kube fixes

m1rl0k · m1rl0k · commit 5fd42d8b5499 · 2025-11-03T06:38:14.000-05:00
diff --git a/deploy/kubernetes/deploy.sh b/deploy/kubernetes/deploy.sh
@@ -186,24 +186,39 @@ apply_with_kustomize() {
   tmp_dir="$(mktemp -d)"
   log_info "Building temporary kustomize overlay at ${tmp_dir}"
 
+  # Copy manifests to temp dir to avoid absolute path issues
+  cp namespace.yaml configmap.yaml qdrant.yaml mcp-memory.yaml mcp-indexer.yaml \
+     mcp-http.yaml indexer-services.yaml rbac.yaml hpa.yaml networkpolicy.yaml "${tmp_dir}/"
+
+  if [[ "${SKIP_LLAMACPP}" != "true" ]]; then
+    cp llamacpp.yaml "${tmp_dir}/"
+  fi
+
+  if [[ "${DEPLOY_INGRESS}" == "true" ]]; then
+    cp ingress.yaml "${tmp_dir}/"
+  fi
+
   # Compose resources list based on flags
   {
     echo "apiVersion: kustomize.config.k8s.io/v1beta1"
     echo "kind: Kustomization"
     echo "namespace: ${NAMESPACE}"
     echo "resources:"
-    echo "  - ${base_dir}/namespace.yaml"
-    echo "  - ${base_dir}/configmap.yaml"
-    echo "  - ${base_dir}/qdrant.yaml"
-    echo "  - ${base_dir}/mcp-memory.yaml"
-    echo "  - ${base_dir}/mcp-indexer.yaml"
-    echo "  - ${base_dir}/mcp-http.yaml"
-    echo "  - ${base_dir}/indexer-services.yaml"
+    echo "  - namespace.yaml"
+    echo "  - configmap.yaml"
+    echo "  - qdrant.yaml"
+    echo "  - mcp-memory.yaml"
+    echo "  - mcp-indexer.yaml"
+    echo "  - mcp-http.yaml"
+    echo "  - indexer-services.yaml"
+    echo "  - rbac.yaml"
+    echo "  - hpa.yaml"
+    echo "  - networkpolicy.yaml"
     if [[ "${SKIP_LLAMACPP}" != "true" ]]; then
-      echo "  - ${base_dir}/llamacpp.yaml"
+      echo "  - llamacpp.yaml"
     fi
     if [[ "${DEPLOY_INGRESS}" == "true" ]]; then
-      echo "  - ${base_dir}/ingress.yaml"
+      echo "  - ingress.yaml"
     fi
     echo "images:"
     echo "  - name: context-engine"
@@ -214,6 +229,9 @@ apply_with_kustomize() {
   log_info "Applying kustomize overlay"
   kubectl apply -k "${tmp_dir}"
   log_success "Applied manifests via kustomize"
+
+  # Clean up temp dir
+  rm -rf "${tmp_dir}"
 }
 
 
diff --git a/deploy/kubernetes/hpa.yaml b/deploy/kubernetes/hpa.yaml
@@ -0,0 +1,21 @@
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: mcp-indexer-hpa
+  namespace: context-engine
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: mcp-indexer
+  minReplicas: 1
+  maxReplicas: 5
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 70
+
diff --git a/deploy/kubernetes/indexer-services.yaml b/deploy/kubernetes/indexer-services.yaml
@@ -21,6 +21,8 @@ spec:
         app: context-engine
         component: watcher
     spec:
+      serviceAccountName: context-engine
+
       containers:
       - name: watcher
         image: context-engine:latest
@@ -103,6 +105,7 @@ spec:
         app: context-engine
         component: indexer
     spec:
+      serviceAccountName: context-engine
       restartPolicy: OnFailure
       containers:
       - name: indexer
@@ -160,6 +163,7 @@ spec:
         app: context-engine
         component: init
     spec:
+      serviceAccountName: context-engine
       restartPolicy: OnFailure
       containers:
       - name: init-payload
diff --git a/deploy/kubernetes/kustomization.yaml b/deploy/kubernetes/kustomization.yaml
@@ -20,6 +20,11 @@ resources:
 
