Helm chart refactoring (#3797)

* initial commit for helm chart refactoring * Continue refactoring helm. I was able to use helm to deploy all of the apps to a cluster in aws. The bottleneck was setting up PVC dynamic provisioning. * use default storage class * Fix linter errors * Fix broken helm test --------- Co-authored-by: jpb80 <jordan.buttkevitz@gmail.com>
2025-05-02 07:50:21 +02:00 · 2025-02-03 10:56:07 -08:00 · 2025-02-03 10:56:07 -08:00 · 715359c120
commit 715359c120
parent e061ba2b93
15 changed files with 141 additions and 125 deletions
--- a/.github/workflows/pr-helm-chart-testing.yml
+++ b/.github/workflows/pr-helm-chart-testing.yml
@ -21,10 +21,10 @@ jobs:
    - name: Set up Helm
      uses: azure/setup-helm@v4.2.0
      with:
-        version: v3.14.4
+        version: v3.17.0
      
    - name: Set up chart-testing
-      uses: helm/chart-testing-action@v2.6.1
+      uses: helm/chart-testing-action@v2.7.0

    # even though we specify chart-dirs in ct.yaml, it isn't used by ct for the list-changed command...
    - name: Run chart-testing (list-changed)
@ -37,22 +37,6 @@ jobs:
          echo "changed=true" >> "$GITHUB_OUTPUT"
        fi

-#     rkuo: I don't think we need python?
-#     - name: Set up Python
-#       uses: actions/setup-python@v5
-#       with:
-#         python-version: '3.11'
-#         cache: 'pip'
-#         cache-dependency-path: |
-#           backend/requirements/default.txt
-#           backend/requirements/dev.txt
-#           backend/requirements/model_server.txt
-#     - run: |
-#         python -m pip install --upgrade pip
-#         pip install --retries 5 --timeout 30 -r backend/requirements/default.txt
-#         pip install --retries 5 --timeout 30 -r backend/requirements/dev.txt
-#         pip install --retries 5 --timeout 30 -r backend/requirements/model_server.txt
-
    # lint all charts if any changes were detected
    - name: Run chart-testing (lint)
      if: steps.list-changed.outputs.changed == 'true'
@ -62,7 +46,7 @@ jobs:

    - name: Create kind cluster
      if: steps.list-changed.outputs.changed == 'true'
-      uses: helm/kind-action@v1.10.0
+      uses: helm/kind-action@v1.12.0

