From 400b36e8493f973f2e2f5bf891a35465c8a88dad Mon Sep 17 00:00:00 2001 From: Lianhao Lu Date: Fri, 6 Dec 2024 10:14:23 +0800 Subject: [PATCH 01/13] CI: dump all containers' log for chart test (#627) Signed-off-by: Lianhao Lu Signed-off-by: kkrishTa --- .github/workflows/scripts/e2e/chart_test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scripts/e2e/chart_test.sh b/.github/workflows/scripts/e2e/chart_test.sh index 98ced91e3..86c07adce 100755 --- a/.github/workflows/scripts/e2e/chart_test.sh +++ b/.github/workflows/scripts/e2e/chart_test.sh @@ -12,7 +12,7 @@ function dump_pod_log() { kubectl describe pod $pod_name -n $namespace echo "-----------------------------------" echo "#kubectl logs $pod_name -n $namespace" - kubectl logs $pod_name -n $namespace + kubectl logs $pod_name -n $namespace --all-containers --prefix=true echo "-----------------------------------" } From 501aeb262d31f54e915a76123e7ef18502530260 Mon Sep 17 00:00:00 2001 From: kkrishTa Date: Fri, 6 Dec 2024 17:57:32 +0530 Subject: [PATCH 02/13] AKS Deployment for OPEA applications Signed-off-by: kkrishTa --- .../azure/aks/terraform/README.md | 85 +++++++++++++ .../azure/aks/terraform/aks-azfs-csi-pvc.yaml | 11 ++ .../azure/aks/terraform/azure_main.tf | 113 ++++++++++++++++++ .../azure/aks/terraform/opea-chatqna.tfvars | 6 + .../azure/aks/terraform/outputs.tf | 21 ++++ .../azure/aks/terraform/terraform.tf | 18 +++ .../azure/aks/terraform/variables.tf | 83 +++++++++++++ 7 files changed, 337 insertions(+) create mode 100644 cloud-service-provider/azure/aks/terraform/README.md create mode 100644 cloud-service-provider/azure/aks/terraform/aks-azfs-csi-pvc.yaml create mode 100644 cloud-service-provider/azure/aks/terraform/azure_main.tf create mode 100644 cloud-service-provider/azure/aks/terraform/opea-chatqna.tfvars create mode 100644 cloud-service-provider/azure/aks/terraform/outputs.tf create mode 100644 cloud-service-provider/azure/aks/terraform/terraform.tf create mode 100644 cloud-service-provider/azure/aks/terraform/variables.tf diff --git a/cloud-service-provider/azure/aks/terraform/README.md b/cloud-service-provider/azure/aks/terraform/README.md new file mode 100644 index 000000000..7cfbb1f32 --- /dev/null +++ b/cloud-service-provider/azure/aks/terraform/README.md @@ -0,0 +1,85 @@ +# OPEA applications Azure AKS deployment guide + +This guide shows how to deploy OPEA applications on Azure Kubernetes Service (AKS) using Terraform. + +## Prerequisites + +- Access to Azure AKS +- [Terraform](https://developer.hashicorp.com/terraform/tutorials/azure-get-started/install-cli), [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/) and [Helm](https://helm.sh/docs/helm/helm_install/) installed on your local machine. +- Keep the Azure subscription handy and enter the subscription id when prompted during the terraform execution. + +## Setup + +The setup uses Terraform to create AKS cluster with the following properties: + +- 1-node AKS cluster with 50 GB disk and `Standard_D32d_v5` SPOT instance (16 vCPU and 32 GB memory) +- Cluster autoscaling up to 10 nodes +- Storage Class (SC) `azfs-sc` and Persistent Volume Claim (PVC) `model-volume` for storing the model data +- `LoadBalancer` address type for the service for external consumption +- Updates the kubeconfig file for `kubectl` access + +Initialize the Terraform environment. + +```bash +terraform init +``` + +## AKS cluster + +By default, 1-node cluster is created which is suitable for running the OPEA application. See `variables.tf` and `opea-.tfvars` if you want to tune the cluster properties, e.g., number of nodes, instance types or disk size. + +## Persistent Volume Claim + +OPEA needs a volume where to store the model. For that we need to create Kubernetes Persistent Volume Claim (PVC). OPEA requires `ReadWriteMany` option since multiple pods needs access to the storage and they can be on different nodes. On AKS, only Azure File Service supports `ReadWriteMany`. Thus, each OPEA application below uses the file `aks-azfs-csi-pvc.yaml` to create PVC in its namespace. + +## OPEA Applications + +### ChatQnA + +Use the commands below to create AKS cluster. +User has to input their Azure subscription id while running the following commands when prompted. + +```bash +terraform plan --var-file opea-chatqna.tfvars -out opea-chatqna.plan +terraform apply "opea-chatqna.plan" +``` + +Once the cluster is ready, the kubeconfig file to access the new cluster is updated automatically. By default, the file is `~/.kube/config`. + +Now you should have access to the cluster via the `kubectl` command. + +Deploy ChatQnA Application with Helm + +```bash +helm install -n chatqna --create-namespace chatqna oci://ghcr.io/opea-project/charts/chatqna --set service.type=LoadBalancer --set global.modelUsePVC=model-volume --set global.HUGGINGFACEHUB_API_TOKEN=${HFTOKEN} +``` + +Create the PVC as mentioned [above](#-persistent-volume-claim) + +```bash +kubectl apply -f aks-azfs-csi-pvc.yaml -n chatqna +``` + +After a while, the OPEA application should be running. You can check the status via `kubectl`. + +```bash +kubectl get pod -n chatqna +``` + +You can now start using the OPEA application. + +```bash +OPEA_SERVICE=$(kubectl get svc -n chatqna chatqna -ojsonpath='{.status.loadBalancer.ingress[0].hostname}') +curl http://${OPEA_SERVICE}:8888/v1/chatqna \ + -H "Content-Type: application/json" \ + -d '{"messages": "What is the revenue of Nike in 2023?"}' +``` + +Cleanup + +Delete the cluster via the following command. User has to input their Azure subscription id while running the following commands when prompted. + +```bash +helm uninstall -n chatqna chatqna +terraform destroy -var-file opea-chatqna.tfvars +``` diff --git a/cloud-service-provider/azure/aks/terraform/aks-azfs-csi-pvc.yaml b/cloud-service-provider/azure/aks/terraform/aks-azfs-csi-pvc.yaml new file mode 100644 index 000000000..54f837295 --- /dev/null +++ b/cloud-service-provider/azure/aks/terraform/aks-azfs-csi-pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: model-volume +spec: + accessModes: + - ReadWriteMany + storageClassName: azurefile-csi + resources: + requests: + storage: 100Gi diff --git a/cloud-service-provider/azure/aks/terraform/azure_main.tf b/cloud-service-provider/azure/aks/terraform/azure_main.tf new file mode 100644 index 000000000..b0b3746b3 --- /dev/null +++ b/cloud-service-provider/azure/aks/terraform/azure_main.tf @@ -0,0 +1,113 @@ +provider "kubernetes" { + config_path = "~/.kube/config" +} + +# Resource Group +resource "azurerm_resource_group" "main" { + name = "${var.cluster_name}-rg" + location = var.location +} + +# Virtual Network +module "vnet" { + source = "Azure/vnet/azurerm" + resource_group_name = azurerm_resource_group.main.name + vnet_name = "${var.cluster_name}-vnet" + vnet_location = azurerm_resource_group.main.location + + tags = { + environment = "dev" + } + depends_on = [azurerm_resource_group.main] +} + +# AKS Cluster +resource "azurerm_kubernetes_cluster" "main" { + name = var.cluster_name + location = azurerm_resource_group.main.location + resource_group_name = azurerm_resource_group.main.name + dns_prefix = var.cluster_name + kubernetes_version = var.cluster_version + private_cluster_public_fqdn_enabled = true + + default_node_pool { + name = "default" + auto_scaling_enabled = true + node_count = var.node_count + vm_size = var.instance_types[0] + min_count = var.min_count + max_count = var.max_count + vnet_subnet_id = module.vnet.vnet_subnets[0] + os_disk_size_gb = var.os_disk_size_gb + } + + identity { + type = "SystemAssigned" + } + + network_profile { + network_plugin = "azure" + load_balancer_sku = "standard" + service_cidr = "10.0.4.0/24" + dns_service_ip = "10.0.4.10" + } + +} + +# Azure Files Storage Account +resource "azurerm_storage_account" "main" { + name = replace(lower("${var.cluster_name}st"), "-", "") + resource_group_name = azurerm_resource_group.main.name + location = azurerm_resource_group.main.location + account_tier = "Premium" + account_replication_type = "LRS" + account_kind = "FileStorage" +} + +# Azure Files Share +resource "azurerm_storage_share" "main" { + name = "aksshare" + storage_account_id = azurerm_storage_account.main.id + quota = 100 +} + +# Key Vault +resource "azurerm_key_vault" "main" { + name = "${var.cluster_name}-kv" + location = azurerm_resource_group.main.location + resource_group_name = azurerm_resource_group.main.name + tenant_id = data.azurerm_client_config.current.tenant_id + sku_name = "standard" + soft_delete_retention_days = 7 + purge_protection_enabled = false + + access_policy { + tenant_id = data.azurerm_client_config.current.tenant_id + object_id = data.azurerm_client_config.current.object_id + + key_permissions = [ + "Create", + "Delete", + "Get", + "List", + ] + + secret_permissions = [ + "Set", + "Get", + "Delete", + "List", + ] + } +} + +# Update kubeconfig +resource "null_resource" "kubectl" { + provisioner "local-exec" { + command = "az aks get-credentials --resource-group ${azurerm_resource_group.main.name} --name ${azurerm_kubernetes_cluster.main.name} --overwrite-existing" + } + depends_on = [azurerm_kubernetes_cluster.main] +} + +# Data source for Azure subscription information +data "azurerm_client_config" "current" {} diff --git a/cloud-service-provider/azure/aks/terraform/opea-chatqna.tfvars b/cloud-service-provider/azure/aks/terraform/opea-chatqna.tfvars new file mode 100644 index 000000000..84dc1a717 --- /dev/null +++ b/cloud-service-provider/azure/aks/terraform/opea-chatqna.tfvars @@ -0,0 +1,6 @@ +cluster_name = "opea-chatqna" +instance_types = ["Standard_D32d_v5"] +node_pool_type = "Spot" +os_disk_size_gb = 50 +location = "eastus" +kubernetes_version = "1.30" diff --git a/cloud-service-provider/azure/aks/terraform/outputs.tf b/cloud-service-provider/azure/aks/terraform/outputs.tf new file mode 100644 index 000000000..0ce0d9085 --- /dev/null +++ b/cloud-service-provider/azure/aks/terraform/outputs.tf @@ -0,0 +1,21 @@ +output "cluster_endpoint" { + description = "Endpoint for AKS control plane" + #sensitive = false + sensitive = true + value = azurerm_kubernetes_cluster.main.kube_config.0.host +} + +output "oidc_issuer_url" { + description = "The URL for the OpenID Connect issuer" + value = azurerm_kubernetes_cluster.main.oidc_issuer_url +} + +output "location" { + description = "Azure region" + value = var.location +} + +output "cluster_name" { + description = "Kubernetes Cluster Name" + value = azurerm_kubernetes_cluster.main.name +} diff --git a/cloud-service-provider/azure/aks/terraform/terraform.tf b/cloud-service-provider/azure/aks/terraform/terraform.tf new file mode 100644 index 000000000..6148a8147 --- /dev/null +++ b/cloud-service-provider/azure/aks/terraform/terraform.tf @@ -0,0 +1,18 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 4.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.33.0" + } + } +} + +# Azure provider configuration +provider "azurerm" { + features {} + subscription_id = var.subscription_id +} diff --git a/cloud-service-provider/azure/aks/terraform/variables.tf b/cloud-service-provider/azure/aks/terraform/variables.tf new file mode 100644 index 000000000..6549cdc4c --- /dev/null +++ b/cloud-service-provider/azure/aks/terraform/variables.tf @@ -0,0 +1,83 @@ +variable "location" { + description = "Azure region" + type = string + default = "eastus" +} + +variable "cluster_name" { + description = "AKS cluster name" + type = string + default = "opea aks cluster" +} + +variable "kubernetes_version" { + description = "AKS cluster version" + type = string + default = "1.30" +} + +variable "use_custom_node_config" { + description = "Enable custom node configuration" + type = bool + default = true +} + +variable "subscription_id" { + description = "This is the Azure subscription id of the user" + type = string +} + +variable "os_disk_size_gb" { + description = "OS disk size in GB for nodes" + type = number + default = 50 +} + +variable "node_pool_type" { + description = "Azure VM Scale Set priority" + type = string + default = "Regular" # Regular for on-demand, Spot for spot instances +} + +variable "min_count" { + description = "Minimum number of nodes" + type = number + default = 1 +} + +variable "max_count" { + description = "Maximum number of nodes" + type = number + default = 10 +} + +variable "node_count" { + description = "Desired number of nodes" + type = number + default = 1 +} + +variable "resource_group_name" { + description = "Name of the resource group" + type = string + default = null +} + +variable "vnet_subnet_id" { + description = "ID of the subnet where the cluster will be deployed" + type = string + default = null +} + + +variable "cluster_version" { + description = "Kubernetes version for the cluster" + type = string + default = "1.30" +} + +variable "instance_types" { + description = "Azure VM size for nodes" + type = list(string) + default = ["Standard_D32d_v5"] +} From 749f5328a5cd7df64263f18a2ea098ea9cb1f39e Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Fri, 6 Dec 2024 12:47:15 +0000 Subject: [PATCH 03/13] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci Signed-off-by: kkrishTa --- .../azure/aks/terraform/README.md | 16 ++++++++-------- .../azure/aks/terraform/aks-azfs-csi-pvc.yaml | 3 +++ .../azure/aks/terraform/azure_main.tf | 4 ++-- .../azure/aks/terraform/outputs.tf | 2 +- .../azure/aks/terraform/variables.tf | 6 +++--- 5 files changed, 17 insertions(+), 14 deletions(-) diff --git a/cloud-service-provider/azure/aks/terraform/README.md b/cloud-service-provider/azure/aks/terraform/README.md index 7cfbb1f32..cf9258138 100644 --- a/cloud-service-provider/azure/aks/terraform/README.md +++ b/cloud-service-provider/azure/aks/terraform/README.md @@ -1,18 +1,18 @@ -# OPEA applications Azure AKS deployment guide +# OPEA applications Azure ASK deployment guide -This guide shows how to deploy OPEA applications on Azure Kubernetes Service (AKS) using Terraform. +This guide shows how to deploy OPEA applications on Azure Kubernetes Service (ASK) using Terraform. ## Prerequisites -- Access to Azure AKS +- Access to Azure ASK - [Terraform](https://developer.hashicorp.com/terraform/tutorials/azure-get-started/install-cli), [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/) and [Helm](https://helm.sh/docs/helm/helm_install/) installed on your local machine. - Keep the Azure subscription handy and enter the subscription id when prompted during the terraform execution. ## Setup -The setup uses Terraform to create AKS cluster with the following properties: +The setup uses Terraform to create ASK cluster with the following properties: -- 1-node AKS cluster with 50 GB disk and `Standard_D32d_v5` SPOT instance (16 vCPU and 32 GB memory) +- 1-node ASK cluster with 50 GB disk and `Standard_D32d_v5` SPOT instance (16 vCPU and 32 GB memory) - Cluster autoscaling up to 10 nodes - Storage Class (SC) `azfs-sc` and Persistent Volume Claim (PVC) `model-volume` for storing the model data - `LoadBalancer` address type for the service for external consumption @@ -24,19 +24,19 @@ Initialize the Terraform environment. terraform init ``` -## AKS cluster +## ASK cluster By default, 1-node cluster is created which is suitable for running the OPEA application. See `variables.tf` and `opea-.tfvars` if you want to tune the cluster properties, e.g., number of nodes, instance types or disk size. ## Persistent Volume Claim -OPEA needs a volume where to store the model. For that we need to create Kubernetes Persistent Volume Claim (PVC). OPEA requires `ReadWriteMany` option since multiple pods needs access to the storage and they can be on different nodes. On AKS, only Azure File Service supports `ReadWriteMany`. Thus, each OPEA application below uses the file `aks-azfs-csi-pvc.yaml` to create PVC in its namespace. +OPEA needs a volume where to store the model. For that we need to create Kubernetes Persistent Volume Claim (PVC). OPEA requires `ReadWriteMany` option since multiple pods needs access to the storage and they can be on different nodes. On ASK, only Azure File Service supports `ReadWriteMany`. Thus, each OPEA application below uses the file `aks-azfs-csi-pvc.yaml` to create PVC in its namespace. ## OPEA Applications ### ChatQnA -Use the commands below to create AKS cluster. +Use the commands below to create ASK cluster. User has to input their Azure subscription id while running the following commands when prompted. ```bash diff --git a/cloud-service-provider/azure/aks/terraform/aks-azfs-csi-pvc.yaml b/cloud-service-provider/azure/aks/terraform/aks-azfs-csi-pvc.yaml index 54f837295..d98e0219a 100644 --- a/cloud-service-provider/azure/aks/terraform/aks-azfs-csi-pvc.yaml +++ b/cloud-service-provider/azure/aks/terraform/aks-azfs-csi-pvc.yaml @@ -1,3 +1,6 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + apiVersion: v1 kind: PersistentVolumeClaim metadata: diff --git a/cloud-service-provider/azure/aks/terraform/azure_main.tf b/cloud-service-provider/azure/aks/terraform/azure_main.tf index b0b3746b3..6be8ce975 100644 --- a/cloud-service-provider/azure/aks/terraform/azure_main.tf +++ b/cloud-service-provider/azure/aks/terraform/azure_main.tf @@ -21,7 +21,7 @@ module "vnet" { depends_on = [azurerm_resource_group.main] } -# AKS Cluster +# ASK Cluster resource "azurerm_kubernetes_cluster" "main" { name = var.cluster_name location = azurerm_resource_group.main.location @@ -104,7 +104,7 @@ resource "azurerm_key_vault" "main" { # Update kubeconfig resource "null_resource" "kubectl" { provisioner "local-exec" { - command = "az aks get-credentials --resource-group ${azurerm_resource_group.main.name} --name ${azurerm_kubernetes_cluster.main.name} --overwrite-existing" + command = "az ask get-credentials --resource-group ${azurerm_resource_group.main.name} --name ${azurerm_kubernetes_cluster.main.name} --overwrite-existing" } depends_on = [azurerm_kubernetes_cluster.main] } diff --git a/cloud-service-provider/azure/aks/terraform/outputs.tf b/cloud-service-provider/azure/aks/terraform/outputs.tf index 0ce0d9085..d0b8ddae5 100644 --- a/cloud-service-provider/azure/aks/terraform/outputs.tf +++ b/cloud-service-provider/azure/aks/terraform/outputs.tf @@ -1,5 +1,5 @@ output "cluster_endpoint" { - description = "Endpoint for AKS control plane" + description = "Endpoint for ASK control plane" #sensitive = false sensitive = true value = azurerm_kubernetes_cluster.main.kube_config.0.host diff --git a/cloud-service-provider/azure/aks/terraform/variables.tf b/cloud-service-provider/azure/aks/terraform/variables.tf index 6549cdc4c..bfc74b9ef 100644 --- a/cloud-service-provider/azure/aks/terraform/variables.tf +++ b/cloud-service-provider/azure/aks/terraform/variables.tf @@ -5,13 +5,13 @@ variable "location" { } variable "cluster_name" { - description = "AKS cluster name" + description = "ASK cluster name" type = string - default = "opea aks cluster" + default = "opea ask cluster" } variable "kubernetes_version" { - description = "AKS cluster version" + description = "ASK cluster version" type = string default = "1.30" } From 511a3c5450249746c75905628a14bf581e752dc4 Mon Sep 17 00:00:00 2001 From: kkrishTa Date: Sat, 7 Dec 2024 22:49:59 +0530 Subject: [PATCH 04/13] Reverted changes by pre commit hook. Updated readme as per suggestions Signed-off-by: kkrishTa --- .../azure/aks/terraform/README.md | 20 +++++++++---------- .../azure/aks/terraform/azure_main.tf | 4 ++-- .../azure/aks/terraform/opea-chatqna.tfvars | 2 +- .../azure/aks/terraform/outputs.tf | 2 +- .../azure/aks/terraform/variables.tf | 10 +++++----- 5 files changed, 18 insertions(+), 20 deletions(-) diff --git a/cloud-service-provider/azure/aks/terraform/README.md b/cloud-service-provider/azure/aks/terraform/README.md index cf9258138..7b9bc3d0e 100644 --- a/cloud-service-provider/azure/aks/terraform/README.md +++ b/cloud-service-provider/azure/aks/terraform/README.md @@ -1,22 +1,20 @@ -# OPEA applications Azure ASK deployment guide +# OPEA applications Azure AKS deployment guide -This guide shows how to deploy OPEA applications on Azure Kubernetes Service (ASK) using Terraform. +This guide shows how to deploy OPEA applications on Azure Kubernetes Service (AKS) using Terraform. ## Prerequisites -- Access to Azure ASK +- Access to Azure AKS - [Terraform](https://developer.hashicorp.com/terraform/tutorials/azure-get-started/install-cli), [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/) and [Helm](https://helm.sh/docs/helm/helm_install/) installed on your local machine. - Keep the Azure subscription handy and enter the subscription id when prompted during the terraform execution. ## Setup -The setup uses Terraform to create ASK cluster with the following properties: +The setup uses Terraform to create AKS cluster with the following properties: -- 1-node ASK cluster with 50 GB disk and `Standard_D32d_v5` SPOT instance (16 vCPU and 32 GB memory) +- 1-node AKS cluster with 50 GB disk and `Standard_D32d_v5` SPOT (or standard based on the application variables) instance (16 vCPU and 32 GB memory) - Cluster autoscaling up to 10 nodes - Storage Class (SC) `azfs-sc` and Persistent Volume Claim (PVC) `model-volume` for storing the model data -- `LoadBalancer` address type for the service for external consumption -- Updates the kubeconfig file for `kubectl` access Initialize the Terraform environment. @@ -24,19 +22,19 @@ Initialize the Terraform environment. terraform init ``` -## ASK cluster +## AKS cluster By default, 1-node cluster is created which is suitable for running the OPEA application. See `variables.tf` and `opea-.tfvars` if you want to tune the cluster properties, e.g., number of nodes, instance types or disk size. ## Persistent Volume Claim -OPEA needs a volume where to store the model. For that we need to create Kubernetes Persistent Volume Claim (PVC). OPEA requires `ReadWriteMany` option since multiple pods needs access to the storage and they can be on different nodes. On ASK, only Azure File Service supports `ReadWriteMany`. Thus, each OPEA application below uses the file `aks-azfs-csi-pvc.yaml` to create PVC in its namespace. +OPEA needs a volume where to store the model. For that we need to create Kubernetes Persistent Volume Claim (PVC). OPEA requires `ReadWriteMany` option since multiple pods needs access to the storage and they can be on different nodes. On AKS, only Azure File Service supports `ReadWriteMany`. Thus, each OPEA application below uses the file `aks-azfs-csi-pvc.yaml` to create PVC in its namespace. ## OPEA Applications ### ChatQnA -Use the commands below to create ASK cluster. +Use the commands below to create AKS cluster. User has to input their Azure subscription id while running the following commands when prompted. ```bash @@ -65,7 +63,7 @@ After a while, the OPEA application should be running. You can check the status ```bash kubectl get pod -n chatqna ``` - +Ensure that all pods are running. You can now start using the OPEA application. ```bash diff --git a/cloud-service-provider/azure/aks/terraform/azure_main.tf b/cloud-service-provider/azure/aks/terraform/azure_main.tf index 6be8ce975..b0b3746b3 100644 --- a/cloud-service-provider/azure/aks/terraform/azure_main.tf +++ b/cloud-service-provider/azure/aks/terraform/azure_main.tf @@ -21,7 +21,7 @@ module "vnet" { depends_on = [azurerm_resource_group.main] } -# ASK Cluster +# AKS Cluster resource "azurerm_kubernetes_cluster" "main" { name = var.cluster_name location = azurerm_resource_group.main.location @@ -104,7 +104,7 @@ resource "azurerm_key_vault" "main" { # Update kubeconfig resource "null_resource" "kubectl" { provisioner "local-exec" { - command = "az ask get-credentials --resource-group ${azurerm_resource_group.main.name} --name ${azurerm_kubernetes_cluster.main.name} --overwrite-existing" + command = "az aks get-credentials --resource-group ${azurerm_resource_group.main.name} --name ${azurerm_kubernetes_cluster.main.name} --overwrite-existing" } depends_on = [azurerm_kubernetes_cluster.main] } diff --git a/cloud-service-provider/azure/aks/terraform/opea-chatqna.tfvars b/cloud-service-provider/azure/aks/terraform/opea-chatqna.tfvars index 84dc1a717..49665b625 100644 --- a/cloud-service-provider/azure/aks/terraform/opea-chatqna.tfvars +++ b/cloud-service-provider/azure/aks/terraform/opea-chatqna.tfvars @@ -1,6 +1,6 @@ cluster_name = "opea-chatqna" instance_types = ["Standard_D32d_v5"] -node_pool_type = "Spot" +node_pool_type = "Spot" # cheaper os_disk_size_gb = 50 location = "eastus" kubernetes_version = "1.30" diff --git a/cloud-service-provider/azure/aks/terraform/outputs.tf b/cloud-service-provider/azure/aks/terraform/outputs.tf index d0b8ddae5..0ce0d9085 100644 --- a/cloud-service-provider/azure/aks/terraform/outputs.tf +++ b/cloud-service-provider/azure/aks/terraform/outputs.tf @@ -1,5 +1,5 @@ output "cluster_endpoint" { - description = "Endpoint for ASK control plane" + description = "Endpoint for AKS control plane" #sensitive = false sensitive = true value = azurerm_kubernetes_cluster.main.kube_config.0.host diff --git a/cloud-service-provider/azure/aks/terraform/variables.tf b/cloud-service-provider/azure/aks/terraform/variables.tf index bfc74b9ef..ef3f8a45a 100644 --- a/cloud-service-provider/azure/aks/terraform/variables.tf +++ b/cloud-service-provider/azure/aks/terraform/variables.tf @@ -5,13 +5,13 @@ variable "location" { } variable "cluster_name" { - description = "ASK cluster name" + description = "AKS cluster name" type = string - default = "opea ask cluster" + default = "opea aks cluster" } variable "kubernetes_version" { - description = "ASK cluster version" + description = "AKS cluster version" type = string default = "1.30" } @@ -34,7 +34,7 @@ variable "os_disk_size_gb" { } variable "node_pool_type" { - description = "Azure VM Scale Set priority" + description = "VM spot or on-demand instance types" type = string default = "Regular" # Regular for on-demand, Spot for spot instances } @@ -77,7 +77,7 @@ variable "cluster_version" { } variable "instance_types" { - description = "Azure VM size for nodes" + description = "Azure VM instance type" type = list(string) default = ["Standard_D32d_v5"] } From 85f0393cd6dd8cb92124801bf94eafa1bef3816b Mon Sep 17 00:00:00 2001 From: kkrishTa Date: Sat, 7 Dec 2024 22:52:19 +0530 Subject: [PATCH 05/13] Adding code spell ignore for Azure Kubernetes Service Signed-off-by: kkrishTa --- .github/code_spell_ignore.