feat: kubernetes deployment

backend/src/main/resources/application-prod.properties

@@ -0,0 +1 @@
+spring.jpa.show-sql=false

helm/withOpenAI/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+appVersion: "1.0"
+description: AIDocumentLibraryChat Config
+name: aidocumentlibrarychat
+version: 0.1.0
+icon: "https://angular.io/assets/images/logos/angular/angular.png"

helm/withOpenAI/templates/_helpers.tpl

@@ -0,0 +1,66 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "helm-chart.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "helm-chart.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "helm-chart.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+Create envApp values
+*/}}
+{{- define "helpers.list-envApp-variables"}}
+{{- $secretName := .Values.secret.nameApp -}}
+{{- range $key, $val := .Values.envApp.secret }}
+- name: {{ $key }}
+  valueFrom:
+    secretKeyRef:
+      name: {{ $secretName }}
+      key: {{ $key }}
+{{- end}}
+{{- range $key, $val := .Values.envApp.normal }}
+- name: {{ $key }}
+  value: {{ $val | quote }}
+{{- end}}
+{{- end }}
+
+Create envDb values
+*/}}
+{{- define "helpers.list-envDb-variables"}}
+{{- $secretName := .Values.secret.nameDb -}}
+{{- range $key, $val := .Values.envDb.secret }}
+- name: {{ $key }}
+  valueFrom:
+    secretKeyRef:
+      name: {{ $secretName }}
+      key: {{ $key }}
+{{- end}}
+{{- range $key, $val := .Values.envDb.normal }}
+- name: {{ $key }}
+  value: {{ $val | quote }}
+{{- end}}
+{{- end }}

helm/withOpenAI/templates/kubTemplate.yaml

@@ -0,0 +1,159 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.secret.nameApp }}
+type: Opaque
+data:
+  {{- range $key, $val := .Values.envApp.secret }}
+  {{ $key }}: {{ $val | b64enc }}
+  {{- end}}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.secret.nameDb }}
+type: Opaque
+data:
+  {{- range $key, $val := .Values.envDb.secret }}
+  {{ $key }}: {{ $val | b64enc }}
+  {{- end}}
+---
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: {{ .Values.persistentVolumeName }}
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  capacity:
+    storage: 1Gi
+  hostPath:
+    path: /data/postgreslc
+    type: DirectoryOrCreate
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ .Values.volumeClaimName }}
+  labels:
+    app: postgrespv
+spec:  
+  accessModes:
+    - ReadWriteOnce
+  # storageClassName: local-storage
+  storageClassName: manual
+  resources:
+    requests:
+      storage: 1Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Values.dbName }}
+  labels:
+    app: {{ .Values.dbName }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ .Values.dbName }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.dbName }}
+    spec:
+      containers:
+      - name: {{ .Values.dbName }}
+        image: "{{ .Values.dbImageName }}:{{ .Values.dbImageVersion }}"
+        resources:
+          limits:
+            memory: "2G"
+            cpu: "1.5"
+          requests:
+            memory: "1G"
+            cpu: "0.5"
+        env:
+          {{- include "helpers.list-envDb-variables" . | indent 10 }}
+        ports:
+        - containerPort: 5432
+        volumeMounts:
+        - name: hostvol
+          mountPath: /var/lib/postgresql/data
+      volumes:
+      - name: hostvol
+        persistentVolumeClaim:
+          claimName: {{ .Values.volumeClaimName }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.dbServiceName }}
+  labels:
+    app: {{ .Values.dbServiceName }}
+spec:
+  ports:
+  - port: 5432
+    protocol: TCP
+  selector:
+    app: {{ .Values.dbName }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Values.webAppName }}
+  labels:
+    app: {{ .Values.webAppName }}    
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ .Values.webAppName }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.webAppName }}
+    spec:
+      containers:
+      - name: {{ .Values.webAppName }}
+        image: "{{ .Values.webImageName }}:{{ .Values.webImageVersion }}" 
+        imagePullPolicy: Always
+        resources:
+          limits:
+            memory: "1G"
+            cpu: "0.5"
+          requests:
+            memory: "768M"
+            cpu: "0.5"
+        env:
+          {{- include "helpers.list-envApp-variables" . | indent 10 }}
+        ports:
+        - containerPort: 8080
+        livenessProbe:
+          httpGet:
+            path: "/actuator/health/livenessState"
+            port: 8080
+          initialDelaySeconds: 5
+          periodSeconds: 5
+        startupProbe:
+          httpGet:
+            path: "/actuator/health/readinessState"
+            port: 8080
+          failureThreshold: 60
+          periodSeconds: 5
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.webServiceName }} 
+  labels:
+    run: {{ .Values.webServiceName }} 
+spec:
+  type: NodePort
+  ports:
+  - port: 8080
+    protocol: TCP
+  selector:
+    app: {{ .Values.webAppName }}

helm/withOpenAI/values.yaml

@@ -0,0 +1,37 @@
+webAppName: aidocumentlibrarychatapp
+dbName: postgresserver
+webImageName: angular2guy/aidocumentlibrarychat
+webImageVersion: latest
+dbImageName: ankane/pgvector
+dbImageVersion: latest
+volumeClaimName: postgres-pv-claim
+persistentVolumeName: task-pv-volume
+webServiceName: aidocumentlibrarychatservice
+dbServiceName: postgresservice
+#for production use replace the jwtTokenSecrect value with a random alphanumeric string of the same length or longer
+jwtTokenSecrect: secret-key1234567890abcdefghijklmnopqrstuvpxyz
+
+secret:
+  nameApp: app-env-secret
+  nameDb: db-env-secret
+
+envDb:
+  normal: 
+    POSTGRES_URL: "jdbc:postgresql://postgresservice:5432/aidoclibchat"
+  secret:
+    POSTGRES_USER: dbuser
+    POSTGRES_PASSWORD: passwordtoreplace
+    POSTGRES_DB: movies
+
+envApp:
+  normal: 
+    JPA_SHOW_SQL: true
+    H2_CONSOLE: false
+    SHUTDOWN_PHASE: 10s
+    SPRING_PROFILES_ACTIVE: "prod"
+  secret:
+    JWTTOKEN_SECRET: secret-key1234567890abcdefghijklmnopqrstuvwxyz
+    POSTGRES_USER: dbuser
+    POSTGRES_PASSWORD: passwordtoreplace
+    POSTGRES_URL: "jdbc:postgresql://postgresservice:5432/aidoclibchat"
+    TINK_JSON_KEY: '{"primaryKeyId":1047384356,"key":[{"keyData":{"typeUrl":"type.googleapis.com/google.crypto.tink.AesSivKey","value":"EkBtsrB3Aomkmsiq16f9KJQXZX2Y2ZfK3bN1QBBQuxGpSb/5pqQPgqXc5D5FETW6rrBsCv7qIsPyzoEAS2rXPgLx","keyMaterialType":"SYMMETRIC"},"status":"ENABLED","keyId":1047384356,"outputPrefixType":"TINK"}]}'