From 122882beb850587fb602621395988c9c4b5ea581 Mon Sep 17 00:00:00 2001 From: engineering Date: Thu, 12 Jun 2025 12:20:54 -0600 Subject: [PATCH 1/6] Make sidecar AI container resource block optional in deployment - Updated deployment.yaml to include the `resources` block for the `codetogether-llm` sidecar only if values are defined in values.yaml. - Ensures the bundled AI container can run without specifying resource limits/requests by default. - Improved overall Helm template flexibility for embedded AI mode. - Validated that runs with AI Container embeeded. --- charts/intel/templates/deployment.yaml | 134 ++++++++++++------------- 1 file changed, 62 insertions(+), 72 deletions(-) diff --git a/charts/intel/templates/deployment.yaml b/charts/intel/templates/deployment.yaml index 9c0d7e0..8391de4 100644 --- a/charts/intel/templates/deployment.yaml +++ b/charts/intel/templates/deployment.yaml @@ -28,80 +28,60 @@ spec: {{- end }} serviceAccountName: {{ include "codetogether.serviceAccountName" . }} containers: - {{- if .Values.ai.enabled }} - {{- if eq .Values.ai.mode "bundled" }} - - name: codetogether-llm - image: "{{ .Values.ai.image.repository }}:{{ .Values.ai.image.tag }}" - imagePullPolicy: Always - ports: - - name: ai - containerPort: 8000 - protocol: TCP - resources: - requests: - cpu: {{ .Values.ai.resources.requests.cpu | quote }} - memory: {{ .Values.ai.resources.requests.memory | quote }} - limits: - cpu: {{ .Values.ai.resources.limits.cpu | quote }} - memory: {{ .Values.ai.resources.limits.memory | quote }} - {{- end }} - {{- end }} - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: - - name: AI_MODE - value: {{ .Values.ai.mode | quote }} - {{- if eq .Values.ai.mode "bundled" }} - - name: AI_BUNDLED_URL - value: "http://codetogether-llm:8000" - {{- end }} - {{- if .Values.ai.enabled }} - {{- if eq .Values.ai.mode "external" }} - - name: AI_PROVIDER - valueFrom: - configMapKeyRef: - name: ai-config - key: ai_provider - - name: AI_EXTERNAL_URL - valueFrom: - configMapKeyRef: - name: ai-config - key: ai_url - - name: AI_EXTERNAL_API_KEY + - name: AI_MODE + value: {{ .Values.ai.mode | quote }} + {{- if eq .Values.ai.mode "bundled" }} + - name: AI_BUNDLED_URL + value: "http://codetogether-llm:8000" + {{- end }} + {{- if .Values.ai.enabled }} + {{- if eq .Values.ai.mode "external" }} + - name: AI_PROVIDER + valueFrom: + configMapKeyRef: + name: ai-config + key: ai_provider + - name: AI_EXTERNAL_URL + valueFrom: + configMapKeyRef: + name: ai-config + key: ai_url + - name: AI_EXTERNAL_API_KEY + valueFrom: + secretKeyRef: + name: ai-external-secret + key: api-key + {{- end }} + {{- end }} + # + # Set CodeTogether runtime configuration + # + - name: CT_HQ_BASE_URL + value: {{ .Values.codetogether.url | quote }} + {{- if .Values.java.customCacerts.enabled }} + - name: CT_TRUST_STORE + value: -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts + {{- end }} + # Custom Java options (excluding trust store related settings) + {{- if .Values.java.customJavaOptions }} + - name: CT_JAVA_OPTIONS + value: "{{ .Values.java.customJavaOptions | default "" }}" + {{- end }} + # Set trust store password only if trustStorePasswordKey is provided + {{- if and .Values.java.customCacerts.enabled .Values.java.customCacerts.trustStorePasswordKey }} + - name: CT_TRUST_STORE_PASSWD valueFrom: secretKeyRef: - name: ai-external-secret - key: api-key + name: {{ .Values.java.customCacerts.cacertsSecretName }} + key: {{ .Values.java.customCacerts.trustStorePasswordKey }} + optional: true {{- end }} - {{- end }} - # - # Set CodeTogether runtime configuration - # - - name: CT_HQ_BASE_URL - value: {{ .Values.codetogether.url | quote }} - {{- if .Values.java.customCacerts.enabled }} - - name: CT_TRUST_STORE - value: -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts - {{- end }} - - # Custom Java options (excluding trust store related settings) - {{- if .Values.java.customJavaOptions }} - - name: CT_JAVA_OPTIONS - value: "{{ .Values.java.customJavaOptions | default "" }}" - {{- end }} - - # Set trust store password only if trustStorePasswordKey is provided - {{- if and .Values.java.customCacerts.enabled .Values.java.customCacerts.trustStorePasswordKey }} - - name: CT_TRUST_STORE_PASSWD - valueFrom: - secretKeyRef: - name: {{ .Values.java.customCacerts.cacertsSecretName }} - key: {{ .Values.java.customCacerts.trustStorePasswordKey }} - optional: true - {{- end }} volumeMounts: - name: properties-volume @@ -112,7 +92,6 @@ spec: mountPath: /etc/ssl/certs/java/cacerts subPath: cacerts {{- end }} - # # Set container configuration # @@ -120,21 +99,17 @@ spec: - name: http containerPort: 1080 protocol: TCP - + livenessProbe: - httpGet: - path: / - port: http initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} successThreshold: {{ .Values.livenessProbe.successThreshold }} failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - readinessProbe: httpGet: path: / port: http - + readinessProbe: initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.readinessProbe.periodSeconds }} @@ -147,6 +122,21 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} + + {{- if and .Values.ai.enabled (eq .Values.ai.mode "bundled") }} + - name: codetogether-llm + image: "{{ .Values.ai.image.repository }}:{{ .Values.ai.image.tag }}" + imagePullPolicy: Always + ports: + - name: ai + containerPort: 8000 + protocol: TCP + {{- if .Values.ai.resources }} + resources: + {{- toYaml .Values.ai.resources | nindent 12 }} + {{- end }} + {{- end }} + volumes: - name: properties-volume secret: From 6fdef5ae6ae031b4627fd7e5f1790ba064b78271 Mon Sep 17 00:00:00 2001 From: engineering Date: Thu, 12 Jun 2025 17:02:27 -0600 Subject: [PATCH 2/6] Enable support for external AI provider - Updated deployment.yaml to support both bundled and external AI modes, allowing selection via .Values.ai.mode. - Added manifests for external AI integration: - ai-config ConfigMap: defines external provider and URL. - ai-external-secret Secret: stores the external API key. - Verified that external AI mode works by routing requests through the configured external service. --- charts/intel/templates/deployment.yaml | 37 +++++++++------------ charts/intel/templates/external-config.yaml | 20 +++++++++++ 2 files changed, 35 insertions(+), 22 deletions(-) create mode 100644 charts/intel/templates/external-config.yaml diff --git a/charts/intel/templates/deployment.yaml b/charts/intel/templates/deployment.yaml index 8391de4..b07acfc 100644 --- a/charts/intel/templates/deployment.yaml +++ b/charts/intel/templates/deployment.yaml @@ -42,38 +42,34 @@ spec: {{- end }} {{- if .Values.ai.enabled }} {{- if eq .Values.ai.mode "external" }} - - name: AI_PROVIDER - valueFrom: - configMapKeyRef: - name: ai-config - key: ai_provider - - name: AI_EXTERNAL_URL - valueFrom: - configMapKeyRef: - name: ai-config - key: ai_url - - name: AI_EXTERNAL_API_KEY - valueFrom: - secretKeyRef: - name: ai-external-secret - key: api-key + - name: AI_PROVIDER + valueFrom: + configMapKeyRef: + name: ai-config + key: ai_provider + - name: AI_EXTERNAL_URL + valueFrom: + configMapKeyRef: + name: ai-config + key: ai_url + - name: AI_EXTERNAL_API_KEY + valueFrom: + secretKeyRef: + name: ai-external-secret + key: api-key {{- end }} {{- end }} - # # Set CodeTogether runtime configuration - # - name: CT_HQ_BASE_URL value: {{ .Values.codetogether.url | quote }} {{- if .Values.java.customCacerts.enabled }} - name: CT_TRUST_STORE value: -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts {{- end }} - # Custom Java options (excluding trust store related settings) {{- if .Values.java.customJavaOptions }} - name: CT_JAVA_OPTIONS value: "{{ .Values.java.customJavaOptions | default "" }}" {{- end }} - # Set trust store password only if trustStorePasswordKey is provided {{- if and .Values.java.customCacerts.enabled .Values.java.customCacerts.trustStorePasswordKey }} - name: CT_TRUST_STORE_PASSWD valueFrom: @@ -92,9 +88,6 @@ spec: mountPath: /etc/ssl/certs/java/cacerts