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/code_spell_ignore.txt b/.github/code_spell_ignore.txt index e69de29bb..0283c7491 100644 --- a/.github/code_spell_ignore.txt +++ b/.github/code_spell_ignore.txt @@ -0,0 +1,2 @@ +aks +AKS From cbebbc4a64cd0ad90722db1f117cb5dc92021205 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Sat, 7 Dec 2024 17:20:19 +0000 Subject: [PATCH 06/13] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci Signed-off-by: kkrishTa --- .../azure/aks/terraform/README.md | 17 +++++++++-------- .../azure/aks/terraform/azure_main.tf | 4 ++-- .../azure/aks/terraform/outputs.tf | 2 +- .../azure/aks/terraform/variables.tf | 6 +++--- 4 files changed, 15 insertions(+), 14 deletions(-) diff --git a/cloud-service-provider/azure/aks/terraform/README.md b/cloud-service-provider/azure/aks/terraform/README.md index 7b9bc3d0e..8015b89e1 100644 --- a/cloud-service-provider/azure/aks/terraform/README.md +++ b/cloud-service-provider/azure/aks/terraform/README.md @@ -1,18 +1,18 @@ -# OPEA applications Azure AKS deployment guide +# OPEA applications Azure ASK deployment guide -This guide shows how to deploy OPEA applications on Azure Kubernetes Service (AKS) using Terraform. +This guide shows how to deploy OPEA applications on Azure Kubernetes Service (ASK) using Terraform. ## Prerequisites -- Access to Azure AKS +- Access to Azure ASK - [Terraform](https://developer.hashicorp.com/terraform/tutorials/azure-get-started/install-cli), [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/) and [Helm](https://helm.sh/docs/helm/helm_install/) installed on your local machine. - Keep the Azure subscription handy and enter the subscription id when prompted during the terraform execution. ## Setup -The setup uses Terraform to create AKS cluster with the following properties: +The setup uses Terraform to create ASK cluster with the following properties: -- 1-node AKS cluster with 50 GB disk and `Standard_D32d_v5` SPOT (or standard based on the application variables) instance (16 vCPU and 32 GB memory) +- 1-node ASK cluster with 50 GB disk and `Standard_D32d_v5` SPOT (or standard based on the application variables) instance (16 vCPU and 32 GB memory) - Cluster autoscaling up to 10 nodes - Storage Class (SC) `azfs-sc` and Persistent Volume Claim (PVC) `model-volume` for storing the model data @@ -22,19 +22,19 @@ Initialize the Terraform environment. terraform init ``` -## AKS cluster +## ASK cluster By default, 1-node cluster is created which is suitable for running the OPEA application. See `variables.tf` and `opea-.tfvars` if you want to tune the cluster properties, e.g., number of nodes, instance types or disk size. ## Persistent Volume Claim -OPEA needs a volume where to store the model. For that we need to create Kubernetes Persistent Volume Claim (PVC). OPEA requires `ReadWriteMany` option since multiple pods needs access to the storage and they can be on different nodes. On AKS, only Azure File Service supports `ReadWriteMany`. Thus, each OPEA application below uses the file `aks-azfs-csi-pvc.yaml` to create PVC in its namespace. +OPEA needs a volume where to store the model. For that we need to create Kubernetes Persistent Volume Claim (PVC). OPEA requires `ReadWriteMany` option since multiple pods needs access to the storage and they can be on different nodes. On ASK, only Azure File Service supports `ReadWriteMany`. Thus, each OPEA application below uses the file `aks-azfs-csi-pvc.yaml` to create PVC in its namespace. ## OPEA Applications ### ChatQnA -Use the commands below to create AKS cluster. +Use the commands below to create ASK cluster. User has to input their Azure subscription id while running the following commands when prompted. ```bash @@ -63,6 +63,7 @@ After a while, the OPEA application should be running. You can check the status ```bash kubectl get pod -n chatqna ``` + Ensure that all pods are running. You can now start using the OPEA application. diff --git a/cloud-service-provider/azure/aks/terraform/azure_main.tf b/cloud-service-provider/azure/aks/terraform/azure_main.tf index b0b3746b3..6be8ce975 100644 --- a/cloud-service-provider/azure/aks/terraform/azure_main.tf +++ b/cloud-service-provider/azure/aks/terraform/azure_main.tf @@ -21,7 +21,7 @@ module "vnet" { depends_on = [azurerm_resource_group.main] } -# AKS Cluster +# ASK Cluster resource "azurerm_kubernetes_cluster" "main" { name = var.cluster_name location = azurerm_resource_group.main.location @@ -104,7 +104,7 @@ resource "azurerm_key_vault" "main" { # Update kubeconfig resource "null_resource" "kubectl" { provisioner "local-exec" { - command = "az aks get-credentials --resource-group ${azurerm_resource_group.main.name} --name ${azurerm_kubernetes_cluster.main.name} --overwrite-existing" + command = "az ask get-credentials --resource-group ${azurerm_resource_group.main.name} --name ${azurerm_kubernetes_cluster.main.name} --overwrite-existing" } depends_on = [azurerm_kubernetes_cluster.main] } diff --git a/cloud-service-provider/azure/aks/terraform/outputs.tf b/cloud-service-provider/azure/aks/terraform/outputs.tf index 0ce0d9085..d0b8ddae5 100644 --- a/cloud-service-provider/azure/aks/terraform/outputs.tf +++ b/cloud-service-provider/azure/aks/terraform/outputs.tf @@ -1,5 +1,5 @@ output "cluster_endpoint" { - description = "Endpoint for AKS control plane" + description = "Endpoint for ASK control plane" #sensitive = false sensitive = true value = azurerm_kubernetes_cluster.main.kube_config.0.host diff --git a/cloud-service-provider/azure/aks/terraform/variables.tf b/cloud-service-provider/azure/aks/terraform/variables.tf index ef3f8a45a..5f7bc5661 100644 --- a/cloud-service-provider/azure/aks/terraform/variables.tf +++ b/cloud-service-provider/azure/aks/terraform/variables.tf @@ -5,13 +5,13 @@ variable "location" { } variable "cluster_name" { - description = "AKS cluster name" + description = "ASK cluster name" type = string - default = "opea aks cluster" + default = "opea ask cluster" } variable "kubernetes_version" { - description = "AKS cluster version" + description = "ASK cluster version" type = string default = "1.30" } From 12452a5d8250977e62f03e7c32636c191e6e8a14 Mon Sep 17 00:00:00 2001 From: kkrishTa Date: Sat, 7 Dec 2024 23:08:09 +0530 Subject: [PATCH 07/13] Adding code spell ignore for AKS and reverting pre commit changes Signed-off-by: kkrishTa --- .../azure/aks/terraform/README.md | 18 +++++++++--------- .../azure/aks/terraform/azure_main.tf | 4 ++-- .../azure/aks/terraform/outputs.tf | 2 +- .../azure/aks/terraform/variables.tf | 6 +++--- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/cloud-service-provider/azure/aks/terraform/README.md b/cloud-service-provider/azure/aks/terraform/README.md index 8015b89e1..0eb1087c5 100644 --- a/cloud-service-provider/azure/aks/terraform/README.md +++ b/cloud-service-provider/azure/aks/terraform/README.md @@ -1,20 +1,20 @@ -# OPEA applications Azure ASK deployment guide +# OPEA applications Azure AKS deployment guide -This guide shows how to deploy OPEA applications on Azure Kubernetes Service (ASK) using Terraform. +This guide shows how to deploy OPEA applications on Azure Kubernetes Service (AKS) using Terraform. ## Prerequisites -- Access to Azure ASK +- Access to Azure AKS - [Terraform](https://developer.hashicorp.com/terraform/tutorials/azure-get-started/install-cli), [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/) and [Helm](https://helm.sh/docs/helm/helm_install/) installed on your local machine. - Keep the Azure subscription handy and enter the subscription id when prompted during the terraform execution. ## Setup -The setup uses Terraform to create ASK cluster with the following properties: +The setup uses Terraform to create AKS cluster with the following properties: -- 1-node ASK cluster with 50 GB disk and `Standard_D32d_v5` SPOT (or standard based on the application variables) instance (16 vCPU and 32 GB memory) +- 1-node AKS cluster with 50 GB disk and `Standard_D32d_v5` SPOT (or standard based on the application variables) instance (16 vCPU and 32 GB memory) - Cluster autoscaling up to 10 nodes -- Storage Class (SC) `azfs-sc` and Persistent Volume Claim (PVC) `model-volume` for storing the model data +- Storage Class (SC) `azurefile-csi` and Persistent Volume Claim (PVC) `model-volume` for storing the model data Initialize the Terraform environment. @@ -22,19 +22,19 @@ Initialize the Terraform environment. terraform init ``` -## ASK cluster +## AKS cluster By default, 1-node cluster is created which is suitable for running the OPEA application. See `variables.tf` and `opea-.tfvars` if you want to tune the cluster properties, e.g., number of nodes, instance types or disk size. ## Persistent Volume Claim -OPEA needs a volume where to store the model. For that we need to create Kubernetes Persistent Volume Claim (PVC). OPEA requires `ReadWriteMany` option since multiple pods needs access to the storage and they can be on different nodes. On ASK, only Azure File Service supports `ReadWriteMany`. Thus, each OPEA application below uses the file `aks-azfs-csi-pvc.yaml` to create PVC in its namespace. +OPEA needs a volume where to store the model. For that we need to create Kubernetes Persistent Volume Claim (PVC). OPEA requires `ReadWriteMany` option since multiple pods needs access to the storage and they can be on different nodes. On AKS, only Azure File Service supports `ReadWriteMany`. Thus, each OPEA application below uses the file `aks-azfs-csi-pvc.yaml` to create PVC in its namespace. ## OPEA Applications ### ChatQnA -Use the commands below to create ASK cluster. +Use the commands below to create AKS cluster. User has to input their Azure subscription id while running the following commands when prompted. ```bash diff --git a/cloud-service-provider/azure/aks/terraform/azure_main.tf b/cloud-service-provider/azure/aks/terraform/azure_main.tf index 6be8ce975..b0b3746b3 100644 --- a/cloud-service-provider/azure/aks/terraform/azure_main.tf +++ b/cloud-service-provider/azure/aks/terraform/azure_main.tf @@ -21,7 +21,7 @@ module "vnet" { depends_on = [azurerm_resource_group.main] } -# ASK Cluster +# AKS Cluster resource "azurerm_kubernetes_cluster" "main" { name = var.cluster_name location = azurerm_resource_group.main.location @@ -104,7 +104,7 @@ resource "azurerm_key_vault" "main" { # Update kubeconfig resource "null_resource" "kubectl" { provisioner "local-exec" { - command = "az ask get-credentials --resource-group ${azurerm_resource_group.main.name} --name ${azurerm_kubernetes_cluster.main.name} --overwrite-existing" + command = "az aks get-credentials --resource-group ${azurerm_resource_group.main.name} --name ${azurerm_kubernetes_cluster.main.name} --overwrite-existing" } depends_on = [azurerm_kubernetes_cluster.main] } diff --git a/cloud-service-provider/azure/aks/terraform/outputs.tf b/cloud-service-provider/azure/aks/terraform/outputs.tf index d0b8ddae5..0ce0d9085 100644 --- a/cloud-service-provider/azure/aks/terraform/outputs.tf +++ b/cloud-service-provider/azure/aks/terraform/outputs.tf @@ -1,5 +1,5 @@ output "cluster_endpoint" { - description = "Endpoint for ASK control plane" + description = "Endpoint for AKS control plane" #sensitive = false sensitive = true value = azurerm_kubernetes_cluster.main.kube_config.0.host diff --git a/cloud-service-provider/azure/aks/terraform/variables.tf b/cloud-service-provider/azure/aks/terraform/variables.tf index 5f7bc5661..ef3f8a45a 100644 --- a/cloud-service-provider/azure/aks/terraform/variables.tf +++ b/cloud-service-provider/azure/aks/terraform/variables.tf @@ -5,13 +5,13 @@ variable "location" { } variable "cluster_name" { - description = "ASK cluster name" + description = "AKS cluster name" type = string - default = "opea ask cluster" + default = "opea aks cluster" } variable "kubernetes_version" { - description = "ASK cluster version" + description = "AKS cluster version" type = string default = "1.30" } From 25a876311e52d9ebf8fd0f4cbaca58ffa09ca033 Mon Sep 17 00:00:00 2001 From: kkrishTa Date: Mon, 9 Dec 2024 15:13:22 +0530 Subject: [PATCH 08/13] Updating cluster name to opea as a generic name Signed-off-by: kkrishTa --- cloud-service-provider/azure/aks/terraform/opea-chatqna.tfvars | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cloud-service-provider/azure/aks/terraform/opea-chatqna.tfvars b/cloud-service-provider/azure/aks/terraform/opea-chatqna.tfvars index 49665b625..8ab5e70bc 100644 --- a/cloud-service-provider/azure/aks/terraform/opea-chatqna.tfvars +++ b/cloud-service-provider/azure/aks/terraform/opea-chatqna.tfvars @@ -1,4 +1,4 @@ -cluster_name = "opea-chatqna" +cluster_name = "opea" instance_types = ["Standard_D32d_v5"] node_pool_type = "Spot" # cheaper os_disk_size_gb = 50 From 0db41200cdf8012932a8adeac4de6badb0e3dda2 Mon Sep 17 00:00:00 2001 From: Lianhao Lu Date: Tue, 10 Dec 2024 20:07:49 +0800 Subject: [PATCH 09/13] helm chart: Add service account support (#624) * helm: Add service account support in common services 1. Add service account creation support, disabled by default. 2. Add support of sharing the same service account by setting global.sharedSAName, disabled by default. Signed-off-by: Lianhao Lu * helm: Add service account support in e2e charts 1. Add service account creation support, enabled by default. 