From 467e3333e4256fff4cdb9575ae906dd476c50986 Mon Sep 17 00:00:00 2001 From: Ryszard Szwajlik Date: Thu, 11 Sep 2025 12:26:39 +0200 Subject: [PATCH 1/4] chore: Restructure kustomization, updated dependencies, fixed issues with not-existing resources, fixed database urls and resources, added simple-run version for running in GCP. --- .../{ => base}/helm-values_hatchet.yaml | 38 +++++++++ .../{ => base}/helm-values_postgresql.yaml | 14 ++++ .../{ => base}/include/cm-hatchet.yaml | 0 .../include/cm-init-scripts-hatchet.yaml | 49 ++++++++--- .../include/cm-init-scripts-r2r.yaml | 0 .../{ => base}/include/cm-r2r.yaml | 6 +- .../{ => base}/include/cm-unstructured.yaml | 0 .../include/hatchet-dashboard-initc.yaml | 0 .../include/hatchet-engine-initc.yaml | 0 .../{ => base}/include/hatchet-init-job.yaml | 0 .../include/hatchet-rabbitmq-sts.yaml | 0 .../base/include/namespace.yaml | 4 + .../{ => base}/include/pgadmin.yaml | 0 .../{ => base}/include/pgvector-sts.yaml | 0 .../include/r2r-dashboard-indep.yaml | 2 +- .../include/r2r-graph-clustering-indep.yaml | 0 .../{ => base}/include/r2r-initc.yaml | 2 +- .../{ => base}/include/r2r-nginx-indep.yaml | 0 .../include/unstructured-indep.yaml | 0 .../{ => base}/kustomization.yaml | 58 ++++++------- .../patches/hatchet-rabbitmq-sts.yaml | 0 .../rm-secret-hatchet-rabbitmq-config.yaml | 0 .../patches/rm-secret-hatchet-rabbitmq.yaml | 0 .../rm-secret-hatchet-shared-config.yaml | 0 .../{ => base}/patches/service.yaml | 0 .../include/cm-hatchet_OLD.yaml | 40 --------- .../gcp/base/helm-values_postgresql.yaml | 27 +++++++ .../overlays/gcp/base/kustomization.yaml | 20 +++++ .../base/patches/hatchet-rabbitmq-sts.yaml | 17 ++++ .../gcp/base/patches/pgvector-sts.yaml | 17 ++++ .../gcp/base/patches/postgresql-sts.yaml | 17 ++++ .../kustomizations/overlays/gcp/dev/README.md | 16 ++++ .../gcp/dev/include/sec-hatchet-config.yaml | 17 ++++ .../gcp/dev/include/sec-hatchet-keyset.yaml | 10 +++ .../sec-hatchet-postgresql-passwords.yaml | 14 ++++ .../include/sec-hatchet-shared-config.yaml | 81 +++++++++++++++++++ .../gcp/dev/include/sec-r2r-file.yaml | 43 ++++++++++ .../overlays/gcp/dev/include/sec-r2r.yaml | 36 +++++++++ .../overlays/gcp/dev/kustomization.yaml | 17 ++++ .../overlays/gcp/dev/patches/cm-r2r.yaml | 49 +++++++++++ .../overlays/gcp/prod/README.md | 3 + .../overlays/gcp/prod/kustomization.yaml | 5 ++ .../examples/externalsecret_hatchet.yaml | 0 .../patches}/examples/externalsecret_r2r.yaml | 0 .../prod/patches}/examples/ingress-r2r.yaml | 0 .../patches}/examples/secrets_hatchet.yaml | 0 .../prod/patches}/examples/secrets_r2r.yaml | 0 .../patches/rm-secret-hatchet-postgres.yaml | 0 48 files changed, 519 insertions(+), 83 deletions(-) rename deployment/k8s/kustomizations/{ => base}/helm-values_hatchet.yaml (84%) rename deployment/k8s/kustomizations/{ => base}/helm-values_postgresql.yaml (58%) rename deployment/k8s/kustomizations/{ => base}/include/cm-hatchet.yaml (100%) rename deployment/k8s/kustomizations/{ => base}/include/cm-init-scripts-hatchet.yaml (82%) rename deployment/k8s/kustomizations/{ => base}/include/cm-init-scripts-r2r.yaml (100%) rename deployment/k8s/kustomizations/{ => base}/include/cm-r2r.yaml (93%) rename deployment/k8s/kustomizations/{ => base}/include/cm-unstructured.yaml (100%) rename deployment/k8s/kustomizations/{ => base}/include/hatchet-dashboard-initc.yaml (100%) rename deployment/k8s/kustomizations/{ => base}/include/hatchet-engine-initc.yaml (100%) rename deployment/k8s/kustomizations/{ => base}/include/hatchet-init-job.yaml (100%) rename deployment/k8s/kustomizations/{ => base}/include/hatchet-rabbitmq-sts.yaml (100%) create mode 100644 deployment/k8s/kustomizations/base/include/namespace.yaml rename deployment/k8s/kustomizations/{ => base}/include/pgadmin.yaml (100%) rename deployment/k8s/kustomizations/{ => base}/include/pgvector-sts.yaml (100%) rename deployment/k8s/kustomizations/{ => base}/include/r2r-dashboard-indep.yaml (96%) rename deployment/k8s/kustomizations/{ => base}/include/r2r-graph-clustering-indep.yaml (100%) rename deployment/k8s/kustomizations/{ => base}/include/r2r-initc.yaml (99%) rename deployment/k8s/kustomizations/{ => base}/include/r2r-nginx-indep.yaml (100%) rename deployment/k8s/kustomizations/{ => base}/include/unstructured-indep.yaml (100%) rename deployment/k8s/kustomizations/{ => base}/kustomization.yaml (79%) rename deployment/k8s/kustomizations/{ => base}/patches/hatchet-rabbitmq-sts.yaml (100%) rename deployment/k8s/kustomizations/{ => base}/patches/rm-secret-hatchet-rabbitmq-config.yaml (100%) rename deployment/k8s/kustomizations/{ => base}/patches/rm-secret-hatchet-rabbitmq.yaml (100%) rename deployment/k8s/kustomizations/{ => base}/patches/rm-secret-hatchet-shared-config.yaml (100%) rename deployment/k8s/kustomizations/{ => base}/patches/service.yaml (100%) delete mode 100644 deployment/k8s/kustomizations/include/cm-hatchet_OLD.yaml create mode 100644 deployment/k8s/kustomizations/overlays/gcp/base/helm-values_postgresql.yaml create mode 100644 deployment/k8s/kustomizations/overlays/gcp/base/kustomization.yaml create mode 100644 deployment/k8s/kustomizations/overlays/gcp/base/patches/hatchet-rabbitmq-sts.yaml create mode 100644 deployment/k8s/kustomizations/overlays/gcp/base/patches/pgvector-sts.yaml create mode 100644 deployment/k8s/kustomizations/overlays/gcp/base/patches/postgresql-sts.yaml create mode 100644 deployment/k8s/kustomizations/overlays/gcp/dev/README.md create mode 100644 deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-hatchet-config.yaml create mode 100644 deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-hatchet-keyset.yaml create mode 100644 deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-hatchet-postgresql-passwords.yaml create mode 100644 deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-hatchet-shared-config.yaml create mode 100644 deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-r2r-file.yaml create mode 100644 deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-r2r.yaml create mode 100644 deployment/k8s/kustomizations/overlays/gcp/dev/kustomization.yaml create mode 100644 deployment/k8s/kustomizations/overlays/gcp/dev/patches/cm-r2r.yaml create mode 100644 deployment/k8s/kustomizations/overlays/gcp/prod/README.md create mode 100644 deployment/k8s/kustomizations/overlays/gcp/prod/kustomization.yaml rename deployment/k8s/{manifests => kustomizations/overlays/gcp/prod/patches}/examples/externalsecret_hatchet.yaml (100%) rename deployment/k8s/{manifests => kustomizations/overlays/gcp/prod/patches}/examples/externalsecret_r2r.yaml (100%) rename deployment/k8s/{manifests => kustomizations/overlays/gcp/prod/patches}/examples/ingress-r2r.yaml (100%) rename deployment/k8s/{manifests => kustomizations/overlays/gcp/prod/patches}/examples/secrets_hatchet.yaml (100%) rename deployment/k8s/{manifests => kustomizations/overlays/gcp/prod/patches}/examples/secrets_r2r.yaml (100%) rename deployment/k8s/kustomizations/{ => overlays/gcp/prod}/patches/rm-secret-hatchet-postgres.yaml (100%) diff --git a/deployment/k8s/kustomizations/helm-values_hatchet.yaml b/deployment/k8s/kustomizations/base/helm-values_hatchet.yaml similarity index 84% rename from deployment/k8s/kustomizations/helm-values_hatchet.yaml rename to deployment/k8s/kustomizations/base/helm-values_hatchet.yaml index 555b09ba94..754f3cbc76 100644 --- a/deployment/k8s/kustomizations/helm-values_hatchet.yaml +++ b/deployment/k8s/kustomizations/base/helm-values_hatchet.yaml @@ -50,6 +50,15 @@ api: port: 8080 periodSeconds: 5 initialDelaySeconds: 20 + extraVolumes: + - name: hatchet-keys + secret: + secretName: hatchet-keyset + defaultMode: 0400 + extraVolumeMounts: + - name: hatchet-keys + mountPath: /etc/hatchet/keys + readOnly: true grpc: enabled: true @@ -93,6 +102,15 @@ grpc: port: 8733 periodSeconds: 5 initialDelaySeconds: 20 + extraVolumes: + - name: hatchet-keys + secret: + secretName: hatchet-keyset + defaultMode: 0400 + extraVolumeMounts: + - name: hatchet-keys + mountPath: /etc/hatchet/keys + readOnly: true controllers: enabled: true @@ -136,6 +154,15 @@ controllers: port: 8733 periodSeconds: 5 initialDelaySeconds: 20 + extraVolumes: + - name: hatchet-keys + secret: + secretName: hatchet-keyset + defaultMode: 0400 + extraVolumeMounts: + - name: hatchet-keys + mountPath: /etc/hatchet/keys + readOnly: true scheduler: enabled: true @@ -179,6 +206,15 @@ scheduler: port: 8733 periodSeconds: 5 initialDelaySeconds: 20 + extraVolumes: + - name: hatchet-keys + secret: + secretName: hatchet-keyset + defaultMode: 0400 + extraVolumeMounts: + - name: hatchet-keys + mountPath: /etc/hatchet/keys + readOnly: true frontend: enabled: true @@ -208,6 +244,8 @@ postgres: rabbitmq: enabled: true auth: + tls: + enabled: false # username: "" # password: "" service: diff --git a/deployment/k8s/kustomizations/helm-values_postgresql.yaml b/deployment/k8s/kustomizations/base/helm-values_postgresql.yaml similarity index 58% rename from deployment/k8s/kustomizations/helm-values_postgresql.yaml rename to deployment/k8s/kustomizations/base/helm-values_postgresql.yaml index 4e5a4c4ce9..84df87f364 100644 --- a/deployment/k8s/kustomizations/helm-values_postgresql.yaml +++ b/deployment/k8s/kustomizations/base/helm-values_postgresql.yaml @@ -11,3 +11,17 @@ global: postgresql: auth: database: hatchet + +primary: + resources: + requests: + cpu: 200m + memory: 1Gi + limits: + cpu: 1 + memory: 1Gi + initdb: + scripts: + 01-create-extra-db.sql: | + CREATE DATABASE r2r; + GRANT ALL PRIVILEGES ON DATABASE r2r TO postgres; diff --git a/deployment/k8s/kustomizations/include/cm-hatchet.yaml b/deployment/k8s/kustomizations/base/include/cm-hatchet.yaml similarity index 100% rename from deployment/k8s/kustomizations/include/cm-hatchet.yaml rename to deployment/k8s/kustomizations/base/include/cm-hatchet.yaml diff --git a/deployment/k8s/kustomizations/include/cm-init-scripts-hatchet.yaml b/deployment/k8s/kustomizations/base/include/cm-init-scripts-hatchet.yaml similarity index 82% rename from deployment/k8s/kustomizations/include/cm-init-scripts-hatchet.yaml rename to deployment/k8s/kustomizations/base/include/cm-init-scripts-hatchet.yaml index 8365c4bf8a..3fb90ef609 100644 --- a/deployment/k8s/kustomizations/include/cm-init-scripts-hatchet.yaml +++ b/deployment/k8s/kustomizations/base/include/cm-init-scripts-hatchet.yaml @@ -7,18 +7,49 @@ metadata: data: create-db.sh: | #!/bin/sh - set -e - echo 'Waiting for PostgreSQL to be ready...' + set -eu + DATABASE_POSTGRES_HOST=${DATABASE_POSTGRES_HOST:-hatchet-postgres} - while ! pg_isready -h ${DATABASE_POSTGRES_HOST} -p ${DATABASE_POSTGRES_PORT} -U ${DATABASE_POSTGRES_USERNAME:-hatchet_user}; do - sleep 1 + DATABASE_POSTGRES_PORT=${DATABASE_POSTGRES_PORT:-5432} + DATABASE_POSTGRES_USERNAME=${DATABASE_POSTGRES_USERNAME:-hatchet_user} + DATABASE_POSTGRES_PASSWORD=${DATABASE_POSTGRES_PASSWORD:-hatchet_password} + DATABASE_POSTGRES_DB_NAME=${DATABASE_POSTGRES_DB_NAME:-hatchet} + + echo "Waiting for PostgreSQL ($DATABASE_POSTGRES_HOST:$DATABASE_POSTGRES_PORT) to be stable..." + + successes=0 + while [ $successes -lt 5 ]; do + if PGPASSWORD="$DATABASE_POSTGRES_PASSWORD" \ + pg_isready -h "$DATABASE_POSTGRES_HOST" -p "$DATABASE_POSTGRES_PORT" -U "$DATABASE_POSTGRES_USERNAME" >/dev/null 2>&1; then + successes=$((successes+1)) + echo "pg_isready success $successes/5" + else + successes=0 + echo "pg_isready failed, retrying..." + fi + sleep 2 + done + + echo "Running probe query..." + i=0 + until PGPASSWORD="$DATABASE_POSTGRES_PASSWORD" \ + psql -h "$DATABASE_POSTGRES_HOST" -p "$DATABASE_POSTGRES_PORT" -U "$DATABASE_POSTGRES_USERNAME" -d postgres -tAc "SELECT 1" | grep -q 1; do + i=$((i+1)) + [ $i -ge 60 ] && { echo "Timeout waiting for Postgres query"; exit 1; } + echo "Probe query failed, retrying..." + sleep 2 done - echo 'PostgreSQL is ready, checking if database exists...' - if ! PGPASSWORD=${DATABASE_POSTGRES_PASSWORD:-hatchet_password} psql -h ${DATABASE_POSTGRES_HOST} -p ${DATABASE_POSTGRES_PORT} -U ${DATABASE_POSTGRES_USERNAME:-hatchet_user} -lqt | grep -qw ${DATABASE_POSTGRES_DB_NAME:-hatchet}; then - echo 'Database does not exist, creating it...' - PGPASSWORD=${DATABASE_POSTGRES_PASSWORD:-hatchet_password} createdb -h ${DATABASE_POSTGRES_HOST} -p ${DATABASE_POSTGRES_PORT} -U ${DATABASE_POSTGRES_USERNAME:-hatchet_user} -w ${DATABASE_POSTGRES_DB_NAME:-hatchet} + + echo "PostgreSQL is ready, checking if database \"$DATABASE_POSTGRES_DB_NAME\" exists..." + + if ! PGPASSWORD="$DATABASE_POSTGRES_PASSWORD" \ + psql -h "$DATABASE_POSTGRES_HOST" -p "$DATABASE_POSTGRES_PORT" -U "$DATABASE_POSTGRES_USERNAME" -d postgres -tAc \ + "SELECT 1 FROM pg_database WHERE datname='${DATABASE_POSTGRES_DB_NAME}'" | grep -q 1; then + echo "Database \"$DATABASE_POSTGRES_DB_NAME\" does not exist, creating it..." + PGPASSWORD="$DATABASE_POSTGRES_PASSWORD" \ + createdb -h "$DATABASE_POSTGRES_HOST" -p "$DATABASE_POSTGRES_PORT" -U "$DATABASE_POSTGRES_USERNAME" -w "$DATABASE_POSTGRES_DB_NAME" else - echo 'Database already exists, skipping creation.' + echo "Database \"$DATABASE_POSTGRES_DB_NAME\" already exists, skipping creation." fi setup-config.sh: | diff --git a/deployment/k8s/kustomizations/include/cm-init-scripts-r2r.yaml b/deployment/k8s/kustomizations/base/include/cm-init-scripts-r2r.yaml