subPath: cacerts {{- end }} - # - # Set container configuration - # ports: - name: http containerPort: 1080 diff --git a/charts/intel/templates/external-config.yaml b/charts/intel/templates/external-config.yaml new file mode 100644 index 0000000..cf9c853 --- /dev/null +++ b/charts/intel/templates/external-config.yaml @@ -0,0 +1,20 @@ +# ai-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: ai-config + namespace: portal +data: + ai_provider: "" + ai_url: https:// + +--- +# ai-external-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: ai-external-secret + namespace: portal +type: Opaque +stringData: + api-key: "" \ No newline at end of file From 8513cbe7b5f9a39341b191a61b355db2ac4eff06 Mon Sep 17 00:00:00 2001 From: engineering Date: Thu, 12 Jun 2025 17:53:39 -0600 Subject: [PATCH 3/6] feat: automate creation of external AI ConfigMap and Secret from values.yaml - Added Helm templates to generate ai-config ConfigMap and ai-external-secret Secret automatically when AI external mode is enabled. - ConfigMap values (ai_provider, ai_url) and Secret value (api-key) are now configurable via values.yaml. - Ensured resources are only created when ai.enabled=true and ai.mode=external. --- charts/intel/templates/ai-config.yaml | 11 +++++++++++ charts/intel/templates/ai-external-secret.yaml | 11 +++++++++++ 2 files changed, 22 insertions(+) create mode 100644 charts/intel/templates/ai-config.yaml create mode 100644 charts/intel/templates/ai-external-secret.yaml diff --git a/charts/intel/templates/ai-config.yaml b/charts/intel/templates/ai-config.yaml new file mode 100644 index 0000000..763fedb --- /dev/null +++ b/charts/intel/templates/ai-config.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.ai.enabled (eq .Values.ai.mode "external") }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: ai-config + namespace: {{ .Release.Namespace }} +data: + ai_provider: {{ .Values.ai.provider | quote }} + ai_url: {{ .Values.ai.url | quote }} +{{- end }} + diff --git a/charts/intel/templates/ai-external-secret.yaml b/charts/intel/templates/ai-external-secret.yaml new file mode 100644 index 0000000..3b914e5 --- /dev/null +++ b/charts/intel/templates/ai-external-secret.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.ai.enabled (eq .Values.ai.mode "external") }} +apiVersion: v1 +kind: Secret +metadata: + name: ai-external-secret + namespace: {{ .Release.Namespace }} +type: Opaque +stringData: + api-key: {{ .Values.ai.apiKey | quote }} +{{- end }} + From d741b555276699c64697a80c3eb4b7d7e0800dc3 Mon Sep 17 00:00:00 2001 From: engineering Date: Fri, 13 Jun 2025 12:54:35 -0600 Subject: [PATCH 4/6] feat: allow use of existing or Helm-managed ai-external-secret in deployment - Updated deployment.yaml to support referencing a user-provided Secret for AI external API key, with fallback to Helm-managed creation. - Added ai-external-secret.yaml template to optionally create the secret from values if not provided. --- charts/intel/templates/ai-external-secret.yaml | 6 +++--- charts/intel/templates/deployment.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/intel/templates/ai-external-secret.yaml b/charts/intel/templates/ai-external-secret.yaml index 3b914e5..706895c 100644 --- a/charts/intel/templates/ai-external-secret.yaml +++ b/charts/intel/templates/ai-external-secret.yaml @@ -1,11 +1,11 @@ -{{- if and .Values.ai.enabled (eq .Values.ai.mode "external") }} +{{- if and .Values.ai.enabled (eq .Values.ai.mode "external") (or (not .Values.ai.externalSecret.name) .Values.ai.externalSecret.create) }} apiVersion: v1 kind: Secret metadata: - name: ai-external-secret + name: {{ .Values.ai.externalSecret.name | default (printf "%s-ai-external-secret" (include "codetogether.fullname" .)) }} namespace: {{ .Release.Namespace }} type: Opaque stringData: - api-key: {{ .Values.ai.apiKey | quote }} + api-key: {{ .Values.ai.externalSecret.apiKey | quote }} {{- end }} diff --git a/charts/intel/templates/deployment.yaml b/charts/intel/templates/deployment.yaml