diff --git a/helm/gopie/Chart.lock b/helm/gopie/Chart.lock index 6b6abf67..2072112f 100644 --- a/helm/gopie/Chart.lock +++ b/helm/gopie/Chart.lock @@ -8,5 +8,8 @@ dependencies: - name: qdrant repository: https://qdrant.github.io/qdrant-helm version: 1.12.5 -digest: sha256:8734b9e4d640b3b6e7876ce5fd50fa427a2b1b50d38ec46c2db867b7af200f4d -generated: "2025-11-21T17:03:39.309977+05:30" +# - name: zitadel +# repository: https://charts.zitadel.com +# version: 8.6.2 +# digest: sha256:800337654c501f38ca60acfb645b2bca91383e69829ad787af340293010dec7a +# generated: "2026-01-09T11:51:20.510797+05:30" diff --git a/helm/gopie/Chart.yaml b/helm/gopie/Chart.yaml index 22936843..85225a1c 100644 --- a/helm/gopie/Chart.yaml +++ b/helm/gopie/Chart.yaml @@ -50,3 +50,8 @@ dependencies: repository: https://qdrant.github.io/qdrant-helm condition: qdrant.enabled + # - name: zitadel + # version: 8.6.2 + # repository: https://charts.zitadel.com + # condition: zitadel.enabled + diff --git a/helm/gopie/charts/zitadel-8.6.2.tgz b/helm/gopie/charts/zitadel-8.6.2.tgz new file mode 100644 index 00000000..39a03b05 Binary files /dev/null and b/helm/gopie/charts/zitadel-8.6.2.tgz differ diff --git a/helm/gopie/templates/_pod-chat-server.tpl b/helm/gopie/templates/_pod-chat-server.tpl index d6943ce9..dc8436f9 100644 --- a/helm/gopie/templates/_pod-chat-server.tpl +++ b/helm/gopie/templates/_pod-chat-server.tpl @@ -55,5 +55,28 @@ tolerations: {{- toYaml . | nindent 2 }} {{- end }} volumes: - {{- toYaml .Values.chatserver.volumes | nindent 6 }} + {{- range .Values.chatserver.extraVolumes }} + - name: {{ .name }} + {{- if .existingClaim }} + persistentVolumeClaim: + claimName: {{ .existingClaim }} + {{- else if .hostPath }} + hostPath: + {{- toYaml .hostPath | nindent 6 }} + {{- else if .csi }} + csi: + {{- toYaml .csi | nindent 6 }} + {{- else if .configMap }} + configMap: + {{- toYaml .configMap | nindent 6 }} + {{- else if .secret }} + secret: + {{- toYaml .secret | nindent 6 }} + {{- else if .emptyDir }} + emptyDir: + {{- toYaml .emptyDir | nindent 6 }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} {{- end }} \ No newline at end of file diff --git a/helm/gopie/templates/_pod-server.tpl b/helm/gopie/templates/_pod-server.tpl index e9ca081b..6b4bf8eb 100644 --- a/helm/gopie/templates/_pod-server.tpl +++ b/helm/gopie/templates/_pod-server.tpl @@ -53,26 +53,26 @@ containers: {{- toYaml .Values.deployment.readinessProbe | nindent 6 }} {{- end }} {{- if .Values.deployment.env }} - {{- with .Values.deployment.env }} env: - {{- toYaml . | nindent 6 }} - {{- end }} + {{- toYaml .Values.deployment.env | nindent 6 }} + {{- else }} + env: + - name: GOPIE_POSTGRES_HOST + value: {{ printf "%s-postgresql" $root.Release.Name | quote }} + - name: GOPIE_POSTGRES_DB + value: {{ $root.Values.postgresql.auth.database }} + - name: GOPIE_POSTGRES_USER + value: postgres + - name: GOPIE_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ printf "%s-postgresql" $root.Release.Name }} + key: postgres-password + - name: GOPIE_POSTGRES_PORT + value: "5432" + - name: GOPIE_AIAGENT_URL + value: {{ printf "http://%s-chatserver:%v" $root.Release.Name ($root.Values.chatserver.service.portNumber | default 8000) }} {{- end }} - # - name: GOPIE_POSTGRES_HOST - # value: {{ printf "%s-postgresql" $root.Release.Name | quote }} - # - name: GOPIE_POSTGRES_DB - # value: {{ $root.Values.postgresql.auth.database }} - # - name: GOPIE_POSTGRES_USER - # value: postgres - # - name: GOPIE_POSTGRES_PASSWORD - # valueFrom: - # secretKeyRef: - # name: {{ printf "%s-postgresql" $root.Release.Name }} - # key: postgres-password - # - name: GOPIE_POSTGRES_PORT - # value: "5432" - # - name: GOPIE_AIAGENT_URL - # value: {{ printf "http://%s-chatserver:%v" $root.Release.Name ($root.Values.chatserver.service.portNumber | default 8000) }} resources: {{- toYaml .Values.deployment.resources | nindent 6 }} volumeMounts: @@ -95,8 +95,31 @@ tolerations: {{- toYaml . | nindent 2 }} {{- end }} volumes: - {{- toYaml .Values.deployment.volumes | nindent 6 }} - {{- end }} + {{- range .Values.deployment.extraVolumes }} + - name: {{ .name }} + {{- if .existingClaim }} + persistentVolumeClaim: + claimName: {{ .existingClaim }} + {{- else if .hostPath }} + hostPath: + {{- toYaml .hostPath | nindent 6 }} + {{- else if .csi }} + csi: + {{- toYaml .csi | nindent 6 }} + {{- else if .configMap }} + configMap: + {{- toYaml .configMap | nindent 6 }} + {{- else if .secret }} + secret: + {{- toYaml .secret | nindent 6 }} + {{- else if .emptyDir }} + emptyDir: + {{- toYaml .emptyDir | nindent 6 }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} +{{- end }} @@ -152,27 +175,29 @@ containers: readinessProbe: {{- toYaml .Values.stateful.readinessProbe | nindent 6 }} {{- end }} - env: - # - name: GOPIE_POSTGRES_HOST - # value: {{ printf "%s-postgresql" $root.Release.Name | quote }} - # - name: GOPIE_POSTGRES_DB - # value: {{ $root.Values.postgresql.auth.database }} - # - name: GOPIE_POSTGRES_USER - # value: postgres - # - name: GOPIE_POSTGRES_PASSWORD - # valueFrom: - # secretKeyRef: - # name: {{ printf "%s-postgresql" $root.Release.Name }} - # key: postgres-password - # - name: GOPIE_POSTGRES_PORT - # value: "5432" - # - name: GOPIE_AIAGENT_URL - # value: {{ printf "http://%s-chatserver:%v" $root.Release.Name ($root.Values.chatserver.service.portNumber | default 8000) }} {{- if .Values.stateful.env }} + env: {{- range .Values.stateful.env }} - name: {{ .name }} value: {{ .value | quote }} {{- end }} + {{- else }} + env: + - name: GOPIE_POSTGRES_HOST + value: {{ printf "%s-postgresql" $root.Release.Name | quote }} + - name: GOPIE_POSTGRES_DB + value: {{ $root.Values.postgresql.auth.database }} + - name: GOPIE_POSTGRES_USER + value: postgres + - name: GOPIE_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ printf "%s-postgresql" $root.Release.Name }} + key: postgres-password + - name: GOPIE_POSTGRES_PORT + value: "5432" + - name: GOPIE_AIAGENT_URL + value: {{ printf "http://%s-chatserver:%v" $root.Release.Name ($root.Values.chatserver.service.portNumber | default 8000) }} {{- end }} resources: {{- toYaml .Values.stateful.resources | nindent 6 }} volumeMounts: diff --git a/helm/gopie/templates/_pod-web.tpl b/helm/gopie/templates/_pod-web.tpl index e0ba4563..15a68575 100644 --- a/helm/gopie/templates/_pod-web.tpl +++ b/helm/gopie/templates/_pod-web.tpl @@ -53,5 +53,28 @@ tolerations: {{- toYaml . | nindent 2 }} {{- end }} volumes: - {{- toYaml .Values.web.volumes | nindent 6 }} + {{- range .Values.web.extraVolumes }} + - name: {{ .name }} + {{- if .existingClaim }} + persistentVolumeClaim: + claimName: {{ .existingClaim }} + {{- else if .hostPath }} + hostPath: + {{- toYaml .hostPath | nindent 6 }} + {{- else if .csi }} + csi: + {{- toYaml .csi | nindent 6 }} + {{- else if .configMap }} + configMap: + {{- toYaml .configMap | nindent 6 }} + {{- else if .secret }} + secret: + {{- toYaml .secret | nindent 6 }} + {{- else if .emptyDir }} + emptyDir: + {{- toYaml .emptyDir | nindent 6 }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} {{- end }} \ No newline at end of file diff --git a/helm/gopie/templates/chat-server/pdb.yaml b/helm/gopie/templates/chat-server/pdb.yaml new file mode 100644 index 00000000..6dccaf9e --- /dev/null +++ b/helm/gopie/templates/chat-server/pdb.yaml @@ -0,0 +1,18 @@ +{{- if .Values.chatserver.podDisruptionBudget.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "chatserver.name" . }}-pdb + namespace: {{ include "chatserver.namespace" . }} + labels: + {{ include "chatserver.labels" . | nindent 4 }} +spec: + {{- if .Values.chatserver.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.chatserver.podDisruptionBudget.minAvailable }} + {{- else if .Values.chatserver.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.chatserver.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + {{ include "chatserver.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/helm/gopie/templates/server/pdb.yaml b/helm/gopie/templates/server/pdb.yaml new file mode 100644 index 00000000..a0140574 --- /dev/null +++ b/helm/gopie/templates/server/pdb.yaml @@ -0,0 +1,18 @@ +{{- if .Values.deployment.podDisruptionBudget.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "server.name" . }}-pdb + namespace: {{ include "gopie.namespace" . }} + labels: + {{ include "server.labels" . | nindent 4 }} +spec: + {{- if .Values.deployment.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.deployment.podDisruptionBudget.minAvailable }} + {{- else if .Values.deployment.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.deployment.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + {{ include "server.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/helm/gopie/templates/server/servicemonitor.yaml b/helm/gopie/templates/server/servicemonitor.yaml new file mode 100644 index 00000000..105f067d --- /dev/null +++ b/helm/gopie/templates/server/servicemonitor.yaml @@ -0,0 +1,17 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "server.name" . }} + namespace: {{ include "gopie.namespace" . }} + labels: + {{- include "server.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "server.selectorLabels" . | nindent 6 }} + endpoints: + - port: metrics + path: /metrics + interval: 30s + scrapeTimeout: 10s + honorLabels: true diff --git a/helm/gopie/templates/web/pdb.yaml b/helm/gopie/templates/web/pdb.yaml new file mode 100644 index 00000000..6c36197b --- /dev/null +++ b/helm/gopie/templates/web/pdb.yaml @@ -0,0 +1,18 @@ +{{- if .Values.web.podDisruptionBudget.