From 5e85ca41b9876348852572726a12da90db4ccbe4 Mon Sep 17 00:00:00 2001 From: z30057876 Date: Sat, 8 Feb 2025 19:42:10 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E4=BB=A3=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/entities/flow.py | 2 +- apps/scheduler/call/api.py | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/apps/entities/flow.py b/apps/entities/flow.py index ad6caa1e..cd7434a9 100644 --- a/apps/entities/flow.py +++ b/apps/entities/flow.py @@ -58,7 +58,7 @@ class FlowError(BaseModel): class Flow(BaseModel): """Flow(工作流)的数据格式""" - name: str = Field(description="Flow的名称") + name: str = Field(description="Flow的名称", min_length=1) description: str = Field(description="Flow的描述") on_error: FlowError = FlowError(use_llm=True) steps: list[Step] = Field(description="节点列表", default=[]) diff --git a/apps/scheduler/call/api.py b/apps/scheduler/call/api.py index 50a78658..8b0a9aa9 100644 --- a/apps/scheduler/call/api.py +++ b/apps/scheduler/call/api.py @@ -16,7 +16,9 @@ from apps.scheduler.call.core import CoreCall from apps.scheduler.slot.slot import Slot -class _APIParams(BaseModel): +class APIParams(BaseModel): + """API调用工具的参数""" + full_url: str = Field(description="API接口的完整URL") method: Literal[ "GET", "POST", @@ -35,7 +37,7 @@ class _APIOutput(BaseModel): output: dict[str, Any] = Field(description="API调用工具的输出") -class API(metaclass=CoreCall, param_cls=_APIParams, output_cls=_APIOutput): +class API(metaclass=CoreCall, param_cls=APIParams, output_cls=_APIOutput): """API调用工具""" name: str = "api" -- Gitee From 3eb0eac99e91c49bbc693f518a39be983328e2d3 Mon Sep 17 00:00:00 2001 From: z30057876 Date: Wed, 19 Feb 2025 17:09:48 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E5=9B=9E=E5=90=88Deepseek=E9=80=82?= =?UTF-8?q?=E9=85=8D=E6=94=B9=E5=8A=A8=EF=BC=881=EF=BC=89?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/constants.py | 7 + apps/main.py | 4 +- apps/manager/application.py | 17 +- apps/routers/auth.py | 20 +- assets/.env.example | 12 +- deploy/chart/authhub/Chart.yaml | 4 +- .../authhub/configs/backend/aops-config.yml | 10 +- .../authhub/configs/backend/copy-config.yml | 7 + .../authhub/configs/web/authhub.nginx.conf | 35 -- deploy/chart/authhub/templates/NOTES.txt | 2 +- ...ecret.yaml => authhub-backend-config.yaml} | 13 +- .../backend/authhub-backend-deployment.yaml | 51 --- .../backend/authhub-backend-service.yaml | 17 - .../templates/backend/authhub-backend.yaml | 97 +++++ .../{mysql-secret.yaml => mysql-config.yaml} | 14 +- .../templates/mysql/mysql-service.yaml | 17 - .../templates/mysql/mysql-storage.yaml} | 9 +- .../{mysql-deployment.yaml => mysql.yaml} | 50 ++- deploy/chart/authhub/templates/secrets.yaml | 24 ++ .../templates/web/authhub-web-config.yaml | 44 ++ .../templates/web/authhub-web-deployment.yaml | 51 --- .../templates/web/authhub-web-ingress.yaml | 19 - .../templates/web/authhub-web-secret.yaml | 11 - .../templates/web/authhub-web-service.yaml | 17 - .../authhub/templates/web/authhub-web.yaml | 86 ++++ deploy/chart/authhub/values.yaml | 118 +++--- deploy/chart/databases/Chart.yaml | 4 +- .../databases/configs/mongo/healthcheck.sh | 15 - deploy/chart/databases/configs/pgsql/init.sql | 4 - deploy/chart/databases/templates/NOTES.txt | 2 +- .../templates/minio/minio-ingress.yaml | 19 - .../templates/minio/minio-secret.yaml | 10 - .../templates/minio/minio-service.yaml | 24 -- .../{minio-pvc.yaml => minio-storage.yaml} | 9 +- .../{minio-deployment.yaml => minio.yaml} | 71 +++- .../templates/mongo/mongo-config.yaml | 23 ++ .../templates/mongo/mongo-secret.yaml | 12 - .../templates/mongo/mongo-service.yaml | 17 - .../templates/mongo/mongo-storage.yaml} | 9 +- .../{mongo-deployment.yaml => mongo.yaml} | 50 ++- .../templates/pgsql/pgsql-config.yaml | 13 + .../templates/pgsql/pgsql-secret.yaml | 11 - .../templates/pgsql/pgsql-service.yaml | 17 - .../pgsql-storage.yaml} | 10 +- .../{pgsql-deployment.yaml => pgsql.yaml} | 53 ++- .../templates/redis/redis-secret.yaml | 10 - .../templates/redis/redis-service.yaml | 17 - .../{redis-deployment.yaml => redis.yaml} | 46 ++- deploy/chart/databases/templates/secrets.yaml | 30 ++ deploy/chart/databases/values.yaml | 135 +++---- deploy/chart/euler_copilot/Chart.yaml | 4 +- .../euler_copilot/configs/framework/.env | 94 ++--- .../configs/framework/copy-config.yaml | 7 + .../chart/euler_copilot/configs/rag-web/.env | 4 +- deploy/chart/euler_copilot/configs/rag/.env | 40 +- .../configs/rag/copy-config.yaml | 19 + .../euler_copilot/configs/vectorize/.env | 9 - deploy/chart/euler_copilot/configs/web/.env | 4 +- .../chart/euler_copilot/templates/NOTES.txt | 2 +- .../euler_copilot/templates/cornjob.yaml | 0 ...work-secret.yaml => framework-config.yaml} | 13 +- .../framework/framework-service.yaml | 17 - .../framework/framework-storage.yaml | 30 ++ ...amework-deployment.yaml => framework.yaml} | 122 ++++-- .../templates/rag-web/rag-web-config.yaml | 6 +- .../templates/rag-web/rag-web-ingress.yaml | 19 - .../templates/rag-web/rag-web-service.yaml | 18 - .../{rag-web-deployment.yaml => rag-web.yaml} | 64 ++- .../rag/{rag-secret.yaml => rag-config.yaml} | 13 +- .../templates/rag/rag-deployment.yaml | 56 --- .../templates/rag/rag-service.yaml | 17 - .../euler_copilot/templates/rag/rag.yaml | 118 ++++++ .../euler_copilot/templates/secrets.yaml | 36 ++ .../templates/serviceaccount.yaml | 0 .../vectorize/vectorize-deployment.yaml | 97 ----- .../templates/vectorize/vectorize-secret.yaml | 11 - .../vectorize/vectorize-service.yaml | 17 - .../templates/web/web-config.yaml | 6 +- .../templates/web/web-ingress.yaml | 19 - .../templates/web/web-service.yaml | 17 - .../web/{web-deployment.yaml => web.yaml} | 61 ++- deploy/chart/euler_copilot/values.yaml | 342 ++++++---------- deploy/secret_helper/Dockerfile | 11 + deploy/secret_helper/__init__.py | 0 deploy/secret_helper/config.example.yaml | 14 + deploy/secret_helper/file_copy.py | 73 ++++ deploy/secret_helper/job.py | 9 + deploy/secret_helper/main.py | 22 + deploy/secret_helper/requirements.txt | 1 + ...50\347\275\262\346\214\207\345\215\227.md" | 380 ++++++++++-------- ...04\345\273\272\346\214\207\345\215\227.md" | 36 +- ...50\347\275\262\346\214\207\345\215\227.md" | 297 +++++++------- .../test_app/flows/{flow.yaml => test.yaml} | 33 +- 93 files changed, 1812 insertions(+), 1713 deletions(-) create mode 100644 deploy/chart/authhub/configs/backend/copy-config.yml delete mode 100644 deploy/chart/authhub/configs/web/authhub.nginx.conf rename deploy/chart/authhub/templates/backend/{authhub-backend-secret.yaml => authhub-backend-config.yaml} (54%) delete mode 100644 deploy/chart/authhub/templates/backend/authhub-backend-deployment.yaml delete mode 100644 deploy/chart/authhub/templates/backend/authhub-backend-service.yaml create mode 100644 deploy/chart/authhub/templates/backend/authhub-backend.yaml rename deploy/chart/authhub/templates/mysql/{mysql-secret.yaml => mysql-config.yaml} (38%) delete mode 100644 deploy/chart/authhub/templates/mysql/mysql-service.yaml rename deploy/chart/{databases/templates/pgsql/pgsql-pvc.yaml => authhub/templates/mysql/mysql-storage.yaml} (47%) rename deploy/chart/authhub/templates/mysql/{mysql-deployment.yaml => mysql.yaml} (57%) create mode 100644 deploy/chart/authhub/templates/secrets.yaml create mode 100644 deploy/chart/authhub/templates/web/authhub-web-config.yaml delete mode 100644 deploy/chart/authhub/templates/web/authhub-web-deployment.yaml delete mode 100644 deploy/chart/authhub/templates/web/authhub-web-ingress.yaml delete mode 100644 deploy/chart/authhub/templates/web/authhub-web-secret.yaml delete mode 100644 deploy/chart/authhub/templates/web/authhub-web-service.yaml create mode 100644 deploy/chart/authhub/templates/web/authhub-web.yaml delete mode 100644 deploy/chart/databases/configs/mongo/healthcheck.sh delete mode 100644 deploy/chart/databases/configs/pgsql/init.sql delete mode 100644 deploy/chart/databases/templates/minio/minio-ingress.yaml delete mode 100644 deploy/chart/databases/templates/minio/minio-secret.yaml delete mode 100644 deploy/chart/databases/templates/minio/minio-service.yaml rename deploy/chart/databases/templates/minio/{minio-pvc.yaml => minio-storage.yaml} (49%) rename deploy/chart/databases/templates/minio/{minio-deployment.yaml => minio.yaml} (44%) create mode 100644 deploy/chart/databases/templates/mongo/mongo-config.yaml delete mode 100644 deploy/chart/databases/templates/mongo/mongo-secret.yaml delete mode 100644 deploy/chart/databases/templates/mongo/mongo-service.yaml rename deploy/chart/{authhub/templates/mysql/mysql-pvc.yaml => databases/templates/mongo/mongo-storage.yaml} (49%) rename deploy/chart/databases/templates/mongo/{mongo-deployment.yaml => mongo.yaml} (61%) create mode 100644 deploy/chart/databases/templates/pgsql/pgsql-config.yaml delete mode 100644 deploy/chart/databases/templates/pgsql/pgsql-secret.yaml delete mode 100644 deploy/chart/databases/templates/pgsql/pgsql-service.yaml rename deploy/chart/databases/templates/{mongo/mongo-pvc.yaml => pgsql/pgsql-storage.yaml} (49%) rename deploy/chart/databases/templates/pgsql/{pgsql-deployment.yaml => pgsql.yaml} (48%) delete mode 100644 deploy/chart/databases/templates/redis/redis-secret.yaml delete mode 100644 deploy/chart/databases/templates/redis/redis-service.yaml rename deploy/chart/databases/templates/redis/{redis-deployment.yaml => redis.yaml} (50%) create mode 100644 deploy/chart/databases/templates/secrets.yaml create mode 100644 deploy/chart/euler_copilot/configs/framework/copy-config.yaml create mode 100644 deploy/chart/euler_copilot/configs/rag/copy-config.yaml delete mode 100644 deploy/chart/euler_copilot/configs/vectorize/.env create mode 100644 deploy/chart/euler_copilot/templates/cornjob.yaml rename deploy/chart/euler_copilot/templates/framework/{framework-secret.yaml => framework-config.yaml} (39%) delete mode 100644 deploy/chart/euler_copilot/templates/framework/framework-service.yaml create mode 100644 deploy/chart/euler_copilot/templates/framework/framework-storage.yaml rename deploy/chart/euler_copilot/templates/framework/{framework-deployment.yaml => framework.yaml} (32%) delete mode 100644 deploy/chart/euler_copilot/templates/rag-web/rag-web-ingress.yaml delete mode 100644 deploy/chart/euler_copilot/templates/rag-web/rag-web-service.yaml rename deploy/chart/euler_copilot/templates/rag-web/{rag-web-deployment.yaml => rag-web.yaml} (42%) rename deploy/chart/euler_copilot/templates/rag/{rag-secret.yaml => rag-config.yaml} (61%) delete mode 100644 deploy/chart/euler_copilot/templates/rag/rag-deployment.yaml delete mode 100644 deploy/chart/euler_copilot/templates/rag/rag-service.yaml create mode 100644 deploy/chart/euler_copilot/templates/rag/rag.yaml create mode 100644 deploy/chart/euler_copilot/templates/secrets.yaml create mode 100644 deploy/chart/euler_copilot/templates/serviceaccount.yaml delete mode 100644 deploy/chart/euler_copilot/templates/vectorize/vectorize-deployment.yaml delete mode 100644 deploy/chart/euler_copilot/templates/vectorize/vectorize-secret.yaml delete mode 100644 deploy/chart/euler_copilot/templates/vectorize/vectorize-service.yaml delete mode 100644 deploy/chart/euler_copilot/templates/web/web-ingress.yaml delete mode 100644 deploy/chart/euler_copilot/templates/web/web-service.yaml rename deploy/chart/euler_copilot/templates/web/{web-deployment.yaml => web.yaml} (52%) create mode 100644 deploy/secret_helper/Dockerfile create mode 100644 deploy/secret_helper/__init__.py create mode 100644 deploy/secret_helper/config.example.yaml create mode 100644 deploy/secret_helper/file_copy.py create mode 100644 deploy/secret_helper/job.py create mode 100644 deploy/secret_helper/main.py create mode 100644 deploy/secret_helper/requirements.txt rename sample/apps/test_app/flows/{flow.yaml => test.yaml} (85%) diff --git a/apps/constants.py b/apps/constants.py index 642281a4..889ffd59 100644 --- a/apps/constants.py +++ b/apps/constants.py @@ -20,3 +20,10 @@ MAX_SCHEDULER_HISTORY_SIZE = 3 CALL_DIR = "call" # 日志记录器 LOGGER = logging.getLogger("ray") + +REASONING_BEGIN_TOKEN = [ + "", +] +REASONING_END_TOKEN = [ + "", +] diff --git a/apps/main.py b/apps/main.py index bef6067d..541afa3e 100644 --- a/apps/main.py +++ b/apps/main.py @@ -28,8 +28,8 @@ from apps.routers import ( flow, health, knowledge, + mock, record, - mock ) # from apps.scheduler.pool.loader import Loader @@ -39,7 +39,7 @@ app = FastAPI(docs_url=None, redoc_url=None) # 定义FastAPI全局中间件 app.add_middleware( CORSMiddleware, - allow_origins=[config["WEB_FRONT_URL"]], + allow_origins=[config["DOMAIN"]], allow_credentials=True, allow_methods=["*"], allow_headers=["*"], diff --git a/apps/manager/application.py b/apps/manager/application.py index 5cde5670..3245c1ae 100644 --- a/apps/manager/application.py +++ b/apps/manager/application.py @@ -1,14 +1,14 @@ -"""flow Manager +"""应用管理器 Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved. """ - from apps.constants import LOGGER -from apps.models.mongo import MongoDB from apps.entities.enum_var import PermissionType +from apps.models.mongo import MongoDB class AppManager: + """应用管理器""" @staticmethod async def validate_user_app_access(user_sub: str, app_id: str) -> bool: @@ -28,10 +28,10 @@ class AppManager: { "$and": [ {"permission.type": PermissionType.PROTECTED.value}, - {"permission.users": user_sub} - ] - } - ] + {"permission.users": user_sub}, + ], + }, + ], } result = await app_collection.find_one(query) @@ -40,6 +40,7 @@ class AppManager: LOGGER.error(f"Validate user app access failed due to: {e}") return False + @staticmethod async def validate_app_belong_to_user(user_sub: str, app_id: str) -> bool: """验证用户对应用的属权 @@ -51,7 +52,7 @@ class AppManager: app_collection = MongoDB.get_collection("app") # 获取应用集合' query = { "_id": app_id, - "author": user_sub + "author": user_sub, } result = await app_collection.find_one(query) diff --git a/apps/routers/auth.py b/apps/routers/auth.py index 252462a8..ae856ba0 100644 --- a/apps/routers/auth.py +++ b/apps/routers/auth.py @@ -42,7 +42,7 @@ async def oidc_login(request: Request, code: str, redirect_index: Optional[str] if redirect_index: response = RedirectResponse(redirect_index, status_code=status.HTTP_301_MOVED_PERMANENTLY) else: - response = RedirectResponse(config["WEB_FRONT_URL"], status_code=status.HTTP_301_MOVED_PERMANENTLY) + response = RedirectResponse("/", status_code=status.HTTP_301_MOVED_PERMANENTLY) try: token = await get_oidc_token(code) user_info = await get_oidc_user(token["access_token"], token["refresh_token"]) @@ -70,23 +70,15 @@ async def oidc_login(request: Request, code: str, redirect_index: Optional[str] await UserManager.update_userinfo_by_user_sub(user_sub) - current_session = request.cookies["ECSESSION"] try: + current_session = request.cookies["ECSESSION"] await SessionManager.delete_session(current_session) - current_session = await SessionManager.create_session(user_host, extra_keys={ - "user_sub": user_sub, - }) except Exception as e: LOGGER.error(f"Change session failed: {e}") - data = Audit( - user_sub=user_sub, - http_method="get", - module="auth", - client_ip=user_host, - message="/api/auth/login: Change session failed.", - ) - await AuditLogManager.add_audit_log(data) - raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="User login failed.") from e + + current_session = await SessionManager.create_session(user_host, extra_keys={ + "user_sub": user_sub, + }) new_csrf_token = await SessionManager.create_csrf_token(current_session) if config["COOKIE_MODE"] == "DEBUG": diff --git a/assets/.env.example b/assets/.env.example index e8bacf37..71443fe1 100644 --- a/assets/.env.example +++ b/assets/.env.example @@ -1,7 +1,5 @@ DEPLOY_MODE=online COOKIE_MODE=domain -# WEB -WEB_FRONT_URL= # Redis REDIS_HOST= @@ -40,7 +38,6 @@ RAG_HOST= # FastAPI DOMAIN= JWT_KEY= -PICKLE_KEY= # CSRF ENABLE_CSRF=True @@ -69,10 +66,13 @@ HALF_KEY1= HALF_KEY2= HALF_KEY3= -# LLM +# OpenAI接口(用于问答) +LLM_TYPE= LLM_URL= LLM_KEY= -LLM_MODEL_NAME= +LLM_MODEL= +LLM_MAX_TOKENS=8192 +LLM_TEMPERATURE=0.7 # 调度 SCHEDULER_BACKEND= @@ -80,7 +80,7 @@ SCHEDULER_MODEL= SCHEDULER_URL= SCHEDULER_API_KEY= SCHEDULER_MAX_TOKENS=8192 -SCHEDULER_TEMPERATURE=0.07 +SCHEDULER_TEMPERATURE=0.7 # 插件 SERVICE_DIR= diff --git a/deploy/chart/authhub/Chart.yaml b/deploy/chart/authhub/Chart.yaml index 695d79c1..382f2bca 100644 --- a/deploy/chart/authhub/Chart.yaml +++ b/deploy/chart/authhub/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: authhub-chart description: AuthHub Helm部署包 type: application -version: 0.9.3 -appVersion: "1.16.0" +version: 0.9.4 +appVersion: "0.9.4" diff --git a/deploy/chart/authhub/configs/backend/aops-config.yml b/deploy/chart/authhub/configs/backend/aops-config.yml index b43960d2..8ea4d597 100644 --- a/deploy/chart/authhub/configs/backend/aops-config.yml +++ b/deploy/chart/authhub/configs/backend/aops-config.yml @@ -1,19 +1,19 @@ infrastructure: mysql: - host: mysql-db-{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local + host: mysql-db.