feat(helm): Add OpenShift Route support and improve deployment (#10)

Author: planetf1

charts/qiskit-studio/README.md

@@ -126,6 +126,49 @@ helm uninstall qiskit-studio-local
 
 ## Deployment Scenarios
 
+### OpenShift Deployment with Routes
+
+For OpenShift clusters, the chart supports native OpenShift Routes instead of Kubernetes Ingress. Routes provide automatic TLS termination and integrate with OpenShift's built-in router.
+
+**Example: Deploying to OpenShift cluster**
+
+```bash
+helm install qiskit-studio charts/qiskit-studio \
+  -n qiskitstudio \
+  -f charts/qiskit-studio/values-openshift-research.yaml \
+  --disable-openapi-validation
+```
+
+**Note:** The `--disable-openapi-validation` flag is required **only when using OpenShift Routes**. While Helm can validate OpenShift CRDs, validation often fails due to schema inconsistencies between the chart and OpenShift's API server (e.g., field type mismatches, stale cached schemas, or strict enforcement of deprecated fields). This flag skips Helm's client-side validation, allowing the manifests to be sent directly to OpenShift where the admission controller performs the authoritative validation. This flag is not needed for standard Kubernetes Ingress deployments.
+
+This configuration:
+- Enables OpenShift Routes (`route.enabled: true`)
+- Disables Kubernetes Ingress
+- Creates routes with automatic hostname generation: `<service-name>.<namespace>.<domain>`
+- Configures edge TLS termination with automatic certificates
+- Sets appropriate resource limits for OpenShift LimitRange policies
+
+**Accessing the application:**
+- Frontend: `https://frontend.qiskitstudio.example.com`
+- Chat API: `https://chat.qiskitstudio.example.com`
+- Codegen API: `https://codegen.qiskitstudio.example.com`
+- Coderun API: `https://coderun.qiskitstudio.example.com`
+
+**Route Configuration:**
+
+Routes are automatically generated using the pattern: `<service-name>.<namespace>.<domain>`
+
+Default service names are: `frontend`, `chat`, `codegen`, `coderun`
+
+To customize route names or hostnames for a specific service:
+
+```yaml
+frontend:
+  route:
+    name: "studio"  # Changes route to: studio.qiskitstudio.example.com
+    host: "my-custom-hostname.example.com"  # Or override hostname completely
+```
+
 ### Local Deployment (Default)
 
 The Quick Start guide above uses the `values-local.yaml` file, which is the recommended method for local development. This configuration disables Ingress and exposes services via `NodePort` for easy access on your local machine.
@@ -209,7 +252,11 @@ This table lists the parameters that you are most likely to configure for both l
 | `codegen.image.tag` | The codegen image tag. | `0.5.0` |
 | `coderun.image.repository` | The coderun image repository. | `coderun-agent` |
 | `coderun.image.tag` | The coderun image tag. | `v0.0.3` |
-| `ingress.enabled` | Whether to enable ingress. | `false` |
+| `route.enabled` | Whether to enable OpenShift Routes. | `false` |
+| `route.type` | Route type (`openshift` for OpenShift Routes). | `"openshift"` |
+| `route.host` | Custom route hostname (leave empty for auto-generated). | `""` |
+| `route.timeout` | HAProxy timeout for routes. | `"120s"` |
+| `ingress.enabled` | Whether to enable Kubernetes Ingress. | `false` |
 | `ingress.host` | The ingress host. (Configured in `values-cloud.yaml`) | `agents.experimental.quantum.ibm.com` |
 | `extraEnvVars` | A list of additional environment variables to be added to all pods. | `[]` |
 