    - name: Run chart-testing (install)
      if: steps.list-changed.outputs.changed == 'true'
--- a/deployment/helm/charts/onyx/Chart.yaml
+++ b/deployment/helm/charts/onyx/Chart.yaml
@ -6,7 +6,7 @@ sources:
  - "https://github.com/onyx-dot-app/onyx"
 type: application
 version: 0.2.1
-appVersion: "latest"
+appVersion: latest
 annotations:
  category: Productivity
  licenses: MIT
--- a/deployment/helm/charts/onyx/templates/api-deployment.yaml
+++ b/deployment/helm/charts/onyx/templates/api-deployment.yaml
@ -45,10 +45,10 @@ spec:
            - |
              alembic upgrade head &&
              echo "Starting Onyx Api Server" &&
-              uvicorn onyx.main:app --host 0.0.0.0 --port 8080
+              uvicorn onyx.main:app --host 0.0.0.0 --port {{ .Values.api.containerPorts.server }}
          ports:
            - name: api-server-port
-              containerPort: {{ .Values.api.service.port }}
+              containerPort: {{ .Values.api.containerPorts.server }}
              protocol: TCP
          resources:
            {{- toYaml .Values.api.resources | nindent 12 }}
--- a/deployment/helm/charts/onyx/templates/api-service.yaml
+++ b/deployment/helm/charts/onyx/templates/api-service.yaml
@ -11,10 +11,10 @@ metadata:
 spec:
  type: {{ .Values.api.service.type }}
  ports:
-    - port: {{ .Values.api.service.port }}
-      targetPort: api-server-port
+    - port: {{ .Values.api.service.servicePort }}
+      targetPort: {{ .Values.api.service.targetPort }}
      protocol: TCP
-      name: api-server-port
+      name: {{ .Values.api.service.portName }}
  selector:
    {{- include "onyx-stack.selectorLabels" . | nindent 4 }}
    {{- if .Values.api.deploymentLabels }}
--- a/deployment/helm/charts/onyx/templates/indexing-model-deployment.yaml
+++ b/deployment/helm/charts/onyx/templates/indexing-model-deployment.yaml
@ -5,7 +5,7 @@ metadata:
  labels:
    {{- include "onyx-stack.labels" . | nindent 4 }}
 spec:
-  replicas: 1
+  replicas: {{ .Values.indexCapability.replicaCount }}
  selector:
    matchLabels:
      {{- include "onyx-stack.selectorLabels" . | nindent 6 }}
@ -25,12 +25,14 @@ spec:
        {{- end }}
    spec:
      containers:
-      - name: indexing-model-server
-        image: onyxdotapp/onyx-model-server:latest
-        imagePullPolicy: IfNotPresent
-        command: [ "uvicorn", "model_server.main:app", "--host", "0.0.0.0", "--port", "9000", "--limit-concurrency", "10" ]
+      - name: {{ .Values.indexCapability.name }}
+        image: "{{ .Values.indexCapability.image.repository }}:{{ .Values.indexCapability.image.tag | default .Chart.AppVersion }}"           
+        imagePullPolicy: {{ .Values.indexCapability.image.pullPolicy }}
+        command: [ "uvicorn", "model_server.main:app", "--host", "0.0.0.0", "--port", "{{ .Values.indexCapability.containerPorts.server }}", "--limit-concurrency", "{{ .Values.indexCapability.limitConcurrency }}" ]
        ports:
-        - containerPort: 9000
+        - name: model-server
+          containerPort: {{ .Values.indexCapability.containerPorts.server }}
+          protocol: TCP
        envFrom:
          - configMapRef:
              name: {{ .Values.config.envConfigMapName }}
--- a/deployment/helm/charts/onyx/templates/indexing-model-pvc.yaml
+++ b/deployment/helm/charts/onyx/templates/indexing-model-pvc.yaml
@ -3,8 +3,9 @@ kind: PersistentVolumeClaim
 metadata:
  name: {{ .Values.indexCapability.indexingModelPVC.name }}
 spec:
+  storageClassName: {{ .Values.persistent.storageClassName }}
  accessModes:
    - {{ .Values.indexCapability.indexingModelPVC.accessMode | quote }}
  resources:
    requests:
-      storage: {{ .Values.indexCapability.indexingModelPVC.storage | quote }}
+      storage: {{ .Values.indexCapability.indexingModelPVC.storage | quote }}
--- a/deployment/helm/charts/onyx/templates/indexing-model-service.yaml
+++ b/deployment/helm/charts/onyx/templates/indexing-model-service.yaml
@ -11,8 +11,8 @@ spec:
    {{- toYaml .Values.indexCapability.deploymentLabels | nindent 4 }}
    {{- end }}
  ports:
-    - name: {{ .Values.indexCapability.service.name }}
+    - name: {{ .Values.indexCapability.service.portName }}
      protocol: TCP
-      port: {{ .Values.indexCapability.service.port }}
-      targetPort: {{ .Values.indexCapability.service.port }}
-  type: {{ .Values.indexCapability.service.type }}