2. Add support of sharing the same service account by setting global.sharedSAName, enabled by default. Signed-off-by: Lianhao Lu --------- Signed-off-by: Lianhao Lu Signed-off-by: kkrishTa --- helm-charts/agentqna/templates/_helpers.tpl | 4 +- helm-charts/agentqna/templates/crag.yaml | 1 + .../agentqna/templates/docretriever.yaml | 1 + .../agentqna/templates/serviceaccount.yaml | 16 ++++++++ helm-charts/agentqna/values.yaml | 24 +++++++++++ helm-charts/audioqna/templates/_helpers.tpl | 4 +- .../audioqna/templates/deployment.yaml | 1 + .../audioqna/templates/serviceaccount.yaml | 16 ++++++++ helm-charts/audioqna/values.yaml | 38 ++++++++++++++---- helm-charts/chatqna/templates/_helpers.tpl | 4 +- helm-charts/chatqna/templates/deployment.yaml | 1 + .../chatqna/templates/serviceaccount.yaml | 16 ++++++++ helm-charts/chatqna/values.yaml | 40 +++++++++++++++---- helm-charts/codegen/templates/_helpers.tpl | 4 +- helm-charts/codegen/templates/deployment.yaml | 1 + .../codegen/templates/serviceaccount.yaml | 16 ++++++++ helm-charts/codegen/values.yaml | 38 ++++++++++++++---- helm-charts/codetrans/templates/_helpers.tpl | 4 +- .../codetrans/templates/deployment.yaml | 1 + .../codetrans/templates/serviceaccount.yaml | 16 ++++++++ helm-charts/codetrans/values.yaml | 38 ++++++++++++++---- .../common/agent/templates/_helpers.tpl | 4 +- .../common/agent/templates/deployment.yaml | 1 + .../agent/templates/serviceaccount.yaml | 16 ++++++++ helm-charts/common/agent/values.yaml | 15 +++++++ helm-charts/common/asr/templates/_helpers.tpl | 4 +- .../common/asr/templates/deployment.yaml | 1 + .../common/asr/templates/serviceaccount.yaml | 16 ++++++++ helm-charts/common/asr/values.yaml | 15 +++++++ .../chathistory-usvc/templates/_helpers.tpl | 4 +- .../templates/deployment.yaml | 1 + .../templates/serviceaccount.yaml | 16 ++++++++ .../common/chathistory-usvc/values.yaml | 15 +++++++ .../common/data-prep/templates/_helpers.tpl | 4 +- .../data-prep/templates/deployment.yaml | 1 + .../data-prep/templates/serviceaccount.yaml | 16 ++++++++ helm-charts/common/data-prep/values.yaml | 15 +++++++ .../embedding-usvc/templates/_helpers.tpl | 8 ++-- .../embedding-usvc/templates/deployment.yaml | 1 + .../templates/serviceaccount.yaml | 16 ++++++++ helm-charts/common/embedding-usvc/values.yaml | 15 +++++++ .../common/gpt-sovits/templates/_helpers.tpl | 4 +- .../gpt-sovits/templates/deployment.yaml | 1 + .../gpt-sovits/templates/serviceaccount.yaml | 16 ++++++++ helm-charts/common/gpt-sovits/values.yaml | 15 +++++++ .../guardrails-usvc/templates/_helpers.tpl | 4 +- .../guardrails-usvc/templates/deployment.yaml | 1 + .../templates/serviceaccount.yaml | 16 ++++++++ .../common/guardrails-usvc/values.yaml | 15 +++++++ .../llm-uservice/templates/_helpers.tpl | 4 +- .../llm-uservice/templates/deployment.yaml | 1 + .../templates/serviceaccount.yaml | 16 ++++++++ helm-charts/common/llm-uservice/values.yaml | 15 +++++++ .../lvm-uservice/templates/_helpers.tpl | 4 +- .../lvm-uservice/templates/deployment.yaml | 1 + .../templates/serviceaccount.yaml | 16 ++++++++ helm-charts/common/lvm-uservice/values.yaml | 15 +++++++ .../common/mongodb/templates/_helpers.tpl | 4 +- .../common/mongodb/templates/deployment.yaml | 1 + .../mongodb/templates/serviceaccount.yaml | 16 ++++++++ helm-charts/common/mongodb/values.yaml | 17 ++++++++ .../common/prompt-usvc/templates/_helpers.tpl | 4 +- .../prompt-usvc/templates/deployment.yaml | 1 + .../prompt-usvc/templates/serviceaccount.yaml | 16 ++++++++ helm-charts/common/prompt-usvc/values.yaml | 15 +++++++ .../redis-vector-db/templates/_helpers.tpl | 4 +- .../redis-vector-db/templates/deployment.yaml | 1 + .../templates/serviceaccount.yaml | 16 ++++++++ .../common/redis-vector-db/values.yaml | 17 ++++++++ .../reranking-usvc/templates/_helpers.tpl | 8 ++-- .../reranking-usvc/templates/deployment.yaml | 1 + .../templates/serviceaccount.yaml | 16 ++++++++ helm-charts/common/reranking-usvc/values.yaml | 15 +++++++ .../retriever-usvc/templates/_helpers.tpl | 4 +- .../retriever-usvc/templates/deployment.yaml | 1 + .../templates/serviceaccount.yaml | 16 ++++++++ helm-charts/common/retriever-usvc/values.yaml | 15 +++++++ .../common/speecht5/templates/_helpers.tpl | 4 +- .../common/speecht5/templates/deployment.yaml | 1 + .../speecht5/templates/serviceaccount.yaml | 16 ++++++++ helm-charts/common/speecht5/values.yaml | 15 +++++++ helm-charts/common/tei/templates/_helpers.tpl | 4 +- .../common/tei/templates/deployment.yaml | 1 + .../common/tei/templates/serviceaccount.yaml | 16 ++++++++ helm-charts/common/tei/values.yaml | 15 +++++++ .../common/teirerank/templates/_helpers.tpl | 4 +- .../teirerank/templates/deployment.yaml | 1 + .../teirerank/templates/serviceaccount.yaml | 16 ++++++++ helm-charts/common/teirerank/values.yaml | 15 +++++++ helm-charts/common/tgi/templates/_helpers.tpl | 4 +- .../common/tgi/templates/deployment.yaml | 1 + .../common/tgi/templates/serviceaccount.yaml | 16 ++++++++ helm-charts/common/tgi/values.yaml | 15 +++++++ helm-charts/common/tts/templates/_helpers.tpl | 4 +- .../common/tts/templates/deployment.yaml | 1 + .../common/tts/templates/serviceaccount.yaml | 16 ++++++++ helm-charts/common/tts/values.yaml | 15 +++++++ helm-charts/common/ui/templates/_helpers.tpl | 4 +- .../common/ui/templates/deployment.yaml | 1 + .../common/ui/templates/serviceaccount.yaml | 16 ++++++++ helm-charts/common/ui/values.yaml | 17 +++++++- .../common/vllm/templates/_helpers.tpl | 4 +- .../common/vllm/templates/deployment.yaml | 1 + .../common/vllm/templates/serviceaccount.yaml | 16 ++++++++ helm-charts/common/vllm/values.yaml | 15 +++++++ .../web-retriever/templates/_helpers.tpl | 4 +- .../web-retriever/templates/deployment.yaml | 1 + .../templates/serviceaccount.yaml | 16 ++++++++ helm-charts/common/web-retriever/values.yaml | 15 +++++++ .../common/whisper/templates/_helpers.tpl | 4 +- .../common/whisper/templates/deployment.yaml | 1 + .../whisper/templates/serviceaccount.yaml | 16 ++++++++ helm-charts/common/whisper/values.yaml | 15 +++++++ helm-charts/docsum/templates/_helpers.tpl | 4 +- helm-charts/docsum/templates/deployment.yaml | 1 + helm-charts/docsum/templates/m2t.yaml | 1 + .../docsum/templates/serviceaccount.yaml | 16 ++++++++ helm-charts/docsum/templates/v2a.yaml | 1 + helm-charts/docsum/values.yaml | 38 ++++++++++++++---- helm-charts/faqgen/templates/_helpers.tpl | 4 +- helm-charts/faqgen/templates/deployment.yaml | 1 + .../faqgen/templates/serviceaccount.yaml | 16 ++++++++ helm-charts/faqgen/values.yaml | 38 ++++++++++++++---- helm-charts/visualqna/templates/_helpers.tpl | 4 +- .../visualqna/templates/deployment.yaml | 1 + .../visualqna/templates/serviceaccount.yaml | 16 ++++++++ helm-charts/visualqna/values.yaml | 38 ++++++++++++++---- 127 files changed, 1219 insertions(+), 86 deletions(-) create mode 100644 helm-charts/agentqna/templates/serviceaccount.yaml create mode 100644 helm-charts/audioqna/templates/serviceaccount.yaml create mode 100644 helm-charts/chatqna/templates/serviceaccount.yaml create mode 100644 helm-charts/codegen/templates/serviceaccount.yaml create mode 100644 helm-charts/codetrans/templates/serviceaccount.yaml create mode 100644 helm-charts/common/agent/templates/serviceaccount.yaml create mode 100644 helm-charts/common/asr/templates/serviceaccount.yaml create mode 100644 helm-charts/common/chathistory-usvc/templates/serviceaccount.yaml create mode 100644 helm-charts/common/data-prep/templates/serviceaccount.yaml create mode 100644 helm-charts/common/embedding-usvc/templates/serviceaccount.yaml create mode 100644 helm-charts/common/gpt-sovits/templates/serviceaccount.yaml create mode 100644 helm-charts/common/guardrails-usvc/templates/serviceaccount.yaml create mode 100644 helm-charts/common/llm-uservice/templates/serviceaccount.yaml create mode 100644 helm-charts/common/lvm-uservice/templates/serviceaccount.yaml create mode 100644 helm-charts/common/mongodb/templates/serviceaccount.yaml create mode 100644 helm-charts/common/prompt-usvc/templates/serviceaccount.yaml create mode 100644 helm-charts/common/redis-vector-db/templates/serviceaccount.yaml create mode 100644 helm-charts/common/reranking-usvc/templates/serviceaccount.yaml create mode 100644 helm-charts/common/retriever-usvc/templates/serviceaccount.yaml create mode 100644 helm-charts/common/speecht5/templates/serviceaccount.yaml create mode 100644 helm-charts/common/tei/templates/serviceaccount.yaml create mode 100644 helm-charts/common/teirerank/templates/serviceaccount.yaml create mode 100644 helm-charts/common/tgi/templates/serviceaccount.yaml create mode 100644 helm-charts/common/tts/templates/serviceaccount.yaml create mode 100644 helm-charts/common/ui/templates/serviceaccount.yaml create mode 100644 helm-charts/common/vllm/templates/serviceaccount.yaml create mode 100644 helm-charts/common/web-retriever/templates/serviceaccount.yaml create mode 100644 helm-charts/common/whisper/templates/serviceaccount.yaml create mode 100644 helm-charts/docsum/templates/serviceaccount.yaml create mode 100644 helm-charts/faqgen/templates/serviceaccount.yaml create mode 100644 helm-charts/visualqna/templates/serviceaccount.yaml diff --git a/helm-charts/agentqna/templates/_helpers.tpl b/helm-charts/agentqna/templates/_helpers.tpl index aee028e15..1ce711ff7 100644 --- a/helm-charts/agentqna/templates/_helpers.tpl +++ b/helm-charts/agentqna/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "agentqna.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "agentqna.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/agentqna/templates/crag.yaml b/helm-charts/agentqna/templates/crag.yaml index c6449c289..94d3c8fa7 100644 --- a/helm-charts/agentqna/templates/crag.yaml +++ b/helm-charts/agentqna/templates/crag.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "agentqna.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/agentqna/templates/docretriever.yaml b/helm-charts/agentqna/templates/docretriever.yaml index 45c13e29c..4bc30e07c 100644 --- a/helm-charts/agentqna/templates/docretriever.yaml +++ b/helm-charts/agentqna/templates/docretriever.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "agentqna.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/agentqna/templates/serviceaccount.yaml b/helm-charts/agentqna/templates/serviceaccount.yaml new file mode 100644 index 000000000..a04ff655f --- /dev/null +++ b/helm-charts/agentqna/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "agentqna.serviceAccountName" . }} + labels: + {{- include "agentqna.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/agentqna/values.yaml b/helm-charts/agentqna/values.yaml index 64fa95cea..ae85c6224 100644 --- a/helm-charts/agentqna/values.yaml +++ b/helm-charts/agentqna/values.yaml @@ -7,6 +7,26 @@ replicaCount: 1 +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + securityContext: readOnlyRootFilesystem: true allowPrivilegeEscalation: false @@ -102,6 +122,10 @@ global: https_proxy: "" no_proxy: "" HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "agentqna" # set modelUseHostPath or modelUsePVC to use model cache. modelUseHostPath: "" # modelUseHostPath: /mnt/opea-models diff --git a/helm-charts/audioqna/templates/_helpers.tpl b/helm-charts/audioqna/templates/_helpers.tpl index cf5a0e50d..a9bcd9f82 100644 --- a/helm-charts/audioqna/templates/_helpers.tpl +++ b/helm-charts/audioqna/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "audioqna.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "audioqna.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/audioqna/templates/deployment.yaml b/helm-charts/audioqna/templates/deployment.yaml index 3f4ffd6b9..4282fc304 100644 --- a/helm-charts/audioqna/templates/deployment.yaml +++ b/helm-charts/audioqna/templates/deployment.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "audioqna.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/audioqna/templates/serviceaccount.yaml b/helm-charts/audioqna/templates/serviceaccount.yaml new file mode 100644 index 000000000..dea9789a3 --- /dev/null +++ b/helm-charts/audioqna/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "audioqna.serviceAccountName" . }} + labels: + {{- include "audioqna.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/audioqna/values.yaml b/helm-charts/audioqna/values.yaml index e6f5c783e..8ea01bb44 100644 --- a/helm-charts/audioqna/values.yaml +++ b/helm-charts/audioqna/values.yaml @@ -14,14 +14,25 @@ image: # Overrides the image tag whose default is the chart appVersion. tag: "latest" -port: 8888 -service: - type: ClusterIP - port: 3008 +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" -nginx: - service: - type: NodePort +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 securityContext: readOnlyRootFilesystem: true @@ -34,6 +45,15 @@ securityContext: seccompProfile: type: RuntimeDefault +port: 8888 +service: + type: ClusterIP + port: 3008 + +nginx: + service: + type: NodePort + nodeSelector: {} tolerations: [] @@ -57,6 +77,10 @@ global: https_proxy: "" no_proxy: "" HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "audioqna" # set modelUseHostPath or modelUsePVC to use model cache. modelUseHostPath: "" # modelUseHostPath: /mnt/opea-models diff --git a/helm-charts/chatqna/templates/_helpers.tpl b/helm-charts/chatqna/templates/_helpers.tpl index 63cc642b9..ab47b7b41 100644 --- a/helm-charts/chatqna/templates/_helpers.tpl +++ b/helm-charts/chatqna/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "chatqna.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "chatqna.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/chatqna/templates/deployment.yaml b/helm-charts/chatqna/templates/deployment.yaml index ced873870..6f19fee10 100644 --- a/helm-charts/chatqna/templates/deployment.yaml +++ b/helm-charts/chatqna/templates/deployment.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "chatqna.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/chatqna/templates/serviceaccount.yaml b/helm-charts/chatqna/templates/serviceaccount.yaml new file mode 100644 index 000000000..3ff18985a --- /dev/null +++ b/helm-charts/chatqna/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "chatqna.serviceAccountName" . }} + labels: + {{- include "chatqna.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/chatqna/values.yaml b/helm-charts/chatqna/values.yaml index 0082c2ab0..5558cf62b 100644 --- a/helm-charts/chatqna/values.yaml +++ b/helm-charts/chatqna/values.yaml @@ -14,14 +14,25 @@ image: # Overrides the image tag whose default is the chart appVersion. tag: "latest" -port: 8888 -service: - type: ClusterIP - port: 8888 - -nginx: - service: - type: NodePort +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 securityContext: readOnlyRootFilesystem: true @@ -34,6 +45,15 @@ securityContext: seccompProfile: type: RuntimeDefault +port: 8888 +service: + type: ClusterIP + port: 8888 + +nginx: + service: + type: NodePort + nodeSelector: {} tolerations: [] @@ -67,6 +87,10 @@ global: https_proxy: "" no_proxy: "" HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "chatqna" # set modelUseHostPath or modelUsePVC to use model cache. modelUseHostPath: "" # modelUseHostPath: /mnt/opea-models diff --git a/helm-charts/codegen/templates/_helpers.tpl b/helm-charts/codegen/templates/_helpers.tpl index 97a5ea9fc..2db3b1dc7 100644 --- a/helm-charts/codegen/templates/_helpers.tpl +++ b/helm-charts/codegen/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "codegen.