{{ .Release.Namespace }}.svc.cluster.local port: 3306 username: authhub pool_size: 100 pool_recycle: 7200 database: oauth2 - password: {{ .Values.authhub.mysql.password }} + password: ${mysql-password} redis: - host: redis-db-{{ .Values.globals.databases.app_name }}.{{ .Values.globals.databases.app_namespace }}.svc.cluster.local + host: redis-db.{{ .Release.Namespace }}.svc.cluster.local port: 6379 - password: {{ .Values.globals.databases.redis }} + password: ${redis-password} include: "/etc/aops/conf.d" -domain: {{ .Values.globals.domain }} +domain: {{ .Values.domain.authhub }} services: log: diff --git a/deploy/chart/authhub/configs/backend/copy-config.yml b/deploy/chart/authhub/configs/backend/copy-config.yml new file mode 100644 index 00000000..74cd5019 --- /dev/null +++ b/deploy/chart/authhub/configs/backend/copy-config.yml @@ -0,0 +1,7 @@ +copy: + - from: /config + to: /config-rw + mode: + uid: 0 + gid: 0 + mode: "0o650" \ No newline at end of file diff --git a/deploy/chart/authhub/configs/web/authhub.nginx.conf b/deploy/chart/authhub/configs/web/authhub.nginx.conf deleted file mode 100644 index 692df77b..00000000 --- a/deploy/chart/authhub/configs/web/authhub.nginx.conf +++ /dev/null @@ -1,35 +0,0 @@ -server { - listen 8000; - server_name localhost; - - # gzip config - gzip on; - gzip_min_length 1k; - gzip_comp_level 6; - gzip_types text/plain text/css text/javascript application/json application/javascript application/x-javascript application/xml; - gzip_vary on; - gzip_disable "MSIE [1-6]\."; - - location / { - proxy_set_header X-Real-IP $remote_addr; - root /opt/authhub/web/dist; - index index.html; - try_files $uri $uri/ /index.html; - } - - location /authhub { - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods 'GET, POST, DELETE, PUT, OPTIONS'; - alias /opt/authhub/web/dist; - index index.html; - try_files $uri $uri/ /index.html last; - } - - location /oauth2 { - proxy_pass http://authhub-backend-service-{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local:11120; - proxy_set_header Host $host; - proxy_set_header X-Real-URL $request_uri; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Request-Header $http_request_header; - } -} diff --git a/deploy/chart/authhub/templates/NOTES.txt b/deploy/chart/authhub/templates/NOTES.txt index cf3cd2f0..931c97d6 100644 --- a/deploy/chart/authhub/templates/NOTES.txt +++ b/deploy/chart/authhub/templates/NOTES.txt @@ -1,5 +1,5 @@ 感谢您使用Euler Copilot! -当前为Euler Copilot 0.9.1版本。 +当前为Euler Copilot 0.9.4版本。 当前Chart的功能为:AuthHub统一登录系统部署。 说明: diff --git a/deploy/chart/authhub/templates/backend/authhub-backend-secret.yaml b/deploy/chart/authhub/templates/backend/authhub-backend-config.yaml similarity index 54% rename from deploy/chart/authhub/templates/backend/authhub-backend-secret.yaml rename to deploy/chart/authhub/templates/backend/authhub-backend-config.yaml index def2b8a0..0164dcbb 100644 --- a/deploy/chart/authhub/templates/backend/authhub-backend-secret.yaml +++ b/deploy/chart/authhub/templates/backend/authhub-backend-config.yaml @@ -1,13 +1,14 @@ -{{- if .Values.authhub.backend.enabled }} +{{- if .Values.authhub.backend.enabled -}} apiVersion: v1 -kind: Secret +kind: ConfigMap metadata: - name: authhub-backend-secret-{{ .Release.Name }} + name: authhub-backend-config namespace: {{ .Release.Namespace }} -type: Opaque -stringData: +data: aops-config.yml: |- {{ tpl (.Files.Get "configs/backend/aops-config.yml") . | indent 4 }} authhub.yml: |- {{ tpl (.Files.Get "configs/backend/authhub.yml") . | indent 4 }} -{{- end }} + copy-config.yml: |- +{{ tpl (.Files.Get "configs/backend/copy-config.yml") . | indent 4 }} +{{- end -}} diff --git a/deploy/chart/authhub/templates/backend/authhub-backend-deployment.yaml b/deploy/chart/authhub/templates/backend/authhub-backend-deployment.yaml deleted file mode 100644 index 99d65175..00000000 --- a/deploy/chart/authhub/templates/backend/authhub-backend-deployment.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if .Values.authhub.backend.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: authhub-backend-deploy-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} - labels: - app: authhub-backend-{{ .Release.Name }} -spec: - replicas: {{ .Values.globals.replicaCount }} - selector: - matchLabels: - app: authhub-backend-{{ .Release.Name }} - template: - metadata: - annotations: - checksum/secret: {{ include (print $.Template.BasePath "/backend/authhub-backend-secret.yaml") . | sha256sum }} - labels: - app: authhub-backend-{{ .Release.Name }} - spec: - automountServiceAccountToken: false - containers: - - name: authhub-backend - image: "{{if ne ( .Values.authhub.backend.image.registry | toString ) ""}}{{ .Values.authhub.backend.image.registry }}{{ else }}{{ .Values.globals.imageRegistry }}{{ end }}/{{ .Values.authhub.backend.image.name }}:{{ .Values.authhub.backend.image.tag | toString }}" - imagePullPolicy: {{ if ne ( .Values.authhub.backend.image.imagePullPolicy | toString ) "" }}{{ .Values.authhub.backend.image.imagePullPolicy }}{{ else }}{{ .Values.globals.imagePullPolicy }}{{ end }} - ports: - - containerPort: 11120 - protocol: TCP - volumeMounts: - - name: authhub-secret-volume - mountPath: /etc/aops - livenessProbe: - httpGet: - path: /oauth2/applications - port: 11120 - scheme: HTTP - failureThreshold: 5 - initialDelaySeconds: 60 - periodSeconds: 90 - securityContext: - readOnlyRootFilesystem: {{ .Values.authhub.backend.readOnly }} - volumes: - - name: authhub-secret-volume - secret: - secretName: authhub-backend-secret-{{ .Release.Name }} - items: - - key: aops-config.yml - path: aops-config.yml - - key: authhub.yml - path: conf.d/authhub.yml -{{- end }} \ No newline at end of file diff --git a/deploy/chart/authhub/templates/backend/authhub-backend-service.yaml b/deploy/chart/authhub/templates/backend/authhub-backend-service.yaml deleted file mode 100644 index 469c385e..00000000 --- a/deploy/chart/authhub/templates/backend/authhub-backend-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.authhub.backend.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: authhub-backend-service-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} -spec: - type: {{ .Values.authhub.backend.service.type }} - selector: - app: authhub-backend-{{ .Release.Name }} - ports: - - port: 11120 - targetPort: 11120 - {{- if (and (eq .Values.authhub.backend.service.type "NodePort") .Values.authhub.backend.service.nodePort) }} - nodePort: {{ .Values.authhub.backend.service.nodePort }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/deploy/chart/authhub/templates/backend/authhub-backend.yaml b/deploy/chart/authhub/templates/backend/authhub-backend.yaml new file mode 100644 index 00000000..296aa3c8 --- /dev/null +++ b/deploy/chart/authhub/templates/backend/authhub-backend.yaml @@ -0,0 +1,97 @@ +{{- if .Values.authhub.backend.enabled -}} +--- +apiVersion: v1 +kind: Service +metadata: + name: authhub-backend-service + namespace: {{ .Release.Namespace }} +spec: + type: {{ default "ClusterIP" .Values.authhub.backend.service.type }} + selector: + app: authhub-backend + ports: + - port: 11120 + targetPort: 11120 + nodePort: {{ default nil .Values.authhub.backend.service.nodePort }} + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: authhub-backend-deploy + namespace: {{ .Release.Namespace }} + labels: + app: authhub-backend +spec: + replicas: {{ default 1 .Values.globals.replicaCount }} + selector: + matchLabels: + app: authhub-backend + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/backend/authhub-backend-config.yaml") . | sha256sum }} + labels: + app: authhub-backend + spec: + automountServiceAccountToken: false + containers: + - name: authhub-backend + image: {{ default "hub.oepkgs.net/neocopilot/authhub:0.9.3-x86" .Values.authhub.backend.image }} + imagePullPolicy: {{ default "IfNotPresent" .Values.globals.imagePullPolicy }} + ports: + - containerPort: 11120 + protocol: TCP + volumeMounts: + - name: authhub-shared + mountPath: /etc/aops + livenessProbe: + httpGet: + path: /oauth2/applications + port: 11120 + scheme: HTTP + failureThreshold: 5 + initialDelaySeconds: 60 + periodSeconds: 90 + resources: + requests: + cpu: 0.1 + memory: 128Mi + limits: + {{ toYaml .Values.authhub.backend.resourceLimits | nindent 14 }} + initContainers: + - name: authhub-backend-copy-secret + image: {{ default "hub.oepkgs.net/neocopilot/secret_inject:x86" .Values.authhub.secret_inject.image }} + imagePullPolicy: {{ default "IfNotPresent" .Values.globals.imagePullPolicy }} + volumeMounts: + - mountPath: /secrets/mysql-password + name: authhub-secret-vl + subPath: mysql-password + - mountPath: /secrets/redis-password + name: euler-copilot-database-vl + subPath: redis-password + - mountPath: /config/aops-config.yml + name: authhub-config + subPath: aops-config.yml + - mountPath: /config/conf.d/authhub.yml + name: authhub-config + subPath: authhub.yml + - mountPath: /config-rw + name: authhub-shared + - mountPath: /app/config.yaml + name: authhub-config + subPath: copy-config.yml + volumes: + - name: authhub-shared + emptyDir: + medium: Memory + - name: authhub-config + configMap: + name: authhub-backend-config + - name: authhub-secret-vl + secret: + secretName: authhub-secret + - name: euler-copilot-database-vl + secret: + secretName: euler-copilot-database +{{- end -}} \ No newline at end of file diff --git a/deploy/chart/authhub/templates/mysql/mysql-secret.yaml b/deploy/chart/authhub/templates/mysql/mysql-config.yaml similarity index 38% rename from deploy/chart/authhub/templates/mysql/mysql-secret.yaml rename to deploy/chart/authhub/templates/mysql/mysql-config.yaml index d34cd531..9a92389a 100644 --- a/deploy/chart/authhub/templates/mysql/mysql-secret.yaml +++ b/deploy/chart/authhub/templates/mysql/mysql-config.yaml @@ -1,12 +1,10 @@ -{{- if .Values.authhub.mysql.enabled }} +{{- if .Values.authhub.mysql.enabled -}} apiVersion: v1 -kind: Secret +kind: ConfigMap metadata: - name: mysql-secret-{{ .Release.Name }} + name: mysql-config namespace: {{ .Release.Namespace }} -type: Opaque -stringData: - mysql-password: {{ .Values.authhub.mysql.password }} - init.sql: | +data: + init.sql: |- {{ tpl (.Files.Get "configs/mysql/init.sql") . | indent 4 }} -{{- end }} \ No newline at end of file +{{- end -}} \ No newline at end of file diff --git a/deploy/chart/authhub/templates/mysql/mysql-service.yaml b/deploy/chart/authhub/templates/mysql/mysql-service.yaml deleted file mode 100644 index 5d0cfd94..00000000 --- a/deploy/chart/authhub/templates/mysql/mysql-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.authhub.mysql.