similarity index 100% rename from deployment/k8s/kustomizations/include/cm-init-scripts-r2r.yaml rename to deployment/k8s/kustomizations/base/include/cm-init-scripts-r2r.yaml diff --git a/deployment/k8s/kustomizations/include/cm-r2r.yaml b/deployment/k8s/kustomizations/base/include/cm-r2r.yaml similarity index 93% rename from deployment/k8s/kustomizations/include/cm-r2r.yaml rename to deployment/k8s/kustomizations/base/include/cm-r2r.yaml index fe13a9bad2..81e4cbca50 100644 --- a/deployment/k8s/kustomizations/include/cm-r2r.yaml +++ b/deployment/k8s/kustomizations/base/include/cm-r2r.yaml @@ -7,7 +7,7 @@ metadata: argocd.argoproj.io/sync-wave: "-2" data: # POSTGRES_HOST: "postgres" - R2R_POSTGRES_HOST: "r2r-documentdb" + R2R_POSTGRES_HOST: "postgresql" R2R_POSTGRES_PORT: "5432" # POSTGRES_PORT: "5432" R2R_POSTGRES_DBNAME: "r2r" @@ -17,8 +17,8 @@ data: R2R_LOG_LEVEL: INFO PYTHONUNBUFFERED: "1" - R2R_CONFIG_NAME: "full" -# R2R_CONFIG_PATH: "/app/r2r.toml" + R2R_CONFIG_NAME: "" + R2R_CONFIG_PATH: "/app/r2r.toml" # R2R_CONFIG_TOML: "/app/r2r.toml" TELEMETRY_ENABLED: "false" R2R_POSTGRES_PROJECT_NAME: "r2r_default" diff --git a/deployment/k8s/kustomizations/include/cm-unstructured.yaml b/deployment/k8s/kustomizations/base/include/cm-unstructured.yaml similarity index 100% rename from deployment/k8s/kustomizations/include/cm-unstructured.yaml rename to deployment/k8s/kustomizations/base/include/cm-unstructured.yaml diff --git a/deployment/k8s/kustomizations/include/hatchet-dashboard-initc.yaml b/deployment/k8s/kustomizations/base/include/hatchet-dashboard-initc.yaml similarity index 100% rename from deployment/k8s/kustomizations/include/hatchet-dashboard-initc.yaml rename to deployment/k8s/kustomizations/base/include/hatchet-dashboard-initc.yaml diff --git a/deployment/k8s/kustomizations/include/hatchet-engine-initc.yaml b/deployment/k8s/kustomizations/base/include/hatchet-engine-initc.yaml similarity index 100% rename from deployment/k8s/kustomizations/include/hatchet-engine-initc.yaml rename to deployment/k8s/kustomizations/base/include/hatchet-engine-initc.yaml diff --git a/deployment/k8s/kustomizations/include/hatchet-init-job.yaml b/deployment/k8s/kustomizations/base/include/hatchet-init-job.yaml similarity index 100% rename from deployment/k8s/kustomizations/include/hatchet-init-job.yaml rename to deployment/k8s/kustomizations/base/include/hatchet-init-job.yaml diff --git a/deployment/k8s/kustomizations/include/hatchet-rabbitmq-sts.yaml b/deployment/k8s/kustomizations/base/include/hatchet-rabbitmq-sts.yaml similarity index 100% rename from deployment/k8s/kustomizations/include/hatchet-rabbitmq-sts.yaml rename to deployment/k8s/kustomizations/base/include/hatchet-rabbitmq-sts.yaml diff --git a/deployment/k8s/kustomizations/base/include/namespace.yaml b/deployment/k8s/kustomizations/base/include/namespace.yaml new file mode 100644 index 0000000000..07a0e7aa96 --- /dev/null +++ b/deployment/k8s/kustomizations/base/include/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: ai-system diff --git a/deployment/k8s/kustomizations/include/pgadmin.yaml b/deployment/k8s/kustomizations/base/include/pgadmin.yaml similarity index 100% rename from deployment/k8s/kustomizations/include/pgadmin.yaml rename to deployment/k8s/kustomizations/base/include/pgadmin.yaml diff --git a/deployment/k8s/kustomizations/include/pgvector-sts.yaml b/deployment/k8s/kustomizations/base/include/pgvector-sts.yaml similarity index 100% rename from deployment/k8s/kustomizations/include/pgvector-sts.yaml rename to deployment/k8s/kustomizations/base/include/pgvector-sts.yaml diff --git a/deployment/k8s/kustomizations/include/r2r-dashboard-indep.yaml b/deployment/k8s/kustomizations/base/include/r2r-dashboard-indep.yaml similarity index 96% rename from deployment/k8s/kustomizations/include/r2r-dashboard-indep.yaml rename to deployment/k8s/kustomizations/base/include/r2r-dashboard-indep.yaml index 5738160a25..0e5485fd20 100644 --- a/deployment/k8s/kustomizations/include/r2r-dashboard-indep.yaml +++ b/deployment/k8s/kustomizations/base/include/r2r-dashboard-indep.yaml @@ -15,7 +15,7 @@ spec: spec: containers: - name: r2r-dashboard - image: emrgntcmplxty/r2r-dashboard:1.0.1 + image: sciphiai/r2r-dashboard:1.0.3 ports: - containerPort: 3000 env: diff --git a/deployment/k8s/kustomizations/include/r2r-graph-clustering-indep.yaml b/deployment/k8s/kustomizations/base/include/r2r-graph-clustering-indep.yaml similarity index 100% rename from deployment/k8s/kustomizations/include/r2r-graph-clustering-indep.yaml rename to deployment/k8s/kustomizations/base/include/r2r-graph-clustering-indep.yaml diff --git a/deployment/k8s/kustomizations/include/r2r-initc.yaml b/deployment/k8s/kustomizations/base/include/r2r-initc.yaml similarity index 99% rename from deployment/k8s/kustomizations/include/r2r-initc.yaml rename to deployment/k8s/kustomizations/base/include/r2r-initc.yaml index 0ff4cb8e30..e4b94bfca7 100644 --- a/deployment/k8s/kustomizations/include/r2r-initc.yaml +++ b/deployment/k8s/kustomizations/base/include/r2r-initc.yaml @@ -60,7 +60,7 @@ spec: readOnly: true containers: - name: r2r - image: "ragtoriches/prod:3.3.32" + image: "sciphiai/r2r:3.6.6" command: - sh - -c diff --git a/deployment/k8s/kustomizations/include/r2r-nginx-indep.yaml b/deployment/k8s/kustomizations/base/include/r2r-nginx-indep.yaml similarity index 100% rename from deployment/k8s/kustomizations/include/r2r-nginx-indep.yaml rename to deployment/k8s/kustomizations/base/include/r2r-nginx-indep.yaml diff --git a/deployment/k8s/kustomizations/include/unstructured-indep.yaml b/deployment/k8s/kustomizations/base/include/unstructured-indep.yaml similarity index 100% rename from deployment/k8s/kustomizations/include/unstructured-indep.yaml rename to deployment/k8s/kustomizations/base/include/unstructured-indep.yaml diff --git a/deployment/k8s/kustomizations/kustomization.yaml b/deployment/k8s/kustomizations/base/kustomization.yaml similarity index 79% rename from deployment/k8s/kustomizations/kustomization.yaml rename to deployment/k8s/kustomizations/base/kustomization.yaml index 2f229377d2..e297bf3255 100644 --- a/deployment/k8s/kustomizations/kustomization.yaml +++ b/deployment/k8s/kustomizations/base/kustomization.yaml @@ -18,13 +18,10 @@ images: - name: nginx newTag: 1.27.3-alpine3.20-slim - #https://github.com/SciPhi-AI/R2R-Dashboard/blob/main/Dockerfile - #https://hub.docker.com/r/emrgntcmplxty/r2r-dashboard/tags - - name: emrgntcmplxty/r2r-dashboard - newTag: 1.0.0 - #https://hub.docker.com/r/ragtoriches/prod/tags?name=3. - - name: ragtoriches/prod - newTag: 3.4.0 + - name: sciphiai/r2r-dashboard + newTag: 1.0.3 + - name: sciphiai/r2r + newTag: 3.6.6 #https://hub.docker.com/r/ragtoriches/cluster-prod/tags - name: ragtoriches/cluster-prod newTag: latest @@ -65,6 +62,7 @@ images: # newTag: 0.8.0-pg17 resources: + - include/namespace.yaml - include/cm-hatchet.yaml - include/cm-r2r.yaml - include/cm-unstructured.yaml @@ -109,25 +107,27 @@ helmCharts: namespace: ai-system patches: -- path: patches/service.yaml - target: - kind: Service - -- path: patches/hatchet-rabbitmq-sts.yaml - target: - kind: StatefulSet - name: hatchet-rabbitmq - -# Remove secrets generated by Helm chart -- path: patches/rm-secret-hatchet-rabbitmq-config.yaml - target: - kind: Secret - name: hatchet-rabbitmq-config -- path: patches/rm-secret-hatchet-rabbitmq.yaml - target: - kind: Secret - name: hatchet-rabbitmq -- path: patches/rm-secret-hatchet-shared-config.yaml - target: - kind: Secret - name: hatchet-shared-config + - path: patches/service.yaml + target: + kind: Service + + - path: patches/hatchet-rabbitmq-sts.yaml + target: + kind: StatefulSet + name: hatchet-rabbitmq + + # Remove secrets generated by Helm chart + - path: patches/rm-secret-hatchet-rabbitmq.yaml + target: + kind: Secret + name: hatchet-rabbitmq + + - path: patches/rm-secret-hatchet-rabbitmq-config.yaml + target: + kind: Secret + name: hatchet-rabbitmq-config + + - path: patches/rm-secret-hatchet-shared-config.yaml + target: + kind: Secret + name: hatchet-shared-config diff --git a/deployment/k8s/kustomizations/patches/hatchet-rabbitmq-sts.yaml b/deployment/k8s/kustomizations/base/patches/hatchet-rabbitmq-sts.yaml similarity index 100% rename from deployment/k8s/kustomizations/patches/hatchet-rabbitmq-sts.yaml rename to deployment/k8s/kustomizations/base/patches/hatchet-rabbitmq-sts.yaml diff --git a/deployment/k8s/kustomizations/patches/rm-secret-hatchet-rabbitmq-config.yaml b/deployment/k8s/kustomizations/base/patches/rm-secret-hatchet-rabbitmq-config.yaml similarity index 100% rename from deployment/k8s/kustomizations/patches/rm-secret-hatchet-rabbitmq-config.yaml rename to deployment/k8s/kustomizations/base/patches/rm-secret-hatchet-rabbitmq-config.yaml diff --git a/deployment/k8s/kustomizations/patches/rm-secret-hatchet-rabbitmq.yaml b/deployment/k8s/kustomizations/base/patches/rm-secret-hatchet-rabbitmq.yaml similarity index 100% rename from deployment/k8s/kustomizations/patches/rm-secret-hatchet-rabbitmq.yaml rename to deployment/k8s/kustomizations/base/patches/rm-secret-hatchet-rabbitmq.yaml diff --git a/deployment/k8s/kustomizations/patches/rm-secret-hatchet-shared-config.yaml b/deployment/k8s/kustomizations/base/patches/rm-secret-hatchet-shared-config.yaml similarity index 100% rename from deployment/k8s/kustomizations/patches/rm-secret-hatchet-shared-config.yaml rename to deployment/k8s/kustomizations/base/patches/rm-secret-hatchet-shared-config.yaml diff --git a/deployment/k8s/kustomizations/patches/service.yaml b/deployment/k8s/kustomizations/base/patches/service.yaml similarity index 100% rename from deployment/k8s/kustomizations/patches/service.yaml rename to deployment/k8s/kustomizations/base/patches/service.yaml diff --git a/deployment/k8s/kustomizations/include/cm-hatchet_OLD.yaml b/deployment/k8s/kustomizations/include/cm-hatchet_OLD.yaml deleted file mode 100644 index b59b01911f..0000000000 --- a/deployment/k8s/kustomizations/include/cm-hatchet_OLD.yaml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# hatchet-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: hatchet-configmap - annotations: - argocd.argoproj.io/sync-wave: "-2" -data: -# DATABASE_POSTGRES_HOST: "hatchet-postgres" - DATABASE_POSTGRES_HOST: "ferretdb-postgres-documentdb" - DATABASE_POSTGRES_PORT: "5432" - SERVER_AUTH_COOKIE_INSECURE: "t" - SERVER_GRPC_BIND_ADDRESS: "0.0.0.0" - SERVER_GRPC_BROADCAST_ADDRESS: "hatchet-engine:7077" - SERVER_GRPC_INSECURE: "t" - SERVER_AUTH_COOKIE_DOMAIN: "https://r2r.mywebsite.com" - SERVER_URL: "http://hatchet-dashboard:80" - - HATCHET_DATABASE_POSTGRES_HOST: "ferretdb-postgres-documentdb" - HATCHET_DATABASE_POSTGRES_PORT: "5432" - SERVER_GRPC_PORT: "7077" - SERVER_GRPC_MAX_MSG_SIZE: "134217728" - - - HATCHET_DATABASE_POSTGRES_DB_NAME: "hatchet" - #SERVER_AUTH_COOKIE_DOMAIN: "http://host.docker.internal:${R2R_HATCHET_DASHBOARD_PORT:-7274}" - #SERVER_URL: "http://host.docker.internal:${R2R_HATCHET_DASHBOARD_PORT:-7274}" - HATCHET_ADMIN_INIT_ALLOW_OVERRIDE_APIKEY: "false" - HATCHET_ADMIN_INIT_ALLOW_OVERRIDE_CONF: "false" - HATCHET_ADMIN_INIT_ALLOW_OVERRIDE_CERT: "false" - HATCHET_TENANT_ID: "707d0855-80ab-4e1f-a156-f1c4546cbf52" -# R2R_RABBITMQ_PORT: "5672" - RABBITMQ_MGMT_PORT: "15672" - RABBITMQ_URL: "http://hatchet-rabbitmq" - - #New - HATCHET_CLIENT_TLS_STRATEGY: "none" - HATCHET_CLIENT_GRPC_MAX_RECV_MESSAGE_LENGTH: "134217728" - HATCHET_CLIENT_GRPC_MAX_SEND_MESSAGE_LENGTH: "134217728" diff --git a/deployment/k8s/kustomizations/overlays/gcp/base/helm-values_postgresql.yaml b/deployment/k8s/kustomizations/overlays/gcp/base/helm-values_postgresql.yaml new file mode 100644 index 0000000000..a283991336 --- /dev/null +++ b/deployment/k8s/kustomizations/overlays/gcp/base/helm-values_postgresql.yaml @@ -0,0 +1,27 @@ +auth: + existingSecret: r2r-hatchet-secrets + secretKeys: + adminPasswordKey: HATCHET_DATABASE_POSTGRES_POSTGRES_PASSWORD + userPasswordKey: HATCHET_DATABASE_POSTGRES_PASSWORD + replicationPasswordKey: HATCHET_DATABASE_POSTGRES_REPLICA_PASSWORD + +#creates hatchet database +global: + storageClass: standard + postgresql: + auth: + database: hatchet + +primary: + resources: + requests: + cpu: 200m + memory: 1Gi + limits: + cpu: 1 + memory: 1Gi + initdb: + scripts: + 01-create-extra-db.sql: | + CREATE DATABASE r2r; + GRANT ALL PRIVILEGES ON DATABASE r2r TO postgres; diff --git a/deployment/k8s/kustomizations/overlays/gcp/base/kustomization.yaml b/deployment/k8s/kustomizations/overlays/gcp/base/kustomization.yaml new file mode 100644 index 0000000000..f4f7c7b295 --- /dev/null +++ b/deployment/k8s/kustomizations/overlays/gcp/base/kustomization.yaml @@ -0,0 +1,20 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../base + +patches: + - path: patches/hatchet-rabbitmq-sts.yaml + target: + kind: StatefulSet + name: hatchet-rabbitmq + - path: patches/pgvector-sts.yaml + target: + kind: StatefulSet + name: r2r-pgvector + - path: patches/postgresql-sts.yaml + target: + kind: StatefulSet + name: postgresql + namespace: ai-system \ No newline at end of file diff --git a/deployment/k8s/kustomizations/overlays/gcp/base/patches/hatchet-rabbitmq-sts.yaml b/deployment/k8s/kustomizations/overlays/gcp/base/patches/hatchet-rabbitmq-sts.yaml new