8 }}
       {{- end }}

helm/charts/oaim-sandbox/templates/ingress.yaml renamed to helm/charts/client/templates/ingress.yaml

@@ -10,9 +10,9 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: {{ include "oai.fullname" . }}-http
+  name: {{ include "app.fullname" . }}-http
   labels: 
-    {{- include "oai.labels" . | nindent 4 }}
+    {{- include "app.labels" . | nindent 4 }}
   {{- with .Values.ingress.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
@@ -39,11 +39,11 @@ spec:
             backend:
               {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
               service:
-                name: {{ include "oai.fullname" . }}-http
+                name: {{ include "app.fullname" . }}-http
                 port:
-                  number: 8501
+                  number: 80
               {{- else }}
-              serviceName: {{ include "oai.fullname" . }}-http
-              servicePort: 8501
+              serviceName: {{ include "app.fullname" . }}-http
+              servicePort: 80
               {{- end }}
 {{- end }}