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: mysql-db-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} -spec: - type: {{ .Values.authhub.mysql.service.type }} - selector: - app: mysql-{{ .Release.Name }} - ports: - - port: 3306 - targetPort: 3306 - {{- if (and (eq .Values.authhub.mysql.service.type "NodePort") .Values.authhub.mysql.service.nodePort) }} - nodePort: {{ .Values.authhub.mysql.service.nodePort }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/deploy/chart/databases/templates/pgsql/pgsql-pvc.yaml b/deploy/chart/authhub/templates/mysql/mysql-storage.yaml similarity index 47% rename from deploy/chart/databases/templates/pgsql/pgsql-pvc.yaml rename to deploy/chart/authhub/templates/mysql/mysql-storage.yaml index f3fcfc87..0677d68a 100644 --- a/deploy/chart/databases/templates/pgsql/pgsql-pvc.yaml +++ b/deploy/chart/authhub/templates/mysql/mysql-storage.yaml @@ -1,15 +1,16 @@ -{{- if and .Values.databases.pgsql.enabled }} +{{- if .Values.authhub.mysql.enabled -}} apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: pgsql-pvc-{{ .Release.Name }} + name: mysql-pvc namespace: {{ .Release.Namespace }} annotations: helm.sh/resource-policy: keep spec: + storageClassName: {{ default "local-path" .Values.globals.storageClassName }} accessModes: - ReadWriteOnce resources: requests: - storage: {{ .Values.databases.pgsql.persistentVolumeSize }} -{{- end }} \ No newline at end of file + storage: {{ default "10Gi" .Values.authhub.mysql.persistentVolumeSize }} +{{- end -}} \ No newline at end of file diff --git a/deploy/chart/authhub/templates/mysql/mysql-deployment.yaml b/deploy/chart/authhub/templates/mysql/mysql.yaml similarity index 57% rename from deploy/chart/authhub/templates/mysql/mysql-deployment.yaml rename to deploy/chart/authhub/templates/mysql/mysql.yaml index 511290e7..ba20e6ca 100644 --- a/deploy/chart/authhub/templates/mysql/mysql-deployment.yaml +++ b/deploy/chart/authhub/templates/mysql/mysql.yaml @@ -1,28 +1,44 @@ -{{- if .Values.authhub.mysql.enabled }} +{{- if .Values.authhub.mysql.enabled -}} +--- +apiVersion: v1 +kind: Service +metadata: + name: mysql-db + namespace: {{ .Release.Namespace }} +spec: + type: {{ default "ClusterIP" .Values.authhub.mysql.service.type }} + selector: + app: mysql + ports: + - port: 3306 + targetPort: 3306 + nodePort: {{ default nil .Values.authhub.mysql.service.nodePort }} + +--- apiVersion: apps/v1 kind: Deployment metadata: - name: mysql-deploy-{{ .Release.Name }} + name: mysql-deploy namespace: {{ .Release.Namespace }} labels: - app: mysql-{{ .Release.Name }} + app: mysql spec: - replicas: {{ .Values.globals.replicaCount }} + replicas: {{ default 1 .Values.globals.replicaCount }} selector: matchLabels: - app: mysql-{{ .Release.Name }} + app: mysql template: metadata: annotations: - checksum/secret: {{ include (print $.Template.BasePath "/mysql/mysql-secret.yaml") . | sha256sum }} + checksum/config: {{ include (print $.Template.BasePath "/mysql/mysql-config.yaml") . | sha256sum }} labels: - app: mysql-{{ .Release.Name }} + app: mysql spec: automountServiceAccountToken: false containers: - name: mysql - image: "{{ if ne (.Values.authhub.mysql.image.registry | toString ) "" }}{{ .Values.authhub.mysql.image.registry }}{{ else }}{{ .Values.globals.imageRegistry }}{{ end }}/{{ .Values.authhub.mysql.image.name }}:{{ .Values.authhub.mysql.image.tag | toString }}" - imagePullPolicy: {{ if ne (.Values.authhub.mysql.image.imagePullPolicy | toString) "" }}{{ .Values.authhub.mysql.image.imagePullPolicy }}{{ else }}{{ .Values.globals.imagePullPolicy }}{{ end }} + image: {{ default "hub.oepkgs.net/neocopilot/mysql:8-x86" .Values.authhub.mysql.image }} + imagePullPolicy: {{ default "IfNotPresent" .Values.globals.imagePullPolicy }} args: - "--character-set-server=utf8mb4" - "--collation-server=utf8mb4_unicode_ci" @@ -48,7 +64,7 @@ spec: - name: MYSQL_PASSWORD valueFrom: secretKeyRef: - name: mysql-secret-{{ .Release.Name }} + name: authhub-secret key: mysql-password volumeMounts: - mountPath: /var/lib/mysql @@ -57,13 +73,17 @@ spec: name: mysql-init subPath: init.sql resources: - {{- toYaml .Values.authhub.mysql.resources | nindent 12 }} + requests: + cpu: 0.1 + memory: 384Mi + limits: + {{ toYaml .Values.authhub.mysql.resourceLimits | nindent 14 }} restartPolicy: Always volumes: - name: mysql-data persistentVolumeClaim: - claimName: mysql-pvc-{{ .Release.Name }} + claimName: mysql-pvc - name: mysql-init - secret: - secretName: mysql-secret-{{ .Release.Name }} -{{- end }} + configMap: + name: mysql-config +{{- end -}} diff --git a/deploy/chart/authhub/templates/secrets.yaml b/deploy/chart/authhub/templates/secrets.yaml new file mode 100644 index 00000000..a274f097 --- /dev/null +++ b/deploy/chart/authhub/templates/secrets.yaml @@ -0,0 +1,24 @@ +{{- $authhubSecret := (lookup "v1" "Secret" .Release.Namespace "authhub-secret") -}} +{{- if $authhubSecret -}} +apiVersion: v1 +kind: Secret +metadata: + name: authhub-secret + namespace: {{ .Release.Namespace }} + annotations: + helm.sh/resource-policy: keep +type: Opaque +stringData: + mysql-password: {{ index $authhubSecret.data "mysql-password" | b64dec }} +{{- else -}} +apiVersion: v1 +kind: Secret +metadata: + name: authhub-secret + namespace: {{ .Release.Namespace }} + annotations: + helm.sh/resource-policy: keep +type: Opaque +stringData: + mysql-password: {{ randAlphaNum 20 }} +{{- end -}} \ No newline at end of file diff --git a/deploy/chart/authhub/templates/web/authhub-web-config.yaml b/deploy/chart/authhub/templates/web/authhub-web-config.yaml new file mode 100644 index 00000000..3d342fb6 --- /dev/null +++ b/deploy/chart/authhub/templates/web/authhub-web-config.yaml @@ -0,0 +1,44 @@ +{{- if .Values.authhub.web.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: authhub-web-config + namespace: {{ .Release.Namespace }} +data: + authhub.nginx.conf: |- + server { + listen 8000; + server_name localhost; + + # gzip config + gzip on; + gzip_min_length 1k; + gzip_comp_level 6; + gzip_types text/plain text/css text/javascript application/json application/javascript application/x-javascript application/xml; + gzip_vary on; + gzip_disable "MSIE [1-6]\."; + + location / { + proxy_set_header X-Real-IP $remote_addr; + root /opt/authhub/web/dist; + index index.html; + try_files $uri $uri/ /index.html; + } + + location /authhub { + add_header Access-Control-Allow-Origin *; + add_header Access-Control-Allow-Methods 'GET, POST, DELETE, PUT, OPTIONS'; + alias /opt/authhub/web/dist; + index index.html; + try_files $uri $uri/ /index.html last; + } + + location /oauth2 { + proxy_pass http://authhub-backend-service.{{ .Release.Namespace }}.svc.cluster.local:11120; + proxy_set_header Host $host; + proxy_set_header X-Real-URL $request_uri; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Request-Header $http_request_header; + } + } +{{- end -}} \ No newline at end of file diff --git a/deploy/chart/authhub/templates/web/authhub-web-deployment.yaml b/deploy/chart/authhub/templates/web/authhub-web-deployment.yaml deleted file mode 100644 index 22024923..00000000 --- a/deploy/chart/authhub/templates/web/authhub-web-deployment.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if .Values.authhub.web.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: authhub-web-deploy-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} - labels: - app: authhub-web-{{ .Release.Name }} -spec: - replicas: {{ .Values.globals.replicaCount }} - selector: - matchLabels: - app: authhub-web-{{ .Release.Name }} - template: - metadata: - annotations: - checksum/secret: {{ include (print $.Template.BasePath "/web/authhub-web-secret.yaml") . | sha256sum }} - labels: - app: authhub-web-{{ .Release.Name }} - spec: - automountServiceAccountToken: false - containers: - - name: authhub-web - image: "{{if ne ( .Values.authhub.web.image.registry | toString ) ""}}{{ .Values.authhub.web.image.registry }}{{ else }}{{ .Values.globals.imageRegistry }}{{ end }}/{{ .Values.authhub.web.image.name }}:{{ .Values.authhub.web.image.tag | toString }}" - imagePullPolicy: {{ if ne ( .Values.authhub.web.image.imagePullPolicy | toString ) "" }}{{ .Values.authhub.web.image.imagePullPolicy }}{{ else }}{{ .Values.globals.imagePullPolicy }}{{ end }} - ports: - - containerPort: 8000 - protocol: TCP - livenessProbe: - httpGet: - path: / - port: 8000 - scheme: HTTP - failureThreshold: 5 - initialDelaySeconds: 60 - periodSeconds: 90 - volumeMounts: - - name: authhub-web-secret-volume - mountPath: /etc/nginx/conf.d - securityContext: - readOnlyRootFilesystem: {{ .Values.authhub.web.readOnly }} - resources: - {{- toYaml .Values.authhub.web.resources | nindent 12 }} - volumes: - - name: authhub-web-secret-volume - secret: - secretName: authhub-web-secret-{{ .Release.Name }} - items: - - key: authhub.nginx.conf - path: authhub.nginx.conf -{{- end }} diff --git a/deploy/chart/authhub/templates/web/authhub-web-ingress.yaml b/deploy/chart/authhub/templates/web/authhub-web-ingress.yaml deleted file mode 100644 index 4d08eb0f..00000000 --- a/deploy/chart/authhub/templates/web/authhub-web-ingress.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.authhub.web.ingress.enabled }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: authhub-web-ingress-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} -spec: - rules: - - host: {{ .Values.globals.domain }} - http: - paths: - - path: {{ .Values.authhub.web.ingress.prefix }} - pathType: Prefix - backend: - service: - name: authhub-web-service-{{ .Release.Name }} - port: - number: 8000 -{{- end }} \ No newline at end of file diff --git a/deploy/chart/authhub/templates/web/authhub-web-secret.yaml b/deploy/chart/authhub/templates/web/authhub-web-secret.yaml deleted file mode 100644 index b2447d5b..00000000 --- a/deploy/chart/authhub/templates/web/authhub-web-secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.authhub.web.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: authhub-web-secret-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} -type: Opaque -stringData: - authhub.nginx.conf: |- -{{ tpl (.Files.Get "configs/web/authhub.nginx.conf") . | indent 4 }} -{{- end }} \ No newline at end of file diff --git a/deploy/chart/authhub/templates/web/authhub-web-service.yaml b/deploy/chart/authhub/templates/web/authhub-web-service.yaml deleted file mode 100644 index 774f2017..00000000 --- a/deploy/chart/authhub/templates/web/authhub-web-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.authhub.web.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: authhub-web-service-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} -spec: - type: {{ .Values.authhub.web.service.type }} - selector: - app: authhub-web-{{ .Release.Name }} - ports: - - port: 8000 - targetPort: 8000 - {{- if (and (eq .Values.authhub.web.service.type "NodePort") .Values.authhub.web.service.nodePort) }} - nodePort: {{ .Values.authhub.web.service.nodePort }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/deploy/chart/authhub/templates/web/authhub-web.yaml b/deploy/chart/authhub/templates/web/authhub-web.yaml new file mode 100644 index 00000000..8f58f016 --- /dev/null +++ b/deploy/chart/authhub/templates/web/authhub-web.yaml @@ -0,0 +1,86 @@ +{{- if .Values.authhub.web.enabled -}} +--- +apiVersion: v1 +kind: Service +metadata: + name: authhub-web-service + namespace: {{ .Release.Namespace }} +spec: + type: {{ default "ClusterIP" .Values.authhub.web.service.type }} + selector: + app: authhub-web + ports: + - port: 8000 + targetPort: 8000 + nodePort: {{ default nil .Values.authhub.web.service.nodePort }} + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: authhub-web-ingress + namespace: {{ .Release.Namespace }} +spec: + rules: + - host: {{ default "authhub.eulercopilot.local" .Values.domain.authhub }} + http: + paths: + - path: {{ default "/" .Values.authhub.web.ingress.prefix }} + pathType: Prefix + backend: + service: + name: authhub-web-service + port: + number: 8000 + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: authhub-web-deploy + namespace: {{ .Release.Namespace }} + labels: + app: authhub-web +spec: + replicas: {{ default 1 .Values.globals.replicaCount }} + selector: + matchLabels: + app: authhub-web + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/web/authhub-web-config.yaml") . | sha256sum }} + labels: + app: authhub-web + spec: + automountServiceAccountToken: false + containers: + - name: authhub-web + image: {{ default "hub.oepkgs.net/neocopilot/authhub-web:0.9.3-x86" .Values.authhub.web.image }} + imagePullPolicy: {{ default "IfNotPresent" .Values.globals.imagePullPolicy }} + ports: + - containerPort: 8000 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: 8000 + scheme: HTTP + failureThreshold: 5 + initialDelaySeconds: 60 + periodSeconds: 90 + volumeMounts: + - name: web-config + mountPath: /etc/nginx/conf.d/authhub.nginx.conf + subPath: authhub.nginx.conf + resources: + requests: + cpu: 0.05 + memory: 64Mi + limits: + {{ toYaml .Values.authhub.web.resourceLimits | nindent 14 }} + volumes: + - name: web-config + configMap: + name: authhub-web-config +{{- end -}} diff --git a/deploy/chart/authhub/values.yaml b/deploy/chart/authhub/values.yaml index 59143690..4e98e533 100644 --- a/deploy/chart/authhub/values.yaml +++ b/deploy/chart/authhub/values.yaml @@ -1,101 +1,73 @@ # 全局设置 globals: - # [必填] 镜像仓库 - imageRegistry: "hub.oepkgs.net/neocopilot" - # [必填] 镜像拉取策略 - imagePullPolicy: IfNotPresent - # [必填] AuthHub部署域名 - # 需要修改为AuthHub域名。单机部署时,服务基于Host进行区分,无法使用IP地址 - domain: - # [必填] 副本数 - replicaCount: 1 - # [必填] databases chart的信息 - databases: - # [必填] helm安装时的release name - app_name: - # [必填] helm安装时的namespace - app_namespace: - # [必填] redis密码 - redis: + # 镜像拉取策略;默认为IfNotPresent + imagePullPolicy: + # 副本数,默认为1 + replicaCount: + # 存储类名称;默认为local-path + storageClassName: + +storage: + # MySQL持久化存储大小,默认为10Gi + mysql: + +domain: + # AuthHub域名,默认为authhub.eulercopilot.local。单机部署时,服务基于Host进行区分,无法使用IP地址 + authhub: # 部署AuthHub本地鉴权服务 authhub: + # 配置文件工具 + secret_inject: + # 镜像设置;默认为hub.oepkgs.net/neocopilot/secret_inject:x86 + # 镜像标签:["x86", "arm"] + image: hub.oepkgs.net/neocopilot/secret_inject:dev + web: # [必填] 是否部署AuthHub前端服务 enabled: true - # 镜像设置 + # 镜像设置;默认为hub.oepkgs.net/neocopilot/authhub-web:0.9.3-x86 + # 镜像标签:["0.9.3-x86", "0.9.3-arm"] image: - # 镜像仓库。留空则使用全局设置。 - registry: "" - # [必填] 镜像名 - name: authhub-web - # [必填] 镜像Tag - tag: "0.9.1" - # 拉取策略。留空则使用全局设置。 - imagePullPolicy: "" - # [必填] 容器根目录只读 - readOnly: false # 性能限制设置 - resources: {} + resourceLimits: {} # Service设置 service: - # [必填] Service类型,ClusterIP或NodePort - type: ClusterIP - # 当类型为nodePort时,填写主机的端口号 - nodePort: "" + # Service类型,例如NodePort + type: + # 当类型为NodePort时,填写主机的端口号 + nodePort: # Ingress设置 ingress: - # [必填] 是否启用Ingress - enabled: true - # [必填] URI前缀 - prefix: / + # Ingress前缀,默认为/ + prefix: + backend: # [必填] 是否部署AuthHub后端服务 enabled: true - # 镜像设置 + # 镜像设置;默认为hub.oepkgs.net/neocopilot/authhub:0.9.3-x86 + # 镜像标签:["0.9.3-x86", "0.9.3-arm"] image: - # 镜像仓库。留空则使用全局设置。 - registry: "" - # [必填] 镜像名 - name: authhub - # 镜像Tag - tag: "0.9.1" - # 拉取策略。留空则使用全局设置。 - imagePullPolicy: "" - # [必填] 容器根目录只读 - readOnly: false # 性能限制设置 - resources: {} + resourceLimits: {} # Service设置 service: - # [必填] Service类型,ClusterIP或NodePort - type: ClusterIP - # 当类型为nodePort时,填写主机的端口号 - nodePort: "" + # Service类型,例如NodePort + type: + # 当类型为NodePort时,填写主机的端口号 + nodePort: + mysql: # [必填] 是否启用MySQL enabled: true - # 镜像设置 + # 镜像设置;默认为hub.oepkgs.net/neocopilot/mysql:8-x86 + # 镜像标签:["8-x86", "8-arm"] image: - # 镜像仓库。留空则使用全局设置。 - registry: "" - # [必填] 镜像名 - name: mysql - # [必填] 镜像Tag - tag: "8" - # 拉取策略。留空则使用全局设置。 - imagePullPolicy: "" - # [必填] 容器根目录只读 - readOnly: false # 性能限制设置 - resources: {} + resourceLimits: {} # Service设置 service: - # [必填] Service类型,ClusterIP或NodePort - type: ClusterIP - # 当类型为nodePort时,填写主机的端口号 - nodePort: "" - # [必填] 密码 - password: - # [必填] 持久化存储大小 - persistentVolumeSize: 10Gi + # Service类型,例如NodePort + type: + # 当类型为NodePort时,填写主机的端口号 + nodePort: diff --git a/deploy/chart/databases/Chart.yaml b/deploy/chart/databases/Chart.yaml index 0ca5c32d..476f7f60 100644 --- a/deploy/chart/databases/Chart.yaml +++ b/deploy/chart/databases/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: euler-copilot-databases description: Euler Copilot 数据库 Helm部署包 type: application -version: 0.9.1 -appVersion: "1.16.0" +version: 0.9.4 +appVersion: "0.9.4" diff --git a/deploy/chart/databases/configs/mongo/healthcheck.sh b/deploy/chart/databases/configs/mongo/healthcheck.sh deleted file mode 100644 index 299d945b..00000000 --- a/deploy/chart/databases/configs/mongo/healthcheck.sh +++ /dev/null @@ -1,15 +0,0 @@ -#! /bin/bash - -if mongosh --quiet --eval "rs.status().ok" -u ${MONGO_INITDB_ROOT_USERNAME} -p ${MONGO_INITDB_ROOT_PASSWORD} &> /dev/null; then - echo "MongoDB集群状态正常" - exit 0 -else - echo "初始化MongoDB集群" - if ! mongosh --quiet --eval 'rs.initiate({_id: "rs0", members: [{ _id: 0, host: "127.0.0.1:27017" }]});' -u ${MONGO_INITDB_ROOT_USERNAME} -p ${MONGO_INITDB_ROOT_PASSWORD} &> /dev/null; then - echo "初始化MongoDB集群失败!" - exit 1 - fi - echo "初始化MongoDB集群成功!" - exit 0 -fi - \ No newline at end of file diff --git a/deploy/chart/databases/configs/pgsql/init.sql b/deploy/chart/databases/configs/pgsql/init.sql deleted file mode 100644 index 85fba6ef..00000000 --- a/deploy/chart/databases/configs/pgsql/init.sql +++ /dev/null @@ -1,4 +0,0 @@ -CREATE EXTENSION zhparser; -CREATE EXTENSION vector; -CREATE TEXT SEARCH CONFIGURATION zhparser (PARSER = zhparser); -ALTER TEXT SEARCH CONFIGURATION zhparser ADD MAPPING FOR n,v,a,i,e,l WITH simple; \ No newline at end of file diff --git a/deploy/chart/databases/templates/NOTES.txt b/deploy/chart/databases/templates/NOTES.txt index ca199936..dc55c5bf 100644 --- a/deploy/chart/databases/templates/NOTES.txt +++ b/deploy/chart/databases/templates/NOTES.txt @@ -1,3 +1,3 @@ 感谢您使用Euler Copilot! -当前为Euler Copilot 0.9.3版本。 +当前为Euler Copilot 0.9.4版本。 当前Chart的功能为:数据库部署。 \ No newline at end of file diff --git a/deploy/chart/databases/templates/minio/minio-ingress.yaml b/deploy/chart/databases/templates/minio/minio-ingress.yaml deleted file mode 100644 index be64c6c8..00000000 --- a/deploy/chart/databases/templates/minio/minio-ingress.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.databases.minio.ingress.enabled }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: minio-ingress-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} -spec: - rules: - - host: {{ .Values.databases.minio.ingress.domain }} - http: - paths: - - path: {{ .Values.databases.minio.ingress.prefix }} - pathType: Prefix - backend: - service: - name: minio-service-{{ .Release.Name }} - port: - number: 9001 -{{- end }} \ No newline at end of file diff --git a/deploy/chart/databases/templates/minio/minio-secret.yaml b/deploy/chart/databases/templates/minio/minio-secret.yaml deleted file mode 100644 index d62b215c..00000000 --- a/deploy/chart/databases/templates/minio/minio-secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if .Values.databases.minio.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: minio-secret-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} -type: Opaque -stringData: - minio-password: {{ .Values.databases.minio.password }} -{{- end }} \ No newline at end of file diff --git a/deploy/chart/databases/templates/minio/minio-service.yaml b/deploy/chart/databases/templates/minio/minio-service.yaml deleted file mode 100644 index a528fbfd..00000000 --- a/deploy/chart/databases/templates/minio/minio-service.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.databases.minio.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: minio-service-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} -spec: - type: {{ .Values.databases.minio.service.type }} - selector: - app: minio-{{ .Release.Name }} - ports: - - name: minio-data - port: 9000 - targetPort: 9000 - {{- if (and (eq .Values.databases.minio.service.type "NodePort") .Values.databases.minio.service.dataNodePort) }} - nodePort: {{ .Values.databases.minio.service.dataNodePort }} - {{- end }} - - name: minio-console - port: 9001 - targetPort: 9001 - {{- if (and (eq .Values.databases.minio.service.type "NodePort") .Values.databases.minio.service.consoleNodePort) }} - nodePort: {{ .Values.databases.minio.service.consoleNodePort }} - {{- end }} -{{- end }} diff --git a/deploy/chart/databases/templates/minio/minio-pvc.yaml b/deploy/chart/databases/templates/minio/minio-storage.yaml similarity index 49% rename from deploy/chart/databases/templates/minio/minio-pvc.yaml rename to deploy/chart/databases/templates/minio/minio-storage.yaml index 69ab0706..d70fdad4 100644 --- a/deploy/chart/databases/templates/minio/minio-pvc.yaml +++ b/deploy/chart/databases/templates/minio/minio-storage.yaml @@ -1,15 +1,16 @@ -{{- if and .Values.databases.minio.enabled }} +{{- if and .Values.databases.minio.enabled -}} apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: minio-pvc-{{ .Release.Name }} + name: minio-storage namespace: {{ .Release.Namespace }} annotations: helm.sh/resource-policy: keep spec: + storageClassName: {{ default "local-path" .Values.globals.storageClass }} accessModes: - ReadWriteOnce resources: requests: - storage: {{ .Values.databases.minio.persistentVolumeSize }} -{{- end }} \ No newline at end of file + storage: {{ default "10Gi" .Values.storage.minio }} +{{- end -}} \ No newline at end of file diff --git a/deploy/chart/databases/templates/minio/minio-deployment.yaml b/deploy/chart/databases/templates/minio/minio.yaml similarity index 44% rename from deploy/chart/databases/templates/minio/minio-deployment.yaml rename to deploy/chart/databases/templates/minio/minio.yaml index 72818696..83d7239d 100644 --- a/deploy/chart/databases/templates/minio/minio-deployment.yaml +++ b/deploy/chart/databases/templates/minio/minio.yaml @@ -1,26 +1,66 @@ -{{- if .Values.databases.minio.enabled }} +{{- if .Values.databases.minio.enabled -}} +--- +apiVersion: v1 +kind: Service +metadata: + name: minio-service + namespace: {{ .Release.Namespace }} +spec: + type: {{ default "ClusterIP" .Values.databases.minio.service.type }} + selector: + app: minio + ports: + - name: minio-data + port: 9000 + targetPort: 9000 + nodePort: {{ default nil .Values.databases.minio.service.dataNodePort }} + - name: minio-console + port: 9001 + targetPort: 9001 + nodePort: {{ default nil .Values.databases.minio.service.consoleNodePort }} + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: minio-ingress + namespace: {{ .Release.Namespace }} +spec: + rules: + - host: {{ default "minio.eulercopilot.local" .Values.domain.minioConsole }} + http: + paths: + - path: {{ default "/" .Values.databases.minio.ingress.prefix }} + pathType: Prefix + backend: + service: + name: minio-service + port: + number: 9001 + +--- apiVersion: apps/v1 kind: Deployment metadata: - name: minio-deploy-{{ .Release.Name }} + name: minio-deploy namespace: {{ .Release.Namespace }} labels: - app: minio-{{ .Release.Name }} + app: minio spec: - replicas: {{ .Values.globals.replicaCount }} + replicas: {{ default 1 .Values.globals.replicaCount }} selector: matchLabels: - app: minio-{{ .Release.Name }} + app: minio template: metadata: labels: - app: minio-{{ .Release.Name }} + app: minio spec: automountServiceAccountToken: false containers: - name: minio - image: "{{if ne ( .Values.databases.minio.image.registry | toString ) ""}}{{ .Values.databases.minio.image.registry }}{{ else }}{{ .Values.globals.imageRegistry }}{{ end }}/{{ .Values.databases.minio.image.name }}:{{ .Values.databases.minio.image.tag | toString }}" - imagePullPolicy: {{ if ne ( .Values.databases.minio.image.imagePullPolicy | toString ) "" }}{{ .Values.databases.minio.image.imagePullPolicy }}{{ else }}{{ .Values.globals.imagePullPolicy }}{{ end }} + image: {{ default "hub.oepkgs.net/neocopilot/minio:empty" .Values.databases.minio.image }} + imagePullPolicy: {{ default "IfNotPresent" .Values.globals.imagePullPolicy }} args: - "server" - "/data" @@ -49,18 +89,19 @@ spec: - name: MINIO_ROOT_PASSWORD valueFrom: secretKeyRef: - name: minio-secret-{{ .Release.Name }} + name: euler-copilot-database key: minio-password volumeMounts: - mountPath: "/data" name: minio-data resources: - {{- toYaml .Values.databases.minio.resources | nindent 12 }} + requests: + cpu: 0.25 + memory: 256Mi + limits: + {{ toYaml .Values.databases.minio.resourceLimits | nindent 14 }} volumes: - name: minio-data persistentVolumeClaim: - claimName: minio-pvc-{{ .Release.Name }} - - name: minio-init - secret: - secretName: minio-secret-{{ .Release.Name }} -{{- end }} + claimName: minio-storage +{{- end -}} diff --git a/deploy/chart/databases/templates/mongo/mongo-config.yaml b/deploy/chart/databases/templates/mongo/mongo-config.yaml new file mode 100644 index 00000000..9c9594fd --- /dev/null +++ b/deploy/chart/databases/templates/mongo/mongo-config.yaml @@ -0,0 +1,23 @@ +{{- if .Values.databases.mongo.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: mongo-config + namespace: {{ .Release.Namespace }} +data: + healthcheck.sh: | + #! /bin/bash + + if mongosh --quiet --eval "rs.status().ok" -u ${MONGO_INITDB_ROOT_USERNAME} -p ${MONGO_INITDB_ROOT_PASSWORD} &> /dev/null; then + echo "MongoDB集群状态正常" + exit 0 + else + echo "初始化MongoDB集群" + if ! mongosh --quiet --eval 'rs.initiate({_id: "rs0", members: [{ _id: 0, host: "127.0.0.1:27017" }]});' -u ${MONGO_INITDB_ROOT_USERNAME} -p ${MONGO_INITDB_ROOT_PASSWORD} &> /dev/null; then + echo "初始化MongoDB集群失败!" + exit 1 + fi + echo "初始化MongoDB集群成功!" + exit 0 + fi +{{- end -}} \ No newline at end of file diff --git a/deploy/chart/databases/templates/mongo/mongo-secret.yaml b/deploy/chart/databases/templates/mongo/mongo-secret.yaml deleted file mode 100644 index 62bb2675..00000000 --- a/deploy/chart/databases/templates/mongo/mongo-secret.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.databases.mongo.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: mongo-secret-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} -type: Opaque -stringData: - mongo-password: {{ .Values.databases.mongo.password }} - healthcheck.sh: | -{{ tpl (.Files.Get "configs/mongo/healthcheck.sh") . | indent 4 }} -{{- end }} \ No newline at end of file diff --git a/deploy/chart/databases/templates/mongo/mongo-service.yaml b/deploy/chart/databases/templates/mongo/mongo-service.yaml deleted file mode 100644 index 9e758c73..00000000 --- a/deploy/chart/databases/templates/mongo/mongo-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.databases.mongo.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: mongo-db-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} -spec: - type: {{ .Values.databases.mongo.service.type }} - selector: - app: mongo-{{ .Release.Name }} - ports: - - port: 27017 - targetPort: 27017 - {{- if (and (eq .Values.databases.mongo.service.type "NodePort") .Values.databases.mongo.service.nodePort) }} - nodePort: {{ .Values.databases.mongo.service.nodePort }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/deploy/chart/authhub/templates/mysql/mysql-pvc.yaml b/deploy/chart/databases/templates/mongo/mongo-storage.yaml similarity index 49% rename from deploy/chart/authhub/templates/mysql/mysql-pvc.yaml rename to deploy/chart/databases/templates/mongo/mongo-storage.yaml index 462a4a89..db5c313f 100644 --- a/deploy/chart/authhub/templates/mysql/mysql-pvc.yaml +++ b/deploy/chart/databases/templates/mongo/mongo-storage.yaml @@ -1,15 +1,16 @@ -{{- if .Values.authhub.mysql.enabled }} +{{- if .Values.databases.mongo.enabled -}} apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: mysql-pvc-{{ .Release.Name }} + name: mongo-storage namespace: {{ .Release.Namespace }} annotations: helm.sh/resource-policy: keep spec: + storageClassName: {{ default "local-path" .Values.globals.storageClass }} accessModes: - ReadWriteOnce resources: requests: - storage: {{ .Values.authhub.mysql.persistentVolumeSize }} -{{- end }} \ No newline at end of file + storage: {{ default "10Gi" .Values.storage.mongo }} +{{- end -}} \ No newline at end of file diff --git a/deploy/chart/databases/templates/mongo/mongo-deployment.yaml b/deploy/chart/databases/templates/mongo/mongo.yaml similarity index 61% rename from deploy/chart/databases/templates/mongo/mongo-deployment.yaml rename to deploy/chart/databases/templates/mongo/mongo.yaml index 842ea499..c8750ee5 100644 --- a/deploy/chart/databases/templates/mongo/mongo-deployment.yaml +++ b/deploy/chart/databases/templates/mongo/mongo.yaml @@ -1,28 +1,44 @@ -{{- if .Values.databases.mongo.enabled }} +{{- if .Values.databases.mongo.enabled -}} +--- +apiVersion: v1 +kind: Service +metadata: + name: mongo-db + namespace: {{ .Release.Namespace }} +spec: + type: {{ default "ClusterIP" .Values.databases.mongo.service.type }} + selector: + app: mongo + ports: + - port: 27017 + targetPort: 27017 + nodePort: {{ default nil .Values.databases.mongo.service.nodePort }} + +--- apiVersion: apps/v1 kind: Deployment metadata: - name: mongo-deploy-{{ .Release.Name }} + name: mongo-deploy namespace: {{ .Release.Namespace }} labels: - app: mongo-{{ .Release.Name }} + app: mongo spec: - replicas: {{ .Values.globals.replicaCount }} + replicas: {{ default 1 .Values.globals.replicaCount }} selector: matchLabels: - app: mongo-{{ .Release.Name }} + app: mongo template: metadata: annotations: - checksum/secret: {{ include (print $.Template.BasePath "/mongo/mongo-secret.yaml") . | sha256sum }} + checksum/config: {{ include (print $.Template.BasePath "/mongo/mongo-config.yaml") . | sha256sum }} labels: - app: mongo-{{ .Release.Name }} + app: mongo spec: automountServiceAccountToken: false containers: - name: mongo - image: "{{ if ne (.Values.databases.mongo.image.registry | toString ) "" }}{{ .Values.databases.mongo.image.registry }}{{ else }}{{ .Values.globals.imageRegistry }}{{ end }}/{{ .Values.databases.mongo.image.name }}:{{ .Values.databases.mongo.image.tag | toString }}" - imagePullPolicy: {{ if ne (.Values.databases.mongo.image.imagePullPolicy | toString) "" }}{{ .Values.databases.mongo.image.imagePullPolicy }}{{ else }}{{ .Values.globals.imagePullPolicy }}{{ end }} + image: {{ default "hub.oepkgs.net/neocopilot/mongo:7.0.16-x86" .Values.databases.mongo.image }} + imagePullPolicy: {{ default "IfNotPresent" .Values.globals.imagePullPolicy }} command: - bash - -c @@ -59,7 +75,7 @@ spec: - name: MONGO_INITDB_ROOT_PASSWORD valueFrom: secretKeyRef: - name: mongo-secret-{{ .Release.Name }} + name: euler-copilot-database key: mongo-password - name: MONGO_INITDB_DATABASE value: euler_copilot @@ -70,13 +86,17 @@ spec: name: mongo-init subPath: healthcheck.sh resources: - {{- toYaml .Values.databases.mongo.resources | nindent 12 }} + requests: + cpu: 0.25 + memory: 256Mi + limits: + {{ toYaml .Values.databases.mongo.resourceLimits | nindent 14 }} restartPolicy: Always volumes: - name: mongo-data persistentVolumeClaim: - claimName: mongo-pvc-{{ .Release.Name }} + claimName: mongo-storage - name: mongo-init - secret: - secretName: mongo-secret-{{ .Release.Name }} -{{- end }} + configMap: + name: mongo-config +{{- end -}} diff --git a/deploy/chart/databases/templates/pgsql/pgsql-config.yaml b/deploy/chart/databases/templates/pgsql/pgsql-config.yaml new file mode 100644 index 00000000..1f73664c --- /dev/null +++ b/deploy/chart/databases/templates/pgsql/pgsql-config.yaml @@ -0,0 +1,13 @@ +{{- if .Values.databases.pgsql.