TEAMENG-824: add helm charts for AI and discovery satellites

Author: saligrama

charts/ai-satellite/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v2
+name: ai-satellite
+description: The Formal AI Satellite serves AI features and inference inside your environment.
+type: application
+version: 0.10.0

charts/ai-satellite/templates/_helpers.tpl

@@ -0,0 +1,59 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "ai-satellite.name" -}}
+{{- printf "formal-%s" (default .Chart.Name .Values.nameOverride | trunc 57 | trimSuffix "-") }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ai-satellite.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- printf "formal-%s" (.Values.fullnameOverride | trunc 57 | trimSuffix "-") }}
+{{- else }}
+{{- printf "formal-ai-satellite" }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ai-satellite.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "ai-satellite.labels" -}}
+helm.sh/chart: {{ include "ai-satellite.chart" . }}
+{{ include "ai-satellite.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "ai-satellite.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "ai-satellite.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "ai-satellite.serviceAccountName" -}}
+{{- if .Values.serviceAccount.name }}
+{{- .Values.serviceAccount.name }}
+{{- else if .Values.serviceAccount.create }}
+{{- include "ai-satellite.fullname" . }}
+{{- else }}
+{{- fail "Cannot determine service account name. Either set serviceAccount.create=true or provide serviceAccount.name" }}
+{{- end }}
+{{- end }}

charts/ai-satellite/templates/deployment.yaml

@@ -0,0 +1,74 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "ai-satellite.fullname" . }}
+  labels:
+    {{- include "ai-satellite.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "ai-satellite.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "ai-satellite.selectorLabels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      annotations:
+        {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      serviceAccountName: {{ include "ai-satellite.serviceAccountName" . }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          {{- if .Values.image.digest }}
+          image: "{{ .Values.image.repository }}@{{ .Values.image.digest }}"
+          {{- else }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          {{- end }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            {{- range .Values.ports }}
+            - name: {{ .name }}
+              containerPort: {{ .port }}
+            {{- end }}
+            - name: health
+              containerPort: 8080
+          env:
+            - name: FORMAL_CONTROL_PLANE_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "ai-satellite.fullname" . }}
+                  key: formal-api-key
+            {{- range $key, $value := .Values.env }}
+            - name: {{ $key }}
+              value: {{ $value | quote }}
+            {{- end }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          {{- with .Values.volumeMounts }}
+          volumeMounts:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+        {{- with .Values.sidecars }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      {{- with .Values.volumes }}
+      volumes:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.pullWithCredentials }}
+      imagePullSecrets:
+        - name: formal-ecr-secret
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

charts/ai-satellite/templates/extra-manifests.yaml

@@ -0,0 +1,4 @@
+{{- range .Values.extraManifests }}
+---
+{{ toYaml . }}
+{{- end }}

charts/ai-satellite/templates/rbac.yaml

@@ -0,0 +1,27 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "ai-satellite.fullname" . }}
+  labels:
+    {{- include "ai-satellite.labels" . | nindent 4 }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "ai-satellite.fullname" . }}
+  labels:
+    {{- include "ai-satellite.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "ai-satellite.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "ai-satellite.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}

charts/ai-satellite/templates/secrets.yaml

@@ -0,0 +1,11 @@
+{{- if .Values.formalAPIKey }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "ai-satellite.fullname" . }}
+  labels:
+    {{- include "ai-satellite.labels" . | nindent 4 }}
+type: Opaque
+data:
+  formal-api-key: {{ .Values.formalAPIKey | b64enc }}
+{{- end }}

charts/ai-satellite/templates/service.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "ai-satellite.fullname" . }}
+  labels:
+    {{- include "ai-satellite.labels" . | nindent 4 }}
+spec:
+  type: ClusterIP
+  ports:
+    {{- range .Values.ports }}
+    - port: {{ .port }}
+      targetPort: {{ .name }}
+      protocol: TCP
+      name: {{ .name }}
+    {{- end }}
+    - port: 8080
+      targetPort: health
+      protocol: TCP
+      name: health
+  selector:
+    {{- include "ai-satellite.selectorLabels" . | nindent 4 }}

charts/ai-satellite/templates/serviceaccount.yaml

@@ -0,0 +1,8 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "ai-satellite.serviceAccountName" . }}
+  labels:
+    {{- include "ai-satellite.labels" . | nindent 4 }}
+{{- end }}

charts/ai-satellite/values.yaml

@@ -0,0 +1,63 @@
+nameOverride: ""
+fullnameOverride: ""
+
+# API key for the AI Satellite configured in Formal Control Plane
+formalAPIKey: ""
+
+# Set to true if you're deploying outside AWS and use the ECR
+# credentials job (ecr-cred Helm chart) to fetch ECR credentials
+pullWithCredentials: false
+
+image:
+  repository: 654654333078.dkr.ecr.us-east-1.amazonaws.com/formalco-prod-ai-satellite
+  pullPolicy: Always
+  tag: "latest"
+
+# gRPC listener for the AI satellite
+# NOTE: Port names are limited to 15 characters by Kubernetes (DNS_LABEL spec)
+ports:
+  - name: grpc
+    port: 50055
+
+replicaCount: 2
+resources:
+  requests:
+    cpu: 4
+    memory: 8Gi
+  limits:
+    cpu: 8
+    memory: 16Gi
+    # Requires a NVIDIA GPU with at least 48GB VRAM.
+    nvidia.com/gpu: 1
+
+securityContext: {}
+podSecurityContext: {}
+env: {}
+podAnnotations:
+  cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
+volumes: []
+volumeMounts: []
+tolerations: []
+
+# RBAC resources give pod and lease permissions to the service account for
+# cluster formation (pod discovery + lease-based bootstrap coordination)
+rbac:
+  create: true
+
+# Set to `create` to false and provide your own service account name if you
+# don't want this chart to create one
+serviceAccount:
+  create: true
+  name: ""
+
+# Extra manifests to deploy as an array of objects
+extraManifests: []
+  # - apiVersion: v1
+  #   kind: ConfigMap
+  #   metadata:
+  #     name: example-configmap
+  #   data:
+  #     key: value
+
+# Additional containers to run in the same pod as the main satellite container
+sidecars: []

charts/data-discovery-satellite/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v2
+name: data-discovery-satellite
+description: The Formal Data Discovery Satellite indexes the schemas of datastores within your environment.
+type: application
+version: 0.1.0