file mode 100644 index 0000000000..9cc04551eb --- /dev/null +++ b/deployment/k8s/kustomizations/overlays/gcp/base/patches/hatchet-rabbitmq-sts.yaml @@ -0,0 +1,17 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: hatchet-rabbitmq +spec: + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi + storageClassName: standard diff --git a/deployment/k8s/kustomizations/overlays/gcp/base/patches/pgvector-sts.yaml b/deployment/k8s/kustomizations/overlays/gcp/base/patches/pgvector-sts.yaml new file mode 100644 index 0000000000..732bc5bb2c --- /dev/null +++ b/deployment/k8s/kustomizations/overlays/gcp/base/patches/pgvector-sts.yaml @@ -0,0 +1,17 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: r2r-pgvector +spec: + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi + storageClassName: standard diff --git a/deployment/k8s/kustomizations/overlays/gcp/base/patches/postgresql-sts.yaml b/deployment/k8s/kustomizations/overlays/gcp/base/patches/postgresql-sts.yaml new file mode 100644 index 0000000000..79b4ee95da --- /dev/null +++ b/deployment/k8s/kustomizations/overlays/gcp/base/patches/postgresql-sts.yaml @@ -0,0 +1,17 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: postgresql +spec: + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi + storageClassName: standard \ No newline at end of file diff --git a/deployment/k8s/kustomizations/overlays/gcp/dev/README.md b/deployment/k8s/kustomizations/overlays/gcp/dev/README.md new file mode 100644 index 0000000000..fb8457350a --- /dev/null +++ b/deployment/k8s/kustomizations/overlays/gcp/dev/README.md @@ -0,0 +1,16 @@ +# About +This overlay provides convenient defaults and is intended for quick setup and testing. +It is **not** recommended for production use. + +# Installation + +## Configuration +1. Update `overlays/gcp/dev/include/sec-r2r-file.yaml`. +2. Set LLM keys for the models used in `sec-r2r-file.yaml` within `overlays/gcp/dev/include/sec-r2r.yaml`. +3. (Optional) Adjust non-default API endpoints in `overlays/gcp/dev/include/cm-r2r.yaml`. + +## Execution +Apply the configuration with: +```shell +kustomize build --enable-helm . | kubectl apply -f - +``` diff --git a/deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-hatchet-config.yaml b/deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-hatchet-config.yaml new file mode 100644 index 0000000000..010132754e --- /dev/null +++ b/deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-hatchet-config.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Secret +metadata: + name: hatchet-config + namespace: ai-system +type: Opaque +stringData: + HATCHET_CLIENT_TLS_STRATEGY: "none" + HATCHET_CLIENT_GRPC_MAX_RECV_MESSAGE_LENGTH: "134217728" + HATCHET_CLIENT_GRPC_MAX_SEND_MESSAGE_LENGTH: "134217728" + + HATCHET_ADMIN_INIT_ALLOW_OVERRIDE_CONF: "false" + HATCHET_ADMIN_INIT_ALLOW_OVERRIDE_CERT: "false" + HATCHET_ADMIN_INIT_ALLOW_OVERRIDE_APIKEY: "false" + HATCHET_TENANT_ID: "707d0855-80ab-4e1f-a156-f1c4546cbf52" + RABBITMQ_URL: "http://hatchet-rabbitmq" + RABBITMQ_MGMT_PORT: "15672" diff --git a/deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-hatchet-keyset.yaml b/deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-hatchet-keyset.yaml new file mode 100644 index 0000000000..e411fb67d3 --- /dev/null +++ b/deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-hatchet-keyset.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: hatchet-keyset + namespace: ai-system +type: Opaque +data: + master.key: ZXlKd2NtbHRZWEo1UzJWNVNXUWlPalF5TmpRNE1UVXdORGNzSUNKclpYa2lPbHQ3SW10bGVVUmhkR0VpT25zaWRIbHdaVlZ5YkNJNkluUjVjR1V1WjI5dloyeGxZWEJwY3k1amIyMHZaMjl2WjJ4bExtTnllWEIwYnk1MGFXNXJMa0ZsYzBkamJVdGxlU0lzSUNKMllXeDFaU0k2SWtkcFJHVlNaM0pCVUZWYVIzRkVVVEJUUlRsS0t5dElUblZvUkZKSlRFWjBWMVZOUjI5RVduQm9ZVGRZWlVFOVBTSXNJQ0pyWlhsTllYUmxjbWxoYkZSNWNHVWlPaUpUV1UxTlJWUlNTVU1pZlN3Z0luTjBZWFIxY3lJNklrVk9RVUpNUlVRaUxDQWlhMlY1U1dRaU9qUXlOalE0TVRVd05EY3NJQ0p2ZFhSd2RYUlFjbVZtYVhoVWVYQmxJam9pVkVsT1N5SjlYWDA= + private_ec256.key: ZXlKbGJtTnllWEIwWldSTFpYbHpaWFFpT2lKQlpqUjZObU5rUWs4dkszQkNXbUZsU2pCdlpsUk1lSFJxWlVKSUsxVjRla1pxYTNsSWNXWkVVMFJPYjJKTFl6Tm1ZbkYzWkc4NVJHVmtZa0ZhWVN0bFExZHJNbWxQSzNkSWR6UTNSVmhhUmtsMWJDc3lLMU5MUzA4MVpuWjNNbTlIWmtKd1JsUTRkVzg1VHpSRU5tTnFSVW93UldKTVFXVjFObVo1Y1dkelNrNDJRMXA2YWxkQk1rbEpZakpUYmprMGVWUnhWSEUxUlhsallXUnlObnBLVlN0TFJYaG5VRE5HVmtWRGFVSjFRelV2TDFZd1lXOXpUVTkzZGtKSWJrZDRLM0JPZDI1NlZXbzVRME5pVFdSQ09GWTJLekppU1ZKUlJ6ZHlkemx6YzFOblZISjFaRm8zUzJJd05EWlphR2xaZVhCdVdHczVNVEJXSzJaRFJVVnRPRmswYVU5TFpERjRTeTl4ZVZSNVUzcGpNaTl2U0doNVlpdFFibTV4WjFSM1ZVVmljekJ1U1d0S2R6MGlMQ0FpYTJWNWMyVjBTVzVtYnlJNmV5SndjbWx0WVhKNVMyVjVTV1FpT2pJMU9UazNOams1T0RJc0lDSnJaWGxKYm1adklqcGJleUowZVhCbFZYSnNJam9pZEhsd1pTNW5iMjluYkdWaGNHbHpMbU52YlM5bmIyOW5iR1V1WTNKNWNIUnZMblJwYm1zdVNuZDBSV05rYzJGUWNtbDJZWFJsUzJWNUlpd2dJbk4wWVhSMWN5STZJa1ZPUVVKTVJVUWlMQ0FpYTJWNVNXUWlPakkxT1RrM05qazVPRElzSUNKdmRYUndkWFJRY21WbWFYaFVlWEJsSWpvaVZFbE9TeUo5WFgxOQ== + public_ec256.key: ZXlKbGJtTnllWEIwWldSTFpYbHpaWFFpT2lKQlpqUjZObU5qWTFGT1IwVlFhbEp5VlhOTE1HWlJSRVJUTmpNM1lscEVabmRZVm1WMGMzUnRkM1k1SzJzMVdXZzVNV1JGVFdaaVR6QjVVMmQyWm1weWVHOWhWbkJ4U2tKcFJFUklSVmxTUjJGelRIUmpUSFYwT1dwMWNHMXpWRFp5WkVZM1ZFTmhXRWcyVFhoMFNrWTFNMU4zWVZSYVZUVm1VM0JuWkhodWFEQnVVRnBqVjJwbU0xaFhSRWxMVDAwM0wzWlhRbmMzTHpkbVpYaEZLM2RQYTBRNE5VWnJUV1l6UTBKaE5VTnRZWEpEUkRab2JFTTBlRGt2Wm5OWFMxbE5aM3B1Y0ZkcGRWcExkbHBRWkV0RmIzZEZhV1ZDZFRGbGVqWnVkRWwwU21OeVFtaHpiM1pzSzB0eFduaDZiRmc1Wm5oNE1uWmhiMlozUFQwaUxDQWlhMlY1YzJWMFNXNW1ieUk2ZXlKd2NtbHRZWEo1UzJWNVNXUWlPakkxT1RrM05qazVPRElzSUNKclpYbEpibVp2SWpwYmV5SjBlWEJsVlhKc0lqb2lkSGx3WlM1bmIyOW5iR1ZoY0dsekxtTnZiUzluYjI5bmJHVXVZM0o1Y0hSdkxuUnBibXN1U25kMFJXTmtjMkZRZFdKc2FXTkxaWGtpTENBaWMzUmhkSFZ6SWpvaVJVNUJRa3hGUkNJc0lDSnJaWGxKWkNJNk1qVTVPVGMyT1RrNE1pd2dJbTkxZEhCMWRGQnlaV1pwZUZSNWNHVWlPaUpVU1U1TEluMWRmWDA= diff --git a/deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-hatchet-postgresql-passwords.yaml b/deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-hatchet-postgresql-passwords.yaml new file mode 100644 index 0000000000..532c6248cf --- /dev/null +++ b/deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-hatchet-postgresql-passwords.