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: pgsql-config + namespace: {{ .Release.Namespace }} +data: + init.sql: | + CREATE EXTENSION zhparser; + CREATE EXTENSION vector; + CREATE TEXT SEARCH CONFIGURATION zhparser (PARSER = zhparser); + ALTER TEXT SEARCH CONFIGURATION zhparser ADD MAPPING FOR n,v,a,i,e,l WITH simple; +{{- end -}} \ No newline at end of file diff --git a/deploy/chart/databases/templates/pgsql/pgsql-secret.yaml b/deploy/chart/databases/templates/pgsql/pgsql-secret.yaml deleted file mode 100644 index 387a2b66..00000000 --- a/deploy/chart/databases/templates/pgsql/pgsql-secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.databases.pgsql.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: pgsql-secret-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} -type: Opaque -stringData: - init.sql: -{{ tpl (.Files.Get "configs/pgsql/init.sql") . | indent 4 }} -{{- end }} \ No newline at end of file diff --git a/deploy/chart/databases/templates/pgsql/pgsql-service.yaml b/deploy/chart/databases/templates/pgsql/pgsql-service.yaml deleted file mode 100644 index 7c0e000e..00000000 --- a/deploy/chart/databases/templates/pgsql/pgsql-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.databases.pgsql.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: pgsql-db-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} -spec: - type: {{ .Values.databases.pgsql.service.type }} - selector: - app: pgsql-{{ .Release.Name }} - ports: - - port: 5432 - targetPort: 5432 - {{- if (and (eq .Values.databases.pgsql.service.type "NodePort") .Values.databases.pgsql.service.nodePort) }} - nodePort: {{ .Values.databases.pgsql.service.nodePort }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/deploy/chart/databases/templates/mongo/mongo-pvc.yaml b/deploy/chart/databases/templates/pgsql/pgsql-storage.yaml similarity index 49% rename from deploy/chart/databases/templates/mongo/mongo-pvc.yaml rename to deploy/chart/databases/templates/pgsql/pgsql-storage.yaml index 8cecc5dd..5b5a16a3 100644 --- a/deploy/chart/databases/templates/mongo/mongo-pvc.yaml +++ b/deploy/chart/databases/templates/pgsql/pgsql-storage.yaml @@ -1,16 +1,16 @@ -{{- if .Values.databases.mongo.enabled }} +{{- if and .Values.databases.pgsql.enabled -}} apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: mongo-pvc-{{ .Release.Name }} + name: pgsql-storage namespace: {{ .Release.Namespace }} annotations: helm.sh/resource-policy: keep spec: + storageClassName: {{ default "local-path" .Values.globals.storageClass }} accessModes: - ReadWriteOnce - storageClassName: local-path resources: requests: - storage: {{ .Values.databases.mongo.persistentVolumeSize }} -{{- end }} \ No newline at end of file + storage: {{ default "10Gi" .Values.storage.pgsql }} +{{- end -}} \ No newline at end of file diff --git a/deploy/chart/databases/templates/pgsql/pgsql-deployment.yaml b/deploy/chart/databases/templates/pgsql/pgsql.yaml similarity index 48% rename from deploy/chart/databases/templates/pgsql/pgsql-deployment.yaml rename to deploy/chart/databases/templates/pgsql/pgsql.yaml index df8cee79..9a94aff2 100644 --- a/deploy/chart/databases/templates/pgsql/pgsql-deployment.yaml +++ b/deploy/chart/databases/templates/pgsql/pgsql.yaml @@ -1,26 +1,44 @@ -{{- if .Values.databases.pgsql.enabled }} +{{- if .Values.databases.pgsql.enabled -}} +--- +apiVersion: v1 +kind: Service +metadata: + name: pgsql-db + namespace: {{ .Release.Namespace }} +spec: + type: {{ default "ClusterIP" .Values.databases.pgsql.service.type }} + selector: + app: pgsql + ports: + - port: 5432 + targetPort: 5432 + nodePort: {{ default nil .Values.databases.pgsql.service.nodePort }} + +--- apiVersion: apps/v1 kind: Deployment metadata: - name: pgsql-deploy-{{ .Release.Name }} + name: pgsql-deploy namespace: {{ .Release.Namespace }} labels: - app: pgsql-{{ .Release.Name }} + app: pgsql spec: - replicas: {{ .Values.globals.replicaCount }} + replicas: {{ default 1 .Values.globals.replicaCount }} selector: matchLabels: - app: pgsql-{{ .Release.Name }} + app: pgsql template: metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/pgsql/pgsql-config.yaml") . | sha256sum }} labels: - app: pgsql-{{ .Release.Name }} + app: pgsql spec: automountServiceAccountToken: false containers: - name: pgsql - image: "{{if ne ( .Values.databases.pgsql.image.registry | toString ) ""}}{{ .Values.databases.pgsql.image.registry }}{{ else }}{{ .Values.globals.imageRegistry }}{{ end }}/{{ .Values.databases.pgsql.image.name }}:{{ .Values.databases.pgsql.image.tag | toString }}" - imagePullPolicy: {{ if ne ( .Values.databases.pgsql.image.imagePullPolicy | toString ) "" }}{{ .Values.databases.pgsql.image.imagePullPolicy }}{{ else }}{{ .Values.globals.imagePullPolicy }}{{ end }} + image: {{ default "hub.oepkgs.net/neocopilot/pgsql-empty:pg16" .Values.databases.pgsql.image }} + imagePullPolicy: {{ default "IfNotPresent" .Values.globals.imagePullPolicy }} ports: - containerPort: 5432 protocol: TCP @@ -40,7 +58,10 @@ spec: - name: POSTGRES_USER value: "postgres" - name: POSTGRES_PASSWORD - value: "{{ .Values.databases.pgsql.password }}" + valueFrom: + secretKeyRef: + name: euler-copilot-database + key: pgsql-password volumeMounts: - mountPath: /var/lib/postgresql/data name: pgsql-data @@ -48,12 +69,16 @@ spec: name: pgsql-init subPath: init.sql resources: - {{- toYaml .Values.databases.pgsql.resources | nindent 12 }} + requests: + cpu: 0.25 + memory: 512Mi + limits: + {{ toYaml .Values.databases.pgsql.resourceLimits | nindent 14 }} volumes: - name: pgsql-data persistentVolumeClaim: - claimName: pgsql-pvc-{{ .Release.Name }} + claimName: pgsql-storage - name: pgsql-init - secret: - secretName: pgsql-secret-{{ .Release.Name }} -{{- end }} + configMap: + name: pgsql-config +{{- end -}} diff --git a/deploy/chart/databases/templates/redis/redis-secret.yaml b/deploy/chart/databases/templates/redis/redis-secret.yaml deleted file mode 100644 index 41d859f6..00000000 --- a/deploy/chart/databases/templates/redis/redis-secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if .Values.databases.redis.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: redis-secret-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} -type: Opaque -stringData: - redis-password: {{ .Values.databases.redis.password }} -{{- end }} \ No newline at end of file diff --git a/deploy/chart/databases/templates/redis/redis-service.yaml b/deploy/chart/databases/templates/redis/redis-service.yaml deleted file mode 100644 index db37dbfb..00000000 --- a/deploy/chart/databases/templates/redis/redis-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.databases.redis.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: redis-db-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} -spec: - type: {{ .Values.databases.redis.service.type }} - selector: - app: redis-{{ .Release.Name }} - ports: - - port: 6379 - targetPort: 6379 - {{- if (and (eq .Values.databases.redis.service.type "NodePort") .Values.databases.redis.service.nodePort) }} - nodePort: {{ .Values.databases.redis.service.nodePort }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/deploy/chart/databases/templates/redis/redis-deployment.yaml b/deploy/chart/databases/templates/redis/redis.yaml similarity index 50% rename from deploy/chart/databases/templates/redis/redis-deployment.yaml rename to deploy/chart/databases/templates/redis/redis.yaml index 8994bdb6..dbabf932 100644 --- a/deploy/chart/databases/templates/redis/redis-deployment.yaml +++ b/deploy/chart/databases/templates/redis/redis.yaml @@ -1,28 +1,42 @@ -{{- if .Values.databases.redis.enabled }} +{{- if .Values.databases.redis.enabled -}} +--- +apiVersion: v1 +kind: Service +metadata: + name: redis-db + namespace: {{ .Release.Namespace }} +spec: + type: {{ default "ClusterIP" .Values.databases.redis.service.type }} + selector: + app: redis + ports: + - port: 6379 + targetPort: 6379 + nodePort: {{ default nil .Values.databases.redis.service.nodePort }} + +--- apiVersion: apps/v1 kind: Deployment metadata: - name: redis-deploy-{{ .Release.Name }} + name: redis-deploy namespace: {{ .Release.Namespace }} labels: - app: redis-{{ .Release.Name }} + app: redis spec: - replicas: {{ .Values.globals.replicaCount }} + replicas: {{ default 1 .Values.globals.replicaCount }} selector: matchLabels: - app: redis-{{ .Release.Name }} + app: redis template: metadata: - annotations: - checksum/secret: {{ include (print $.Template.BasePath "/redis/redis-secret.yaml") . | sha256sum }} labels: - app: redis-{{ .Release.Name }} + app: redis spec: automountServiceAccountToken: false containers: - name: redis - image: "{{ if ne (.Values.databases.redis.image.registry | toString) "" }}{{ .Values.databases.redis.image.registry }}{{ else }}{{ .Values.globals.imageRegistry }}{{ end }}/{{ .Values.databases.redis.image.name }}:{{ .Values.databases.redis.image.tag | toString }}" - imagePullPolicy: {{ if ne (.Values.databases.redis.image.imagePullPolicy | toString ) "" }}{{ .Values.databases.redis.image.imagePullPolicy }}{{ else }}{{ .Values.globals.imagePullPolicy }}{{ end }} + image: {{ default "hub.oepkgs.net/neocopilot/redis:7.4-alpine" .Values.databases.redis.image }} + imagePullPolicy: {{ default "IfNotPresent" .Values.globals.imagePullPolicy }} command: - redis-server - --requirepass $(REDIS_PASSWORD) @@ -44,18 +58,20 @@ spec: - name: REDIS_PASSWORD valueFrom: secretKeyRef: - name: redis-secret-{{ .Release.Name }} + name: euler-copilot-database key: redis-password volumeMounts: - mountPath: /tmp name: redis-tmp - securityContext: - readOnlyRootFilesystem: {{ .Values.databases.redis.readOnly }} resources: - {{- toYaml .Values.databases.redis.resources | nindent 12 }} + requests: + cpu: 0.1 + memory: 64Mi + limits: + {{ toYaml .Values.databases.redis.resourceLimits | nindent 14 }} restartPolicy: Always volumes: - name: redis-tmp emptyDir: medium: Memory -{{- end }} \ No newline at end of file +{{- end -}} \ No newline at end of file diff --git a/deploy/chart/databases/templates/secrets.yaml b/deploy/chart/databases/templates/secrets.yaml new file mode 100644 index 00000000..e2a4a071 --- /dev/null +++ b/deploy/chart/databases/templates/secrets.yaml @@ -0,0 +1,30 @@ +{{- $databaseSecret := (lookup "v1" "Secret" .Release.Namespace "euler-copilot-database") -}} +{{- if $databaseSecret -}} +apiVersion: v1 +kind: Secret +metadata: + name: euler-copilot-database + namespace: {{ .Release.Namespace }} + annotations: + helm.sh/resource-policy: keep +type: Opaque +stringData: + redis-password: {{ index $databaseSecret.data "redis-password" | b64dec }} + mongo-password: {{ index $databaseSecret.data "mongo-password" | b64dec }} + minio-password: {{ index $databaseSecret.data "minio-password" | b64dec }} + pgsql-password: {{ index $databaseSecret.data "pgsql-password" | b64dec }} +{{- else -}} +apiVersion: v1 +kind: Secret +metadata: + name: euler-copilot-database + namespace: {{ .Release.Namespace }} + annotations: + helm.sh/resource-policy: keep +type: Opaque +stringData: + redis-password: {{ randAlphaNum 20 }} + mongo-password: {{ randAlphaNum 20 }} + minio-password: {{ randAlphaNum 20 }} + pgsql-password: {{ randAlphaNum 20 }} +{{- end -}} diff --git a/deploy/chart/databases/values.yaml b/deploy/chart/databases/values.yaml index 30db6426..99ca5319 100644 --- a/deploy/chart/databases/values.yaml +++ b/deploy/chart/databases/values.yaml @@ -1,127 +1,88 @@ # 全局设置 globals: - # [必填] 部署副本数 - replicaCount: 1 - # [必填] 镜像仓库 - imageRegistry: "hub.oepkgs.net/neocopilot" - # [必填] 镜像拉取策略 - imagePullPolicy: IfNotPresent + # 部署副本数,默认为1 + replicaCount: + # 镜像拉取策略,默认为IfNotPresent + imagePullPolicy: + # 存储类,默认为local-path + storageClass: + +# 存储设置 +storage: + # MinIO存储大小,默认为10GB + minio: + # MongoDB存储大小,默认为10GB + mongo: + # 向量数据库存储大小,默认为10GB + pgsql: + +# 域名设置 +domain: + # 需要修改为MinIO Console绑定的域名。单节点部署时,服务基于Host进行区分,无法使用IP地址 + minioConsole: databases: minio: # [必填] 是否部署MinIO实例 enabled: true - # 镜像设置 + # 镜像设置:默认为hub.oepkgs.net/neocopilot/minio:empty + # 镜像版本:["empty", "empty-arm"] image: - # 镜像仓库。留空则使用全局设置。 - registry: "" - # [必填] 镜像名 - name: "minio" - # [必填] 镜像标签, 为empty或empty-arm - tag: "empty" - # 拉取策略。留空则使用全局设置。 - imagePullPolicy: "" # 性能限制设置 - resources: {} - # [必填] 容器根目录只读 - readOnly: false - # [必填] PersistentVolume大小设置 - persistentVolumeSize: 20Gi - # [必填] 密码设置 - password: + resourceLimits: {} # Service设置 service: - # [必填] Service类型,ClusterIP或NodePort - type: ClusterIP - # 当类型为nodePort时,填写MinIO数据端口对应的主机的端口号 - dataNodePort: "" - # 当类型为nodePort时,填写MinIO控制台对应的主机的端口号 - consoleNodePort: "" + # Service类型,例如NodePort + type: + # 当类型为NodePort时,填写MinIO数据端口对应的主机的端口号 + dataNodePort: + # 当类型为NodePort时,填写MinIO控制台对应的主机的端口号 + consoleNodePort: # Ingress设置 ingress: # [必填] 是否暴露MinIO的Console enabled: true - # [必填] 部署域名 - # 需要修改为MinIO Console绑定的域名。单节点部署时,服务基于Host进行区分,无法使用IP地址 - domain: # Ingress URL前缀 prefix: / mongo: # [必填] 是否部署MySQL数据库实例 enabled: true - # 镜像设置 + # 镜像设置;默认为hub.oepkgs.net/neocopilot/mongo:7.0.16-x86 + # 镜像版本: ["7.0.16-x86", "7.0.16-arm"] image: - # 镜像仓库。留空则使用全局设置。 - registry: "" - # [必填] 镜像名 - name: mongo - # [必填] 镜像标签,为7.0.16-x86或7.0.16-arm - tag: "7.0.16-x86" - # 拉取策略。留空则使用全局设置。 - imagePullPolicy: "" # 性能限制设置 - resources: {} - # [必填] 容器根目录只读 - readOnly: false - # [必填] PersistentVolume大小设置 - persistentVolumeSize: 10Gi - # [必填] 密码设置 - password: "" + resourceLimits: {} # Service设置 service: - # [必填] Service类型,ClusterIP或NodePort - type: ClusterIP + # [必填] Service类型,例如NodePort + type: # 当类型为nodePort时,填写主机的端口号 - nodePort: "" + nodePort: redis: # [必填] 是否部署Redis实例 enabled: true - # 镜像设置 + # 镜像设置,默认为hub.oepkgs.net/neocopilot/redis:7.4-alpine + # 镜像版本: ["7.4-alpine", "7.4-alpine-arm"] image: - # 镜像仓库。留空则使用全局设置。 - registry: "" - # [必填] 镜像名 - name: redis - # [必填] 镜像标签,为7.4-alpine或7.4-alpine-arm - tag: 7.4-alpine - # 拉取策略。留空则使用全局设置 - imagePullPolicy: "" # 性能限制设置 - resources: {} - # [必填] 容器根目录只读 - readOnly: false - # [必填] 密码设置 - password: "" + resourceLimits: {} # Service设置 service: - # [必填] Service类型,ClusterIP或NodePort - type: ClusterIP + # Service类型,如NodePort + type: # 当类型为nodePort时,填写主机的端口号 - nodePort: "" + nodePort: pgsql: # [必填] 是否部署PostgreSQL实例 enabled: true - # 镜像设置 + # 镜像设置,默认为hub.oepkgs.net/neocopilot/pgsql-empty:pg16 + # 镜像版本: ["pg16", "pg16-arm"] image: - # 镜像仓库。留空则使用全局设置。 - registry: "" - # [必填] 镜像名 - name: pgsql-empty - # [必填] 镜像标签,为pg16或pg16-arm - tag: pg16 - # 拉取策略。留空则使用全局设置。 - imagePullPolicy: "" # 性能限制设置 - resources: {} - # [必填] 容器根目录只读 - readOnly: false - # [必填] Volume大小设置 - persistentVolumeSize: 10Gi + resourceLimits: {} # Service设置 service: - # [必填] Service类型,ClusterIP或NodePort - type: ClusterIP - # 当类型为nodePort时,填写主机的端口号 - nodePort: "" - # [必填] 密码设置 - password: + # Service类型,如NodePort + type: + # 当类型为NodePort时,填写主机的端口号 + nodePort: diff --git a/deploy/chart/euler_copilot/Chart.yaml b/deploy/chart/euler_copilot/Chart.yaml index 5e8f9826..1910e80d 100644 --- a/deploy/chart/euler_copilot/Chart.yaml +++ b/deploy/chart/euler_copilot/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: euler-copilot description: Euler Copilot Helm部署包 type: application -version: 0.9.1 -appVersion: "1.16.0" +version: 0.9.4 +appVersion: "0.9.4" diff --git a/deploy/chart/euler_copilot/configs/framework/.env b/deploy/chart/euler_copilot/configs/framework/.env index 365f9c1d..99e48bca 100644 --- a/deploy/chart/euler_copilot/configs/framework/.env +++ b/deploy/chart/euler_copilot/configs/framework/.env @@ -2,24 +2,30 @@ DEPLOY_MODE=local COOKIE_MODE=domain -# Web -WEB_FRONT_URL={{ .Values.euler_copilot.framework.web_url }} - # Redis -REDIS_HOST=redis-db-{{ .Values.globals.databases.app_name }}.