Init

.gitignore

@@ -0,0 +1,2 @@
+.DS_Store
+.#**

aidbox/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

aidbox/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+appVersion: edge
+description: Aidbox
+name: aidbox
+type: application
+version: 0.1.0

aidbox/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "aidbox.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "aidbox.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "aidbox.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "aidbox.labels" -}}
+helm.sh/chart: {{ include "aidbox.chart" . }}
+{{ include "aidbox.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "aidbox.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "aidbox.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "aidbox.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "aidbox.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

aidbox/templates/configmap.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "aidbox.fullname" . }}
+  labels:
+    {{- include "aidbox.labels" . | nindent 4 }}
+data:
+  {{- range $key, $val := .Values.config }}
+  {{ $key }}: {{ $val | quote }}
+  {{- end }}
+  AIDBOX_BASE_URL: {{ .Values.protocol }}://{{ .Values.host }}
+  PGHOST: {{ required "missing config PGHOST value" .Values.config.PGHOST | quote }}

aidbox/templates/deployment.yaml

@@ -0,0 +1,61 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "aidbox.fullname" . }}
+  labels:
+    {{- include "aidbox.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "aidbox.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ toJson .Values.config | sha256sum }}
+        checksum/secrets: {{ toJson .Values.secrets | sha256sum }}
+      labels:
+        {{- include "aidbox.labels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          envFrom:
+            - configMapRef:
+                name: {{ include "aidbox.fullname" . }}
+            - secretRef:
+                name: {{ include "aidbox.fullname" . }}
+          ports:
+            - name: api
+              containerPort: {{ int .Values.config.AIDBOX_PORT }}
+              protocol: TCP
+            - name: metrics
+              containerPort: {{ int .Values.config.BOX_METRICS_PORT }}
+              protocol: TCP
+          startupProbe:
+            {{- toYaml .Values.startupProbe | nindent 12 }}
+          livenessProbe:
+            {{- toYaml .Values.livenessProbe | nindent 12 }}
+          readinessProbe:
+            {{- toYaml .Values.readinessProbe | nindent 12 }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - weight: 100
+              podAffinityTerm:
+                labelSelector:
+                  matchLabels:
+                    {{- include "aidbox.selectorLabels" . | nindent 20 }}
+                topologyKey: "kubernetes.io/hostname"
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}

aidbox/templates/hpa.yaml

@@ -0,0 +1,32 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "aidbox.fullname" . }}
+  labels:
+    {{- include "aidbox.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "aidbox.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}

aidbox/templates/ingress.yaml

@@ -0,0 +1,34 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "aidbox.fullname" . -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "aidbox.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.className }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if eq .Values.protocol "https" }}
+  tls:
+    - hosts:
+        - {{ .Values.host | quote }}
+      secretName: {{ $fullName }}-tls
+  {{- end }}
+  rules:
+    - host: {{ .Values.host | quote }}
+      http:
+        paths:
+          - path: /
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: {{ $fullName }}-api
+                port:
+                  number: {{ int .Values.config.AIDBOX_PORT }}
+{{- end }}

aidbox/templates/secrets.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "aidbox.fullname" . }}
+  labels:
+    {{- include "aidbox.labels" . | nindent 4 }}
+data:
+  {{- range $key, $val := .Values.secrets }}
+  {{ $key }}: {{ required (printf "missing secret %s value" $key) $val | b64enc }}
+  {{- end }}
+
+  {{- with .Values.secrets }}
+  {{- if not .AIDBOX_LICENSE }}
+  AIDBOX_LICENSE_ID: {{ required "missing secret AIDBOX_LICENSE or AIDBOX_LICENSE_ID value" .AIDBOX_LICENSE_ID | b64enc }}
+  AIDBOX_LICENSE_KEY: {{ required "missing secret AIDBOX_LICENSE or AIDBOX_LICENSE_KEY value" .AIDBOX_LICENSE_KEY | b64enc }}
+  {{- end }}
+  {{- end }}

aidbox/templates/service-api.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "aidbox.fullname" . }}-api
+  labels:
+    {{- include "aidbox.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - name: api
+      port: {{ int .Values.service.apiPort }}
+      protocol: TCP
+      targetPort: api
+  selector:
+    {{- include "aidbox.selectorLabels" . | nindent 4 }}

aidbox/templates/service-metrics.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "aidbox.fullname" . }}-metrics
+  labels:
+    {{- include "aidbox.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - name: metrics
+      port: {{ int .Values.service.metricsPort }}
+      protocol: TCP
+      targetPort: metrics
+  selector:
+    {{- include "aidbox.selectorLabels" . | nindent 4 }}

aidbox/values.yaml

@@ -0,0 +1,96 @@
+host: my.domain.tld
+protocol: http
+
+config:
+  AIDBOX_BOX_ID: aidbox
+  AIDBOX_PORT: 8080
+  BOX_INSTANCE_NAME: aidbox
+  BOX_METRICS_PORT: 8765
+  PGDATABASE: aidbox
+  PGPORT: 5432
+
+secrets:
+  AIDBOX_ADMIN_ID: admin
+  AIDBOX_ADMIN_PASSWORD: ""
+  AIDBOX_CLIENT_ID: admin
+  AIDBOX_CLIENT_SECRET: ""
+  # AIDBOX_LICENSE: ""
+  # or
+  # AIDBOX_LICENSE_ID: ""
+  # AIDBOX_LICENSE_KEY: ""
+  PGUSER: ""
+  PGPASSWORD: ""
+
+
+image:
+  repository: healthsamurai/aidboxone
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: ""
+
+ingress:
+  enabled: true
+  className: "nginx"
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+livenessProbe:
+  httpGet:
+    path: /health
+    port: api
+  periodSeconds: 10
+  failureThreshold: 10
+readinessProbe:
+  httpGet:
+    path: /health
+    port: api
+  periodSeconds: 10
+  successThreshold: 1
+  failureThreshold: 5
+startupProbe:
+  httpGet:
+    path: /health
+    port: api
+  initialDelaySeconds: 20
+  periodSeconds:  5
+  failureThreshold: 10
+
+resources:
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  requests:
+    cpu: 500m
+    memory: 256Mi
+
+replicaCount: 1
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+service:
+  type: ClusterIP
+  apiPort: 80
+  metricsPort: 80
+
+nameOverride: ""
+fullnameOverride: ""
+
+podAnnotations: {}
+podLabels: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext:
+  runAsNonRoot: true
+  runAsUser: 1000
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true