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + name: r2r-hatchet-secrets + namespace: ai-system +type: Opaque +stringData: + HATCHET_DATABASE_POSTGRES_POSTGRES_PASSWORD: "s54c2xh756n90in6h7b76v3dh" + + # user-app password + HATCHET_DATABASE_POSTGRES_PASSWORD: "skrbgsfk8f4v8bw9fchf9" + + # optional - for replication + # HATCHET_DATABASE_POSTGRES_REPLICA_PASSWORD: "CHANGE_ME_replica_password" diff --git a/deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-hatchet-shared-config.yaml b/deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-hatchet-shared-config.yaml new file mode 100644 index 0000000000..1a75e5ffed --- /dev/null +++ b/deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-hatchet-shared-config.yaml @@ -0,0 +1,81 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: hatchet-shared-config + namespace: ai-system +type: Opaque +stringData: + ADMIN_EMAIL: "admin@example.com" + ADMIN_PASSWORD: "vnsefhsgbc8vfse" + + # DB + DATABASE_POSTGRES_DB_NAME: "hatchet" + DATABASE_POSTGRES_HOST: "postgresql" + DATABASE_POSTGRES_USERNAME: "postgres" + DATABASE_POSTGRES_PASSWORD: "s54c2xh756n90in6h7b76v3dh" + DATABASE_POSTGRES_PORT: "5432" + DATABASE_POSTGRES_SSL_MODE: "disable" + DATABASE_URL: "postgres://postgres:s54c2xh756n90in6h7b76v3dh@postgresql:5432/hatchet?sslmode=disable" + + # Auth / Server + SERVER_AUTH_BASIC_AUTH_ENABLED: "t" + SERVER_AUTH_COOKIE_DOMAIN: "localhost:8080" + SERVER_AUTH_COOKIE_INSECURE: "t" + SERVER_AUTH_SET_EMAIL_VERIFIED: "t" + SERVER_GRPC_BIND_ADDRESS: "0.0.0.0" + SERVER_GRPC_BROADCAST_ADDRESS: "controllers:7070" + SERVER_GRPC_INSECURE: "true" + SERVER_TASKQUEUE_RABBITMQ_URL: "amqp://hatchet:ffdg9u3wdhe2d843hf3@hatchet-rabbitmq:5672/" + SERVER_URL: "http://hatchet-api:8080" + SERVER_AUTH_COOKIE_SECRETS: "duYYuQjsoFE0O48eQP40JsztKVzvZujFu58hiconYc8= LFg9PSBN91eDeF4x4i0HYmwPU1mDph4/nakhIzIl1Q0=" + + # Encryption + SERVER_ENCRYPTION_MASTER_KEYSET_FILE: /etc/hatchet/keys/master.key + SERVER_ENCRYPTION_JWT_PRIVATE_KEYSET_FILE: /etc/hatchet/keys/private_ec256.key + SERVER_ENCRYPTION_JWT_PUBLIC_KEYSET_FILE: /etc/hatchet/keys/public_ec256.key + + RABBITMQ_DEFAULT_USER: "hatchet" + RABBITMQ_DEFAULT_PASS: "ffdg9u3wdhe2d843hf3" + RABBITMQ_ADMIN_EMAIL: "admin@example.com" + RABBITMQ_ADMIN_PASSWORD: "ffdg9u3wdhe2d843hf3" +--- +apiVersion: v1 +kind: Secret +metadata: + name: hatchet-rabbitmq-config + namespace: ai-system +type: Opaque +stringData: + rabbitmq.conf: | + ## Username and password + default_user = hatchet + + ## Clustering + cluster_name = hatchet-rabbitmq + cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s + cluster_formation.k8s.host = kubernetes.default + cluster_formation.k8s.address_type = hostname + cluster_formation.k8s.service_name = hatchet-rabbitmq-headless + cluster_formation.k8s.hostname_suffix = .hatchet-rabbitmq-headless.ai-system.svc.cluster.local + cluster_formation.node_cleanup.interval = 10 + cluster_formation.node_cleanup.only_log_warning = true + cluster_partition_handling = autoheal + + # queue master locator + queue_master_locator = min-masters + # enable loopback user + loopback_users.hatchet = false + #default_vhost = ai-system-vhost + #disk_free_limit.absolute = 50MB +--- +apiVersion: v1 +kind: Secret +metadata: + name: hatchet-rabbitmq + namespace: ai-system +type: Opaque +stringData: + rabbitmq-user: "hatchet" + rabbitmq-password: "ffdg9u3wdhe2d843hf3" + rabbitmq-erlang-cookie: "A_Very_Long_Random_ErlangCookie_32+chars" diff --git a/deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-r2r-file.yaml b/deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-r2r-file.yaml new file mode 100644 index 0000000000..5d9a2ec380 --- /dev/null +++ b/deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-r2r-file.yaml @@ -0,0 +1,43 @@ +apiVersion: v1 +kind: Secret +metadata: + name: r2r-files + namespace: ai-system +type: Opaque +stringData: + r2r.toml: | + [app] + fast_llm = "openai/gpt-4.1-nano" + quality_llm = "vllm/Bedovyy/Qwen3-32B" + + [auth] + require_authentication = true + default_admin_email = "user@example.com" + default_admin_password = "change_me_immediately" + + [completion] + provider = "r2r" + concurrent_request_limit = 16 + [completion.generation_config] + max_tokens_to_sample = 1024 + stream = true + temperature = 0.1 + top_p = 1 + + [embedding] + provider = "litellm" + base_model = "gemini/text-embedding-004" + base_dimension = nan + batch_size = 128 + concurrent_request_limit = 2 + + [completion_embedding] + provider = "litellm" + base_model = "gemini/text-embedding-004" + base_dimension = nan + batch_size = 128 + concurrent_request_limit = 2 + + [logging] + level = "DEBUG" + format = "json" diff --git a/deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-r2r.yaml b/deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-r2r.yaml new file mode 100644 index 0000000000..616df5b570 --- /dev/null +++ b/deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-r2r.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Secret +metadata: + name: r2r-secrets + namespace: ai-system +type: Opaque +stringData: + # Database access + R2R_POSTGRES_USER: "postgres" + R2R_POSTGRES_PASSWORD: "s54c2xh756n90in6h7b76v3dh" + + # LLMs keys + OPENAI_API_KEY: "" + LITELLM_PROXY_API_KEY: "" + R2R_SECRET_KEY: "" + ANTHROPIC_API_KEY: "" + AZURE_FOUNDRY_API_KEY: "" + AZURE_API_KEY: "" + GOOGLE_APPLICATION_CREDENTIALS: "" + GEMINI_API_KEY: "" + AWS_ACCESS_KEY_ID: "" + AWS_SECRET_ACCESS_KEY: "" + GROQ_API_KEY: "" + COHERE_API_KEY: "" + ANYSCALE_API_KEY: "" + LM_STUDIO_API_KEY: "" + HUGGINGFACE_API_KEY: "" + UNSTRUCTURED_API_KEY: "" + SERPER_API_KEY: "" + SENDGRID_API_KEY: "" + + # OAuth (opcjonalnie) + GOOGLE_CLIENT_ID: "" + GOOGLE_CLIENT_SECRET: "" + GITHUB_CLIENT_ID: "" + GITHUB_CLIENT_SECRET: "" diff --git a/deployment/k8s/kustomizations/overlays/gcp/dev/kustomization.yaml b/deployment/k8s/kustomizations/overlays/gcp/dev/kustomization.yaml new file mode 100644 index 0000000000..8a723bc189 --- /dev/null +++ b/deployment/k8s/kustomizations/overlays/gcp/dev/kustomization.yaml @@ -0,0 +1,17 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../base + - ./include/sec-hatchet-config.yaml + - ./include/sec-hatchet-shared-config.yaml + - ./include/sec-hatchet-keyset.yaml + - ./include/sec-hatchet-postgresql-passwords.yaml + - ./include/sec-r2r.yaml + - ./include/sec-r2r-file.yaml + +patches: + - path: patches/cm-r2r.yaml + target: + kind: ConfigMap + name: r2r-configmap diff --git a/deployment/k8s/kustomizations/overlays/gcp/dev/patches/cm-r2r.yaml b/deployment/k8s/kustomizations/overlays/gcp/dev/patches/cm-r2r.yaml new file mode 100644 index 0000000000..f31841d48a --- /dev/null +++ b/deployment/k8s/kustomizations/overlays/gcp/dev/patches/cm-r2r.yaml @@ -0,0 +1,49 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + annotations: + argocd.argoproj.io/sync-wave: "-2" + name: r2r-configmap + namespace: ai-system +data: + AWS_REGION_NAME: "" + AZURE_API_BASE: "" + AZURE_API_VERSION: "" + AZURE_FOUNDRY_API_ENDPOINT: "" + CLUSTERING_SERVICE_URL: http://r2r-graph-clustering:7276 + GITHUB_REDIRECT_URI: "" + GOOGLE_REDIRECT_URI: "" + HUGGINGFACE_API_BASE: "" + LITELLM_PROXY_API_BASE: "" + LITELLM_PROXY_API_URL: "" + LM_STUDIO_API_BASE: "" + NEXT_PUBLIC_HATCHET_DASHBOARD_URL: http://hatchet-dashboard:80 + NEXT_PUBLIC_R2R_DEPLOYMENT_URL: http://r2r:7272 + OLLAMA_API_BASE: "" + OPENAI_API_BASE: "" + PGADMIN_ENABLE_TLS: "false" + PYTHONUNBUFFERED: "1" + R2R_CONFIG_NAME: "" + R2R_DASHBOARD_PORT: "3000" + R2R_HATCHET_DASHBOARD_PORT: "80" + R2R_HOST: 0.0.0.0 + R2R_LOG_LEVEL: INFO + R2R_NGINX_PORT: "80" + R2R_PORT: "7272" + R2R_POSTGRES_DBNAME: r2r + R2R_POSTGRES_HOST: postgresql + R2R_POSTGRES_MAX_CONNECTIONS: "512" + R2R_POSTGRES_PORT: "5432" + R2R_POSTGRES_PROJECT_NAME: r2r_default + R2R_POSTGRES_STATEMENT_CACHE_SIZE: "100" + R2R_PROJECT_NAME: r2r_default + R2R_SENTRY_DSN: "" + R2R_SENTRY_ENVIRONMENT: "" + R2R_SENTRY_PROFILES_SAMPLE_RATE: "" + R2R_SENTRY_TRACES_SAMPLE_RATE: "" + TELEMETRY_ENABLED: "false" + VERTEX_LOCATION: "" + VERTEX_PROJECT: "" + HATCHET_ADMIN_ADDR: hatchet-api:7070 + HATCHET_CLIENT_HOST_PORT: hatchet-grpc:7070 + R2R_CONFIG_PATH: "/app/r2r.toml" diff --git a/deployment/k8s/kustomizations/overlays/gcp/prod/README.md b/deployment/k8s/kustomizations/overlays/gcp/prod/README.md new file mode 100644 index 0000000000..4f17e0eec7 --- /dev/null +++ b/deployment/k8s/kustomizations/overlays/gcp/prod/README.md @@ -0,0 +1,3 @@ +# About +This overlay is production-ready and requires advanced secrets configuration. +The `patches` directory provides examples of integration with Bitwarden Secrets Manager. diff --git a/deployment/k8s/kustomizations/overlays/gcp/prod/kustomization.yaml b/deployment/k8s/kustomizations/overlays/gcp/prod/kustomization.yaml new file mode 100644 index 0000000000..aa0b761e85 --- /dev/null +++ b/deployment/k8s/kustomizations/overlays/gcp/prod/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../base diff --git a/deployment/k8s/manifests/examples/externalsecret_hatchet.yaml b/deployment/k8s/kustomizations/overlays/gcp/prod/patches/examples/externalsecret_hatchet.yaml similarity index 100% rename from deployment/k8s/manifests/examples/externalsecret_hatchet.yaml rename to deployment/k8s/kustomizations/overlays/gcp/prod/patches/examples/externalsecret_hatchet.yaml diff --git a/deployment/k8s/manifests/examples/externalsecret_r2r.yaml b/deployment/k8s/kustomizations/overlays/gcp/prod/patches/examples/externalsecret_r2r.yaml similarity index 100% rename from deployment/k8s/manifests/examples/externalsecret_r2r.yaml rename to deployment/k8s/kustomizations/overlays/gcp/prod/patches/examples/externalsecret_r2r.yaml diff --git a/deployment/k8s/manifests/examples/ingress-r2r.yaml b/deployment/k8s/kustomizations/overlays/gcp/prod/patches/examples/ingress-r2r.yaml similarity index 100% rename from deployment/k8s/manifests/examples/ingress-r2r.yaml rename to deployment/k8s/kustomizations/overlays/gcp/prod/patches/examples/ingress-r2r.yaml diff --git a/deployment/k8s/manifests/examples/secrets_hatchet.yaml b/deployment/k8s/kustomizations/overlays/gcp/prod/patches/examples/secrets_hatchet.yaml similarity index 100% rename from deployment/k8s/manifests/examples/secrets_hatchet.yaml rename to deployment/k8s/kustomizations/overlays/gcp/prod/patches/examples/secrets_hatchet.yaml diff --git a/deployment/k8s/manifests/examples/secrets_r2r.yaml b/deployment/k8s/kustomizations/overlays/gcp/prod/patches/examples/secrets_r2r.yaml similarity index 100% rename from deployment/k8s/manifests/examples/secrets_r2r.yaml rename to deployment/k8s/kustomizations/overlays/gcp/prod/patches/examples/secrets_r2r.yaml diff --git a/deployment/k8s/kustomizations/patches/rm-secret-hatchet-postgres.yaml b/deployment/k8s/kustomizations/overlays/gcp/prod/patches/rm-secret-hatchet-postgres.yaml similarity index 100% rename from deployment/k8s/kustomizations/patches/rm-secret-hatchet-postgres.yaml rename to deployment/k8s/kustomizations/overlays/gcp/prod/patches/rm-secret-hatchet-postgres.yaml From a02afea59632d57e8779b73925d6a757c647691e Mon Sep 17 00:00:00 2001 From: Ryszard Szwajlik Date: Fri, 12 Sep 2025 09:30:30 +0200 Subject: [PATCH 2/4] chore: Add hatchet keys to the hatchet-working-token --- .../k8s/kustomizations/base/kustomization.yaml | 6 ++++++ .../base/patches/hatchet-rabbitmq-sts.yaml | 4 ++-- .../base/patches/hatchet-worker-token-job.yaml | 18 ++++++++++++++++++ .../gcp/base/patches/hatchet-rabbitmq-sts.yaml | 2 +- .../gcp/dev/include/sec-hatchet-keyset.yaml | 6 ++++++ 5 files changed, 33 insertions(+), 3 deletions(-) create mode 100644 deployment/k8s/kustomizations/base/patches/hatchet-worker-token-job.yaml diff --git a/deployment/k8s/kustomizations/base/kustomization.yaml b/deployment/k8s/kustomizations/base/kustomization.yaml index e297bf3255..d36d77bd0c 100644 --- a/deployment/k8s/kustomizations/base/kustomization.yaml +++ b/deployment/k8s/kustomizations/base/kustomization.yaml @@ -116,6 +116,12 @@ patches: kind: StatefulSet name: hatchet-rabbitmq + # Mount volume with hatchet keys + - path: patches/hatchet-worker-token-job.yaml + target: + kind: Job + name: '^hatchet-[a-z0-9]{10}-worker-token$' + # Remove secrets generated by Helm chart - path: patches/rm-secret-hatchet-rabbitmq.yaml target: diff --git a/deployment/k8s/kustomizations/base/patches/hatchet-rabbitmq-sts.yaml b/deployment/k8s/kustomizations/base/patches/hatchet-rabbitmq-sts.yaml index 5babe75b8f..2eaf0bb82b 100644 --- a/deployment/k8s/kustomizations/base/patches/hatchet-rabbitmq-sts.yaml +++ b/deployment/k8s/kustomizations/base/patches/hatchet-rabbitmq-sts.yaml @@ -4,8 +4,8 @@ metadata: name: hatchet-rabbitmq spec: volumeClaimTemplates: - - kind: PersistentVolumeClaim - apiVersion: v1 + - apiVersion: v1 + kind: PersistentVolumeClaim metadata: name: data spec: diff --git a/deployment/k8s/kustomizations/base/patches/hatchet-worker-token-job.yaml b/deployment/k8s/kustomizations/base/patches/hatchet-worker-token-job.yaml new file mode 100644 index 0000000000..38aeac35c9 --- /dev/null +++ b/deployment/k8s/kustomizations/base/patches/hatchet-worker-token-job.yaml @@ -0,0 +1,18 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: dummy-not-used +spec: + template: + spec: + volumes: + - name: hatchet-keys + secret: + defaultMode: 256 + secretName: hatchet-keyset + containers: + - name: setup-worker-token + volumeMounts: + - mountPath: /etc/hatchet/keys + name: hatchet-keys + readOnly: true diff --git a/deployment/k8s/kustomizations/overlays/gcp/base/patches/hatchet-rabbitmq-sts.yaml b/deployment/k8s/kustomizations/overlays/gcp/base/patches/hatchet-rabbitmq-sts.yaml index 9cc04551eb..aaa75622d2 100644 --- a/deployment/k8s/kustomizations/overlays/gcp/base/patches/hatchet-rabbitmq-sts.yaml +++ b/deployment/k8s/kustomizations/overlays/gcp/base/patches/hatchet-rabbitmq-sts.yaml @@ -10,7 +10,7 @@ spec: name: data spec: accessModes: - - ReadWriteOnce + - ReadWriteOnce resources: requests: storage: 8Gi diff --git a/deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-hatchet-keyset.yaml b/deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-hatchet-keyset.yaml index e411fb67d3..d4c24d66dc 100644 --- a/deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-hatchet-keyset.yaml +++ b/deployment/k8s/kustomizations/overlays/gcp/dev/include/sec-hatchet-keyset.yaml @@ -5,6 +5,12 @@ metadata: namespace: ai-system type: Opaque data: + # To generate those keys download https://github.com/hatchet-dev/hatchet + # And run: + # go run ./cmd/hatchet-admin keyset create-local-keys --key-dir ./keys + # + # More info: + # https://docs.hatchet.run/self-hosting/configuration-options master.key: ZXlKd2NtbHRZWEo1UzJWNVNXUWlPalF5TmpRNE1UVXdORGNzSUNKclpYa2lPbHQ3SW10bGVVUmhkR0VpT25zaWRIbHdaVlZ5YkNJNkluUjVjR1V1WjI5dloyeGxZWEJwY3k1amIyMHZaMjl2WjJ4bExtTnllWEIwYnk1MGFXNXJMa0ZsYzBkamJVdGxlU0lzSUNKMllXeDFaU0k2SWtkcFJHVlNaM0pCVUZWYVIzRkVVVEJUUlRsS0t5dElUblZvUkZKSlRFWjBWMVZOUjI5RVduQm9ZVGRZWlVFOVBTSXNJQ0pyWlhsTllYUmxjbWxoYkZSNWNHVWlPaUpUV1UxTlJWUlNTVU1pZlN3Z0luTjBZWFIxY3lJNklrVk9RVUpNUlVRaUxDQWlhMlY1U1dRaU9qUXlOalE0TVRVd05EY3NJQ0p2ZFhSd2RYUlFjbVZtYVhoVWVYQmxJam9pVkVsT1N5SjlYWDA= private_ec256.key: ZXlKbGJtTnllWEIwWldSTFpYbHpaWFFpT2lKQlpqUjZObU5rUWs4dkszQkNXbUZsU2pCdlpsUk1lSFJxWlVKSUsxVjRla1pxYTNsSWNXWkVVMFJPYjJKTFl6Tm1ZbkYzWkc4NVJHVmtZa0ZhWVN0bFExZHJNbWxQSzNkSWR6UTNSVmhhUmtsMWJDc3lLMU5MUzA4MVpuWjNNbTlIWmtKd1JsUTRkVzg1VHpSRU5tTnFSVW93UldKTVFXVjFObVo1Y1dkelNrNDJRMXA2YWxkQk1rbEpZakpUYmprMGVWUnhWSEUxUlhsallXUnlObnBLVlN0TFJYaG5VRE5HVmtWRGFVSjFRelV2TDFZd1lXOXpUVTkzZGtKSWJrZDRLM0JPZDI1NlZXbzVRME5pVFdSQ09GWTJLekppU1ZKUlJ6ZHlkemx6YzFOblZISjFaRm8zUzJJd05EWlphR2xaZVhCdVdHczVNVEJXSzJaRFJVVnRPRmswYVU5TFpERjRTeTl4ZVZSNVUzcGpNaTl2U0doNVlpdFFibTV4WjFSM1ZVVmljekJ1U1d0S2R6MGlMQ0FpYTJWNWMyVjBTVzVtYnlJNmV5SndjbWx0WVhKNVMyVjVTV1FpT2pJMU9UazNOams1T0RJc0lDSnJaWGxKYm1adklqcGJleUowZVhCbFZYSnNJam9pZEhsd1pTNW5iMjluYkdWaGNHbHpMbU52YlM5bmIyOW5iR1V1WTNKNWNIUnZMblJwYm1zdVNuZDBSV05rYzJGUWNtbDJZWFJsUzJWNUlpd2dJbk4wWVhSMWN5STZJa1ZPUVVKTVJVUWlMQ0FpYTJWNVNXUWlPakkxT1RrM05qazVPRElzSUNKdmRYUndkWFJRY21WbWFYaFVlWEJsSWpvaVZFbE9TeUo5WFgxOQ== public_ec256.key: ZXlKbGJtTnllWEIwWldSTFpYbHpaWFFpT2lKQlpqUjZObU5qWTFGT1IwVlFhbEp5VlhOTE1HWlJSRVJUTmpNM1lscEVabmRZVm1WMGMzUnRkM1k1SzJzMVdXZzVNV1JGVFdaaVR6QjVVMmQyWm1weWVHOWhWbkJ4U2tKcFJFUklSVmxTUjJGelRIUmpUSFYwT1dwMWNHMXpWRFp5WkVZM1ZFTmhXRWcyVFhoMFNrWTFNMU4zWVZSYVZUVm1VM0JuWkhodWFEQnVVRnBqVjJwbU0xaFhSRWxMVDAwM0wzWlhRbmMzTHpkbVpYaEZLM2RQYTBRNE5VWnJUV1l6UTBKaE5VTnRZWEpEUkRab2JFTTBlRGt2Wm5OWFMxbE5aM3B1Y0ZkcGRWcExkbHBRWkV0RmIzZEZhV1ZDZFRGbGVqWnVkRWwwU21OeVFtaHpiM1pzSzB0eFduaDZiRmc1Wm5oNE1uWmhiMlozUFQwaUxDQWlhMlY1YzJWMFNXNW1ieUk2ZXlKd2NtbHRZWEo1UzJWNVNXUWlPakkxT1RrM05qazVPRElzSUNKclpYbEpibVp2SWpwYmV5SjBlWEJsVlhKc0lqb2lkSGx3WlM1bmIyOW5iR1ZoY0dsekxtTnZiUzluYjI5bmJHVXVZM0o1Y0hSdkxuUnBibXN1U25kMFJXTmtjMkZRZFdKc2FXTkxaWGtpTENBaWMzUmhkSFZ6SWpvaVJVNUJRa3hGUkNJc0lDSnJaWGxKWkNJNk1qVTVPVGMyT1RrNE1pd2dJbTkxZEhCMWRGQnlaV1pwZUZSNWNHVWlPaUpVU1U1TEluMWRmWDA= From d596d0a177cb30f3f58a90d6fe60f2ae7ba66229 Mon Sep 17 00:00:00 2001 From: Ryszard Szwajlik Date: Fri, 12 Sep 2025 13:26:36 +0200 Subject: [PATCH 3/4] chore: Update hatchet version --- .../k8s/kustomizations/base/helm-values_hatchet.yaml | 10 +++++----- .../k8s/kustomizations/base/kustomization.yaml | 12 ++++++------ 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/deployment/k8s/kustomizations/base/helm-values_hatchet.yaml b/deployment/k8s/kustomizations/base/helm-values_hatchet.yaml index 754f3cbc76..aa504702d0 100644 --- a/deployment/k8s/kustomizations/base/helm-values_hatchet.yaml +++ b/deployment/k8s/kustomizations/base/helm-values_hatchet.yaml @@ -22,7 +22,7 @@ api: replicaCount: 2 image: repository: "ghcr.io/hatchet-dev/hatchet/hatchet-api" - tag: "v0.54.7" + tag: "v0.72.8" pullPolicy: "Always" migrationJob: image: @@ -67,7 +67,7 @@ grpc: replicaCount: 1 image: repository: "ghcr.io/hatchet-dev/hatchet/hatchet-engine" - tag: "v0.54.7" + tag: "v0.72.8" pullPolicy: "Always" setupJob: enabled: false @@ -119,7 +119,7 @@ controllers: replicaCount: 1 image: repository: "ghcr.io/hatchet-dev/hatchet/hatchet-engine" - tag: "v0.54.7" + tag: "v0.72.8" pullPolicy: "Always" setupJob: enabled: false @@ -171,7 +171,7 @@ scheduler: replicaCount: 1 image: repository: "ghcr.io/hatchet-dev/hatchet/hatchet-engine" - tag: "v0.54.7" + tag: "v0.72.8" pullPolicy: "Always" setupJob: enabled: false @@ -220,7 +220,7 @@ frontend: enabled: true image: repository: "ghcr.io/hatchet-dev/hatchet/hatchet-frontend" - tag: "v0.54.7" + tag: "v0.72.8" pullPolicy: "Always" service: externalPort: 8080 diff --git a/deployment/k8s/kustomizations/base/kustomization.yaml b/deployment/k8s/kustomizations/base/kustomization.yaml index d36d77bd0c..5001b26bc6 100644 --- a/deployment/k8s/kustomizations/base/kustomization.yaml +++ b/deployment/k8s/kustomizations/base/kustomization.yaml @@ -32,22 +32,22 @@ images: #ghcr.io/hatchet-dev/hatchet/hatchet-dashboard - name: ghcr.io/hatchet-dev/hatchet/hatchet-dashboard - newTag: v0.54.7 + newTag: v0.72.8 #ghcr.io/hatchet-dev/hatchet/hatchet-engine - name: ghcr.io/hatchet-dev/hatchet/hatchet-engine - newTag: v0.54.7 + newTag: v0.72.8 #ghcr.io/hatchet-dev/hatchet/hatchet-admin - name: ghcr.io/hatchet-dev/hatchet/hatchet-admin - newTag: v0.54.7 + newTag: v0.72.8 #ghcr.io/hatchet-dev/hatchet/hatchet-migrate - name: ghcr.io/hatchet-dev/hatchet/hatchet-migrate - newTag: v0.54.7 + newTag: v0.72.8 #ghcr.io/hatchet-dev/hatchet/hatchet-api - name: ghcr.io/hatchet-dev/hatchet/hatchet-api - newTag: v0.54.7 + newTag: v0.72.8 #ghcr.io/hatchet-dev/hatchet/hatchet-frontend - name: ghcr.io/hatchet-dev/hatchet/hatchet-frontend - newTag: v0.54.7 + newTag: v0.72.8 #https://hub.docker.com/r/bitnami/rabbitmq/tags?name=3. - name: docker.io/bitnami/rabbitmq From 6612a2fb92b35df0741cd02538c9bf35eeae9cc3 Mon Sep 17 00:00:00 2001 From: Ryszard Szwajlik Date: Fri, 12 Sep 2025 13:27:26 +0200 Subject: [PATCH 4/4] fix: Fix POSTGRESQL_MAX_CONNECTIONS --- deployment/k8s/kustomizations/base/helm-values_postgresql.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/deployment/k8s/kustomizations/base/helm-values_postgresql.yaml b/deployment/k8s/kustomizations/base/helm-values_postgresql.yaml index 84df87f364..7cbb5549d0 100644 --- a/deployment/k8s/kustomizations/base/helm-values_postgresql.yaml +++ b/deployment/k8s/kustomizations/base/helm-values_postgresql.yaml @@ -20,6 +20,9 @@ primary: limits: cpu: 1 memory: 1Gi + extraEnvVars: + - name: POSTGRESQL_MAX_CONNECTIONS + value: "500" initdb: scripts: 01-create-extra-db.sql: |