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "web.name" . }}-pdb + namespace: {{ include "gopie.namespace" . }} + labels: + {{ include "web.labels" . | nindent 4 }} +spec: + {{- if .Values.web.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.web.podDisruptionBudget.minAvailable }} + {{- else if .Values.web.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.web.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + {{ include "web.selectorLabels" . | nindent 6 }} +{{- end }} \ No newline at end of file diff --git a/helm/gopie/values.yaml b/helm/gopie/values.yaml index af3f7275..b9937d57 100644 --- a/helm/gopie/values.yaml +++ b/helm/gopie/values.yaml @@ -22,17 +22,99 @@ deployment: annotations: {} # Annotations for deployment resources Podannotations: {} # Annotations for pods - env: [] - - # Environment variables for the container - # Example: - # - name: GOPIE_API_SERVER_HOST - # value: "localhost" + env: + - name: POSTGRES_USER + value: "postgres" + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: gopie-postgresql + key: postgres-password + - name: POSTGRES_DB + value: "gopie" + - name: POSTGRES_HOST + value: "gopie-postgresql" + - name: POSTGRES_PORT + value: "5432" + - name: GOPIE_LOGGER_LEVEL + value: "info" + - name: GOPIE_LOGGER_FILE + value: "gopie.log" + - name: GOPIE_LOGGER_MODE + value: "dev" + - name: GOPIE_OPENAI_APIKEY + value: "bRUBnBaNaOg8Qou7B7jVHsuIVsc=" + - name: GOPIE_OPENAI_BASEURL + value: "https://api.portkey.ai/v1" + - name: GOPIE_OPENAI_MODEL + value: "o3-mini" + - name: GOPIE_OPENAI_OPTIONS + value: "x-portkey-virtual-key=openai-test-11e8b7,x-portkey-api-key=bRUBnBaNaOg8Qou7B7jVHsuIVsc=" + - name: GOPIE_DUCKDB_PATH + value: "./dataful/gopie.duckdb" + - name: GOPIE_OLAPDB_ACCESS_MODE + value: "read_write" + - name: GOPIE_OLAPDB_DBTYPE + value: "motherduck" + - name: GOPIE_MOTHERDUCK_TOKEN + value: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImFrc2hpdGgua2F0a3VyaUBmYWN0bHkuaW4iLCJzZXNzaW9uIjoiYWtzaGl0aC5rYXRrdXJpLmZhY3RseS5pbiIsInBhdCI6InVXY3hLakNuVVhvQ2RYd3lUSFdjZ1ZnUHpmaTFId2NjdWxSWkFhNmUyMVEiLCJ1c2VySWQiOiJhYTgwZmU0My1kNTdmLTRlNTQtOGRkNS1iNzA5NDY2NTExMmEiLCJpc3MiOiJtZF9wYXQiLCJyZWFkT25seSI6ZmFsc2UsInRva2VuVHlwZSI6InJlYWRfd3JpdGUiLCJpYXQiOjE3NTQ1NTE5ODh9.3cAa_0z5CrGQgU6r4SYlj_oc6yrQOH2UkpdU8fSLgT4" + - name: GOPIE_MOTHERDUCK_DB_NAME + value: "test" + - name: GOPIE_MOTHERDUCK_HELPER_DB_DIR_PATH + value: "./motherduck" + - name: GOPIE_CORS_HANDLED_BY_INGRESS + value: "false" + - name: GOPIE_POSTGRES_HOST + value: "gopie-postgresql" + - name: GOPIE_POSTGRES_PORT + value: "5432" + - name: GOPIE_POSTGRES_DB + value: "gopie" + - name: GOPIE_POSTGRES_USER + value: "postgres" + - name: GOPIE_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: gopie-postgresql + key: postgres-password + - name: GOPIE_POSTGRES_SSLMODE + value: "disable" + - name: GOPIE_AIAGENT_URL + value: "http://chat-server:8003" + - name: GOPIE_ENCRYPTION_KEY + value: "E5B8A0F3C1D9E7B2A5F0C3D8E6B1A4F2" + - name: GOPIE_ENABLED_SERVERS + value: "api" + - name: GOPIE_S3_ACCESS_KEY + value: "IHJWCLQNI113NEQODJXT" + - name: GOPIE_S3_SECRET_KEY + value: "HeH6eHrfdmS0i55C6UZz0KgJDvp9ODjEfMB4YVVh" + - name: GOPIE_S3_ENDPOINT + value: "https://s3.eu-central-1.wasabisys.com" + - name: GOPIE_S3_SSL + value: "true" + - name: GOPIE_S3_REGION + value: "eu-central-1" + - name: GOPIE_DOWNLOADS_S3_BUCKET + value: "downloads" initContainers: # List of init containers to run before the app container - name: gopie-migrate # Example init container for DB migration image: "factly/gopie-migrate:latest" # Image for the init container (e.g., your-registry/gopie-migrate:tag) - env: [] # Environment variables for the init container + command: + - sh + - -c + - | + export PGPASSWORD="${POSTGRES_PASSWORD}" + goose postgres "host=gopie-postgresql port=5432 user=postgres dbname=gopie sslmode=disable" up + env: + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: gopie-postgresql + key: postgres-password + - name: GOOSE_MIGRATION_DIR + value: /app/migrations podSecurityContext: {} # Pod-level security context (e.g., fsGroup) # Example: @@ -58,15 +140,29 @@ deployment: targetCPUUtilizationPercentage: 80 # Target average CPU usage targetMemoryUtilizationPercentage: 80 # Target average Memory usage + podDisruptionBudget: + enabled: false # Enable Pod Disruption Budget for high availability + maxUnavailable: 1 # Maximum number of pods that can be unavailable during voluntary disruptions + # Uncomment and configure liveness/readiness probes if needed - livenessProbe: {} - # httpGet: - # path: / - # port: http - readinessProbe: {} - # httpGet: - # path: / - # port: http + livenessProbe: + httpGet: + path: /health/live # Health endpoint to check application liveness + port: http # Port to use for health checks + initialDelaySeconds: 60 # Wait 60s after container