   # Indexer services
   - indexer-services.yaml
+  - rbac.yaml
+  - networkpolicy.yaml
+
+  - hpa.yaml
+
 
   # Optional services
   - llamacpp.yaml
@@ -33,26 +38,17 @@ labels:
       app.kubernetes.io/managed-by: kustomize
 
 # Patches for production customization
-patchesStrategicMerge:
-  # Uncomment and create patches for production
-  # - patches/production-storage.yaml
-  # - patches/production-resources.yaml
-  # - patches/production-ingress.yaml
+patchesStrategicMerge: []
 
 # ConfigMap generator (optional - for overrides)
 configMapGenerator:
   - name: context-engine-overrides
-    literals:
-      # Override specific values here
-      # COLLECTION_NAME=production-collection
-      # EMBEDDING_MODEL=BAAI/bge-large-en-v1.5
+    literals: []
 
 # Secret generator (optional - for sensitive data)
 secretGenerator:
   - name: context-engine-secrets
-    literals:
-      # Add secrets here (recommended to use existing secrets instead)
-      # QDRANT_API_KEY=your-api-key
+    literals: []
 
 # Images configuration (customize for your registry)
 images:
diff --git a/deploy/kubernetes/llamacpp.yaml b/deploy/kubernetes/llamacpp.yaml
@@ -66,10 +66,10 @@ spec:
           mountPath: /models
         resources:
           requests:
-            memory: "256Mi"
+            memory: "512Mi"
             cpu: "100m"
           limits:
-            memory: "512Mi"
+            memory: "2Gi"
             cpu: "500m"
 
       containers:
@@ -87,16 +87,18 @@ spec:
           containerPort: 8080
           protocol: TCP
         command:
-          - sh
-          - -c
+          - /app/llama-server
         args:
-          - |
-            exec /llama-server \
-              --host 0.0.0.0 \
-              --port 8080 \
-              --model "/models/${LLAMACPP_MODEL_NAME}" \
-              --ctx-size 4096 \
-              --n-gpu-layers 0
+          - --host
+          - "0.0.0.0"
+          - --port
+          - "8080"
+          - --model
+          - /models/qwen2.5-1.5b-instruct-q8_0.gguf
+          - --ctx-size
+          - "4096"
+          - --n-gpu-layers
+          - "0"
         resources:
           requests:
             memory: "2Gi"
diff --git a/deploy/kubernetes/mcp-http.yaml b/deploy/kubernetes/mcp-http.yaml
@@ -20,6 +20,8 @@ spec:
         app: context-engine
         component: mcp-memory-http
     spec:
+      serviceAccountName: context-engine
+
       containers:
       - name: mcp-memory-http
         image: context-engine:latest
@@ -162,6 +164,7 @@ spec:
         app: context-engine
         component: mcp-indexer-http
     spec:
+      serviceAccountName: context-engine
       containers:
       - name: mcp-indexer-http
         image: context-engine:latest
diff --git a/deploy/kubernetes/mcp-indexer.yaml b/deploy/kubernetes/mcp-indexer.yaml
@@ -20,6 +20,8 @@ spec:
         app: context-engine
         component: mcp-indexer
     spec:
+      serviceAccountName: context-engine
+
       containers:
       - name: mcp-indexer
         image: context-engine:latest
diff --git a/deploy/kubernetes/mcp-memory.yaml b/deploy/kubernetes/mcp-memory.yaml
@@ -20,6 +20,8 @@ spec:
         app: context-engine
         component: mcp-memory
     spec:
+      serviceAccountName: context-engine
+
       containers:
       - name: mcp-memory
         image: context-engine:latest
diff --git a/deploy/kubernetes/networkpolicy.yaml b/deploy/kubernetes/networkpolicy.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-intra-namespace-ingress-internal
+  namespace: context-engine
+spec:
+  podSelector:
+    matchLabels:
+      app: context-engine
+    matchExpressions:
+      - key: component
+        operator: In
+        values: ["watcher", "indexer", "init"]
+  policyTypes:
+    - Ingress
+  ingress:
+    - from:
+        - podSelector: {}
+
diff --git a/deploy/kubernetes/rbac.yaml b/deploy/kubernetes/rbac.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: context-engine
+  namespace: context-engine
+