+      port: {{ .Values.indexCapability.service.servicePort  }}
+      targetPort: {{ .Values.indexCapability.service.targetPort }}
+  type: {{ .Values.indexCapability.service.type }}
--- a/deployment/helm/charts/onyx/templates/inference-model-deployment.yaml
+++ b/deployment/helm/charts/onyx/templates/inference-model-deployment.yaml
@ -3,14 +3,14 @@ kind: Deployment
 metadata:
  name: {{ include "onyx-stack.fullname" . }}-inference-model
  labels:
-    {{- range .Values.inferenceCapability.deployment.labels }}
+    {{- range .Values.inferenceCapability.labels }}
    {{ .key }}: {{ .value }}
    {{- end }}
 spec:
-  replicas: {{ .Values.inferenceCapability.deployment.replicas }}
+  replicas: {{ .Values.inferenceCapability.replicaCount }}
  selector:
    matchLabels:
-      {{- range .Values.inferenceCapability.deployment.labels }}
+      {{- range .Values.inferenceCapability.labels }}
      {{ .key }}: {{ .value }}
      {{- end }}
  template:
@ -21,24 +21,26 @@ spec:
        {{- end }}
    spec:
      containers:
-      - name: {{ .Values.inferenceCapability.service.name }}
-        image: {{ .Values.inferenceCapability.deployment.image.repository }}:{{ .Values.inferenceCapability.deployment.image.tag }}
-        imagePullPolicy: {{ .Values.inferenceCapability.deployment.image.pullPolicy }}
-        command: {{ toYaml .Values.inferenceCapability.deployment.command | nindent 14 }}
+      - name: model-server-inference
+        image: "{{ .Values.inferenceCapability.image.repository }}:{{ .Values.inferenceCapability.image.tag | default .Chart.AppVersion }}"
+        imagePullPolicy: {{ .Values.inferenceCapability.image.pullPolicy }}
+        command: [ "uvicorn", "model_server.main:app", "--host", "0.0.0.0", "--port", "{{ .Values.inferenceCapability.containerPorts.server }}" ]
        ports:
-        - containerPort: {{ .Values.inferenceCapability.service.port }}
+        - name: model-server
+          containerPort: {{ .Values.inferenceCapability.containerPorts.server }}
+          protocol: TCP
        envFrom:
        - configMapRef:
            name: {{ .Values.config.envConfigMapName }}
        env:
          {{- include "onyx-stack.envSecrets" . | nindent 12}}
        volumeMounts:
-        {{- range .Values.inferenceCapability.deployment.volumeMounts }}
+        {{- range .Values.inferenceCapability.volumeMounts }}
        - name: {{ .name }}
          mountPath: {{ .mountPath }}
        {{- end }}
      volumes:
-      {{- range .Values.inferenceCapability.deployment.volumes }}
+      {{- range .Values.inferenceCapability.volumes }}
      - name: {{ .name }}
        persistentVolumeClaim:
          claimName: {{ .persistentVolumeClaim.claimName }}
--- a/deployment/helm/charts/onyx/templates/inference-model-pvc.yaml
+++ b/deployment/helm/charts/onyx/templates/inference-model-pvc.yaml
@ -3,6 +3,7 @@ kind: PersistentVolumeClaim
 metadata:
  name: {{ .Values.inferenceCapability.pvc.name }}
 spec:
+  storageClassName: {{ .Values.persistent.storageClassName }}
  accessModes: 
    {{- toYaml .Values.inferenceCapability.pvc.accessModes | nindent 4 }}
  resources:
--- a/deployment/helm/charts/onyx/templates/inference-model-service.yaml
+++ b/deployment/helm/charts/onyx/templates/inference-model-service.yaml
@ -5,11 +5,11 @@ metadata:
 spec:
  type: {{ .Values.inferenceCapability.service.type }}
  ports:
-    - port: {{ .Values.inferenceCapability.service.port }}
-      targetPort: {{ .Values.inferenceCapability.service.port }}
+    - port: {{ .Values.inferenceCapability.service.servicePort}}
+      targetPort: {{ .Values.inferenceCapability.service.targetPort }}
      protocol: TCP
-      name: {{ .Values.inferenceCapability.service.name }}
+      name: {{ .Values.inferenceCapability.service.portName }}
  selector:
-    {{- range .Values.inferenceCapability.deployment.labels }}
+    {{- range .Values.inferenceCapability.labels }}
    {{ .key }}: {{ .value }}
    {{- end }}
--- a/deployment/helm/charts/onyx/templates/nginx-conf.yaml
+++ b/deployment/helm/charts/onyx/templates/nginx-conf.yaml
@ -5,11 +5,11 @@ metadata:
 data:
  nginx.conf: |
    upstream api_server {
-        server {{ include "onyx-stack.fullname" . }}-api-service:{{ .Values.api.service.port }} fail_timeout=0;
+        server {{ include "onyx-stack.fullname" . }}-api-service:{{ .Values.api.service.servicePort }} fail_timeout=0;
    }