starts before first check (allows app startup) + periodSeconds: 10 # Check health every 10 seconds + timeoutSeconds: 5 # Wait up to 5 seconds for health check response + successThreshold: 1 # Need 1 successful check to be considered healthy + failureThreshold: 3 # Restart container after 3 consecutive failures + readinessProbe: + httpGet: + path: /health/ready # Health endpoint to check application readiness + port: http # Port to use for readiness checks + initialDelaySeconds: 10 # Wait 10s after container starts before first check + periodSeconds: 5 # Check readiness every 5 seconds + timeoutSeconds: 3 # Wait up to 3 seconds for readiness check response + successThreshold: 1 # Need 1 successful check to be considered ready + failureThreshold: 3 # Stop traffic to pod after 3 consecutive failures nodeSelector: {} # Node selector for scheduling the pods @@ -76,16 +172,31 @@ deployment: extraVolumeMounts: [] # Additional volume mounts for the container # Example: - # - name: zitadel-key - # mountPath: ./home/gopie/zitadel_key.json - # subPath: zitadel_key.json + # - name: config-volume + # mountPath: /etc/config + # readOnly: true + # - name: data-volume + # mountPath: /data + # subPath: myapp-data extraVolumes: [] # Additional volumes for the pod - # Example: - # - name: zitadel-key + # Supports: persistentVolumeClaim, hostPath, configMap, secret, emptyDir, csi + # Examples: + # - name: config-volume + # configMap: + # name: app-config + # - name: secret-volume # secret: - # secretName: zitadel-key - volumes: [] + # secretName: app-secrets + # - name: data-volume + # existingClaim: my-pvc + # - name: host-volume + # hostPath: + # path: /mnt/data + # type: Directory + # - name: cache-volume + # emptyDir: + # sizeLimit: 1Gi stateful: @@ -101,15 +212,99 @@ stateful: annotations: {} # Annotations for deployment resources Podannotations: {} # Annotations for pods - env: [] # Environment variables for the container - # Example: - # - name: GOPIE_API_SERVER_HOST - # value: "localhost" + env: + - name: POSTGRES_USER + value: "postgres" + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: gopie-postgresql + key: postgres-password + - name: POSTGRES_DB + value: "gopie" + - name: POSTGRES_HOST + value: "gopie-postgresql" + - name: POSTGRES_PORT + value: "5432" + - name: GOPIE_LOGGER_LEVEL + value: "info" + - name: GOPIE_LOGGER_FILE + value: "gopie.log" + - name: GOPIE_LOGGER_MODE + value: "dev" + - name: GOPIE_OPENAI_APIKEY + value: "bRUBnBaNaOg8Qou7B7jVHsuIVsc=" + - name: GOPIE_OPENAI_BASEURL + value: "https://api.portkey.ai/v1" + - name: GOPIE_OPENAI_MODEL + value: "o3-mini" + - name: GOPIE_OPENAI_OPTIONS + value: "x-portkey-virtual-key=openai-test-11e8b7,x-portkey-api-key=bRUBnBaNaOg8Qou7B7jVHsuIVsc=" + - name: GOPIE_DUCKDB_PATH + value: "./dataful/gopie.duckdb" + - name: GOPIE_OLAPDB_ACCESS_MODE + value: "read_write" + - name: GOPIE_OLAPDB_DBTYPE + value: "motherduck" + - name: GOPIE_MOTHERDUCK_TOKEN + value: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImFrc2hpdGgua2F0a3VyaUBmYWN0bHkuaW4iLCJzZXNzaW9uIjoiYWtzaGl0aC5rYXRrdXJpLmZhY3RseS5pbiIsInBhdCI6InVXY3hLakNuVVhvQ2RYd3lUSFdjZ1ZnUHpmaTFId2NjdWxSWkFhNmUyMVEiLCJ1c2VySWQiOiJhYTgwZmU0My1kNTdmLTRlNTQtOGRkNS1iNzA5NDY2NTExMmEiLCJpc3MiOiJtZF9wYXQiLCJyZWFkT25seSI6ZmFsc2UsInRva2VuVHlwZSI6InJlYWRfd3JpdGUiLCJpYXQiOjE3NTQ1NTE5ODh9.3cAa_0z5CrGQgU6r4SYlj_oc6yrQOH2UkpdU8fSLgT4" + - name: GOPIE_MOTHERDUCK_DB_NAME + value: "test" + - name: GOPIE_MOTHERDUCK_HELPER_DB_DIR_PATH + value: "./motherduck" + - name: GOPIE_CORS_HANDLED_BY_INGRESS + value: "false" + - name: GOPIE_POSTGRES_HOST + value: "gopie-postgresql" + - name: GOPIE_POSTGRES_PORT + value: "5432" + - name: GOPIE_POSTGRES_DB + value: "gopie" + - name: GOPIE_POSTGRES_USER + value: "postgres" + - name: GOPIE_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: gopie-postgresql + key: postgres-password + - name: GOPIE_POSTGRES_SSLMODE + value: "disable" + - name: GOPIE_AIAGENT_URL + value: "http://chat-server:8003" + - name: GOPIE_ENCRYPTION_KEY + value: "E5B8A0F3C1D9E7B2A5F0C3D8E6B1A4F2" + - name: GOPIE_ENABLED_SERVERS + value: "api" + - name: GOPIE_S3_ACCESS_KEY + value: "IHJWCLQNI113NEQODJXT" + - name: GOPIE_S3_SECRET_KEY + value: "HeH6eHrfdmS0i55C6UZz0KgJDvp9ODjEfMB4YVVh" + - name: GOPIE_S3_ENDPOINT + value: "https://s3.eu-central-1.wasabisys.com" + - name: GOPIE_S3_SSL + value: "true" + - name: GOPIE_S3_REGION + value: "eu-central-1" + - name: GOPIE_DOWNLOADS_S3_BUCKET + value: "downloads" initContainers: # List of init containers to run before the app container - name: gopie-migrate # Example init container for DB migration image: "factly/gopie-migrate:latest" # Image for the init container - env: [] # Environment variables for the init container + command: + - sh + - -c + - | + export