From f89c8a415e220b4ed58eb853d8363529ca7a71de Mon Sep 17 00:00:00 2001 From: Alex VanTol Date: Wed, 25 Oct 2023 11:54:06 -0500 Subject: [PATCH] feat(gen3-discovery-ai): initial deployment --- gen3/bin/kube-setup-gen3-discovery-ai.sh | 84 +++++++++++++++++++ .../gen3-discovery-ai/gen3-openai-deploy.yaml | 55 ++++++++++++ .../gen3-openai-service.yaml | 8 +- .../gen3-openai/gen3-openai-deploy.yaml | 46 ---------- .../gen3-discoveryai-service.conf | 12 +++ .../gen3.nginx.conf/gen3-openai-service.conf | 17 ---- 6 files changed, 155 insertions(+), 67 deletions(-) create mode 100644 gen3/bin/kube-setup-gen3-discovery-ai.sh create mode 100644 kube/services/gen3-discovery-ai/gen3-openai-deploy.yaml rename kube/services/{gen3-openai => gen3-discovery-ai}/gen3-openai-service.yaml (75%) delete mode 100644 kube/services/gen3-openai/gen3-openai-deploy.yaml create mode 100644 kube/services/revproxy/gen3.nginx.conf/gen3-discoveryai-service.conf delete mode 100644 kube/services/revproxy/gen3.nginx.conf/gen3-openai-service.conf diff --git a/gen3/bin/kube-setup-gen3-discovery-ai.sh b/gen3/bin/kube-setup-gen3-discovery-ai.sh new file mode 100644 index 000000000..ca8db5490 --- /dev/null +++ b/gen3/bin/kube-setup-gen3-discovery-ai.sh @@ -0,0 +1,84 @@ +#!/bin/bash +# +# Deploy the gen3-discovery-ai service. +# + +source "${GEN3_HOME}/gen3/lib/utils.sh" +gen3_load "gen3/gen3setup" + +# NOTE: no db for this service yet, but we'll likely need it in the future +setup_database() { + gen3_log_info "setting up gen3-discovery-ai service ..." + + if g3kubectl describe secret gen3-discovery-ai-g3auto > /dev/null 2>&1; then + gen3_log_info "gen3-discovery-ai-g3auto secret already configured" + return 0 + fi + if [[ -n "$JENKINS_HOME" || ! -f "$(gen3_secrets_folder)/creds.json" ]]; then + gen3_log_err "skipping db setup in non-adminvm environment" + return 0 + fi + # Setup .env file that gen3-discovery-ai service consumes + if [[ ! -f "$secretsFolder/gen3-discovery-ai.env" || ! -f "$secretsFolder/base64Authz.txt" ]]; then + local secretsFolder="$(gen3_secrets_folder)/g3auto/gen3-discovery-ai" + + if [[ ! -f "$secretsFolder/dbcreds.json" ]]; then + if ! gen3 db setup gen3-discovery-ai; then + gen3_log_err "Failed setting up database for gen3-discovery-ai service" + return 1 + fi + fi + if [[ ! -f "$secretsFolder/dbcreds.json" ]]; then + gen3_log_err "dbcreds not present in Gen3Secrets/" + return 1 + fi + + # go ahead and rotate the password whenever we regen this file + local password="$(gen3 random)" + cat - > "$secretsFolder/gen3-discovery-ai.env" < "$secretsFolder/base64Authz.txt" + fi + gen3 secrets sync 'setup gen3-discovery-ai-g3auto secrets' +} + +if ! g3k_manifest_lookup .versions.gen3-discovery-ai 2> /dev/null; then + gen3_log_info "kube-setup-gen3-discovery-ai exiting - gen3-discovery-ai service not in manifest" + exit 0 +fi + +# There's no db for this service *yet* +# +# if ! setup_database; then +# gen3_log_err "kube-setup-gen3-discovery-ai bailing out - database failed setup" +# exit 1 +# fi + + +if [ -d "$(dirname $(g3k_manifest_path))/gen3-discovery-ai/knowledge/chromadb" ]; then + g3kubectl delete configmap gen3-discovery-ai-knowledge-library + g3kubectl create configmap gen3-discovery-ai-knowledge-library --from-file "$(dirname $(g3k_manifest_path))/gen3-discovery-ai/knowledge/chromadb" +fi + +# Sync the manifest config from manifest.json (or manifests/gen3-discovery-ai.json) to the k8s config map. +# This may not actually create the manifest-gen3-discovery-ai config map if the user did not specify any gen3-discovery-ai +# keys in their manifest configuration. +[[ -z "$GEN3_ROLL_ALL" ]] && gen3 gitops configmaps + +gen3 roll gen3-discovery-ai +g3kubectl apply -f "${GEN3_HOME}/kube/services/gen3-discovery-ai/gen3-discovery-ai-service.yaml" + +if [[ -z "$GEN3_ROLL_ALL" ]]; then + gen3 kube-setup-networkpolicy + gen3 kube-setup-revproxy +fi + +gen3_log_info "The gen3-discovery-ai service has been deployed onto the kubernetes cluster" +gen3_log_info "test with: curl https://commons-host/ai" diff --git a/kube/services/gen3-discovery-ai/gen3-openai-deploy.yaml b/kube/services/gen3-discovery-ai/gen3-openai-deploy.yaml new file mode 100644 index 000000000..35e6746d2 --- /dev/null +++ b/kube/services/gen3-discovery-ai/gen3-openai-deploy.yaml @@ -0,0 +1,55 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gen3-discovery-ai-deployment +spec: + selector: + # Only select pods based on the 'app' label + matchLabels: + app: gen3-discovery-ai + release: production + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + labels: + app: gen3-discovery-ai + release: production + spec: + volumes: + - name: config-volume-g3auto + secret: + secretName: gen3-discovery-ai-g3auto + - name: gen3-discovery-ai-knowledge-library + mountPath: / + containers: + - name: gen3-discovery-ai + image: "quay.io/cdis/gen3-discovery-ai:latest" + imagePullPolicy: Always + ports: + - containerPort: 8080 + env: + - name: GEN3_DEBUG + GEN3_DEBUG_FLAG|-value: "False"-| + volumeMounts: + - name: config-volume-g3auto + readOnly: true + mountPath: /.env + subPath: gen3-discovery-ai.env + - name: gen3-discovery-ai-knowledge-library + readOnly: false + configMap: + name: knowledge + items: + - key: knowledge + path: knowledge + imagePullPolicy: Always + resources: + requests: + cpu: 1 + limits: + cpu: 2 + memory: 512Mi diff --git a/kube/services/gen3-openai/gen3-openai-service.yaml b/kube/services/gen3-discovery-ai/gen3-openai-service.yaml similarity index 75% rename from kube/services/gen3-openai/gen3-openai-service.yaml rename to kube/services/gen3-discovery-ai/gen3-openai-service.yaml index 7d3588835..eae88bf9b 100644 --- a/kube/services/gen3-openai/gen3-openai-service.yaml +++ b/kube/services/gen3-discovery-ai/gen3-openai-service.yaml @@ -1,19 +1,19 @@ kind: Service apiVersion: v1 metadata: - name: gen3-openai-service + name: gen3-discovery-ai-service annotations: getambassador.io/config: | --- apiVersion: ambassador/v1 ambassador_id: "gen3" kind: Mapping - name: gen3-openai_mapping + name: gen3-discovery-ai_mapping prefix: /index/ - service: http://gen3-openai-service:80 + service: http://gen3-discovery-ai-service:80 spec: selector: - app: gen3-openai + app: gen3-discovery-ai release: production ports: - protocol: TCP diff --git a/kube/services/gen3-openai/gen3-openai-deploy.yaml b/kube/services/gen3-openai/gen3-openai-deploy.yaml deleted file mode 100644 index fc19be45e..000000000 --- a/kube/services/gen3-openai/gen3-openai-deploy.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: gen3-openai-deployment -spec: - selector: - # Only select pods based on the 'app' label - matchLabels: - app: gen3-openai - release: production - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - template: - metadata: - labels: - app: gen3-openai - release: production - spec: - containers: - - name: gen3-openai - image: "quay.io/cdis/gen3-openai:latest" - imagePullPolicy: Always - ports: - - containerPort: 8080 - env: - - name: OPENAI_API_KEY - valueFrom: - secretKeyRef: - name: gen3-openai-g3auto - key: "openai_key" - - name: TOPICS - value: default,custom - - name: CUSTOM_SYSTEM_PROMPT - value: You answer questions about datasets that are available in BioData Catalyst. You'll be given relevant dataset descriptions for every dataset that's been ingested into BioData Catalyst. You are acting as a search assistant for a biomedical researcher (who will be asking you questions). The researcher is likely trying to find datasets of interest for a particular research question. You should recommend datasets that may be of interest to that researcher. - - name: CUSTOM_EMBEDDINGS_PATH - value: embeddings/embeddings.csv - imagePullPolicy: Always - resources: - requests: - cpu: 1 - limits: - cpu: 2 - memory: 512Mi diff --git a/kube/services/revproxy/gen3.nginx.conf/gen3-discoveryai-service.conf b/kube/services/revproxy/gen3.nginx.conf/gen3-discoveryai-service.conf new file mode 100644 index 000000000..cc7b361e2 --- /dev/null +++ b/kube/services/revproxy/gen3.nginx.conf/gen3-discoveryai-service.conf @@ -0,0 +1,12 @@ + location /ai { + if ($csrf_check !~ ^ok-\S.+$) { + return 403 "failed csrf check"; + } + + set $proxy_service "gen3-discovery-ai-service"; + set $upstream http://gen3-discovery-ai-service$des_domain; + rewrite ^/ai(.*) /$1 break; + proxy_pass $upstream; + proxy_redirect http://$host/ https://$host/ai; + client_max_body_size 0; + } diff --git a/kube/services/revproxy/gen3.nginx.conf/gen3-openai-service.conf b/kube/services/revproxy/gen3.nginx.conf/gen3-openai-service.conf deleted file mode 100644 index 1f3668ca4..000000000 --- a/kube/services/revproxy/gen3.nginx.conf/gen3-openai-service.conf +++ /dev/null @@ -1,17 +0,0 @@ - location /openai/ { - if ($csrf_check !~ ^ok-\S.+$) { - return 403 "failed csrf check"; - } - set $authz_resource "/mds_gateway"; - set $authz_method "access"; - set $authz_service "mds_gateway"; - # be careful - sub-request runs in same context as this request - auth_request /gen3-authz; - - set $proxy_service "gen3-openai-service"; - set $upstream http://gen3-openai-service$des_domain; - rewrite ^/openai/(.*) /$1 break; - proxy_pass $upstream; - proxy_redirect http://$host/ https://$host/openai/; - client_max_body_size 0; - }