    upstream web_server {
-        server {{ include "onyx-stack.fullname" . }}-webserver:{{ .Values.webserver.service.port }} fail_timeout=0;
+        server {{ include "onyx-stack.fullname" . }}-webserver:{{ .Values.webserver.service.servicePort }} fail_timeout=0;
    }

    server {
--- a/deployment/helm/charts/onyx/templates/tests/test-connection.yaml
+++ b/deployment/helm/charts/onyx/templates/tests/test-connection.yaml
@ -11,5 +11,5 @@ spec:
    - name: wget
      image: busybox
      command: ['wget']
-      args: ['{{ include "onyx-stack.fullname" . }}-webserver:{{ .Values.webserver.service.port }}']
+      args: ['{{ include "onyx-stack.fullname" . }}-webserver:{{ .Values.webserver.service.servicePort }}']
  restartPolicy: Never
--- a/deployment/helm/charts/onyx/templates/webserver-deployment.yaml
+++ b/deployment/helm/charts/onyx/templates/webserver-deployment.yaml
@ -41,7 +41,7 @@ spec:
          imagePullPolicy: {{ .Values.webserver.image.pullPolicy }}
          ports:
            - name: http
-              containerPort: {{ .Values.webserver.service.port }}
+              containerPort: {{ .Values.webserver.containerPorts.server }}
              protocol: TCP
          resources:
            {{- toYaml .Values.webserver.resources | nindent 12 }}
--- a/deployment/helm/charts/onyx/templates/webserver-service.yaml
+++ b/deployment/helm/charts/onyx/templates/webserver-service.yaml
@ -10,8 +10,8 @@ metadata:
 spec:
  type: {{ .Values.webserver.service.type }}
  ports:
-    - port: {{ .Values.webserver.service.port }}
-      targetPort: http
+    - port: {{ .Values.webserver.service.servicePort }}
+      targetPort: {{ .Values.webserver.service.targetPort }}
      protocol: TCP
      name: http
  selector:
--- a/deployment/helm/charts/onyx/values.yaml
+++ b/deployment/helm/charts/onyx/values.yaml
@ -2,62 +2,73 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.

+postgresql:
+  primary:
+    persistence:
+      size: 5Gi
+  enabled: true
+  auth:
+    existingSecret: onyx-secrets
+    secretKeys:
+      # overwriting as postgres typically expects 'postgres-password'
+      adminPasswordKey: postgres_password
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""

+persistent:
+  storageClassName: ""
+
 inferenceCapability:
  service:
-    name: inference-model-server-service
+    portName: modelserver
    type: ClusterIP
-    port: 9000
+    servicePort: 9000
+    targetPort: 9000
  pvc:
    name: inference-model-pvc
    accessModes:
      - ReadWriteOnce
    storage: 3Gi
-  deployment:
-    name: inference-model-server-deployment
-    replicas: 1
-    labels:
-      - key: app
-        value: inference-model-server
-    image:
-      repository: onyxdotapp/onyx-model-server
-      tag: latest
-      pullPolicy: IfNotPresent
-    command:
-      [
-        "uvicorn",
-        "model_server.main:app",
-        "--host",
-        "0.0.0.0",
-        "--port",
-        "9000",
-      ]
-    port: 9000
-    volumeMounts:
-      - name: inference-model-storage
-        mountPath: /root/.cache
-    volumes:
-      - name: inference-model-storage
-        persistentVolumeClaim:
-          claimName: inference-model-pvc
+  name: inference-model-server
+  replicaCount: 1
+  labels:
+    - key: app
+      value: inference-model-server
+  image:
+    repository: onyxdotapp/onyx-model-server
+    # Overrides the image tag whose default is the chart appVersion.
+    tag: ""
+    pullPolicy: IfNotPresent
+  containerPorts:
+    server: 9000
+  volumeMounts:
+    - name: inference-model-storage
+      mountPath: /root/.cache
+  volumes:
+    - name: inference-model-storage
+      persistentVolumeClaim:
+        claimName: inference-model-pvc
  podLabels:
    - key: app
      value: inference-model-server