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "codegen.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/codegen/templates/deployment.yaml b/helm-charts/codegen/templates/deployment.yaml index 7e271b548..d473b7a8f 100644 --- a/helm-charts/codegen/templates/deployment.yaml +++ b/helm-charts/codegen/templates/deployment.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "codegen.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/codegen/templates/serviceaccount.yaml b/helm-charts/codegen/templates/serviceaccount.yaml new file mode 100644 index 000000000..57cbc93c6 --- /dev/null +++ b/helm-charts/codegen/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "codegen.serviceAccountName" . }} + labels: + {{- include "codegen.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/codegen/values.yaml b/helm-charts/codegen/values.yaml index cbe72f159..c97e8911a 100644 --- a/helm-charts/codegen/values.yaml +++ b/helm-charts/codegen/values.yaml @@ -14,14 +14,25 @@ image: # Overrides the image tag whose default is the chart appVersion. tag: "latest" -port: 7778 -service: - type: ClusterIP - port: 7778 +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" -nginx: - service: - type: NodePort +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 securityContext: readOnlyRootFilesystem: true @@ -34,6 +45,15 @@ securityContext: seccompProfile: type: RuntimeDefault +port: 7778 +service: + type: ClusterIP + port: 7778 + +nginx: + service: + type: NodePort + nodeSelector: {} tolerations: [] @@ -56,6 +76,10 @@ global: https_proxy: "" no_proxy: "" HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "codegen" # set modelUseHostPath or modelUsePVC to use model cache. modelUseHostPath: "" # modelUseHostPath: /mnt/opea-models diff --git a/helm-charts/codetrans/templates/_helpers.tpl b/helm-charts/codetrans/templates/_helpers.tpl index 452ed1a9d..34555a661 100644 --- a/helm-charts/codetrans/templates/_helpers.tpl +++ b/helm-charts/codetrans/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "codetrans.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "codetrans.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/codetrans/templates/deployment.yaml b/helm-charts/codetrans/templates/deployment.yaml index aa5e2a5c9..f7dba9a44 100644 --- a/helm-charts/codetrans/templates/deployment.yaml +++ b/helm-charts/codetrans/templates/deployment.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "codetrans.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/codetrans/templates/serviceaccount.yaml b/helm-charts/codetrans/templates/serviceaccount.yaml new file mode 100644 index 000000000..9dc1cae45 --- /dev/null +++ b/helm-charts/codetrans/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "codetrans.serviceAccountName" . }} + labels: + {{- include "codetrans.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/codetrans/values.yaml b/helm-charts/codetrans/values.yaml index 79dec68a2..e34421ed0 100644 --- a/helm-charts/codetrans/values.yaml +++ b/helm-charts/codetrans/values.yaml @@ -15,14 +15,25 @@ image: # Overrides the image tag whose default is the chart appVersion. tag: "latest" -port: 7777 -service: - type: ClusterIP - port: 7777 +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" -nginx: - service: - type: NodePort +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 securityContext: readOnlyRootFilesystem: true @@ -35,6 +46,15 @@ securityContext: seccompProfile: type: RuntimeDefault +port: 7777 +service: + type: ClusterIP + port: 7777 + +nginx: + service: + type: NodePort + nodeSelector: {} tolerations: [] @@ -57,6 +77,10 @@ global: https_proxy: "" no_proxy: "" HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "codetrans" # set modelUseHostPath or modelUsePVC to use model cache. modelUseHostPath: "" # modelUseHostPath: /mnt/opea-models diff --git a/helm-charts/common/agent/templates/_helpers.tpl b/helm-charts/common/agent/templates/_helpers.tpl index 1227dfd81..65f878043 100644 --- a/helm-charts/common/agent/templates/_helpers.tpl +++ b/helm-charts/common/agent/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "agent.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "agent.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/common/agent/templates/deployment.yaml b/helm-charts/common/agent/templates/deployment.yaml index 12c0e00a2..dffe5ceca 100644 --- a/helm-charts/common/agent/templates/deployment.yaml +++ b/helm-charts/common/agent/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "agent.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/agent/templates/serviceaccount.yaml b/helm-charts/common/agent/templates/serviceaccount.yaml new file mode 100644 index 000000000..62b7ffca5 --- /dev/null +++ b/helm-charts/common/agent/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "agent.serviceAccountName" . }} + labels: + {{- include "agent.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/agent/values.yaml b/helm-charts/common/agent/values.yaml index 9d7b236d1..4e602d960 100644 --- a/helm-charts/common/agent/values.yaml +++ b/helm-charts/common/agent/values.yaml @@ -40,6 +40,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} @@ -105,6 +116,10 @@ global: https_proxy: "" no_proxy: "" HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "" # Install Prometheus serviceMonitor for service monitoring: false diff --git a/helm-charts/common/asr/templates/_helpers.tpl b/helm-charts/common/asr/templates/_helpers.tpl index 62d5a0554..613ba34bb 100644 --- a/helm-charts/common/asr/templates/_helpers.tpl +++ b/helm-charts/common/asr/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "asr.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "asr.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/common/asr/templates/deployment.yaml b/helm-charts/common/asr/templates/deployment.yaml index 309ff56ca..0f7f6edfa 100644 --- a/helm-charts/common/asr/templates/deployment.yaml +++ b/helm-charts/common/asr/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "asr.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/asr/templates/serviceaccount.yaml b/helm-charts/common/asr/templates/serviceaccount.yaml new file mode 100644 index 000000000..7139f3e29 --- /dev/null +++ b/helm-charts/common/asr/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "asr.serviceAccountName" . }} + labels: + {{- include "asr.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/asr/values.yaml b/helm-charts/common/asr/values.yaml index 92728e644..b975a3c1f 100644 --- a/helm-charts/common/asr/values.yaml +++ b/helm-charts/common/asr/values.yaml @@ -27,6 +27,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} @@ -91,3 +102,7 @@ global: http_proxy: "" https_proxy: "" no_proxy: "" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "" diff --git a/helm-charts/common/chathistory-usvc/templates/_helpers.tpl b/helm-charts/common/chathistory-usvc/templates/_helpers.tpl index 6442c29ee..4fee343bc 100644 --- a/helm-charts/common/chathistory-usvc/templates/_helpers.tpl +++ b/helm-charts/common/chathistory-usvc/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "chathistory-usvc.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "chathistory-usvc.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/common/chathistory-usvc/templates/deployment.yaml b/helm-charts/common/chathistory-usvc/templates/deployment.yaml index b721318e6..73ea450ee 100644 --- a/helm-charts/common/chathistory-usvc/templates/deployment.yaml +++ b/helm-charts/common/chathistory-usvc/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "chathistory-usvc.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/chathistory-usvc/templates/serviceaccount.yaml b/helm-charts/common/chathistory-usvc/templates/serviceaccount.yaml new file mode 100644 index 000000000..576093f5e --- /dev/null +++ b/helm-charts/common/chathistory-usvc/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "chathistory-usvc.serviceAccountName" . }} + labels: + {{- include "chathistory-usvc.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/chathistory-usvc/values.yaml b/helm-charts/common/chathistory-usvc/values.yaml index d5f2faa92..17cf7b22a 100644 --- a/helm-charts/common/chathistory-usvc/values.yaml +++ b/helm-charts/common/chathistory-usvc/values.yaml @@ -21,6 +21,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} @@ -94,3 +105,7 @@ global: http_proxy: "" https_proxy: "" no_proxy: "" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "" diff --git a/helm-charts/common/data-prep/templates/_helpers.tpl b/helm-charts/common/data-prep/templates/_helpers.tpl index 8d2062396..5ccc04bd8 100644 --- a/helm-charts/common/data-prep/templates/_helpers.tpl +++ b/helm-charts/common/data-prep/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "data-prep.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "data-prep.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/common/data-prep/templates/deployment.yaml b/helm-charts/common/data-prep/templates/deployment.yaml index 30faff173..fef104017 100644 --- a/helm-charts/common/data-prep/templates/deployment.yaml +++ b/helm-charts/common/data-prep/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "data-prep.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/data-prep/templates/serviceaccount.yaml b/helm-charts/common/data-prep/templates/serviceaccount.yaml new file mode 100644 index 000000000..55b877801 --- /dev/null +++ b/helm-charts/common/data-prep/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "data-prep.serviceAccountName" . }} + labels: + {{- include "data-prep.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/data-prep/values.yaml b/helm-charts/common/data-prep/values.yaml index e35274fcb..a8f1327c1 100644 --- a/helm-charts/common/data-prep/values.yaml +++ b/helm-charts/common/data-prep/values.yaml @@ -25,6 +25,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} @@ -113,3 +124,7 @@ global: https_proxy: "" no_proxy: "" HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "" diff --git a/helm-charts/common/embedding-usvc/templates/_helpers.tpl b/helm-charts/common/embedding-usvc/templates/_helpers.tpl index 229f1a5b5..5195c4cd1 100644 --- a/helm-charts/common/embedding-usvc/templates/_helpers.tpl +++ b/helm-charts/common/embedding-usvc/templates/_helpers.tpl @@ -53,9 +53,11 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{/* Create the name of the service account to use */}} -{{- define "llm-uservice.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "llm-uservice.fullname" .) .Values.serviceAccount.name }} +{{- define "embedding-usvc.serviceAccountName" -}} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} +{{- default (include "embedding-usvc.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} diff --git a/helm-charts/common/embedding-usvc/templates/deployment.yaml b/helm-charts/common/embedding-usvc/templates/deployment.yaml index 67b2fae99..459389518 100644 --- a/helm-charts/common/embedding-usvc/templates/deployment.yaml +++ b/helm-charts/common/embedding-usvc/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "embedding-usvc.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/embedding-usvc/templates/serviceaccount.yaml b/helm-charts/common/embedding-usvc/templates/serviceaccount.yaml new file mode 100644 index 000000000..0cd59bab4 --- /dev/null +++ b/helm-charts/common/embedding-usvc/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "embedding-usvc.serviceAccountName" . }} + labels: + {{- include "embedding-usvc.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/embedding-usvc/values.yaml b/helm-charts/common/embedding-usvc/values.yaml index 66f79d789..a4a36f8ab 100644 --- a/helm-charts/common/embedding-usvc/values.yaml +++ b/helm-charts/common/embedding-usvc/values.yaml @@ -26,6 +26,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} @@ -90,6 +101,10 @@ global: http_proxy: "" https_proxy: "" no_proxy: "" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "" # Install Prometheus serviceMonitor for service monitoring: false diff --git a/helm-charts/common/gpt-sovits/templates/_helpers.tpl b/helm-charts/common/gpt-sovits/templates/_helpers.tpl index f42c32caa..225fbc2ed 100644 --- a/helm-charts/common/gpt-sovits/templates/_helpers.tpl +++ b/helm-charts/common/gpt-sovits/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "gpt-sovits.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "gpt-sovits.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/common/gpt-sovits/templates/deployment.yaml b/helm-charts/common/gpt-sovits/templates/deployment.yaml index d5d6e9d90..36da72b47 100644 --- a/helm-charts/common/gpt-sovits/templates/deployment.yaml +++ b/helm-charts/common/gpt-sovits/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "gpt-sovits.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/gpt-sovits/templates/serviceaccount.yaml b/helm-charts/common/gpt-sovits/templates/serviceaccount.yaml new file mode 100644 index 000000000..092ce54c7 --- /dev/null +++ b/helm-charts/common/gpt-sovits/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gpt-sovits.serviceAccountName" . }} + labels: + {{- include "gpt-sovits.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/gpt-sovits/values.yaml b/helm-charts/common/gpt-sovits/values.yaml index d5cff30d7..52fbf83cc 100644 --- a/helm-charts/common/gpt-sovits/values.yaml +++ b/helm-charts/common/gpt-sovits/values.yaml @@ -18,6 +18,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} @@ -81,3 +92,7 @@ global: http_proxy: "" https_proxy: "" no_proxy: "" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "" diff --git a/helm-charts/common/guardrails-usvc/templates/_helpers.tpl b/helm-charts/common/guardrails-usvc/templates/_helpers.tpl index 088f88455..b08af6c49 100644 --- a/helm-charts/common/guardrails-usvc/templates/_helpers.tpl +++ b/helm-charts/common/guardrails-usvc/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "guardrails-usvc.