PGPASSWORD="${POSTGRES_PASSWORD}" + goose postgres "host=gopie-postgresql port=5432 user=postgres dbname=gopie sslmode=disable" up + env: + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: gopie-postgresql + key: postgres-password + - name: GOOSE_MIGRATION_DIR + value: /app/migrations podSecurityContext: {} # Pod-level security context (e.g., fsGroup) # Example: @@ -128,14 +323,24 @@ stateful: # memory: 100Mi # Uncomment and configure liveness/readiness probes if needed - livenessProbe: {} - # httpGet: - # path: / - # port: http - readinessProbe: {} - # httpGet: - # path: / - # port: http + livenessProbe: + httpGet: + path: /health/live # Health endpoint to check application liveness + port: http # Port to use for health checks + initialDelaySeconds: 60 # Wait 60s after container starts before first check (allows app startup) + periodSeconds: 10 # Check health every 10 seconds + timeoutSeconds: 5 # Wait up to 5 seconds for health check response + successThreshold: 1 # Need 1 successful check to be considered healthy + failureThreshold: 3 # Restart container after 3 consecutive failures + readinessProbe: + httpGet: + path: /health/ready # Health endpoint to check application readiness + port: http # Port to use for readiness checks + initialDelaySeconds: 10 # Wait 10s after container starts before first check + periodSeconds: 5 # Check readiness every 5 seconds + timeoutSeconds: 3 # Wait up to 3 seconds for readiness check response + successThreshold: 1 # Need 1 successful check to be considered ready + failureThreshold: 3 # Stop traffic to pod after 3 consecutive failures nodeSelector: {} # Node selector for scheduling the pods @@ -143,17 +348,50 @@ stateful: affinity: {} # Pod affinity/anti-affinity rules - extraVolumeMounts: [] # Additional volume mounts for the container - # Example: - # - name: zitadel-key - # mountPath: ./home/gopie/zitadel_key.json - # subPath: zitadel_key.json - - extraVolumes: [] # Additional volumes for the pod + extraVolumeMounts: # Additional volume mounts for the container # Example: - # - name: zitadel-key + # - name: config-volume + # mountPath: /etc/config + # readOnly: true + # - name: data-volume + # mountPath: /data + # subPath: myapp-data + # - name: test-config + # mountPath: /etc/test-config + # readOnly: true + # - name: test-secret + # mountPath: /etc/test-secret + # readOnly: true + # - name: test-cache + # mountPath: /tmp/cache + + extraVolumes: # Additional volumes for the pod + # Supports: persistentVolumeClaim, hostPath, configMap, secret, emptyDir, csi + # Examples: + # - name: config-volume + # configMap: + # name: app-config + # - name: secret-volume # secret: - # secretName: zitadel-key + # secretName: app-secrets + # - name: data-volume + # existingClaim: my-pvc + # - name: host-volume + # hostPath: + # path: /mnt/data + # type: Directory + # - name: cache-volume + # emptyDir: + # sizeLimit: 1Gi + # - name: test-config + # configMap: + # name: test-config-map + # - name: test-secret + # secret: + # secretName: test-secret + # - name: test-cache + # emptyDir: + # sizeLimit: 500Mi persistence: # Persistent volume claim configuration type: pvc # Type of persistence: pvc or hostPath @@ -180,6 +418,7 @@ serviceAccount: automount: true # Auto-mount API credentials for the service account annotations: {} # Annotations for the service account name: "" # Existing service account name to use + extraLabels: {} # Extra labels to add to service account service: ports: @@ -187,7 +426,17 @@ service: targetPort: http protocol: TCP name: http + - port: 8001 + targetPort: 8001 + protocol: TCP + name: metrics + - port: 8002 + targetPort: 8002 + protocol: TCP + name: admin type: ClusterIP # Kubernetes Service type: ClusterIP, NodePort, LoadBalancer + annotations: {} # Annotations for the service + extraLabels: {} # Extra labels to add to service ingress: enabled: false # Enable ingress for external access @@ -196,6 +445,7 @@ ingress: # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" # cert-manager.io/cluster-issuer: letsencrypt-prod + extraLabels: {} # Extra labels to add to ingress hosts: - host: gopie.example.com paths: @@ -206,6 +456,10 @@ ingress: # hosts: # - gopie.example.com +autoscaling: + annotations: {} # Annotations for HPA + extraLabels: {} # Extra labels to add to HPA + reIndexingJob: # Re-indexing job configuration enabled: false # Enable the re-indexing job image: @@ -216,6 +470,10 @@ reIndexingJob: # Re-indexing job configuration env: [] # Environment variables for the re-indexing job volumeMounts: [] # Additional volume mounts for the re-indexing job volumes: [] # Additional volumes for the re-indexing job + annotations: {} # Annotations for the job + extraLabels: {} # Extra labels to add to job + podAnnotations: {} # Annotations for job pods + extraPodLabels: {} # Extra labels to add to job pods web: @@ -234,20 +492,40 @@ web: annotations: {} # Annotations to add to the Deployment Podannotations: {} # Annotations to add to the pods - env: [] - - # - name: NEXT_PUBLIC_GOPIE_API_URL - # value: https://server.example.com # public_url - # Define environment variables for the container - # Example: - # - name: NEXT_PUBLIC_ENABLE_AUTH - # value: "false" + env: + - name: NEXT_PUBLIC_COMPANION_URL + value: "http://localhost:3020" + - name: NEXT_PUBLIC_GOPIE_API_URL + value: "http://localhost:8000" + - name: NEXT_PUBLIC_ENABLE_AUTH + value: "false" + - name: GOPIE_API_URL + value: "http://gopie-server:8000" + - name: COMPANION_AWS_ENDPOINT + value: "https://s3.eu-central-1.wasabisys.com" + - name: COMPANION_AWS_REGION + value: "eu-central-1" + - name: COMPANION_AWS_BUCKET + value: "prod-factly-gopie-sas-new" + - name: COMPANION_AWS_KEY + value: "IHJWCLQNI113NEQODJXT" + - name: COMPANION_AWS_SECRET + value: "HeH6eHrfdmS0i55C6UZz0KgJDvp9ODjEfMB4YVVh" + - name: COMPANION_DOMAIN + value: "localhost:3020" + - name: COMPANION_PROTOCOL + value: "http" + - name: COMPANION_DATADIR + value: "/" + - name: COMPANION_SELF_ENDPOINT + value: "localhost:3020" serviceAccount: create: false # Whether to create a new Kubernetes service account automount: true # Auto-mount the service account token in the pod annotations: {} # Annotations for the service account name: "" # Name of an existing service account to use + extraLabels: {} # Extra labels to add to service account podSecurityContext: {} # Security context for the entire pod @@ -264,19 +542,32 @@ web: # runAsNonRoot: true # runAsUser: 1000 - livenessProbe: {} - # httpGet: - # path: / - # port: http - readinessProbe: {} - # httpGet: - # path: / - # port: http + # Uncomment and configure liveness/readiness probes if needed + livenessProbe: + httpGet: + path: / # Root endpoint to check application liveness + port: http # Port to use for health checks + initialDelaySeconds: 30 # Wait 30s after container starts before first check (allows app startup) + periodSeconds: 10 # Check health every 10 seconds + timeoutSeconds: 5 # Wait up to 5 seconds for health check response + successThreshold: 1 # Need 1 successful check to be considered healthy + failureThreshold: 3 # Restart container after 3 consecutive failures + readinessProbe: + httpGet: + path: / # Root endpoint to check application readiness + port: http # Port to use for readiness checks + initialDelaySeconds: 10 # Wait 10s after container starts before first check + periodSeconds: 5 # Check readiness every 5 seconds + timeoutSeconds: 3 # Wait up to 3 seconds for readiness check response + successThreshold: 1 # Need 1 successful check to be considered ready + failureThreshold: 3 # Stop traffic to pod after 3 consecutive failures service: portName: http # Name of the service port type: ClusterIP # Kubernetes Service type (ClusterIP, NodePort, LoadBalancer) portNumber: 3000 # Port the container listens on + annotations: {} # Annotations for the service + extraLabels: {} # Extra labels to add to service resources: {} # Resource requests and limits for the web container @@ -303,6 +594,12 @@ web: maxReplicas: 10 # Maximum number of replicas if autoscaling is enabled targetCPUUtilizationPercentage: 80 # Target average CPU utilization targetMemoryUtilizationPercentage: 80 # Target average Memory utilization + annotations: {} # Annotations for HPA + extraLabels: {} # Extra labels to add to HPA + + podDisruptionBudget: + enabled: false # Enable Pod Disruption Budget for high availability + minAvailable: "90%" # Minimum percentage of pods that must remain available during voluntary disruptions nodeSelector: {} # Node selector for scheduling pods to specific nodes @@ -310,23 +607,40 @@ web: affinity: {} # Affinity rules for pod scheduling - extraVolumeMounts: [] - # Extra volume mounts for the pod + extraVolumeMounts: # Additional volume mounts for the container # Example: - # - name: extra-volume-0 - # mountPath: /mnt/volume0 + # - name: config-volume + # mountPath: /etc/config # readOnly: true + # - name: static-assets + # mountPath: /app/public + # subPath: assets + # - name: web-config + # mountPath: /etc/web-config + # readOnly: true + # - name: web-assets + # mountPath: /app/assets + + extraVolumes: # Additional volumes for the pod + # Supports: persistentVolumeClaim, hostPath, configMap, secret, emptyDir, csi + # Examples: + # - name: config-volume + # configMap: + # name: web-config + # - name: tls-certs + # secret: + # secretName: web-tls + # - name: static-assets + # existingClaim: web-assets-pvc + # - name: nginx-cache + # emptyDir: + # sizeLimit: 500Mi + # - name: web-config + # configMap: + # name: web-config-map + # - name: web-assets + # existingClaim: web-assets-pvc - extraVolumes: [] - # Additional volumes for the pod - # Example: - # - name: extra-volume-0 - # existingClaim: volume-claim - # - name: extra-volume-1 - # hostPath: - # path: /usr/shared/ - # type: "" - volumes: [] ingress: enabled: true # Enable ingress for external access className: "" # Ingress class name (e.g., nginx, traefik) @@ -334,6 +648,7 @@ web: # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" # cert-manager.io/cluster-issuer: letsencrypt-prod + extraLabels: {} # Extra labels to add to ingress hosts: - host: gopie.example.com paths: @@ -360,19 +675,66 @@ chatserver: annotations: {} # Annotations for the Deployment Podannotations: {} # Annotations for pods - env: [] - # Environment variables for the chatserver - # Example: - # - name: GOPIE_API_ENDPOINT - # value: "GOPIE_URL" - # - name: E2B_API_KEY - # value: "" + env: + - name: CHAT_GOPIE_API_ENDPOINT + value: "http://gopie-server:8001" + - name: CHAT_E2B_API_KEY + value: "e2b_d07b6fb3ffab800b95c68b7646ca1d88cce8dd74" + - name: CHAT_LLM_GATEWAY_PROVIDER + value: "openrouter" + - name: CHAT_EMBEDDING_GATEWAY_PROVIDER + value: "openai" + - name: OPENAI_API_KEY + value: "" + - name: CHAT_OPENROUTER_API_KEY + value: "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" + - name: CHAT_OPENROUTER_BASE_URL + value: "https://openrouter.ai/api/v1" + - name: CHAT_FAST_MODEL + value: "google/gemini-2.5-flash" + - name: CHAT_BALANCED_MODEL + value: "google/gemini-2.5-flash" + - name: CHAT_ADVANCED_MODEL + value: "google/gemini-2.5-pro" + - name: CHAT_S3_HOST + value: "http://minio:9000" + - name: CHAT_S3_ACCESS_KEY + value: "minioadmin" + - name: CHAT_S3_SECRET_KEY + value: "minioadmin" + - name: CHAT_S3_BUCKET + value: "gopie" + - name: CHAT_S3_REGION + value: "us-central-1" + - name: CHAT_DEFAULT_LLM_MODEL + value: "google/gemini-2.5-flash" + - name: CHAT_DEFAULT_EMBEDDING_MODEL + value: "text-embedding-3-large" + - name: CHAT_QDRANT_HOST + value: "gopie-qdrant" + - name: CHAT_QDRANT_COLLECTION + value: "dataset_collection_prod" + - name: CHAT_QDRANT_PORT + value: "6333" + - name: CHAT_QDRANT_TOP_K + value: "5" + - name: CHAT_LANGSMITH_TRACING + value: "true" + - name: CHAT_LANGSMITH_ENDPOINT + value: "https://api.smith.langchain.com" + - name: CHAT_LANGSMITH_API_KEY + value: "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" + - name: CHAT_LANGSMITH_PROJECT + value: "gopie-chat-server-local" + - name: CHAT_LANGSMITH_PROMPT + value: "false" serviceAccount: create: false # Whether to create a new service account automount: true # Auto-mount the service account token in the pod annotations: {} # Annotations for the service account name: "" # Existing service account name + extraLabels: {} # Extra labels to add to service account podSecurityContext: {} # Pod-level security context @@ -391,6 +753,8 @@ chatserver: portName: http # Service port name type: ClusterIP # Service type portNumber: 8000 # Port the container listens on + annotations: {} # Annotations for the service + extraLabels: {} # Extra labels to add to service resources: {} # Resource requests and limits for the chatserver container @@ -401,14 +765,25 @@ chatserver: # cpu: 100m # memory: 128Mi - livenessProbe: {} - # httpGet: - # path: / - # port: http - readinessProbe: {} - # httpGet: - # path: / - # port: http + # Uncomment and configure liveness/readiness probes if needed + # livenessProbe: + # httpGet: + # path: /health/live # Health endpoint to check application liveness + # port: http # Port to use for health checks + # initialDelaySeconds: 60 # Wait 60s after container starts before first check (allows app startup) + # periodSeconds: 10 # Check health every 10 seconds + # timeoutSeconds: 5 # Wait up to 5 seconds for health check response + # successThreshold: 1 # Need 1 successful check to be considered healthy + # failureThreshold: 3 # Restart container after 3 consecutive failures + # readinessProbe: + # httpGet: + # path: /health/ready # Health endpoint to check application readiness + # port: http # Port to use for readiness checks + # initialDelaySeconds: 10 # Wait 10s after container starts before first check + # periodSeconds: 5 # Check readiness every 5 seconds + # timeoutSeconds: 3 # Wait up to 3 seconds for readiness check response + # successThreshold: 1 # Need 1 successful check to be considered ready + # failureThreshold: 3 # Stop traffic to pod after 3 consecutive failures autoscaling: enabled: false # Enable autoscaling for the chatserver @@ -416,6 +791,12 @@ chatserver: maxReplicas: 100 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 + annotations: {} # Annotations for HPA + extraLabels: {} # Extra labels to add to HPA + + podDisruptionBudget: + enabled: false # Enable Pod Disruption Budget for high availability + maxUnavailable: 1 # Maximum