 indexCapability:
  service:
+    portName: modelserver
    type: ClusterIP
-    port: 9000
-    name: indexing-model-server-port
+    servicePort: 9000
+    targetPort: 9000
+  replicaCount: 1
+  name: indexing-model-server
  deploymentLabels:
    app: indexing-model-server
  podLabels:
    app: indexing-model-server
  indexingOnly: "True"
  podAnnotations: {}
+  containerPorts:
+    server: 9000
  volumeMounts:
    - name: indexing-model-storage
      mountPath: /root/.cache
@ -69,7 +80,12 @@ indexCapability:
    name: indexing-model-storage
    accessMode: "ReadWriteOnce"
    storage: "3Gi"
-
+  image:
+    repository: onyxdotapp/onyx-model-server
+    # Overrides the image tag whose default is the chart appVersion.
+    tag: ""
+    pullPolicy: IfNotPresent
+  limitConcurrency: 10
 config:
  envConfigMapName: env-configmap

@ -84,16 +100,6 @@ serviceAccount:
  # If not set and create is true, a name is generated using the fullname template
  name: ""

-postgresql:
-  primary:
-    persistence:
-      size: 5Gi
-  enabled: true
-  auth:
-    existingSecret: onyx-secrets
-    secretKeys:
-      adminPasswordKey: postgres_password # overwriting as postgres typically expects 'postgres-password'
-
 nginx:
  containerPorts:
    http: 1024
@ -135,9 +141,13 @@ webserver:
    # runAsNonRoot: true
    # runAsUser: 1000

+  containerPorts:
+    server: 3000
+
  service:
    type: ClusterIP
-    port: 3000
+    servicePort: 3000
+    targetPort: http

  resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
@ -156,7 +166,7 @@ webserver:
    minReplicas: 1
    maxReplicas: 100
    targetCPUUtilizationPercentage: 80
-    # targetMemoryUtilizationPercentage: 80
+    targetMemoryUtilizationPercentage: 80

  # Additional volumes on the output Deployment definition.
  volumes: []
@ -189,6 +199,9 @@ api:
    scope: onyx-backend
    app: api-server

+  containerPorts:
+    server: 8080
+
  podSecurityContext:
    {}
    # fsGroup: 2000
@ -204,7 +217,9 @@ api:

  service:
    type: ClusterIP
-    port: 8080
+    servicePort: 8080
+    targetPort: api-server-port
+    portName: api-server-port

  resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
@ -223,7 +238,7 @@ api:
    minReplicas: 1
    maxReplicas: 100
    targetCPUUtilizationPercentage: 80
-    # targetMemoryUtilizationPercentage: 80
+    targetMemoryUtilizationPercentage: 80

  # Additional volumes on the output Deployment definition.
  volumes: []
@ -247,7 +262,7 @@ background:
    repository: onyxdotapp/onyx-backend
    pullPolicy: IfNotPresent
    # Overrides the image tag whose default is the chart appVersion.
-    tag: latest
+    tag: ""
  podAnnotations: {}
  podLabels:
    scope: onyx-backend
@ -284,7 +299,7 @@ background:
    minReplicas: 1
    maxReplicas: 100
    targetCPUUtilizationPercentage: 80
-    # targetMemoryUtilizationPercentage: 80
+    targetMemoryUtilizationPercentage: 80