{{ .Values.globals.databases.app_namespace }}.svc.cluster.local +REDIS_HOST=redis-db.{{ .Release.Namespace }}.svc.cluster.local REDIS_PORT=6379 -REDIS_PWD={{ .Values.globals.databases.passwords.redis }} +REDIS_PWD=${redis-password} # OIDC +{{- $loginType := .Values.login.type | default "authhub" -}} +{{- if eq $loginType "bypass" }} DISABLE_LOGIN=False -DEFAULT_USER= -OIDC_APP_ID={{ .Values.euler_copilot.framework.login.oidc.client_id }} -OIDC_APP_SECRET={{ .Values.euler_copilot.framework.login.oidc.client_secret }} -OIDC_USER_URL={{ .Values.euler_copilot.framework.login.oidc.user_url }} -OIDC_TOKEN_URL={{ .Values.euler_copilot.framework.login.oidc.token_url }} -OIDC_REFRESH_TOKEN_URL={{ .Values.euler_copilot.framework.login.oidc.refresh_token_url }} -OIDC_REDIRECT_URL={{ .Values.euler_copilot.framework.login.oidc.redirect }} -EULER_LOGIN_API={{ .Values.euler_copilot.framework.login.oidc.euler_copilot_front }} +DEFAULT_USER= {{ .Values.login.uid }} +{{- else if eq $loginType "authhub" }} +OIDC_USER_URL=http://authhub-backend-service.{{ .Release.Namespace }}.svc.cluster.local:11120/oauth2/introspect +OIDC_TOKEN_URL=http://authhub-backend-service.{{ .Release.Namespace }}.svc.cluster.local:11120/oauth2/token +OIDC_REFRESH_TOKEN_URL=http://authhub-backend-service.{{ .Release.Namespace }}.svc.cluster.local:11120/oauth2/refresh-token +OIDC_REDIRECT_URL="https://{{ default "authhub.eulercopilot.local" .Values.domain.authhub }}/oauth2/authorize?client_id=${clientId}&redirect_uri=https://{{ default "www.eulercopilot.local" .Values.domain.euler_copilot }}/api/auth/login&scope=openid offline_access&access_type=offline&response_type=code&prompt=consent&state=235345&nonce=loser" +{{- else }} +OIDC_USER_URL={{ .Values.login.oidc.user_url }} +OIDC_TOKEN_URL={{ .Values.login.oidc.token_url }} +OIDC_REFRESH_TOKEN_URL={{ .Values.login.oidc.refresh_url }} +OIDC_REDIRECT_URL={{ .Values.login.oidc.redirect }} +{{- end }} +OIDC_APP_ID=${clientId} +OIDC_APP_SECRET=${clientSecret} +EULER_LOGIN_API=https://{{ default "www.eulercopilot.local" .Values.domain.euler_copilot }}/api/auth/login OIDC_ACCESS_TOKEN_EXPIRE_TIME=1440 OIDC_REFRESH_TOKEN_EXPIRE_TIME=1440 SESSION_TTL=30 @@ -27,19 +33,17 @@ SESSION_TTL=30 # Logging LOG="stdout" -# Vectorize -{{- if .Values.euler_copilot.framework.vectorize.use_internal }} -VECTORIZE_HOST="http://vectorize-agent-service-{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local:8001" -{{- else }} -VECTORIZE_HOST="{{ .Values.euler_copilot.framework.vectorize.url }}" -{{- end }} +# Embedding +EMBEDDING_URL={{ .Values.models.embedding.url }} +EMBEDDING_KEY={{ .Values.models.embedding.key }} +EMBEDDING_MODEL={{ .Values.models.embedding.name }} # RAG -RAG_HOST="http://rag-service-{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local:9988" +RAG_HOST="http://rag-service.{{ .Release.Namespace }}.svc.cluster.local:9988" # FastAPI -DOMAIN={{ .Values.globals.domain }} -JWT_KEY={{ .Values.euler_copilot.framework.jwtKey }} +DOMAIN={{ default "www.eulercopilot.local" .Values.domain.euler_copilot }} +JWT_KEY=${jwtKey} # 风控 DETECT_TYPE= @@ -48,43 +52,39 @@ DETECT_TYPE= ENABLE_CSRF=False # MongoDB -MONGODB_HOST=mongo-db-{{ .Values.globals.databases.app_name }}.{{ .Values.globals.databases.app_namespace }}.svc.cluster.local +MONGODB_HOST=mongo-db.{{ .Release.Namespace }}.svc.cluster.local MONGODB_PORT=27017 MONGODB_USER=euler_copilot -MONGODB_PWD={{ .Values.globals.databases.passwords.mongo }} +MONGODB_PWD=${mongo-password} MONGODB_DATABASE=euler_copilot # PostgreSQL -POSTGRES_HOST=pgsql-db-{{ .Values.globals.databases.app_name }}.{{ .Values.globals.databases.app_namespace }}.svc.cluster.local:5432 +POSTGRES_HOST=pgsql-db.{{ .Release.Namespace }}.svc.cluster.local:5432 POSTGRES_DATABASE=postgres POSTGRES_USER=postgres -POSTGRES_PWD={{ .Values.globals.databases.passwords.postgres }} +POSTGRES_PWD=${pgsql-password} # MinIO -MINIO_ENDPOINT=minio-service-{{ .Values.globals.databases.app_name }}.{{ .Values.globals.databases.app_namespace }}.svc.cluster.local:9000 -MINIO_ACCESS_KEY={{ .Values.globals.databases.passwords.minio.access_key }} -MINIO_SECRET_KEY={{ .Values.globals.databases.passwords.minio.secret_key }} +MINIO_ENDPOINT=minio-service.{{ .Release.Namespace }}.svc.cluster.local:9000 +MINIO_ACCESS_KEY=minioadmin +MINIO_SECRET_KEY=${minio-password} # Security -HALF_KEY1={{ .Values.euler_copilot.framework.half_keys.key1 }} -HALF_KEY2={{ .Values.euler_copilot.framework.half_keys.key2 }} -HALF_KEY3={{ .Values.euler_copilot.framework.half_keys.key3 }} - -# 模型类型 -MODEL=openai -# QA模型配置 -LLM_MODEL={{ .Values.globals.llm.model }} -LLM_URL={{ .Values.globals.llm.url }}/v1 -LLM_KEY={{ .Values.globals.llm.key }} -# 参数模型配置 -SCHEDULER_BACKEND={{ .Values.globals.scheduler.backend }} -SCHEDULER_MODEL={{ .Values.globals.scheduler.model }} -SCHEDULER_URL={{ .Values.globals.scheduler.url }} -SCHEDULER_API_KEY={{ .Values.globals.scheduler.key }} +HALF_KEY1=${halfKey1} +HALF_KEY2=${halfKey2} +HALF_KEY3=${halfKey3} + +# 问答模型配置 +LLM_MODEL={{ .Values.models.answer.name }} +LLM_URL={{ .Values.models.answer.url }}/v1 +LLM_KEY={{ .Values.models.answer.key }} +# FunctionCall模型配置 +SCHEDULER_BACKEND={{ default "ollama" .Values.models.functioncall.backend }} +SCHEDULER_MODEL={{ default .Values.models.answer.name .Values.models.functioncall.name }} +SCHEDULER_URL={{ default .Values.models.answer.url .Values.models.functioncall.url }} +SCHEDULER_API_KEY={{ default .Values.models.answer.key .Values.models.functioncall.key }} +SCHEDULER_MAX_TOKENS={{default .Values.models.answer.max_tokens .Values.models.functioncall.max_tokens }} # Agent PLUGIN_DIR=/euler-copilot-frame/apps/plugin SQL_URL= - -# 其他 -GITEE_WHITELIST= diff --git a/deploy/chart/euler_copilot/configs/framework/copy-config.yaml b/deploy/chart/euler_copilot/configs/framework/copy-config.yaml new file mode 100644 index 00000000..4198e2fe --- /dev/null +++ b/deploy/chart/euler_copilot/configs/framework/copy-config.yaml @@ -0,0 +1,7 @@ +copy: + - from: /config/.env + to: /config-rw/.env + mode: + uid: 1001 + gid: 1001 + mode: "0o650" \ No newline at end of file diff --git a/deploy/chart/euler_copilot/configs/rag-web/.env b/deploy/chart/euler_copilot/configs/rag-web/.env index 0e7e54c5..77fedc8d 100644 --- a/deploy/chart/euler_copilot/configs/rag-web/.env +++ b/deploy/chart/euler_copilot/configs/rag-web/.env @@ -1,3 +1,3 @@ PROD=enabled -SERVER_NAME={{ .Values.euler_copilot.rag_web.ingress.domain }} -DATA_CHAIN_BACEND_URL=http://rag-service-{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local:9988 +SERVER_NAME={{ default "witchaind.eulercopilot.local" .Values.domain.witchaind }} +DATA_CHAIN_BACEND_URL=http://rag-service.{{ .Release.Namespace }}.svc.cluster.local:9988 diff --git a/deploy/chart/euler_copilot/configs/rag/.env b/deploy/chart/euler_copilot/configs/rag/.env index cb3578df..ed3c3b23 100644 --- a/deploy/chart/euler_copilot/configs/rag/.env +++ b/deploy/chart/euler_copilot/configs/rag/.env @@ -7,31 +7,29 @@ SSL_ENABLE=false LOG_METHOD=stdout # Postgres -DATABASE_URL=postgresql+asyncpg://postgres:{{ .Values.globals.databases.passwords.postgres }}@pgsql-db-{{ .Values.globals.databases.app_name }}.{{ .Values.globals.databases.app_namespace }}.svc.cluster.local:5432/postgres +DATABASE_URL=postgresql+asyncpg://postgres:${pgsql-password}@pgsql-db.{{ .Release.Namespace }}.svc.cluster.local:5432/postgres # MinIO -MINIO_ENDPOINT=minio-service-{{ .Values.globals.databases.app_name }}.{{ .Values.globals.databases.app_namespace }}.svc.cluster.local:9000 -MINIO_ACCESS_KEY={{ .Values.globals.databases.passwords.minio.access_key }} -MINIO_SECRET_KEY={{ .Values.globals.databases.passwords.minio.secret_key }} -MINIO_SECURE={{ .Values.globals.databases.passwords.minio.secure }} +MINIO_ENDPOINT=minio-service.{{ .Release.Namespace }}.svc.cluster.local:9000 +MINIO_ACCESS_KEY=minioadmin +MINIO_SECRET_KEY=${minio-password} +MINIO_SECURE=false # Redis -REDIS_HOST=redis-db-{{ .Values.globals.databases.app_name }}.{{ .Values.globals.databases.app_namespace }}.svc.cluster.local +REDIS_HOST=redis-db.{{ .Release.Namespace }}.svc.cluster.local REDIS_PORT=6379 -REDIS_PWD={{ .Values.globals.databases.passwords.redis }} +REDIS_PWD=${redis-password} # Task TASK_RETRY_TIME=3 # Embedding Service -{{- if .Values.euler_copilot.rag.vectorize.use_internal }} -REMOTE_EMBEDDING_ENDPOINT=http://vectorize-agent-service-{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local:8001/embeddings -{{- else }} -REMOTE_EMBEDDING_ENDPOINT={{ .Values.euler_copilot.rag.vectorize.url }}/embeddings -{{- end }} +EMBEDDING_ENDPOINT={{ .Values.models.embedding.url }}/embeddings +EMBEDDING_API_KEY={{ .Values.models.embedding.key }} +EMBEDDING_MODEL_NAME={{ .Values.models.embedding.name }} # Token -CSRF_KEY={{ .Values.euler_copilot.rag.security.csrf_key }} +CSRF_KEY=${csrfKey} SESSION_TTL=1440 # PROMPT_PATH @@ -40,13 +38,13 @@ PROMPT_PATH=/rag-service/data_chain/common/prompt.yaml STOP_WORDS_PATH=/rag-service/data_chain/common/stop_words.txt #Security -HALF_KEY1={{ .Values.euler_copilot.rag.security.half_key_1 }} -HALF_KEY2={{ .Values.euler_copilot.rag.security.half_key_2 }} -HALF_KEY3={{ .Values.euler_copilot.rag.security.half_key_3 }} +HALF_KEY1=${halfKey1} +HALF_KEY2=${halfKey2} +HALF_KEY3=${halfKey3} #LLM config -MODEL_NAME={{ .Values.globals.llm.model }} -OPENAI_API_BASE={{ .Values.globals.llm.url }}/v1 -OPENAI_API_KEY={{ .Values.globals.llm.key }} -REQUEST_TIMEOUT=120 -MAX_TOKENS={{ .Values.globals.llm.max_tokens }} +MODEL_1_MODEL_NAME={{ .Values.models.answer.name }} +MODEL_1_MODEL_TYPE=deepseek +MODEL_1_OPENAI_API_BASE={{ .Values.models.answer.url }}/v1 +MODEL_1_OPENAI_API_KEY={{ default "" .Values.models.answer.key }} +MODEL_1_MAX_TOKENS={{ default 2048 .Values.models.answer.max_tokens }} diff --git a/deploy/chart/euler_copilot/configs/rag/copy-config.yaml b/deploy/chart/euler_copilot/configs/rag/copy-config.yaml new file mode 100644 index 00000000..6cbc9f12 --- /dev/null +++ b/deploy/chart/euler_copilot/configs/rag/copy-config.yaml @@ -0,0 +1,19 @@ +copy: + - from: /config/.env + to: /config-rw/.env + mode: + uid: 1001 + gid: 1001 + mode: "0o650" + - from: /config/prompt.yaml + to: /config-rw/prompt.yaml + mode: + uid: 1001 + gid: 1001 + mode: "0o650" + - from: /config/stop_words.txt + to: /config-rw/stop_words.txt + mode: + uid: 1001 + gid: 1001 + mode: "0o650" diff --git a/deploy/chart/euler_copilot/configs/vectorize/.env b/deploy/chart/euler_copilot/configs/vectorize/.env deleted file mode 100644 index 80b898bf..00000000 --- a/deploy/chart/euler_copilot/configs/vectorize/.env +++ /dev/null @@ -1,9 +0,0 @@ -UVICORN_IP=0.0.0.0 -UVICORN_PORT=8001 - -LOG=stdout - -DEVICE=cpu -EMBEDDING_MODEL={{ .Values.euler_copilot.vectorize.model.embedding }} -RERANK_MODEL={{ .Values.euler_copilot.vectorize.model.rerank }} -MODEL_BASE_DIR=/vectorize-agent/models/ \ No newline at end of file diff --git a/deploy/chart/euler_copilot/configs/web/.env b/deploy/chart/euler_copilot/configs/web/.env index 38fb235d..6a480d4a 100644 --- a/deploy/chart/euler_copilot/configs/web/.env +++ b/deploy/chart/euler_copilot/configs/web/.env @@ -1,3 +1,3 @@ PROD=enabled -SERVER_NAME={{ .Values.euler_copilot.web.ingress.domain }} -FRAMEWORK_URL=http://framework-service-{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local:8002 \ No newline at end of file +SERVER_NAME={{ default "www.eulercopilot.local" .Values.domain.euler_copilot }} +FRAMEWORK_URL=http://framework-service.{{ .Release.Namespace }}.svc.cluster.local:8002 \ No newline at end of file diff --git a/deploy/chart/euler_copilot/templates/NOTES.txt b/deploy/chart/euler_copilot/templates/NOTES.txt index 52dd5757..f2411ee4 100644 --- a/deploy/chart/euler_copilot/templates/NOTES.txt +++ b/deploy/chart/euler_copilot/templates/NOTES.txt @@ -1,5 +1,5 @@ 感谢您使用Euler Copilot! -当前为Euler Copilot 0.9.1版本。 +当前为Euler Copilot 0.9.4版本。 当前Chart的功能为:Euler Copilot核心组件部署。 更多项目动态和分享会议,请关注openEuler sig-intelligence:https://www.openeuler.org/en/sig/sig-detail/?name=sig-intelligence \ No newline at end of file diff --git a/deploy/chart/euler_copilot/templates/cornjob.yaml b/deploy/chart/euler_copilot/templates/cornjob.yaml new file mode 100644 index 00000000..e69de29b diff --git a/deploy/chart/euler_copilot/templates/framework/framework-secret.yaml b/deploy/chart/euler_copilot/templates/framework/framework-config.yaml similarity index 39% rename from deploy/chart/euler_copilot/templates/framework/framework-secret.yaml rename to deploy/chart/euler_copilot/templates/framework/framework-config.yaml index b84fd580..1cab8899 100644 --- a/deploy/chart/euler_copilot/templates/framework/framework-secret.yaml +++ b/deploy/chart/euler_copilot/templates/framework/framework-config.yaml @@ -1,11 +1,12 @@ -{{- if .Values.euler_copilot.framework.enabled }} +{{- if .Values.euler_copilot.framework.enabled -}} apiVersion: v1 -kind: Secret +kind: ConfigMap metadata: - name: framework-secret-{{ .Release.Name }} + name: framework-config namespace: {{ .Release.Namespace }} -type: Opaque -stringData: +data: .env: |- {{ tpl (.Files.Get "configs/framework/.env") . | indent 4 }} -{{- end }} \ No newline at end of file + copy-config.yaml: |- +{{ tpl (.Files.Get "configs/framework/copy-config.yaml") . | indent 4 }} +{{- end -}} \ No newline at end of file diff --git a/deploy/chart/euler_copilot/templates/framework/framework-service.yaml b/deploy/chart/euler_copilot/templates/framework/framework-service.yaml deleted file mode 100644 index 0f6b91fa..00000000 --- a/deploy/chart/euler_copilot/templates/framework/framework-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.euler_copilot.framework.