index b07acfc..05a88b2 100644 --- a/charts/intel/templates/deployment.yaml +++ b/charts/intel/templates/deployment.yaml @@ -55,7 +55,7 @@ spec: - name: AI_EXTERNAL_API_KEY valueFrom: secretKeyRef: - name: ai-external-secret + name: {{ .Values.ai.externalSecret.name | default (printf "%s-ai-external-secret" (include "codetogether.fullname" .)) }} key: api-key {{- end }} {{- end }} From f471e00fc2fdcd92b87d22e1ceaa431c17807aa0 Mon Sep 17 00:00:00 2001 From: engineering Date: Fri, 13 Jun 2025 13:13:54 -0600 Subject: [PATCH 5/6] Fixing helm template validations --- charts/intel/templates/ai-external-secret.yaml | 7 ++++--- charts/intel/templates/deployment.yaml | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/charts/intel/templates/ai-external-secret.yaml b/charts/intel/templates/ai-external-secret.yaml index 706895c..ebd6468 100644 --- a/charts/intel/templates/ai-external-secret.yaml +++ b/charts/intel/templates/ai-external-secret.yaml @@ -1,11 +1,12 @@ -{{- if and .Values.ai.enabled (eq .Values.ai.mode "external") (or (not .Values.ai.externalSecret.name) .Values.ai.externalSecret.create) }} +{{- $extSecret := (index .Values.ai "externalSecret" | default dict) }} +{{- if and .Values.ai.enabled (eq .Values.ai.mode "external") (or (not $extSecret.name) $extSecret.create) }} apiVersion: v1 kind: Secret metadata: - name: {{ .Values.ai.externalSecret.name | default (printf "%s-ai-external-secret" (include "codetogether.fullname" .)) }} + name: {{ $extSecret.name | default (printf "%s-ai-external-secret" (include "codetogether.fullname" .)) }} namespace: {{ .Release.Namespace }} type: Opaque stringData: - api-key: {{ .Values.ai.externalSecret.apiKey | quote }} + api-key: {{ $extSecret.apiKey | quote }} {{- end }} diff --git a/charts/intel/templates/deployment.yaml b/charts/intel/templates/deployment.yaml index 05a88b2..121e800 100644 --- a/charts/intel/templates/deployment.yaml +++ b/charts/intel/templates/deployment.yaml @@ -55,7 +55,7 @@ spec: - name: AI_EXTERNAL_API_KEY valueFrom: secretKeyRef: - name: {{ .Values.ai.externalSecret.name | default (printf "%s-ai-external-secret" (include "codetogether.fullname" .)) }} + name: {{ (index .Values.ai "externalSecret" | default dict).name | default (printf "%s-ai-external-secret" (include "codetogether.fullname" .)) }} key: api-key {{- end }} {{- end }} From fbb6616659993fde530a6f968a0c5996e861086f Mon Sep 17 00:00:00 2001 From: engineering Date: Fri, 13 Jun 2025 17:37:08 -0600 Subject: [PATCH 6/6] Adding values configuration --- charts/intel/templates/external-config.yaml | 20 -------------------- charts/intel/values.yaml | 11 +++++------ 2 files changed, 5 insertions(+), 26 deletions(-) delete mode 100644 charts/intel/templates/external-config.yaml diff --git a/charts/intel/templates/external-config.yaml b/charts/intel/templates/external-config.yaml deleted file mode 100644 index cf9c853..0000000 --- a/charts/intel/templates/external-config.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# ai-config.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: ai-config - namespace: portal -data: - ai_provider: "" - ai_url: https:// - ---- -# ai-external-secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: ai-external-secret - namespace: portal -type: Opaque -stringData: - api-key: "" \ No newline at end of file diff --git a/charts/intel/values.yaml b/charts/intel/values.yaml index ab0f8fe..212f90d 100644 --- a/charts/intel/values.yaml +++ b/charts/intel/values.yaml @@ -141,19 +141,18 @@ securityContext: {} ai: enabled: false mode: "bundled" # Options: bundled | external - provider: "ollama" # No OpenAI dependency - resources: + image: + repository: hub.edge.codetogether.com/releases/codetogether-llm + tag: latest + resources: # Recommended resources configuration requests: cpu: "2" memory: "4Gi" gpu: false limits: cpu: "4" - memory: "8Gi" + memory: "4Gi" gpu: false - image: - repository: registry.digitalocean.com/codetogether-registry/codetogether-llm - tag: latest readinessProbe: