simstudioai
diff --git a/‎helm/sim/examples/values-copilot.yaml‎
Lines changed: 129 additions & 0 deletions b/‎helm/sim/examples/values-copilot.yaml‎
Lines changed: 129 additions & 0 deletions
diff --git a/‎helm/sim/templates/_helpers.tpl‎
Lines changed: 65 additions & 0 deletions b/‎helm/sim/templates/_helpers.tpl‎
Lines changed: 65 additions & 0 deletions
diff --git a/‎helm/sim/templates/deployment-copilot.yaml‎
Lines changed: 109 additions & 0 deletions b/‎helm/sim/templates/deployment-copilot.yaml‎
Lines changed: 109 additions & 0 deletions
diff --git a/‎helm/sim/templates/ingress.yaml‎
Lines changed: 18 additions & 0 deletions b/‎helm/sim/templates/ingress.yaml‎
Lines changed: 18 additions & 0 deletions
@@ -0,0 +1,129 @@
+# Enable the copilot service
+copilot:
+  enabled: true
+  
+  # Server configuration
+  server:
+    image:
+      repository: simstudioai/copilot
+      tag: latest
+      pullPolicy: Always
+    
+    replicaCount: 2
+    
+    # Node scheduling (OPTIONAL)
+    # By default, copilot runs on the same nodes as the main Sim platform
+    nodeSelector: {}
+    # nodeSelector:
+    #   workload-type: copilot
+    
+    resources:
+      limits:
+        memory: "2Gi"
+        cpu: "1000m"
+      requests:
+        memory: "1Gi"
+        cpu: "500m"
+    
+    # Required secrets (set via values or provide your own secret)
+    env:
+      PORT: "8080"
+      SERVICE_NAME: "copilot"
+      ENVIRONMENT: "production"
+      AGENT_API_DB_ENCRYPTION_KEY: ""          # openssl rand -hex 32
+      INTERNAL_API_SECRET: ""                  # reuse Sim INTERNAL_API_SECRET
+      LICENSE_KEY: ""                          # Provided by Sim team
+      OPENAI_API_KEY_1: ""                     # At least one provider key required
+      ANTHROPIC_API_KEY_1: ""                  # Optional secondary provider
+      SIM_BASE_URL: "https://sim.example.com"  # Base URL for Sim deployment
+      SIM_AGENT_API_KEY: ""                    # Must match SIM-side COPILOT_API_KEY
+      REDIS_URL: "redis://default:password@redis:6379"
+      # Optional configuration
+      LOG_LEVEL: "info"
+      CORS_ALLOWED_ORIGINS: "https://sim.example.com"
+      OTEL_EXPORTER_OTLP_ENDPOINT: ""
+    
+    # Create a Secret from the values above. Set create=false to reference an existing secret instead.
+    secret:
+      create: true
+      name: ""
+      annotations: {}
+    
+    extraEnv: []
+    extraEnvFrom: []
+    
+    service:
+      type: ClusterIP
+      port: 8080
+      targetPort: 8080
+  
+  # Internal PostgreSQL database (disable to use an external database)
+  postgresql:
+    enabled: true
+    
+    image:
+      repository: postgres
+      tag: 16-alpine
+      pullPolicy: IfNotPresent
+    
+    auth:
+      username: copilot
+      password: ""  # REQUIRED - set via --set copilot.postgresql.auth.password
+      database: copilot
+    
+    nodeSelector: {}
+    # nodeSelector:
+    #   workload-type: copilot
+    
+    resources:
+      limits:
+        memory: "1Gi"
+        cpu: "500m"
+      requests:
+        memory: "512Mi"
+        cpu: "250m"
+    
+    persistence:
+      enabled: true
+      size: 10Gi
+  
+  # External database configuration (only used when postgresql.enabled=false)
+  database:
+    existingSecretName: ""
+    secretKey: DATABASE_URL
+    url: ""
+  
+  # Migration job
+  migrations:
+    enabled: true
+    
+    resources:
+      limits:
+        memory: "512Mi"
+        cpu: "500m"
+      requests:
+        memory: "256Mi"
+        cpu: "100m"
+
+# Optional: Configure ingress to expose copilot service
+# Uncomment if you need external access to copilot
+# ingress:
+#   enabled: true
+#   className: nginx
+#   annotations:
+#     cert-manager.io/cluster-issuer: letsencrypt-prod
+#     nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+#   copilot:
+#     host: copilot.yourdomain.com
+#     paths:
+#       - path: /
+#         pathType: Prefix
+#   tls:
+#     enabled: true
+#     secretName: copilot-tls-secret
+
+# If using private Docker Hub repository
+# global:
+#   imagePullSecrets:
+#     - name: dockerhub-secret
+
@@ -300,4 +300,69 @@ Affinity
 affinity:
   {{- toYaml .affinity | nindent 2 }}
 {{- end }}
+{{- end }}
+
+{{/*
+Copilot environment secret name
+*/}}
+{{- define "sim.copilot.envSecretName" -}}
+{{- if and .Values.copilot.server.secret.name (ne .Values.copilot.server.secret.name "") -}}
+{{- .Values.copilot.server.secret.name -}}
+{{- else -}}
+{{- printf "%s-copilot-env" (include "sim.fullname" .) -}}
+{{- end -}}
+{{- end }}
+
+{{/*
+Copilot database secret name
+*/}}
+{{- define "sim.copilot.databaseSecretName" -}}
+{{- if .Values.copilot.postgresql.enabled -}}
+{{- printf "%s-copilot-postgresql-secret" (include "sim.fullname" .) -}}
+{{- else if and .Values.copilot.database.existingSecretName (ne .Values.copilot.database.existingSecretName "") -}}
+{{- .Values.copilot.database.existingSecretName -}}
+{{- else -}}
+{{- printf "%s-copilot-database-secret" (include "sim.fullname" .) -}}
+{{- end -}}
+{{- end }}
+
+{{/*
+Copilot database secret key
+*/}}
+{{- define "sim.copilot.databaseSecretKey" -}}
+{{- default "DATABASE_URL" .Values.copilot.database.secretKey -}}
+{{- end }}
+
+{{/*
+Validate Copilot configuration
+*/}}
+{{- define "sim.copilot.validate" -}}
+{{- if .Values.copilot.enabled -}}
+  {{- if and (not .Values.copilot.server.secret.create) (or (not .Values.copilot.server.secret.name) (eq .Values.copilot.server.secret.name "")) -}}
+    {{- fail "copilot.server.secret.name must be provided when copilot.server.secret.create=false" -}}
+  {{- end -}}
+  {{- if .Values.copilot.server.secret.create -}}
+    {{- $env := .Values.copilot.server.env -}}
+    {{- $required := list "AGENT_API_DB_ENCRYPTION_KEY" "INTERNAL_API_SECRET" "LICENSE_KEY" "SIM_BASE_URL" "SIM_AGENT_API_KEY" "REDIS_URL" -}}
+    {{- range $key := $required -}}
+      {{- if not (and $env (index $env $key) (ne (index $env $key) "")) -}}
+        {{- fail (printf "copilot.server.env.%s is required when copilot is enabled" $key) -}}
+      {{- end -}}
+    {{- end -}}
+    {{- $hasOpenAI := and $env (ne (default "" (index $env "OPENAI_API_KEY_1")) "") -}}
+    {{- $hasAnthropic := and $env (ne (default "" (index $env "ANTHROPIC_API_KEY_1")) "") -}}
+    {{- if not (or $hasOpenAI $hasAnthropic) -}}
+      {{- fail "Set at least one of copilot.server.env.OPENAI_API_KEY_1 or copilot.server.env.ANTHROPIC_API_KEY_1" -}}
+    {{- end -}}
+  {{- end -}}
+  {{- if .Values.copilot.postgresql.enabled -}}
+    {{- if or (not .Values.copilot.postgresql.auth.password) (eq .Values.copilot.postgresql.auth.password "") -}}
