values.yaml (HUB)
global:
image:
repository: registry.datasapience.ru/klmg/kolmogorov/kolmogorov-ui # Change to your repository
tag: 3.2.0 # Change to your version
service:
# imagePullSecrets: # Change to your secret
# - name: regcred
name: kolmogorov-hub
extraLabels:
name: kolmogorov-hub
application: kolmogorov
application/component: kolmogorov
application/service: kolmogorov-hub
image:
repository: "{{ .Values.global.image.repository }}"
tag: "{{ .Values.global.image.tag }}"
ingress:
uriPrefix: /
host: "kolmogorov" # Change to your host
baseDomain: "k8s.datasapience.ru" # Change to your domain
# annotations: [] # Ingress annotations
# tls: # Configure tls
# enabled: true
# secretName: dev-wildcard
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 100m
memory: 100Mi
extra_vars:
- name: KOLMOGOROV_API
value: "/api" # Kolmogorov API URL
- name: CONTINUITY_API
value: "/continuity/api" # Continuity API URL
- name: CONTINUITY_EXTENSION_EXTERNAL_MANAGER_API
value: "/extension/external-manager/api" # Continuity External Manager API URL
- name: CONTINUITY_EXTENSION_LLM_API
value: "/extension/llm/api" # Continuity LLM API URL
- name: PREDICATE_API
value: "/predicate/api" # Predicate API URL
- name: A2P_API
value: "/a2p/api" # A2P API URL
- name: AXIOM_API
value: "/axiom/api" # Axiom API URL
- name: KEYCLOAK_URL
value: 'https://keycloak/auth' # Keycloak URL (remove /auth if keycloak work without /auth prefix)
- name: KEYCLOAK_REALM
value: 'dts' # Keycloak Realm
- name: KEYCLOAK_CLIENT_ID
value: 'kolmogorov' # Keycloak Client ID
- name: KEYCLOAK_CLIENT_SECRET
value: '' # Keycloak Client Secret
- name: TZ
value: 'Europe/Moscow' # Server TZ
init:
containers:
nginx-config:
image:
repository: busybox
tag: latest
pullPolicy: IfNotPresent
command:
- /bin/sh
- -c
args:
- |
cat <<\EOF > /nginx-config/default.conf
server {
listen 8080;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
location = /health {
access_log off;
add_header 'Content-Type' 'application/json';
return 200 '{"status":"UP"}';
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
EOF
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 100m
memory: 100Mi
generate-configs:
image:
repository: bhgedigital/envsubst
tag: latest
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
args:
- |
envsubst <<EOF > /config-volume/config.js
window._env_ = {
"KOLMOGOROV_API": "$KOLMOGOROV_API",
"CONTINUITY_API": "$CONTINUITY_API",
"CONTINUITY_EXTENSION_EXTERNAL_MANAGER_API": "$CONTINUITY_EXTENSION_EXTERNAL_MANAGER_API",
"CONTINUITY_EXTENSION_LLM_API": "$CONTINUITY_EXTENSION_LLM_API",
"PREDICATE_API": "$PREDICATE_API",
"AXIOM_API": "$AXIOM_API",
"A2P_API": "$A2P_API",
"KEYCLOAK_URL": "$KEYCLOAK_URL",
"KEYCLOAK_REALM": "$KEYCLOAK_REALM",
"KEYCLOAK_CLIENT_ID": "$KEYCLOAK_CLIENT_ID",
"KEYCLOAK_CLIENT_SECRET": "$KEYCLOAK_CLIENT_SECRET",
}
EOF
resources:
limits:
cpu: 100m
memory: 256Mi
requests:
cpu: 100m
memory: 256Mi
persistentVolumes:
- name: nginx-config
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
# volumeClaim: #
# annotations: []
# storageClass: nfs # Optional. If omitted the default cloud storage class will be used
# size: 5Gi # Optional, 1Gi by default
# accessMode: ReadWriteMany # ReadWriteMany, ReadWriteOnce by default
- name: config-volume
mountPath: /usr/share/nginx/html/config.js
subPath: config.js
# volumeClaim: #
# annotations: []
# storageClass: nfs # Optional. If omitted the default cloud storage class will be used
# size: 5Gi # Optional, 1Gi by default
# accessMode: ReadWriteMany # ReadWriteMany, ReadWriteOnce by default
securityContext:
runAsNonRoot: true
runAsUser: 9999
runAsGroup: 9999
podSecurityContext:
fsGroup: 9999
values.yaml (API)
global:
image:
repository: registry.datasapience.ru/klmg/kolmogorov/kolmogorov
tag: 3.2.0
service:
deploymentStrategy:
type: Recreate
name: kolmogorov
extraLabels:
application: kolmogorov
application/component: kolmogorov
application/service: kolmogorov
annotations:
rollme: "{{ randAlphaNum 5 | quote }}"
replicas: 1
image:
repository: "{{ .Values.global.image.repository }}"
tag: "{{ .Values.global.image.tag }}"
service:
port: "8000"
ingress:
enabled: false
uriPrefix: /api(/|$)(.*)
pathType: ImplementationSpecific
host: "kolmogorov"
baseDomain: "k8s.datasapience.ru"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
command:
- /bin/sh
- -c
args:
- |
gunicorn kolmogorov.services.api.app:app \
--workers=3 \
--worker-class=uvicorn.workers.UvicornWorker \
--bind=0.0.0.0:8000 \
--timeout=600 \
--reuse-port
# --max-requests=150
# --max-requests-jitter=20
resources:
limits:
cpu: 1000m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
secrets:
- name: kolmogorov-backend-secret
data:
- name: TZ
value: "Europe/Moscow"
- name: KOLMOGOROV_ENV
value: "PROD"
- name: KOLMOGOROV_LEVEL
value: "INFO"
# FastAPI
- name: KOLMOGOROV_FASTAPI_TITLE
value: "Kolmogorov API"
- name: KOLMOGOROV_FASTAPI_ROOT_PATH
value: "/api"
# Roles
- name: DEFAULT_ROLE
value: "kolmogorov"
- name: KOLMOGOROV_ADMIN_ROLE
value: "kolmogorov_admin"
- name: KOLMOGOROV_AUDIT_ROLE
value: "kolmogorov_audit"
# Keycloak
- name: KEYCLOAK_VERIFY
value: "False"
- name: KEYCLOAK_URL
value: "https://keycloak/auth"
- name: KEYCLOAK_REALM
value: "dev"
- name: KEYCLOAK_CLIENT_ID
value: "client"
- name: KEYCLOAK_CLIENT_SECRET
value: "client-secret"
- name: KEYCLOAK_ADMIN_USERNAME
value: "keycloak"
- name: KEYCLOAK_ADMIN_PASSWORD
value: "keycloak-secret"
extra_vars:
- secret: kolmogorov-backend-secret
persistentVolumes: []
securityContext:
runAsNonRoot: false
runAsUser: 9999
runAsGroup: 9999
podSecurityContext:
fsGroup: 9999
serviceAccount:
name: tst
enabled: true
existing: False
rules:
- apiGroups: [""]
resources: ["limitranges", "resourcequotas", "pods", "namespaces"]
verbs: ["list", "get", "watch"]
- apiGroups: [ "apps" ]
resources: ["statefulsets", "replicasets"]
verbs: [ "list", "get", "watch" ]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create", "delete", "get", "list", "patch"]
livenessProbe:
httpGet:
path: /health
port: 8000
initialDelaySeconds: 120
periodSeconds: 60
timeoutSeconds: 15