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "guardrails-usvc.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/common/guardrails-usvc/templates/deployment.yaml b/helm-charts/common/guardrails-usvc/templates/deployment.yaml index bebf86e59..a551d521c 100644 --- a/helm-charts/common/guardrails-usvc/templates/deployment.yaml +++ b/helm-charts/common/guardrails-usvc/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "guardrails-usvc.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/guardrails-usvc/templates/serviceaccount.yaml b/helm-charts/common/guardrails-usvc/templates/serviceaccount.yaml new file mode 100644 index 000000000..33bba3251 --- /dev/null +++ b/helm-charts/common/guardrails-usvc/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "guardrails-usvc.serviceAccountName" . }} + labels: + {{- include "guardrails-usvc.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/guardrails-usvc/values.yaml b/helm-charts/common/guardrails-usvc/values.yaml index 56a0cc6d4..eb75b7e2a 100644 --- a/helm-charts/common/guardrails-usvc/values.yaml +++ b/helm-charts/common/guardrails-usvc/values.yaml @@ -30,6 +30,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} @@ -94,3 +105,7 @@ global: https_proxy: "" no_proxy: "" HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "" diff --git a/helm-charts/common/llm-uservice/templates/_helpers.tpl b/helm-charts/common/llm-uservice/templates/_helpers.tpl index d67db64c2..17552964a 100644 --- a/helm-charts/common/llm-uservice/templates/_helpers.tpl +++ b/helm-charts/common/llm-uservice/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "llm-uservice.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "llm-uservice.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/common/llm-uservice/templates/deployment.yaml b/helm-charts/common/llm-uservice/templates/deployment.yaml index dfa4e6022..ae7778c75 100644 --- a/helm-charts/common/llm-uservice/templates/deployment.yaml +++ b/helm-charts/common/llm-uservice/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "llm-uservice.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/llm-uservice/templates/serviceaccount.yaml b/helm-charts/common/llm-uservice/templates/serviceaccount.yaml new file mode 100644 index 000000000..dab76a7ba --- /dev/null +++ b/helm-charts/common/llm-uservice/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "llm-uservice.serviceAccountName" . }} + labels: + {{- include "llm-uservice.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/llm-uservice/values.yaml b/helm-charts/common/llm-uservice/values.yaml index 8908bb74c..84ae7d32a 100644 --- a/helm-charts/common/llm-uservice/values.yaml +++ b/helm-charts/common/llm-uservice/values.yaml @@ -32,6 +32,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} @@ -97,6 +108,10 @@ global: https_proxy: "" no_proxy: "" HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "" # Install Prometheus serviceMonitor for service monitoring: false diff --git a/helm-charts/common/lvm-uservice/templates/_helpers.tpl b/helm-charts/common/lvm-uservice/templates/_helpers.tpl index 86c26b0e6..abacefb88 100644 --- a/helm-charts/common/lvm-uservice/templates/_helpers.tpl +++ b/helm-charts/common/lvm-uservice/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "lvm-uservice.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "lvm-uservice.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/common/lvm-uservice/templates/deployment.yaml b/helm-charts/common/lvm-uservice/templates/deployment.yaml index c276087d6..8f6698f42 100644 --- a/helm-charts/common/lvm-uservice/templates/deployment.yaml +++ b/helm-charts/common/lvm-uservice/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "lvm-uservice.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/lvm-uservice/templates/serviceaccount.yaml b/helm-charts/common/lvm-uservice/templates/serviceaccount.yaml new file mode 100644 index 000000000..b21176e8a --- /dev/null +++ b/helm-charts/common/lvm-uservice/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "lvm-uservice.serviceAccountName" . }} + labels: + {{- include "lvm-uservice.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/lvm-uservice/values.yaml b/helm-charts/common/lvm-uservice/values.yaml index 75188a7e0..176c20876 100644 --- a/helm-charts/common/lvm-uservice/values.yaml +++ b/helm-charts/common/lvm-uservice/values.yaml @@ -29,6 +29,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} @@ -94,6 +105,10 @@ global: https_proxy: "" no_proxy: "" HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "" # Install Prometheus serviceMonitor for service monitoring: false diff --git a/helm-charts/common/mongodb/templates/_helpers.tpl b/helm-charts/common/mongodb/templates/_helpers.tpl index 6b1b8c179..b89a52b88 100644 --- a/helm-charts/common/mongodb/templates/_helpers.tpl +++ b/helm-charts/common/mongodb/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "mongodb.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "mongodb.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/common/mongodb/templates/deployment.yaml b/helm-charts/common/mongodb/templates/deployment.yaml index 4fca11ffd..d1666a395 100644 --- a/helm-charts/common/mongodb/templates/deployment.yaml +++ b/helm-charts/common/mongodb/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "mongodb.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/mongodb/templates/serviceaccount.yaml b/helm-charts/common/mongodb/templates/serviceaccount.yaml new file mode 100644 index 000000000..f7841e15e --- /dev/null +++ b/helm-charts/common/mongodb/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "mongodb.serviceAccountName" . }} + labels: + {{- include "mongodb.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/mongodb/values.yaml b/helm-charts/common/mongodb/values.yaml index cb38a714d..43e51b7d5 100644 --- a/helm-charts/common/mongodb/values.yaml +++ b/helm-charts/common/mongodb/values.yaml @@ -17,6 +17,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} @@ -60,3 +71,9 @@ nodeSelector: {} tolerations: [] affinity: {} + +global: + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "" diff --git a/helm-charts/common/prompt-usvc/templates/_helpers.tpl b/helm-charts/common/prompt-usvc/templates/_helpers.tpl index 147787115..da47665fc 100644 --- a/helm-charts/common/prompt-usvc/templates/_helpers.tpl +++ b/helm-charts/common/prompt-usvc/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "prompt-usvc.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "prompt-usvc.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/common/prompt-usvc/templates/deployment.yaml b/helm-charts/common/prompt-usvc/templates/deployment.yaml index 836668384..ca900b554 100644 --- a/helm-charts/common/prompt-usvc/templates/deployment.yaml +++ b/helm-charts/common/prompt-usvc/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "prompt-usvc.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/prompt-usvc/templates/serviceaccount.yaml b/helm-charts/common/prompt-usvc/templates/serviceaccount.yaml new file mode 100644 index 000000000..4cef0323d --- /dev/null +++ b/helm-charts/common/prompt-usvc/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "prompt-usvc.serviceAccountName" . }} + labels: + {{- include "prompt-usvc.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/prompt-usvc/values.yaml b/helm-charts/common/prompt-usvc/values.yaml index a475e6f5e..82562fca4 100644 --- a/helm-charts/common/prompt-usvc/values.yaml +++ b/helm-charts/common/prompt-usvc/values.yaml @@ -21,6 +21,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} @@ -97,3 +108,7 @@ global: http_proxy: "" https_proxy: "" no_proxy: "" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "" diff --git a/helm-charts/common/redis-vector-db/templates/_helpers.tpl b/helm-charts/common/redis-vector-db/templates/_helpers.tpl index f8f7a65da..96fffe220 100644 --- a/helm-charts/common/redis-vector-db/templates/_helpers.tpl +++ b/helm-charts/common/redis-vector-db/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "redis-vector-db.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "redis-vector-db.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/common/redis-vector-db/templates/deployment.yaml b/helm-charts/common/redis-vector-db/templates/deployment.yaml index d4fc692b6..427e9e996 100644 --- a/helm-charts/common/redis-vector-db/templates/deployment.yaml +++ b/helm-charts/common/redis-vector-db/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "redis-vector-db.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/redis-vector-db/templates/serviceaccount.yaml b/helm-charts/common/redis-vector-db/templates/serviceaccount.yaml new file mode 100644 index 000000000..4b42a96f1 --- /dev/null +++ b/helm-charts/common/redis-vector-db/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "redis-vector-db.serviceAccountName" . }} + labels: + {{- include "redis-vector-db.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/redis-vector-db/values.yaml b/helm-charts/common/redis-vector-db/values.yaml index d07339c3d..26a851283 100644 --- a/helm-charts/common/redis-vector-db/values.yaml +++ b/helm-charts/common/redis-vector-db/values.yaml @@ -17,6 +17,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} @@ -61,3 +72,9 @@ nodeSelector: {} tolerations: [] affinity: {} + +global: + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "" diff --git a/helm-charts/common/reranking-usvc/templates/_helpers.tpl b/helm-charts/common/reranking-usvc/templates/_helpers.tpl index 9247fe13b..1bc450a84 100644 --- a/helm-charts/common/reranking-usvc/templates/_helpers.tpl +++ b/helm-charts/common/reranking-usvc/templates/_helpers.tpl @@ -53,9 +53,11 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{/* Create the name of the service account to use */}} -{{- define "llm-uservice.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "llm-uservice.fullname" .) .Values.serviceAccount.name }} +{{- define "reranking-usvc.serviceAccountName" -}} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} +{{- default (include "reranking-usvc.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} diff --git a/helm-charts/common/reranking-usvc/templates/deployment.yaml b/helm-charts/common/reranking-usvc/templates/deployment.yaml index 50abfc5a0..192016eca 100644 --- a/helm-charts/common/reranking-usvc/templates/deployment.yaml +++ b/helm-charts/common/reranking-usvc/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "reranking-usvc.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/reranking-usvc/templates/serviceaccount.yaml b/helm-charts/common/reranking-usvc/templates/serviceaccount.yaml new file mode 100644 index 000000000..47aa7fdb0 --- /dev/null +++ b/helm-charts/common/reranking-usvc/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "reranking-usvc.serviceAccountName" . }} + labels: + {{- include "reranking-usvc.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/reranking-usvc/values.yaml b/helm-charts/common/reranking-usvc/values.yaml index 924815ff7..c1b28a8a6 100644 --- a/helm-charts/common/reranking-usvc/values.yaml +++ b/helm-charts/common/reranking-usvc/values.yaml @@ -26,6 +26,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} @@ -90,6 +101,10 @@ global: http_proxy: "" https_proxy: "" no_proxy: "" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "" # Install Prometheus serviceMonitor for service monitoring: false diff --git a/helm-charts/common/retriever-usvc/templates/_helpers.tpl b/helm-charts/common/retriever-usvc/templates/_helpers.tpl index 18c740303..a41c15c2e 100644 --- a/helm-charts/common/retriever-usvc/templates/_helpers.tpl +++ b/helm-charts/common/retriever-usvc/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "retriever-usvc.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "retriever-usvc.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/common/retriever-usvc/templates/deployment.yaml b/helm-charts/common/retriever-usvc/templates/deployment.yaml index b491b5d4d..f3914745f 100644 --- a/helm-charts/common/retriever-usvc/templates/deployment.yaml +++ b/helm-charts/common/retriever-usvc/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "retriever-usvc.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/retriever-usvc/templates/serviceaccount.yaml b/helm-charts/common/retriever-usvc/templates/serviceaccount.yaml new file mode 100644 index 000000000..017a456b8 --- /dev/null +++ b/helm-charts/common/retriever-usvc/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "retriever-usvc.serviceAccountName" . }} + labels: + {{- include "retriever-usvc.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/retriever-usvc/values.yaml b/helm-charts/common/retriever-usvc/values.yaml index 568f2c3f0..0e2540d63 100644 --- a/helm-charts/common/retriever-usvc/values.yaml +++ b/helm-charts/common/retriever-usvc/values.yaml @@ -35,6 +35,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} @@ -108,6 +119,10 @@ global: https_proxy: "" no_proxy: "" HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "" # Install Prometheus serviceMonitor for service monitoring: false diff --git a/helm-charts/common/speecht5/templates/_helpers.tpl b/helm-charts/common/speecht5/templates/_helpers.tpl index 7db4f3fd2..8250fdbe6 100644 --- a/helm-charts/common/speecht5/templates/_helpers.tpl +++ b/helm-charts/common/speecht5/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "speecht5.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "speecht5.