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: framework-service-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} -spec: - type: {{ .Values.euler_copilot.framework.service.type }} - selector: - app: framework-{{ .Release.Name }} - ports: - - port: 8002 - targetPort: 8002 - {{- if (and (eq .Values.euler_copilot.framework.service.type "") .Values.euler_copilot.framework.service.nodePort) }} - nodePort: {{ .Values.euler_copilot.framework.service.nodePort }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/deploy/chart/euler_copilot/templates/framework/framework-storage.yaml b/deploy/chart/euler_copilot/templates/framework/framework-storage.yaml new file mode 100644 index 00000000..03997162 --- /dev/null +++ b/deploy/chart/euler_copilot/templates/framework/framework-storage.yaml @@ -0,0 +1,30 @@ +{{- if .Values.euler_copilot.framework.enabled -}} +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: framework-semantics + namespace: {{ .Release.Namespace }} +spec: + storageClassName: {{ default "local-path" .Values.globals.storageClass }} + capacity: + storage: {{ default "5Gi" .Values.storage.framework_semantics.size }} + accessModes: + - ReadWriteOnce + hostPath: + path: {{ default "/home/eulercopilot/semantics" .Values.storage.framework_semantics.path }} + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: framework-semantics-claim + namespace: {{ .Release.Namespace }} +spec: + storageClassName: {{ default "local-path" .Values.globals.storageClass }} + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ default "5Gi" .Values.storage.framework_semantics.size }} +{{- end -}} \ No newline at end of file diff --git a/deploy/chart/euler_copilot/templates/framework/framework-deployment.yaml b/deploy/chart/euler_copilot/templates/framework/framework.yaml similarity index 32% rename from deploy/chart/euler_copilot/templates/framework/framework-deployment.yaml rename to deploy/chart/euler_copilot/templates/framework/framework.yaml index 111c5bae..5c04487f 100644 --- a/deploy/chart/euler_copilot/templates/framework/framework-deployment.yaml +++ b/deploy/chart/euler_copilot/templates/framework/framework.yaml @@ -1,29 +1,45 @@ -{{- if .Values.euler_copilot.framework.enabled }} +{{- if .Values.euler_copilot.framework.enabled -}} +--- +apiVersion: v1 +kind: Service +metadata: + name: framework-service + namespace: {{ .Release.Namespace }} +spec: + type: {{ default "ClusterIP" .Values.euler_copilot.framework.service.type }} + selector: + app: framework + ports: + - port: 8002 + targetPort: 8002 + nodePort: {{ default nil .Values.euler_copilot.framework.service.nodePort }} + +--- apiVersion: apps/v1 kind: Deployment metadata: - name: framework-deploy-{{ .Release.Name }} + name: framework-deploy namespace: {{ .Release.Namespace }} labels: - app: framework-{{ .Release.Name }} + app: framework spec: selector: matchLabels: - app: framework-{{ .Release.Name }} + app: framework template: metadata: annotations: - checksum/secret: {{ include (print $.Template.BasePath "/framework/framework-secret.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/framework/framework-config.yaml") . | sha256sum }} labels: - app: framework-{{ .Release.Name }} + app: framework spec: automountServiceAccountToken: false securityContext: fsGroup: 1001 containers: - name: framework - image: "{{if ne ( .Values.euler_copilot.framework.image.registry | toString ) ""}}{{ .Values.euler_copilot.framework.image.registry }}{{ else }}{{ .Values.globals.imageRegistry }}{{ end }}/{{ .Values.euler_copilot.framework.image.name }}:{{ .Values.euler_copilot.framework.image.tag | toString }}" - imagePullPolicy: {{ if ne ( .Values.euler_copilot.framework.image.imagePullPolicy | toString ) "" }}{{ .Values.euler_copilot.framework.image.imagePullPolicy }}{{ else }}{{ .Values.globals.imagePullPolicy }}{{ end }} + image: {{ default "hub.oepkgs.net/neocopilot/euler-copilot-framework:0.9.3-x86" .Values.euler_copilot.framework.image }} + imagePullPolicy: {{ default "IfNotPresent" .Values.globals.imagePullPolicy }} ports: - containerPort: 8002 protocol: TCP @@ -42,13 +58,13 @@ spec: value: "enable" volumeMounts: - mountPath: /euler-copilot-frame/config - name: framework-shared-secret-volume + name: framework-shared - mountPath: /tmp name: framework-tmp-volume - mountPath: /euler-copilot-frame/apps/plugin - name: framework-plugins + name: framework-semantics-vl securityContext: - readOnlyRootFilesystem: {{ .Values.euler_copilot.framework.readOnly }} + readOnlyRootFilesystem: {{ default false .Values.euler_copilot.framework.readOnly }} capabilities: drop: - ALL @@ -57,39 +73,71 @@ spec: runAsNonRoot: true allowPrivilegeEscalation: false resources: - {{- toYaml .Values.euler_copilot.framework.resources | nindent 12 }} + requests: + cpu: 0.2 + memory: 512Mi + limits: + {{ toYaml .Values.euler_copilot.framework.resourceLimits | nindent 14 }} initContainers: - - name: framework-copy-secret - image: "{{if ne ( .Values.euler_copilot.init.image.registry | toString ) ""}}{{ .Values.euler_copilot.init.image.registry }}{{ else }}{{ .Values.globals.imageRegistry }}{{ end }}/{{ .Values.euler_copilot.init.image.name }}:{{ .Values.euler_copilot.init.image.tag | toString }}" - restartPolicy: Always - imagePullPolicy: {{ if ne ( .Values.euler_copilot.init.image.imagePullPolicy | toString ) "" }}{{ .Values.euler_copilot.init.image.imagePullPolicy }}{{ else }}{{ .Values.globals.imagePullPolicy }}{{ end }} - env: - - name: CHECK_URL - value: http://framework-service-{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local:8002/health_check - - name: INTERVAL - value: "60" - - name: CONFIG_FILES - value: ".env" + - name: framework-copy + image: {{ default "hub.oepkgs.net/neocopilot/secret_inject:x86" .Values.euler_copilot.secret_inject.image }} + imagePullPolicy: {{ default "IfNotPresent" .Values.globals.imagePullPolicy }} volumeMounts: - - mountPath: /config - name: framework-secret-volume + - mountPath: /config/.env + name: framework-config + subPath: .env + - mountPath: /app/config.yaml + name: framework-config + subPath: copy-config.yaml - mountPath: /config-rw - name: framework-shared-secret-volume + name: framework-shared + - mountPath: /secrets/redis-password + name: database-secrets + subPath: redis-password + - mountPath: /secrets/mongo-password + name: database-secrets + subPath: mongo-password + - mountPath: /secrets/minio-password + name: database-secrets + subPath: minio-password + - mountPath: /secrets/pgsql-password + name: database-secrets + subPath: pgsql-password + - mountPath: /secrets/halfKey1 + name: system-secrets + subPath: halfKey1 + - mountPath: /secrets/halfKey2 + name: system-secrets + subPath: halfKey2 + - mountPath: /secrets/halfKey3 + name: system-secrets + subPath: halfKey3 + - mountPath: /secrets/jwtKey + name: system-secrets + subPath: jwtKey + - mountPath: /secrets/clientId + name: system-secrets + subPath: clientId + - mountPath: /secrets/clientSecret + name: system-secrets + subPath: clientSecret volumes: - - name: framework-secret-volume + - name: framework-config + configMap: + name: framework-config + - name: framework-semantics-vl + persistentVolumeClaim: + claimName: framework-semantics-claim + - name: database-secrets + secret: + secretName: euler-copilot-database + - name: system-secrets secret: - secretName: framework-secret-{{ .Release.Name }} - items: - - key: .env - path: .env - - name: framework-plugins - hostPath: - path: {{ .Values.euler_copilot.framework.volume.plugin_dir }} - type: Directory + secretName: euler-copilot-system - name: framework-tmp-volume emptyDir: medium: Memory - - name: framework-shared-secret-volume + - name: framework-shared emptyDir: medium: Memory -{{- end }} \ No newline at end of file +{{- end -}} \ No newline at end of file diff --git a/deploy/chart/euler_copilot/templates/rag-web/rag-web-config.yaml b/deploy/chart/euler_copilot/templates/rag-web/rag-web-config.yaml index bd35c8c1..ebd01c6d 100644 --- a/deploy/chart/euler_copilot/templates/rag-web/rag-web-config.yaml +++ b/deploy/chart/euler_copilot/templates/rag-web/rag-web-config.yaml @@ -1,10 +1,10 @@ -{{- if .Values.euler_copilot.rag_web.enabled }} +{{- if .Values.euler_copilot.rag_web.enabled -}} apiVersion: v1 kind: ConfigMap metadata: - name: rag-web-config-{{ .Release.Name }} + name: rag-web-config namespace: {{ .Release.Namespace }} data: .env: |- {{ tpl (.Files.Get "configs/rag-web/.env") . | indent 4 }} -{{- end }} +{{- end -}} diff --git a/deploy/chart/euler_copilot/templates/rag-web/rag-web-ingress.yaml b/deploy/chart/euler_copilot/templates/rag-web/rag-web-ingress.yaml deleted file mode 100644 index 20e16873..00000000 --- a/deploy/chart/euler_copilot/templates/rag-web/rag-web-ingress.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.euler_copilot.rag_web.ingress.enabled }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: rag-web-ingress-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} -spec: - rules: - - host: {{ .Values.euler_copilot.rag_web.ingress.domain }} - http: - paths: - - path: {{ .Values.euler_copilot.rag_web.ingress.prefix }} - pathType: Prefix - backend: - service: - name: rag-web-service-{{ .Release.Name }} - port: - number: 9888 -{{- end }} diff --git a/deploy/chart/euler_copilot/templates/rag-web/rag-web-service.yaml b/deploy/chart/euler_copilot/templates/rag-web/rag-web-service.yaml deleted file mode 100644 index d93f60bf..00000000 --- a/deploy/chart/euler_copilot/templates/rag-web/rag-web-service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.euler_copilot.rag_web.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: rag-web-service-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} -spec: - type: {{ .Values.euler_copilot.rag_web.service.type }} - selector: - app: rag-web-{{ .Release.Name }} - ports: - - port: 9888 - targetPort: 9888 - {{- if (and (eq .Values.euler_copilot.rag_web.service.type "NodePort") .Values.euler_copilot.rag_web.service.nodePort) }} - nodePort: {{ .Values.euler_copilot.rag_web.service.nodePort }} - {{- end }} -{{- end }} - diff --git a/deploy/chart/euler_copilot/templates/rag-web/rag-web-deployment.yaml b/deploy/chart/euler_copilot/templates/rag-web/rag-web.yaml similarity index 42% rename from deploy/chart/euler_copilot/templates/rag-web/rag-web-deployment.yaml rename to deploy/chart/euler_copilot/templates/rag-web/rag-web.yaml index 12f41723..2f6f515a 100644 --- a/deploy/chart/euler_copilot/templates/rag-web/rag-web-deployment.yaml +++ b/deploy/chart/euler_copilot/templates/rag-web/rag-web.yaml @@ -1,26 +1,63 @@ -{{- if .Values.euler_copilot.rag_web.enabled }} +{{- if .Values.euler_copilot.rag_web.enabled -}} +--- +apiVersion: v1 +kind: Service +metadata: + name: rag-web-service + namespace: {{ .Release.Namespace }} +spec: + type: {{ default "ClusterIP" .Values.euler_copilot.rag_web.service.type }} + selector: + app: rag-web + ports: + - port: 9888 + targetPort: 9888 + nodePort: {{ default nil .Values.euler_copilot.rag_web.service.nodePort }} + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: rag-web-ingress + namespace: {{ .Release.Namespace }} +spec: + rules: + - host: {{ default "www.eulercopilot.local" .Values.domain.euler_copilot }} + http: + paths: + - path: {{ default "/witchaind" .Values.euler_copilot.rag_web.ingress.prefix }} + pathType: Prefix + backend: + service: + name: rag-web-service + port: + number: 9888 + +--- apiVersion: apps/v1 kind: Deployment metadata: - name: rag-web-deploy-{{ .Release.Name }} + name: rag-web-deploy namespace: {{ .Release.Namespace }} labels: - app: rag-web-{{ .Release.Name }} + app: rag-web spec: - replicas: {{ .Values.globals.replicaCount }} + replicas: {{ default 1 .Values.globals.replicaCount }} selector: matchLabels: - app: rag-web-{{ .Release.Name }} + app: rag-web template: metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/rag-web/rag-web-config.yaml") . | sha256sum }} labels: - app: rag-web-{{ .Release.Name }} + app: rag-web spec: automountServiceAccountToken: false containers: - name: rag-web - image: "{{if ne ( .Values.euler_copilot.rag_web.image.registry | toString ) ""}}{{ .Values.euler_copilot.rag_web.image.registry }}{{ else }}{{ .Values.globals.imageRegistry }}{{ end }}/{{ .Values.euler_copilot.rag_web.image.name }}:{{ .Values.euler_copilot.rag_web.image.tag | toString }}" - imagePullPolicy: {{ if ne ( .Values.euler_copilot.rag_web.image.imagePullPolicy | toString ) "" }}{{ .Values.euler_copilot.rag_web.image.imagePullPolicy }}{{ else }}{{ .Values.globals.imagePullPolicy }}{{ end }} + image: {{ default "hub.oepkgs.net/neocopilot/data_chain_web:0.9.3-x86" .Values.euler_copilot.rag_web.image }} + imagePullPolicy: {{ default "IfNotPresent" .Values.globals.imagePullPolicy }} ports: - containerPort: 9888 protocol: TCP @@ -44,16 +81,19 @@ spec: name: rag-web-env-volume subPath: .env resources: - {{- toYaml .Values.euler_copilot.rag_web.resources | nindent 12 }} - restartPolicy: Always + requests: + cpu: 0.05 + memory: 64Mi + limits: + {{ toYaml .Values.euler_copilot.rag_web.resourceLimits | nindent 14 }} volumes: - name: rag-web-config-volume emptyDir: medium: Memory - name: rag-web-env-volume configMap: - name: rag-web-config-{{ .Release.Name }} + name: rag-web-config - name: rag-web-tmp emptyDir: medium: Memory -{{- end }} +{{- end -}} diff --git a/deploy/chart/euler_copilot/templates/rag/rag-secret.yaml b/deploy/chart/euler_copilot/templates/rag/rag-config.yaml similarity index 61% rename from deploy/chart/euler_copilot/templates/rag/rag-secret.yaml rename to deploy/chart/euler_copilot/templates/rag/rag-config.yaml index 2ba83939..9ac1c758 100644 --- a/deploy/chart/euler_copilot/templates/rag/rag-secret.yaml +++ b/deploy/chart/euler_copilot/templates/rag/rag-config.yaml @@ -1,15 +1,16 @@ -{{- if .Values.euler_copilot.rag.enabled }} +{{- if .Values.euler_copilot.rag.enabled -}} apiVersion: v1 -kind: Secret +kind: ConfigMap metadata: - name: rag-secret-{{ .Release.Name }} + name: rag-config namespace: {{ .Release.Namespace }} -type: Opaque -stringData: +data: .env: |- {{ tpl (.Files.Get "configs/rag/.env") . | indent 4}} prompt.yaml: |- {{ tpl (.Files.Get "configs/rag/prompt.yaml") . | indent 4}} stop_words.txt: |- {{ tpl (.Files.Get "configs/rag/stop_words.txt") . | indent 4}} -{{- end }} \ No newline at end of file + copy-config.yaml: |- +{{ tpl (.Files.Get "configs/rag/copy-config.yaml") . | indent 4}} +{{- end -}} \ No newline at end of file diff --git a/deploy/chart/euler_copilot/templates/rag/rag-deployment.yaml b/deploy/chart/euler_copilot/templates/rag/rag-deployment.yaml deleted file mode 100644 index 1b92d756..00000000 --- a/deploy/chart/euler_copilot/templates/rag/rag-deployment.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.euler_copilot.rag.