charts/qiskit-studio/templates/_helpers.tpl

@@ -98,7 +98,10 @@ Return the public-facing origin URL(s) for the frontend, including additional CO
 */}}
 {{- define "qiskit-studio.frontend.origin" -}}
 {{- $origins := list -}}
-{{- if .Values.ingress.enabled -}}
+{{- if and .Values.route.enabled (eq .Values.route.type "openshift") -}}
+    {{- $host := .Values.frontend.route.host | default (printf "%s.%s.%s" .Values.frontend.route.name .Release.Namespace .Values.route.domain) -}}
+    {{- $origins = append $origins (printf "https://%s" $host) -}}
+{{- else if .Values.ingress.enabled -}}
     {{- $origins = append $origins (printf "%s://%s" .Values.global.scheme .Values.ingress.host) -}}
 {{- else -}}
     {{- $origins = append $origins (printf "%s://%s:%d" .Values.global.scheme .Values.global.hostname (int .Values.frontend.service.nodePort)) -}}
@@ -114,7 +117,10 @@ Return the public-facing origin URL(s) for the frontend, including additional CO
 Return the public-facing origin URL for the chat service.
 */}}
 {{- define "qiskit-studio.chat.origin" -}}
-{{- if .Values.ingress.enabled -}}
+{{- if and .Values.route.enabled (eq .Values.route.type "openshift") -}}
+{{- $host := .Values.chat.route.host | default (printf "%s.%s.%s" .Values.chat.route.name .Release.Namespace .Values.route.domain) -}}
+{{- printf "https://%s" $host -}}
+{{- else if .Values.ingress.enabled -}}
 {{- printf "%s://%s/chat" .Values.global.scheme .Values.ingress.host -}}
 {{- else -}}
 {{- printf "%s://%s:%d" .Values.global.scheme .Values.global.hostname (int .Values.chat.service.nodePort) -}}
@@ -125,7 +131,10 @@ Return the public-facing origin URL for the chat service.
 Return the public-facing origin URL for the codegen service.
 */}}
 {{- define "qiskit-studio.codegen.origin" -}}
-{{- if .Values.ingress.enabled -}}
+{{- if and .Values.route.enabled (eq .Values.route.type "openshift") -}}
+{{- $host := .Values.codegen.route.host | default (printf "%s.%s.%s" .Values.codegen.route.name .Release.Namespace .Values.route.domain) -}}
+{{- printf "https://%s" $host -}}
+{{- else if .Values.ingress.enabled -}}
 {{- printf "%s://%s/codegen" .Values.global.scheme .Values.ingress.host -}}
 {{- else -}}
 {{- printf "%s://%s:%d" .Values.global.scheme .Values.global.hostname (int .Values.codegen.service.nodePort) -}}
@@ -136,7 +145,10 @@ Return the public-facing origin URL for the codegen service.
 Return the public-facing origin URL for the coderun service.
 */}}
 {{- define "qiskit-studio.coderun.origin" -}}
-{{- if .Values.ingress.enabled -}}
+{{- if and .Values.route.enabled (eq .Values.route.type "openshift") -}}
+{{- $host := .Values.coderun.route.host | default (printf "%s.%s.%s" .Values.coderun.route.name .Release.Namespace .Values.route.domain) -}}
+{{- printf "https://%s" $host -}}
+{{- else if .Values.ingress.enabled -}}
 {{- printf "%s://%s/coderun" .Values.global.scheme .Values.ingress.host -}}
 {{- else -}}
 {{- printf "%s://%s:%d" .Values.global.scheme .Values.global.hostname (int .Values.coderun.service.nodePort) -}}

charts/qiskit-studio/templates/chat-deployment.yaml

@@ -85,6 +85,8 @@ spec:
           initialDelaySeconds: 30
           periodSeconds: 10
           timeoutSeconds: 5
+        resources:
+{{ toYaml .Values.chat.resources | indent 10 }}
       {{- $pullSecret := include "qiskit-studio.imagePullSecretName" . }}
       {{- if $pullSecret }}
       imagePullSecrets:

charts/qiskit-studio/templates/codegen-deployment.yaml

@@ -83,6 +83,8 @@ spec:
           initialDelaySeconds: 30
           periodSeconds: 10
           timeoutSeconds: 5
+        resources:
+{{ toYaml .Values.codegen.resources | indent 10 }}
       {{- $pullSecret := include "qiskit-studio.imagePullSecretName" . }}
       {{- if $pullSecret }}
       imagePullSecrets:

charts/qiskit-studio/templates/coderun-deployment.yaml

@@ -25,6 +25,8 @@ spec:
 {{- include "qiskit-studio.extraEnvVars" (dict "Values" .Values "extraEnvVars" .Values.coderun.extraEnvVars) | nindent 8 }}
         ports:
         - containerPort: {{ .Values.coderun.service.port }}
+        resources:
+{{ toYaml .Values.coderun.resources | indent 10 }}
       {{- $pullSecret := include "qiskit-studio.imagePullSecretName" . }}
       {{- if $pullSecret }}
       imagePullSecrets:

charts/qiskit-studio/templates/frontend-studio-deployment.yaml

@@ -19,14 +19,14 @@ spec:
       serviceAccountName: {{ .Values.frontend.serviceAccountName }}
       initContainers:
       - name: wait-for-chat
-        image: busybox:1.37
-        command: ['sh', '-c', 'until nc -z {{ .Release.Name }}-chat {{ .Values.chat.service.port }}; do echo waiting for chat service; sleep 2; done;']
+        image: registry.access.redhat.com/ubi9/ubi-minimal:latest
+        command: ['/bin/bash', '-c', 'until (echo > /dev/tcp/{{ .Release.Name }}-chat/{{ .Values.chat.service.port }}) >/dev/null 2>&1; do echo waiting for chat service; sleep 2; done;']
       - name: wait-for-codegen
-        image: busybox:1.37
-        command: ['sh', '-c', 'until nc -z {{ .Release.Name }}-codegen {{ .Values.codegen.service.port }}; do echo waiting for codegen service; sleep 2; done;']
+        image: registry.access.redhat.com/ubi9/ubi-minimal:latest
+        command: ['/bin/bash', '-c', 'until (echo > /dev/tcp/{{ .Release.Name }}-codegen/{{ .Values.codegen.service.port }}) >/dev/null 2>&1; do echo waiting for codegen service; sleep 2; done;']
       - name: wait-for-coderun
-        image: busybox:1.37
-        command: ['sh', '-c', 'until nc -z {{ .Release.Name }}-coderun {{ .Values.coderun.service.port }}; do echo waiting for coderun service; sleep 2; done;']
+        image: registry.access.redhat.com/ubi9/ubi-minimal:latest
+        command: ['/bin/bash', '-c', 'until (echo > /dev/tcp/{{ .Release.Name }}-coderun/{{ .Values.coderun.service.port }}) >/dev/null 2>&1; do echo waiting for coderun service; sleep 2; done;']
       containers:
       - name: frontend
         image: "{{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag }}"
@@ -41,6 +41,17 @@ spec:
           value: "{{ include "qiskit-studio.codegen.origin" . }}/chat"
         - name: NEXT_PUBLIC_RUNCODE_URL
           value: "{{ include "qiskit-studio.coderun.origin" . }}/run"
+        resources:
+{{ toYaml .Values.frontend.resources | indent 10 }}
+{{- if .Values.frontend.startupProbe }}
+        startupProbe:
+          tcpSocket:
+            port: {{ .Values.frontend.service.port }}
+          initialDelaySeconds: {{ .Values.frontend.startupProbe.initialDelaySeconds }}
+          periodSeconds: {{ .Values.frontend.startupProbe.periodSeconds }}
+          timeoutSeconds: {{ .Values.frontend.startupProbe.timeoutSeconds }}
+          failureThreshold: {{ .Values.frontend.startupProbe.failureThreshold }}
+{{- end }}
         readinessProbe:
           tcpSocket:
             port: {{ .Values.frontend.service.port }}
@@ -52,21 +63,23 @@ spec:
           initialDelaySeconds: 30
           periodSeconds: 10
       - name: ui-warmup
-        image: busybox:1.37
-        command: ["sh", "-c"]
+        image: registry.access.redhat.com/ubi9/ubi-minimal:latest
+        command: ["/bin/bash", "-c"]
         args:
           - |
             echo "Waiting for frontend to be ready..."
-            until wget -q -O /dev/null http://{{ .Release.Name }}-frontend:{{ .Values.frontend.service.port }}/; do
+            until curl -f -s http://{{ .Release.Name }}-frontend:{{ .Values.frontend.service.port }}/ >/dev/null 2>&1; do
               echo "Frontend not yet ready, retrying in 5 seconds..."
               sleep 5
             done
             echo "Frontend is ready. Warming up UI..."
-            wget -q -O /dev/null http://{{ .Release.Name }}-frontend:{{ .Values.frontend.service.port }}/
+            curl -f -s http://{{ .Release.Name }}-frontend:{{ .Values.frontend.service.port }}/ >/dev/null 2>&1
             echo "UI warmed up."
             sleep infinity # Keep the container alive to prevent CrashLoopBackOff
       {{- $pullSecret := include "qiskit-studio.imagePullSecretName" . }}
       {{- if $pullSecret }}
       imagePullSecrets:
         - name: {{ $pullSecret }}
       {{- end }}
+
+# Made with Bob

charts/qiskit-studio/templates/knowledge-mcp-deployment.yaml

@@ -62,8 +62,15 @@ spec:
             readOnly: true
       {{- end }}
       - name: wait-for-milvus
-        image: busybox:1.37 # A small image with basic networking tools
-        command: ['sh', '-c', 'until nc -z {{ .Release.Name }}-milvus-service {{ .Values.milvus.service.httpPort }}; do echo waiting for milvus; sleep 2; done;']
+        image: registry.access.redhat.com/ubi9/ubi-minimal:latest
+        command:
+          - bash
+          - -c
+          - |
+            until timeout 1 bash -c "cat < /dev/null > /dev/tcp/{{ .Release.Name }}-milvus-service/{{ .Values.milvus.service.httpPort }}"; do
+              echo waiting for milvus
+              sleep 2
+            done
       volumes:
         - name: vllm-embedding-api-key-volume
           secret:

charts/qiskit-studio/templates/knowledge-milvus-deployment.yaml

@@ -57,6 +57,8 @@ spec:
           periodSeconds: 10
           timeoutSeconds: 5
           failureThreshold: 15
+        resources:
+{{ toYaml .Values.milvus.resources | indent 10 }}
         volumeMounts:
           - name: milvus-data
             mountPath: /var/lib/milvus

charts/qiskit-studio/templates/knowledge-preloader-job.yaml

@@ -21,13 +21,13 @@ spec:
       serviceAccountName: {{ .Values.knowledgePreloaderJob.serviceAccountName }}
       initContainers:
       - name: wait-for-services
-        image: busybox:1.37
+        image: registry.access.redhat.com/ubi9/ubi-minimal:latest
         command:
-          - "/bin/sh"
+          - "/bin/bash"
           - "-c"
           - |
             echo "--- Waiting for {{ .Release.Name }}-knowledge-mcp-service to be ready ---"
-            until nc -z {{ .Release.Name }}-knowledge-mcp-service {{ .Values.knowledgeMcp.service.port }};
+            until (echo > /dev/tcp/{{ .Release.Name }}-knowledge-mcp-service/{{ .Values.knowledgeMcp.service.port }}) >/dev/null 2>&1;
             do
               echo "MCP service is not yet available. Retrying in 10 seconds..."
               sleep 10

charts/qiskit-studio/templates/route-api.yaml

@@ -0,0 +1,88 @@
+{{- if and .Values.route.enabled (eq .Values.route.type "openshift") }}
+---
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: {{ .Release.Name }}-chat
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "qiskit-studio.labels" . | nindent 4 }}
+    app.kubernetes.io/component: chat
+    ingress: {{ .Release.Namespace }}
+  annotations:
+    haproxy.router.openshift.io/timeout: {{ .Values.route.timeout | default "120s" }}
+{{- with .Values.route.annotations }}
+    {{- toYaml . | nindent 4 }}
+{{- end }}
+spec:
+  host: {{ .Values.chat.route.host | default (printf "%s.%s.%s" .Values.chat.route.name .Release.Namespace .Values.route.domain) }}
+  path: /
+  port:
+    targetPort: {{ .Values.chat.service.port }}
+  tls:
+    insecureEdgeTerminationPolicy: Redirect
+    termination: edge
+  to:
+    kind: Service
+    name: {{ .Release.Name }}-chat
+    weight: 100
+  wildcardPolicy: None
+---
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: {{ .Release.Name }}-codegen
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "qiskit-studio.labels" . | nindent 4 }}
+    app.kubernetes.io/component: codegen
+    ingress: {{ .Release.Namespace }}
+  annotations:
+    haproxy.router.openshift.io/timeout: {{ .Values.route.timeout | default "120s" }}
+{{- with .Values.route.annotations }}
+    {{- toYaml . | nindent 4 }}
+{{- end }}
+spec:
+  host: {{ .Values.codegen.route.host | default (printf "%s.%s.%s" .Values.codegen.route.name .Release.Namespace .Values.route.domain) }}
+  path: /
+  port:
+    targetPort: {{ .Values.codegen.service.port }}
+  tls:
+    insecureEdgeTerminationPolicy: Redirect
+    termination: edge
+  to:
+    kind: Service
+    name: {{ .Release.Name }}-codegen
+    weight: 100
+  wildcardPolicy: None
+---
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: {{ .Release.Name }}-coderun
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "qiskit-studio.labels" . | nindent 4 }}
+    app.kubernetes.io/component: coderun
+    ingress: {{ .Release.Namespace }}
+  annotations:
+    haproxy.router.openshift.io/timeout: {{ .Values.route.timeout | default "120s" }}
+{{- with .Values.route.annotations }}
+    {{- toYaml . | nindent 4 }}
+{{- end }}
+spec:
+  host: {{ .Values.coderun.route.host | default (printf "%s.%s.%s" .Values.coderun.route.name .Release.Namespace .Values.route.domain) }}
+  path: /
+  port:
+    targetPort: {{ .Values.coderun.service.port }}
+  tls:
+    insecureEdgeTerminationPolicy: Redirect
+    termination: edge
+  to:
+    kind: Service
+    name: {{ .Release.Name }}-coderun
+    weight: 100
+  wildcardPolicy: None
+{{- end }}
+
+# Made with Bob