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/common/speecht5/templates/deployment.yaml b/helm-charts/common/speecht5/templates/deployment.yaml index 6b5976b84..e0ea6538b 100644 --- a/helm-charts/common/speecht5/templates/deployment.yaml +++ b/helm-charts/common/speecht5/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "speecht5.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/speecht5/templates/serviceaccount.yaml b/helm-charts/common/speecht5/templates/serviceaccount.yaml new file mode 100644 index 000000000..4a7ccc833 --- /dev/null +++ b/helm-charts/common/speecht5/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "speecht5.serviceAccountName" . }} + labels: + {{- include "speecht5.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/speecht5/values.yaml b/helm-charts/common/speecht5/values.yaml index 96a8e452a..4b8fd6eba 100644 --- a/helm-charts/common/speecht5/values.yaml +++ b/helm-charts/common/speecht5/values.yaml @@ -21,6 +21,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} @@ -85,6 +96,10 @@ global: http_proxy: "" https_proxy: "" no_proxy: "" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "" # Choose where to save your downloaded models # Set modelUseHostPath for local directory, this is good for one node test. Example: diff --git a/helm-charts/common/tei/templates/_helpers.tpl b/helm-charts/common/tei/templates/_helpers.tpl index fc4a57438..b2ae98152 100644 --- a/helm-charts/common/tei/templates/_helpers.tpl +++ b/helm-charts/common/tei/templates/_helpers.tpl @@ -61,7 +61,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "tei.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "tei.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/common/tei/templates/deployment.yaml b/helm-charts/common/tei/templates/deployment.yaml index 442847df5..0d10c0156 100644 --- a/helm-charts/common/tei/templates/deployment.yaml +++ b/helm-charts/common/tei/templates/deployment.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "tei.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/tei/templates/serviceaccount.yaml b/helm-charts/common/tei/templates/serviceaccount.yaml new file mode 100644 index 000000000..ec6ef3779 --- /dev/null +++ b/helm-charts/common/tei/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "tei.serviceAccountName" . }} + labels: + {{- include "tei.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/tei/values.yaml b/helm-charts/common/tei/values.yaml index 44460a359..9d6193879 100644 --- a/helm-charts/common/tei/values.yaml +++ b/helm-charts/common/tei/values.yaml @@ -35,6 +35,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} @@ -99,6 +110,10 @@ global: http_proxy: "" https_proxy: "" no_proxy: "" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "" # Choose where to save your downloaded models # Set modelUseHostPath for local directory, this is good for one node test. Example: diff --git a/helm-charts/common/teirerank/templates/_helpers.tpl b/helm-charts/common/teirerank/templates/_helpers.tpl index 0c0b9238f..e6dca1a93 100644 --- a/helm-charts/common/teirerank/templates/_helpers.tpl +++ b/helm-charts/common/teirerank/templates/_helpers.tpl @@ -61,7 +61,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "teirerank.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "teirerank.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/common/teirerank/templates/deployment.yaml b/helm-charts/common/teirerank/templates/deployment.yaml index 2d0ec9992..bb8438898 100644 --- a/helm-charts/common/teirerank/templates/deployment.yaml +++ b/helm-charts/common/teirerank/templates/deployment.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "teirerank.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/teirerank/templates/serviceaccount.yaml b/helm-charts/common/teirerank/templates/serviceaccount.yaml new file mode 100644 index 000000000..490f147d7 --- /dev/null +++ b/helm-charts/common/teirerank/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "teirerank.serviceAccountName" . }} + labels: + {{- include "teirerank.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/teirerank/values.yaml b/helm-charts/common/teirerank/values.yaml index 4d0dedf29..1b54d5ae3 100644 --- a/helm-charts/common/teirerank/values.yaml +++ b/helm-charts/common/teirerank/values.yaml @@ -35,6 +35,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} @@ -99,6 +110,10 @@ global: http_proxy: "" https_proxy: "" no_proxy: "" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "" # Choose where to save your downloaded models # Set modelUseHostPath for local directory, this is good for one node test. Example: diff --git a/helm-charts/common/tgi/templates/_helpers.tpl b/helm-charts/common/tgi/templates/_helpers.tpl index b672e8309..746328c28 100644 --- a/helm-charts/common/tgi/templates/_helpers.tpl +++ b/helm-charts/common/tgi/templates/_helpers.tpl @@ -61,7 +61,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "tgi.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "tgi.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/common/tgi/templates/deployment.yaml b/helm-charts/common/tgi/templates/deployment.yaml index 04436e613..2411a5b6e 100644 --- a/helm-charts/common/tgi/templates/deployment.yaml +++ b/helm-charts/common/tgi/templates/deployment.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "tgi.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/tgi/templates/serviceaccount.yaml b/helm-charts/common/tgi/templates/serviceaccount.yaml new file mode 100644 index 000000000..bf0bf0d7b --- /dev/null +++ b/helm-charts/common/tgi/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "tgi.serviceAccountName" . }} + labels: + {{- include "tgi.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/tgi/values.yaml b/helm-charts/common/tgi/values.yaml index d58db193a..827138d05 100644 --- a/helm-charts/common/tgi/values.yaml +++ b/helm-charts/common/tgi/values.yaml @@ -36,6 +36,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} @@ -129,6 +140,10 @@ global: https_proxy: "" no_proxy: "" HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "" # Choose where to save your downloaded models # Set modelUseHostPath for local directory, this is good for one node test. Example: diff --git a/helm-charts/common/tts/templates/_helpers.tpl b/helm-charts/common/tts/templates/_helpers.tpl index 22b5e576a..4ae1516b6 100644 --- a/helm-charts/common/tts/templates/_helpers.tpl +++ b/helm-charts/common/tts/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "tts.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "tts.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/common/tts/templates/deployment.yaml b/helm-charts/common/tts/templates/deployment.yaml index 26da197a1..b00631955 100644 --- a/helm-charts/common/tts/templates/deployment.yaml +++ b/helm-charts/common/tts/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "tts.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/tts/templates/serviceaccount.yaml b/helm-charts/common/tts/templates/serviceaccount.yaml new file mode 100644 index 000000000..b9b47132a --- /dev/null +++ b/helm-charts/common/tts/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "tts.serviceAccountName" . }} + labels: + {{- include "tts.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/tts/values.yaml b/helm-charts/common/tts/values.yaml index 39214480c..ca465dfcb 100644 --- a/helm-charts/common/tts/values.yaml +++ b/helm-charts/common/tts/values.yaml @@ -27,6 +27,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} @@ -91,3 +102,7 @@ global: http_proxy: "" https_proxy: "" no_proxy: "" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "" diff --git a/helm-charts/common/ui/templates/_helpers.tpl b/helm-charts/common/ui/templates/_helpers.tpl index 07e404849..9ba7cbc64 100644 --- a/helm-charts/common/ui/templates/_helpers.tpl +++ b/helm-charts/common/ui/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "ui.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "ui.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/common/ui/templates/deployment.yaml b/helm-charts/common/ui/templates/deployment.yaml index 5bf8231bb..44a3299f8 100644 --- a/helm-charts/common/ui/templates/deployment.yaml +++ b/helm-charts/common/ui/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "ui.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/ui/templates/serviceaccount.yaml b/helm-charts/common/ui/templates/serviceaccount.yaml new file mode 100644 index 000000000..bcd96626c --- /dev/null +++ b/helm-charts/common/ui/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ui.serviceAccountName" . }} + labels: + {{- include "ui.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/ui/values.yaml b/helm-charts/common/ui/values.yaml index 4e0beddf4..793f19453 100644 --- a/helm-charts/common/ui/values.yaml +++ b/helm-charts/common/ui/values.yaml @@ -18,6 +18,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} @@ -96,4 +107,8 @@ DATAPREP_GET_FILE_ENDPOINT: "/v1/dataprep/get_file" # data preparation delete file service URL, default to Mega data preparation service DATAPREP_DELETE_FILE_ENDPOINT: "/v1/dataprep/delete_file" -global: {} +global: + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "" diff --git a/helm-charts/common/vllm/templates/_helpers.tpl b/helm-charts/common/vllm/templates/_helpers.tpl index 41b1f8d66..63ec9e61d 100644 --- a/helm-charts/common/vllm/templates/_helpers.tpl +++ b/helm-charts/common/vllm/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "vllm.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "vllm.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/common/vllm/templates/deployment.yaml b/helm-charts/common/vllm/templates/deployment.yaml index 66b5e3722..63aba08ff 100644 --- a/helm-charts/common/vllm/templates/deployment.yaml +++ b/helm-charts/common/vllm/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "vllm.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/vllm/templates/serviceaccount.yaml b/helm-charts/common/vllm/templates/serviceaccount.yaml new file mode 100644 index 000000000..b5f231597 --- /dev/null +++ b/helm-charts/common/vllm/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "vllm.serviceAccountName" . }} + labels: + {{- include "vllm.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/vllm/values.yaml b/helm-charts/common/vllm/values.yaml index fb599ccd3..c8958e3e0 100644 --- a/helm-charts/common/vllm/values.yaml +++ b/helm-charts/common/vllm/values.yaml @@ -20,6 +20,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} @@ -88,6 +99,10 @@ global: https_proxy: "" no_proxy: "" HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "" # Choose where to save your downloaded models # Set modelUseHostPath for local directory, this is good for one node test. Example: diff --git a/helm-charts/common/web-retriever/templates/_helpers.tpl b/helm-charts/common/web-retriever/templates/_helpers.tpl index 1bdb3e1b2..de5b570c8 100644 --- a/helm-charts/common/web-retriever/templates/_helpers.tpl +++ b/helm-charts/common/web-retriever/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "web-retriever.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "web-retriever.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/common/web-retriever/templates/deployment.yaml b/helm-charts/common/web-retriever/templates/deployment.yaml index 307206d3b..25b01790a 100644 --- a/helm-charts/common/web-retriever/templates/deployment.yaml +++ b/helm-charts/common/web-retriever/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "web-retriever.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/web-retriever/templates/serviceaccount.yaml b/helm-charts/common/web-retriever/templates/serviceaccount.yaml new file mode 100644 index 000000000..1e8065bb2 --- /dev/null +++ b/helm-charts/common/web-retriever/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "web-retriever.serviceAccountName" . }} + labels: + {{- include "web-retriever.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/web-retriever/values.yaml b/helm-charts/common/web-retriever/values.yaml index e3d254476..12aba2905 100644 --- a/helm-charts/common/web-retriever/values.yaml +++ b/helm-charts/common/web-retriever/values.yaml @@ -29,6 +29,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} @@ -93,3 +104,7 @@ global: http_proxy: "" https_proxy: "" no_proxy: "" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "" diff --git a/helm-charts/common/whisper/templates/_helpers.tpl b/helm-charts/common/whisper/templates/_helpers.tpl index 264e205a4..8c98682c3 100644 --- a/helm-charts/common/whisper/templates/_helpers.tpl +++ b/helm-charts/common/whisper/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "whisper.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "whisper.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/common/whisper/templates/deployment.yaml b/helm-charts/common/whisper/templates/deployment.yaml index c5d79899c..66b31dd37 100644 --- a/helm-charts/common/whisper/templates/deployment.yaml +++ b/helm-charts/common/whisper/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "whisper.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/whisper/templates/serviceaccount.yaml b/helm-charts/common/whisper/templates/serviceaccount.yaml new file mode 100644 index 000000000..427f274ba --- /dev/null +++ b/helm-charts/common/whisper/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "whisper.serviceAccountName" . }} + labels: + {{- include "whisper.