  # Additional volumes on the output Deployment definition.
  volumes: []
@ -303,6 +318,16 @@ background:
  tolerations: []

 vespa:
+  volumeClaimTemplates:
+    - metadata:
+        name: vespa-storage
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        storageClassName: ""
+        resources:
+          requests:
+            storage: 1Gi
  enabled: true
  replicaCount: 1
  image:
@ -377,19 +402,11 @@ redis:
 #  #    hosts:
 #  #      - chart-example.local

-persistence:
-  vespa:
-    enabled: true
-    existingClaim: ""
-    storageClassName: ""
-    accessModes:
-      - ReadWriteOnce
-    size: 5Gi

 auth:
-  # for storing smtp, oauth, slack, and other secrets
+  # existingSecret onyx-secret for storing smtp, oauth, slack, and other secrets
  # keys are lowercased version of env vars (e.g. SMTP_USER -> smtp_user)
-  existingSecret: "" # onyx-secrets
+  existingSecret: ""
  # optionally override the secret keys to reference in the secret
  # this is used to populate the env vars in individual deployments
  # the values here reference the keys in secrets below
@ -413,14 +430,22 @@ auth:
    redis_password: "password"

 configMap:
-  AUTH_TYPE: "disabled" # Change this for production uses unless Onyx is only accessible behind VPN
-  SESSION_EXPIRE_TIME_SECONDS: "86400" # 1 Day Default
-  VALID_EMAIL_DOMAINS: "" # Can be something like onyx.app, as an extra double-check
-  SMTP_SERVER: "" # For sending verification emails, if unspecified then defaults to 'smtp.gmail.com'
-  SMTP_PORT: "" # For sending verification emails, if unspecified then defaults to '587'
-  SMTP_USER: "" # 'your-email@company.com'
-  # SMTP_PASS: ""  # 'your-gmail-password'
-  EMAIL_FROM: "" # 'your-email@company.com' SMTP_USER missing used instead
+  # Change this for production uses unless Onyx is only accessible behind VPN
+  AUTH_TYPE: "disabled"
+  # 1 Day Default
+  SESSION_EXPIRE_TIME_SECONDS: "86400"
+  # Can be something like onyx.app, as an extra double-check
+  VALID_EMAIL_DOMAINS: ""
+  # For sending verification emails, if unspecified then defaults to 'smtp.gmail.com'
+  SMTP_SERVER: ""
+  # For sending verification emails, if unspecified then defaults to '587'
+  SMTP_PORT: ""
+# 'your-email@company.com'
+  SMTP_USER: ""
+  # 'your-gmail-password'
+  # SMTP_PASS: ""
+  # 'your-email@company.com' SMTP_USER missing used instead
+  EMAIL_FROM: ""
  # Gen AI Settings
  GEN_AI_MAX_TOKENS: ""
  QA_TIMEOUT: "60"
@ -462,7 +487,7 @@ configMap:
  DANSWER_BOT_DISABLE_DOCS_ONLY_ANSWER: ""
  DANSWER_BOT_DISPLAY_ERROR_MSGS: ""
  DANSWER_BOT_RESPOND_EVERY_CHANNEL: ""
-  DANSWER_BOT_DISABLE_COT: "" # Currently unused
+  DANSWER_BOT_DISABLE_COT: ""
  NOTIFY_SLACKBOT_NO_ANSWER: ""
  # Logging
  # Optional Telemetry, please keep it on (nothing sensitive is collected)? <3
@ -473,7 +498,8 @@ configMap:
  LOG_DANSWER_MODEL_INTERACTIONS: ""
  LOG_VESPA_TIMING_INFORMATION: ""
  # Shared or Non-backend Related
-  WEB_DOMAIN: "http://localhost:3000" # for web server and api server
-  DOMAIN: "localhost" # for nginx
+  WEB_DOMAIN: "http://localhost:3000"
+  # DOMAIN used by nginx
+  DOMAIN: "localhost"
  # Chat Configs
  HARD_DELETE_CHATS: ""