number of pods that can be unavailable during voluntary disruptions nodeSelector: {} # Node selector rules @@ -423,21 +804,38 @@ chatserver: affinity: {} # Affinity rules - extraVolumeMounts: [] - # Additional volume mounts - # - name: extra-volume-0 - # mountPath: /mnt/volume0 + extraVolumeMounts: # Additional volume mounts for the container + # Example: + # - name: config-volume + # mountPath: /etc/config # readOnly: true - - extraVolumes: [] - # Additional volumes - # - name: extra-volume-0 - # existingClaim: volume-claim - # - name: extra-volume-1 - # hostPath: - # path: /usr/shared/ - # type: "" - volumes: [] + # - name: static-assets + # mountPath: /app/public + # subPath: assets + # - name: chat-models + # mountPath: /app/models + # - name: chat-logs + # mountPath: /app/logs + + extraVolumes: # Additional volumes for the pod + # Supports: persistentVolumeClaim, hostPath, configMap, secret, emptyDir, csi + # Examples: + # - name: config-volume + # configMap: + # name: web-config + # - name: tls-certs + # secret: + # secretName: web-tls + # - name: static-assets + # existingClaim: web-assets-pvc + # - name: nginx-cache + # emptyDir: + # sizeLimit: 500Mi + # - name: chat-models + # existingClaim: chat-models-pvc + # - name: chat-logs + # emptyDir: + # sizeLimit: 1Gi postgresql: @@ -452,10 +850,25 @@ postgresql: companion: enabled: true # Enable or disable the Companion service - env: [] - # Environment variables for Companion service - # - name: COMPANION_PROTOCOL # Protocol to use (http/https) - # value: https + env: + - name: COMPANION_AWS_ENDPOINT + value: "https://s3.eu-central-1.wasabisys.com" + - name: COMPANION_AWS_REGION + value: "eu-central-1" + - name: COMPANION_AWS_BUCKET + value: "prod-factly-gopie-sas-new" + - name: COMPANION_AWS_KEY + value: "IHJWCLQNI113NEQODJXT" + - name: COMPANION_AWS_SECRET + value: "HeH6eHrfdmS0i55C6UZz0KgJDvp9ODjEfMB4YVVh" + - name: COMPANION_DOMAIN + value: "localhost:3020" + - name: COMPANION_PROTOCOL + value: "http" + - name: COMPANION_DATADIR + value: "/" + - name: COMPANION_SELF_ENDPOINT + value: "localhost:3020" # # - name: COMPANION_PORT # Port number for Companion server # # value: "3020" # # - name: COMPANION_DATADIR # Data directory for Companion @@ -495,70 +908,8 @@ companion: # # key: COMPANION_GOOGLE_SECRET ingress: - enabled: true # Enable or disable Ingress for Companion + enabled: false # Enable or disable Ingress for Companion qdrant: enabled: true # Enable or disable the Qdrant vector database chart -# zitadel: -# enabled: false # Enable or disable the ZITADEL identity provider chart -# zitadel: -# masterkey: x123456789012345678901234567891y # Master encryption key for ZITADEL -# configmapConfig: -# ExternalSecure: true # Enable HTTPS for external access -# ExternalPort: # External port for ZITADEL (optional) -# ExternalDomain: login.degacms.com # Public domain for ZITADEL -# TLS: -# Enabled: false # Enable TLS (handled by ingress or external proxy) -# Database: -# Postgres: -# Host: postgres-host # PostgreSQL host for ZITADEL database -# Port: 5432 # PostgreSQL port -# Database: zitadel # Database name -# MaxOpenConns: 20 # Maximum open DB connections -# MaxIdleConns: 10 # Maximum idle DB connections -# MaxConnLifetime: 30m # Max connection lifetime -# MaxConnIdleTime: 5m # Max idle time for DB connections -# User: -# Username: "" # DB username -# Password: "" # DB password -# SSL: -# Mode: disable # SSL mode for DB connection -# Admin: -# Username: "" # Admin DB username -# Password: "" # Admin DB password -# SSL: -# Mode: disable # SSL mode for admin DB connection - -# DefaultInstance: -# LoginPolicy: -# DefaultRedirectURI: # Optional: redirect URL after login - -# env: [] -# # Additional ZITADEL environment variables -# # - name: ZITADEL_FIRSTINSTANCE_ORG_HUMAN_USERNAME # Initial admin username -# # value: admin -# # - name: ZITADEL_FIRSTINSTANCE_ORG_HUMAN_DISPLAYNAME # Initial admin display name -# # value: admin -# # - name: ZITADEL_FIRSTINSTANCE_ORG_HUMAN_EMAIL_ADDRESS # Initial admin email -# # value: admin@domain.com -# # - name: ZITADEL_FIRSTINSTANCE_ORG_HUMAN_EMAIL_VERIFIED # Mark admin email as verified -# # value: "true" -# # - name: ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD # Initial admin password -# # value: Password1! - -# ingress: -# enabled: true # Enable or disable Ingress for ZITADEL -# className: "nginx" # Ingress class to use -# annotations: -# kubernetes.io/ingress.class: nginx # Ingress controller annotation -# cert-manager.io/cluster-issuer: "" # Cert Manager issuer for TLS certs -# hosts: -# - host: "" # Hostname for ZITADEL Ingress -# paths: -# - path: / # Path to route to ZITADEL -# pathType: Prefix -# tls: -# - secretName: "" # Secret name for TLS cert -# hosts: -# - "" # Hosts covered by the TLS cert