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/whisper/values.yaml b/helm-charts/common/whisper/values.yaml index c368fe669..680dc3c57 100644 --- a/helm-charts/common/whisper/values.yaml +++ b/helm-charts/common/whisper/values.yaml @@ -20,6 +20,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} @@ -84,6 +95,10 @@ global: http_proxy: "" https_proxy: "" no_proxy: "" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "" # Choose where to save your downloaded models # Set modelUseHostPath for local directory, this is good for one node test. Example: diff --git a/helm-charts/docsum/templates/_helpers.tpl b/helm-charts/docsum/templates/_helpers.tpl index 48d7f924c..e963d725a 100644 --- a/helm-charts/docsum/templates/_helpers.tpl +++ b/helm-charts/docsum/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "docsum.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "docsum.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/docsum/templates/deployment.yaml b/helm-charts/docsum/templates/deployment.yaml index f6315d70f..cc2a281a4 100644 --- a/helm-charts/docsum/templates/deployment.yaml +++ b/helm-charts/docsum/templates/deployment.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "docsum.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/docsum/templates/m2t.yaml b/helm-charts/docsum/templates/m2t.yaml index d0e6c775c..897dabf88 100644 --- a/helm-charts/docsum/templates/m2t.yaml +++ b/helm-charts/docsum/templates/m2t.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "docsum.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/docsum/templates/serviceaccount.yaml b/helm-charts/docsum/templates/serviceaccount.yaml new file mode 100644 index 000000000..5547a38d6 --- /dev/null +++ b/helm-charts/docsum/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "docsum.serviceAccountName" . }} + labels: + {{- include "docsum.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/docsum/templates/v2a.yaml b/helm-charts/docsum/templates/v2a.yaml index c99fd4b3c..db192bfdc 100644 --- a/helm-charts/docsum/templates/v2a.yaml +++ b/helm-charts/docsum/templates/v2a.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "docsum.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/docsum/values.yaml b/helm-charts/docsum/values.yaml index 68e295864..a473a15f3 100644 --- a/helm-charts/docsum/values.yaml +++ b/helm-charts/docsum/values.yaml @@ -33,14 +33,25 @@ m2t: type: ClusterIP port: 7079 -port: 8888 -service: - type: ClusterIP - port: 8888 +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" -nginx: - service: - type: NodePort +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 securityContext: readOnlyRootFilesystem: true @@ -53,6 +64,15 @@ securityContext: seccompProfile: type: RuntimeDefault +port: 8888 +service: + type: ClusterIP + port: 8888 + +nginx: + service: + type: NodePort + nodeSelector: {} tolerations: [] @@ -80,6 +100,10 @@ global: https_proxy: "" no_proxy: "" HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "docsum" # set modelUseHostPath or modelUsePVC to use model cache. modelUseHostPath: "" # modelUseHostPath: /mnt/opea-models diff --git a/helm-charts/faqgen/templates/_helpers.tpl b/helm-charts/faqgen/templates/_helpers.tpl index f5913492b..9b543631a 100644 --- a/helm-charts/faqgen/templates/_helpers.tpl +++ b/helm-charts/faqgen/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "faqgen.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "faqgen.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/faqgen/templates/deployment.yaml b/helm-charts/faqgen/templates/deployment.yaml index b759c0316..bd9bbcc43 100644 --- a/helm-charts/faqgen/templates/deployment.yaml +++ b/helm-charts/faqgen/templates/deployment.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "faqgen.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/faqgen/templates/serviceaccount.yaml b/helm-charts/faqgen/templates/serviceaccount.yaml new file mode 100644 index 000000000..d468072e4 --- /dev/null +++ b/helm-charts/faqgen/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "faqgen.serviceAccountName" . }} + labels: + {{- include "faqgen.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/faqgen/values.yaml b/helm-charts/faqgen/values.yaml index d382d7b0b..75da4f674 100644 --- a/helm-charts/faqgen/values.yaml +++ b/helm-charts/faqgen/values.yaml @@ -14,14 +14,25 @@ image: # Overrides the image tag whose default is the chart appVersion. tag: "latest" -port: 8888 -service: - type: ClusterIP - port: 8888 +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" -nginx: - service: - type: NodePort +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 securityContext: readOnlyRootFilesystem: true @@ -34,6 +45,15 @@ securityContext: seccompProfile: type: RuntimeDefault +port: 8888 +service: + type: ClusterIP + port: 8888 + +nginx: + service: + type: NodePort + nodeSelector: {} tolerations: [] @@ -61,6 +81,10 @@ global: https_proxy: "" no_proxy: "" HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "faqgen" # set modelUseHostPath or modelUsePVC to use model cache. modelUseHostPath: "" # modelUseHostPath: /mnt/opea-models diff --git a/helm-charts/visualqna/templates/_helpers.tpl b/helm-charts/visualqna/templates/_helpers.tpl index 68b296a94..1b4124588 100644 --- a/helm-charts/visualqna/templates/_helpers.tpl +++ b/helm-charts/visualqna/templates/_helpers.tpl @@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "visualqna.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.global.sharedSAName }} +{{- .Values.global.sharedSAName }} +{{- else if .Values.serviceAccount.create }} {{- default (include "visualqna.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} diff --git a/helm-charts/visualqna/templates/deployment.yaml b/helm-charts/visualqna/templates/deployment.yaml index 5ef74e995..1964fc6d0 100644 --- a/helm-charts/visualqna/templates/deployment.yaml +++ b/helm-charts/visualqna/templates/deployment.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "visualqna.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/visualqna/templates/serviceaccount.yaml b/helm-charts/visualqna/templates/serviceaccount.yaml new file mode 100644 index 000000000..d0c9fe35b --- /dev/null +++ b/helm-charts/visualqna/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "visualqna.serviceAccountName" . }} + labels: + {{- include "visualqna.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/visualqna/values.yaml b/helm-charts/visualqna/values.yaml index f4a34ffd9..68c85e6c9 100644 --- a/helm-charts/visualqna/values.yaml +++ b/helm-charts/visualqna/values.yaml @@ -14,13 +14,25 @@ image: # Overrides the image tag whose default is the chart appVersion. tag: "latest" -nginx: - service: - type: NodePort -port: 8888 -service: - type: ClusterIP - port: 8888 +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 securityContext: readOnlyRootFilesystem: true @@ -33,6 +45,14 @@ securityContext: seccompProfile: type: RuntimeDefault +nginx: + service: + type: NodePort +port: 8888 +service: + type: ClusterIP + port: 8888 + nodeSelector: {} tolerations: [] @@ -62,6 +82,10 @@ global: https_proxy: "" no_proxy: "" HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here" + # service account name to be shared with all parent/child charts. + # If set, it will overwrite serviceAccount.name. + # If set, and serviceAccount.create is false, it will assume this service account is already created by others. + sharedSAName: "visualqna" # set modelUseHostPath or modelUsePVC to use model cache. modelUseHostPath: "" # modelUseHostPath: /mnt/opea-models From baf568e37c7b6b37fecf53c2595e01b246f69a63 Mon Sep 17 00:00:00 2001 From: Sakari Poussa Date: Tue, 10 Dec 2024 15:56:28 +0200 Subject: [PATCH 10/13] README: add links to terraform docs (#633) * README: add links to terraform docs Signed-off-by: Sakari Poussa * README: fix broken links Signed-off-by: Sakari Poussa * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Signed-off-by: Sakari Poussa Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Signed-off-by: kkrishTa --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1b0bf4127..def720b5e 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ The following steps are optional. They're only required if you want to run the w NOTE: Make sure you configure the appropriate container runtime based on the type of container runtime you installed during Kubernetes setup. -4. [Install Intel Gaudi device plugin for Kubernetes](https://docs.habana.ai/en/latest/Orchestration/Gaudi_Kubernetes/Device_Plugin_for_Kubernetes.html). +4. [Install Intel Gaudi device plugin for Kubernetes](https://docs.habana.ai/en/latest/Installation_Guide/Additional_Installation/Kubernetes_Installation/index.html). Alternatively, Intel provides a base operator to manage the Gaudi software stack. Refer to [this file](kubernetes-addons/Intel-Gaudi-Base-Operator/README.md) for details. @@ -57,6 +57,12 @@ To deploy GenAIExamples to Kubernetes using helm charts, you need [Helm](https:/ For a detailed version, see [Deploy GenAIExample/GenAIComps using helm charts](https://github.com/opea-project/GenAIInfra/tree/main/helm-charts/README.md) +### Use terraform to deploy on cloud service providers + +You can use [Terraform](https://www.terraform.io/) to create infrastructure to run OPEA applications on various cloud service provider (CSP) environments. + +- [AWS/EKS: Create managed Kubernetes cluster on AWS for OPEA](https://github.com/opea-project/GenAIInfra/blob/main/cloud-service-provider/aws/eks/terraform/README.MD) + ## Additional Content - [Code of Conduct](https://github.com/opea-project/docs/tree/main/community/CODE_OF_CONDUCT.md) From 56cab37fc30ab1d6f32be4ec09c8c54468a22378 Mon Sep 17 00:00:00 2001 From: kkrishTa Date: Tue, 10 Dec 2024 21:22:03 +0530 Subject: [PATCH 11/13] Adding link to the Azure terraform readme to opea documentation Signed-off-by: kkrishTa --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index def720b5e..ccb57ce66 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,7 @@ For a detailed version, see [Deploy GenAIExample/GenAIComps using helm charts](h You can use [Terraform](https://www.terraform.io/) to create infrastructure to run OPEA applications on various cloud service provider (CSP) environments. - [AWS/EKS: Create managed Kubernetes cluster on AWS for OPEA](https://github.com/opea-project/GenAIInfra/blob/main/cloud-service-provider/aws/eks/terraform/README.MD) +- [Azure/AKS: Create managed Kubernetes cluster on Azure for OPEA](https://github.com/opea-project/GenAIInfra/blob/main/cloud-service-provider/azure/aks/terraform/README.MD) ## Additional Content From 5312c56ef1baa7886a3010e3b530a94395e5d65b Mon Sep 17 00:00:00 2001 From: kkrishTa Date: Wed, 11 Dec 2024 05:55:14 +0530 Subject: [PATCH 12/13] Corrected md file link Signed-off-by: kkrishTa --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ccb57ce66..51b100155 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,7 @@ For a detailed version, see [Deploy GenAIExample/GenAIComps using helm charts](h You can use [Terraform](https://www.terraform.io/) to create infrastructure to run OPEA applications on various cloud service provider (CSP) environments. - [AWS/EKS: Create managed Kubernetes cluster on AWS for OPEA](https://github.com/opea-project/GenAIInfra/blob/main/cloud-service-provider/aws/eks/terraform/README.MD) -- [Azure/AKS: Create managed Kubernetes cluster on Azure for OPEA](https://github.com/opea-project/GenAIInfra/blob/main/cloud-service-provider/azure/aks/terraform/README.MD) +- [Azure/AKS: Create managed Kubernetes cluster on Azure for OPEA](https://github.com/opea-project/GenAIInfra/blob/main/cloud-service-provider/azure/aks/terraform/README.md) ## Additional Content From 69ca8d043b848668609adc26666608c9fc73e466 Mon Sep 17 00:00:00 2001 From: kkrishTa Date: Wed, 11 Dec 2024 13:19:08 +0530 Subject: [PATCH 13/13] Updated relative links Signed-off-by: kkrishTa --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 51b100155..e2a0a5f52 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ The following steps are optional. They're only required if you want to run the w ### Use GenAI Microservices Connector (GMC) to deploy and adjust GenAIExamples -Follow [GMC README](https://github.com/opea-project/GenAIInfra/blob/main/microservices-connector/README.md) +Follow [GMC README](microservices-connector/README.md) to install GMC into your kubernetes cluster. [GenAIExamples](https://github.com/opea-project/GenAIExamples) contains several sample GenAI example use case pipelines such as ChatQnA, DocSum, etc. Once you have deployed GMC in your Kubernetes cluster, you can deploy any of the example pipelines by following its Readme file (e.g. [Docsum](https://github.com/opea-project/GenAIExamples/blob/main/DocSum/kubernetes/intel/README_gmc.md)). @@ -55,14 +55,14 @@ Once you have deployed GMC in your Kubernetes cluster, you can deploy any of the To deploy GenAIExamples to Kubernetes using helm charts, you need [Helm](https://helm.sh/docs/intro/install/) installed on your machine. -For a detailed version, see [Deploy GenAIExample/GenAIComps using helm charts](https://github.com/opea-project/GenAIInfra/tree/main/helm-charts/README.md) +For a detailed version, see [Deploy GenAIExample/GenAIComps using helm charts](helm-charts/README.md) ### Use terraform to deploy on cloud service providers You can use [Terraform](https://www.terraform.io/) to create infrastructure to run OPEA applications on various cloud service provider (CSP) environments. -- [AWS/EKS: Create managed Kubernetes cluster on AWS for OPEA](https://github.com/opea-project/GenAIInfra/blob/main/cloud-service-provider/aws/eks/terraform/README.MD) -- [Azure/AKS: Create managed Kubernetes cluster on Azure for OPEA](https://github.com/opea-project/GenAIInfra/blob/main/cloud-service-provider/azure/aks/terraform/README.md) +- [AWS/EKS: Create managed Kubernetes cluster on AWS for OPEA](cloud-service-provider/aws/eks/terraform/README.MD) +- [Azure/AKS: Create managed Kubernetes cluster on Azure for OPEA](cloud-service-provider/azure/aks/terraform/README.md) ## Additional Content