+      {{- fail "copilot.postgresql.auth.password is required when copilot.postgresql.enabled=true" -}}
+    {{- end -}}
+  {{- else -}}
+    {{- if and (or (not .Values.copilot.database.existingSecretName) (eq .Values.copilot.database.existingSecretName "")) (or (not .Values.copilot.database.url) (eq .Values.copilot.database.url "")) -}}
+      {{- fail "Provide copilot.database.existingSecretName or copilot.database.url when copilot.postgresql.enabled=false" -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}
 {{- end }}
@@ -0,0 +1,109 @@
+{{- if .Values.copilot.enabled }}
+{{- include "sim.copilot.validate" . }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "sim.fullname" . }}-copilot
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "sim.labels" . | nindent 4 }}
+    app.kubernetes.io/component: copilot
+spec:
+  type: {{ .Values.copilot.server.service.type }}
+  ports:
+    - port: {{ .Values.copilot.server.service.port }}
+      targetPort: {{ .Values.copilot.server.service.targetPort }}
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: {{ include "sim.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/component: copilot
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "sim.fullname" . }}-copilot
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "sim.labels" . | nindent 4 }}
+    app.kubernetes.io/component: copilot
+spec:
+  replicas: {{ .Values.copilot.server.replicaCount }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "sim.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      app.kubernetes.io/component: copilot
+  template:
+    metadata:
+      annotations:
+        {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      labels:
+        app.kubernetes.io/name: {{ include "sim.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        app.kubernetes.io/component: copilot
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.global.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.copilot.server.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.copilot.server.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: copilot
+          image: {{ include "sim.image" (dict "context" . "image" .Values.copilot.server.image) }}
+          imagePullPolicy: {{ .Values.copilot.server.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.copilot.server.service.targetPort }}
+              protocol: TCP
+          envFrom:
+            - secretRef:
+                name: {{ include "sim.copilot.envSecretName" . }}
+            - secretRef:
+                name: {{ include "sim.copilot.databaseSecretName" . }}
+            {{- with .Values.copilot.server.extraEnvFrom }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
+          {{- with .Values.copilot.server.extraEnv }}
+          env:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- if .Values.copilot.server.livenessProbe }}
+          livenessProbe:
+            {{- toYaml .Values.copilot.server.livenessProbe | nindent 12 }}
+          {{- end }}
+          {{- if .Values.copilot.server.readinessProbe }}
+          readinessProbe:
+            {{- toYaml .Values.copilot.server.readinessProbe | nindent 12 }}
+          {{- end }}
+          {{- with .Values.copilot.server.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.copilot.server.securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+{{- end }}
+
@@ -21,6 +21,9 @@ spec:
         {{- if .Values.realtime.enabled }}
         - {{ .Values.ingress.realtime.host }}
         {{- end }}
+        {{- if and .Values.copilot.enabled .Values.ingress.copilot }}
+        - {{ .Values.ingress.copilot.host }}
+        {{- end }}
       secretName: {{ .Values.ingress.tls.secretName }}
   {{- end }}
   rules:
@@ -52,4 +55,19 @@ spec:
                   number: {{ $.Values.realtime.service.port }}
           {{- end }}
     {{- end }}
+    {{- if and .Values.copilot.enabled .Values.ingress.copilot }}
+    # Copilot service ingress rule
+    - host: {{ .Values.ingress.copilot.host }}
+      http:
+        paths:
+          {{- range .Values.ingress.copilot.paths }}
+          - path: {{ .path }}
+            pathType: {{ .pathType }}
+            backend:
+              service:
+                name: {{ include "sim.fullname" $ }}-copilot
+                port:
+                  number: {{ $.Values.copilot.server.service.port }}
+          {{- end }}
+    {{- end }}
 {{- end }}