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: rag-deploy-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} - labels: - app: rag-{{ .Release.Name }} -spec: - replicas: {{ .Values.globals.replicaCount }} - selector: - matchLabels: - app: rag-{{ .Release.Name }} - template: - metadata: - annotations: - checksum/secret: {{ include (print $.Template.BasePath "/rag/rag-secret.yaml") . | sha256sum }} - labels: - app: rag-{{ .Release.Name }} - spec: - automountServiceAccountToken: false - containers: - - name: rag - image: "{{ if ne (.Values.euler_copilot.rag.image.registry | toString ) "" }}{{ .Values.euler_copilot.rag.image.registry }}{{ else }}{{ .Values.globals.imageRegistry }}{{ end }}/{{ .Values.euler_copilot.rag.image.name }}:{{ .Values.euler_copilot.rag.image.tag | toString }}" - imagePullPolicy: {{ if ne (.Values.euler_copilot.rag.image.imagePullPolicy | toString) "" }}{{ .Values.euler_copilot.rag.image.imagePullPolicy }}{{ else }}{{ .Values.globals.imagePullPolicy }}{{ end }} - ports: - - containerPort: 9988 - protocol: TCP - livenessProbe: - httpGet: - path: /health_check - port: 9988 - scheme: HTTP - failureThreshold: 5 - initialDelaySeconds: 60 - periodSeconds: 90 - env: - - name: TZ - value: "Asia/Shanghai" - volumeMounts: - - mountPath: /docker-entrypoint-initdb.d/init.sql - name: rag-config - - mountPath: /rag-service/data_chain/common - name: rag-common - resources: - {{- toYaml .Values.euler_copilot.rag.resources | nindent 12 }} - restartPolicy: Always - volumes: - - name: rag-config - secret: - secretName: rag-secret-{{ .Release.Name }} - - name: rag-common - secret: - secretName: rag-secret-{{ .Release.Name }} -{{- end }} - diff --git a/deploy/chart/euler_copilot/templates/rag/rag-service.yaml b/deploy/chart/euler_copilot/templates/rag/rag-service.yaml deleted file mode 100644 index 4086612d..00000000 --- a/deploy/chart/euler_copilot/templates/rag/rag-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.euler_copilot.rag.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: rag-service-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} -spec: - type: {{ .Values.euler_copilot.rag.service.type }} - selector: - app: rag-{{ .Release.Name }} - ports: - - port: 9988 - targetPort: 9988 - {{- if (and (eq .Values.euler_copilot.rag.service.type "NodePort") .Values.euler_copilot.rag.service.nodePort) }} - nodePort: {{ .Values.euler_copilot.rag.service.nodePort }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/deploy/chart/euler_copilot/templates/rag/rag.yaml b/deploy/chart/euler_copilot/templates/rag/rag.yaml new file mode 100644 index 00000000..b75f7287 --- /dev/null +++ b/deploy/chart/euler_copilot/templates/rag/rag.yaml @@ -0,0 +1,118 @@ +{{- if .Values.euler_copilot.rag.enabled -}} +--- +apiVersion: v1 +kind: Service +metadata: + name: rag-service + namespace: {{ .Release.Namespace }} +spec: + type: {{ default "ClusterIP" .Values.euler_copilot.rag.service.type }} + selector: + app: rag + ports: + - port: 9988 + targetPort: 9988 + nodePort: {{ default nil .Values.euler_copilot.rag.service.nodePort }} + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: rag-deploy + namespace: {{ .Release.Namespace }} + labels: + app: rag +spec: + replicas: {{ default 1 .Values.globals.replicaCount }} + selector: + matchLabels: + app: rag + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/rag/rag-config.yaml") . | sha256sum }} + labels: + app: rag + spec: + automountServiceAccountToken: false + containers: + - name: rag + image: {{ default "hub.oepkgs.net/neocopilot/data_chain_back_end:0.9.3-x86" .Values.euler_copilot.rag.image }} + imagePullPolicy: {{ default "IfNotPresent" .Values.globals.imagePullPolicy }} + ports: + - containerPort: 9988 + protocol: TCP + livenessProbe: + httpGet: + path: /health_check + port: 9988 + scheme: HTTP + failureThreshold: 5 + initialDelaySeconds: 60 + periodSeconds: 90 + env: + - name: TZ + value: "Asia/Shanghai" + volumeMounts: + - mountPath: /rag-service/data_chain/common + name: rag-shared + resources: + requests: + cpu: 0.25 + memory: 512Mi + limits: + {{ toYaml .Values.euler_copilot.rag.resourceLimits | nindent 14 }} + initContainers: + - name: rag-copy-secret + image: {{ default "hub.oepkgs.net/neocopilot/secret_inject:x86" .Values.euler_copilot.secret_inject.image }} + imagePullPolicy: {{ default "IfNotPresent" .Values.globals.imagePullPolicy }} + volumeMounts: + - mountPath: /config/.env + name: rag-config-vl + subPath: .env + - mountPath: /config/stop_words.txt + name: rag-config-vl + subPath: stop_words.txt + - mountPath: /config/prompt.yaml + name: rag-config-vl + subPath: prompt.yaml + - mountPath: /app/config.yaml + name: rag-config-vl + subPath: copy-config.yaml + - mountPath: /config-rw + name: rag-shared + - mountPath: /secrets/redis-password + name: database-secret + subPath: redis-password + - mountPath: /secrets/minio-password + name: database-secret + subPath: minio-password + - mountPath: /secrets/pgsql-password + name: database-secret + subPath: pgsql-password + - mountPath: /secrets/halfKey1 + name: system-secret + subPath: halfKey1 + - mountPath: /secrets/halfKey2 + name: system-secret + subPath: halfKey2 + - mountPath: /secrets/halfKey3 + name: system-secret + subPath: halfKey3 + - mountPath: /secrets/csrfKey + name: system-secret + subPath: csrfKey + volumes: + - name: rag-config-vl + configMap: + name: rag-config + - name: database-secret + secret: + secretName: euler-copilot-database + - name: system-secret + secret: + secretName: euler-copilot-system + - name: rag-shared + emptyDir: + medium: Memory +{{- end -}} diff --git a/deploy/chart/euler_copilot/templates/secrets.yaml b/deploy/chart/euler_copilot/templates/secrets.yaml new file mode 100644 index 00000000..221cb4f0 --- /dev/null +++ b/deploy/chart/euler_copilot/templates/secrets.yaml @@ -0,0 +1,36 @@ +{{- $systemSecret := (lookup "v1" "Secret" .Release.Namespace "euler-copilot-system") -}} +{{- if $systemSecret -}} +apiVersion: v1 +kind: Secret +metadata: + name: euler-copilot-system + namespace: {{ .Release.Namespace }} + annotations: + helm.sh/resource-policy: keep +type: Opaque +stringData: + jwtKey: {{ index $systemSecret.data.jwtKey | b64dec }} + halfKey1: {{ index $systemSecret.data.halfKey1 | b64dec }} + halfKey2: {{ index $systemSecret.data.halfKey2 | b64dec }} + halfKey3: {{ index $systemSecret.data.halfKey3 | b64dec }} + csrfKey: {{ index $systemSecret.data.csrfKey | b64dec }} + clientId: {{ index $systemSecret.data.clientId | b64dec }} + clientSecret: {{ index $systemSecret.data.clientSecret | b64dec }} +{{- else -}} +apiVersion: v1 +kind: Secret +metadata: + name: euler-copilot-system + namespace: {{ .Release.Namespace }} + annotations: + helm.sh/resource-policy: keep +type: Opaque +stringData: + jwtKey: {{ randAlphaNum 32 | b64enc }} + halfKey1: {{ randAlphaNum 32 }} + halfKey2: {{ randAlphaNum 32 }} + halfKey3: {{ randAlphaNum 32 }} + csrfKey: {{ randAlphaNum 32 | b64enc}} + clientId: {{ .Values.login.client.id }} + clientSecret: {{ .Values.login.client.secret }} +{{- end -}} diff --git a/deploy/chart/euler_copilot/templates/serviceaccount.yaml b/deploy/chart/euler_copilot/templates/serviceaccount.yaml new file mode 100644 index 00000000..e69de29b diff --git a/deploy/chart/euler_copilot/templates/vectorize/vectorize-deployment.yaml b/deploy/chart/euler_copilot/templates/vectorize/vectorize-deployment.yaml deleted file mode 100644 index ebe7d7b5..00000000 --- a/deploy/chart/euler_copilot/templates/vectorize/vectorize-deployment.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- if .Values.euler_copilot.vectorize.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: vectorize-deploy-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} - labels: - app: vectorize-{{ .Release.Name }} -spec: - selector: - matchLabels: - app: vectorize-{{ .Release.Name }} - template: - metadata: - annotations: - checksum/secret: {{ include (print $.Template.BasePath "/vectorize/vectorize-secret.yaml") . | sha256sum }} - labels: - app: vectorize-{{ .Release.Name }} - spec: - automountServiceAccountToken: false - securityContext: - fsGroup: 1001 - containers: - - name: vectorize - image: "{{ if ne ( .Values.euler_copilot.vectorize.image.registry | toString) "" }}{{ .Values.euler_copilot.vectorize.image.registry }}{{ else }}{{ .Values.globals.imageRegistry }}{{ end }}/{{ .Values.euler_copilot.vectorize.image.name }}:{{ .Values.euler_copilot.vectorize.image.tag | toString }}" - imagePullPolicy: {{ if ne (.Values.euler_copilot.vectorize.image.imagePullPolicy | toString) "" }}{{ .Values.euler_copilot.vectorize.image.imagePullPolicy }}{{ else }}{{ .Values.globals.imagePullPolicy }}{{ end }} - ports: - - containerPort: 8001 - protocol: TCP - livenessProbe: - httpGet: - path: /health_check/ping - port: 8001 - scheme: HTTP - failureThreshold: 5 - initialDelaySeconds: 60 - periodSeconds: 90 - env: - - name: TZ - value: "Asia/Shanghai" - - name: HF_HOME - value: "/tmp" - - name: PROD - value: "enabled" - volumeMounts: - - mountPath: /vectorize-agent/config - name: vectorize-shared-secret-volume - - mountPath: /vectorize-agent/models - name: vectorize-models - - mountPath: /tmp - name: vectorize-tmp-volume - securityContext: - readOnlyRootFilesystem: {{ .Values.euler_copilot.vectorize.readOnly }} - capabilities: - drop: - - ALL - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - allowPrivilegeEscalation: false - resources: - {{- toYaml .Values.euler_copilot.vectorize.resources | nindent 12 }} - initContainers: - - name: vectorize-copy-secret - image: "{{ if ne ( .Values.euler_copilot.init.image.registry | toString ) "" }}{{ .Values.euler_copilot.init.image.registry }}{{ else }}{{ .Values.globals.imageRegistry }}{{ end }}/{{ .Values.euler_copilot.init.image.name }}:{{ .Values.euler_copilot.init.image.tag | toString }}" - restartPolicy: Always - imagePullPolicy: {{ if ne ( .Values.euler_copilot.init.image.imagePullPolicy | toString ) "" }}{{ .Values.euler_copilot.init.image.imagePullPolicy }}{{ else }}{{ .Values.globals.imagePullPolicy }}{{ end }} - env: - - name: CHECK_URL - value: "http://vectorize-agent-service-{{ .Release.Name }}.euler-copilot.svc.cluster.local:8001/health_check/ping" - - name: INTERVAL - value: "60" - - name: CONFIG_FILES - value: ".env" - volumeMounts: - - mountPath: /config - name: vectorize-secret-volume - - mountPath: /config-rw - name: vectorize-shared-secret-volume - volumes: - - name: vectorize-secret-volume - secret: - secretName: vectorize-secret-{{ .Release.Name }} - items: - - key: .env - path: .env - - name: vectorize-models - hostPath: - path: {{ .Values.euler_copilot.vectorize.volume.models }} - type: Directory - - name: vectorize-shared-secret-volume - emptyDir: - medium: Memory - - name: vectorize-tmp-volume - emptyDir: - medium: Memory -{{- end }} \ No newline at end of file diff --git a/deploy/chart/euler_copilot/templates/vectorize/vectorize-secret.yaml b/deploy/chart/euler_copilot/templates/vectorize/vectorize-secret.yaml deleted file mode 100644 index 84f2e603..00000000 --- a/deploy/chart/euler_copilot/templates/vectorize/vectorize-secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.euler_copilot.vectorize.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: vectorize-secret-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} -type: Opaque -stringData: - .env: |- -{{ tpl (.Files.Get "configs/vectorize/.env") . | indent 4 }} -{{- end }} \ No newline at end of file diff --git a/deploy/chart/euler_copilot/templates/vectorize/vectorize-service.yaml b/deploy/chart/euler_copilot/templates/vectorize/vectorize-service.yaml deleted file mode 100644 index c27cbd96..00000000 --- a/deploy/chart/euler_copilot/templates/vectorize/vectorize-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.euler_copilot.vectorize.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: vectorize-agent-service-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} -spec: - type: {{ .Values.euler_copilot.vectorize.service.type }} - selector: - app: vectorize-{{ .Release.Name }} - ports: - - port: 8001 - targetPort: 8001 - {{- if (and (eq .Values.euler_copilot.vectorize.service.type "NodePort") .Values.euler_copilot.vectorize.service.nodePort) }} - nodePort: {{ .Values.euler_copilot.vectorize.service.nodePort }} - {{- end }} -{{- end }} diff --git a/deploy/chart/euler_copilot/templates/web/web-config.yaml b/deploy/chart/euler_copilot/templates/web/web-config.yaml index 089344a9..ee47374a 100644 --- a/deploy/chart/euler_copilot/templates/web/web-config.yaml +++ b/deploy/chart/euler_copilot/templates/web/web-config.yaml @@ -1,10 +1,10 @@ -{{- if .Values.euler_copilot.web.enabled }} +{{- if .Values.euler_copilot.web.enabled -}} apiVersion: v1 kind: ConfigMap metadata: - name: web-config-{{ .Release.Name }} + name: web-config namespace: {{ .Release.Namespace }} data: .env: |- {{ tpl (.Files.Get "configs/web/.env") . | indent 4 }} -{{- end }} \ No newline at end of file +{{- end -}} \ No newline at end of file diff --git a/deploy/chart/euler_copilot/templates/web/web-ingress.yaml b/deploy/chart/euler_copilot/templates/web/web-ingress.yaml deleted file mode 100644 index 46eca47c..00000000 --- a/deploy/chart/euler_copilot/templates/web/web-ingress.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.euler_copilot.web.ingress.enabled }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: web-ingress-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} -spec: - rules: - - host: {{ .Values.globals.domain }} - http: - paths: - - path: {{ .Values.euler_copilot.web.ingress.prefix }} - pathType: Prefix - backend: - service: - name: web-service-{{ .Release.Name }} - port: - number: 8080 -{{- end }} \ No newline at end of file diff --git a/deploy/chart/euler_copilot/templates/web/web-service.yaml b/deploy/chart/euler_copilot/templates/web/web-service.yaml deleted file mode 100644 index 43f70fef..00000000 --- a/deploy/chart/euler_copilot/templates/web/web-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.euler_copilot.web.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: web-service-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} -spec: - type: {{ .Values.euler_copilot.web.service.type }} - selector: - app: web-{{ .Release.Name }} - ports: - - port: 8080 - targetPort: 8080 - {{- if (and (eq .Values.euler_copilot.web.service.type "NodePort") .Values.euler_copilot.web.service.nodePort) }} - nodePort: {{ .Values.euler_copilot.web.service.nodePort }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/deploy/chart/euler_copilot/templates/web/web-deployment.yaml b/deploy/chart/euler_copilot/templates/web/web.yaml similarity index 52% rename from deploy/chart/euler_copilot/templates/web/web-deployment.yaml rename to deploy/chart/euler_copilot/templates/web/web.yaml index 05d8f3b7..f77ffd49 100644 --- a/deploy/chart/euler_copilot/templates/web/web-deployment.yaml +++ b/deploy/chart/euler_copilot/templates/web/web.yaml @@ -1,29 +1,64 @@ -{{- if .Values.euler_copilot.web.enabled }} +{{- if .Values.euler_copilot.web.enabled -}} +--- +apiVersion: v1 +kind: Service +metadata: + name: web-service + namespace: {{ .Release.Namespace }} +spec: + type: {{ default "ClusterIP" .Values.euler_copilot.web.service.type }} + selector: + app: web + ports: + - port: 8080 + targetPort: 8080 + nodePort: {{ default nil .Values.euler_copilot.web.service.nodePort }} + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: web-ingress + namespace: {{ .Release.Namespace }} +spec: + rules: + - host: {{ default "www.eulercopilot.local" .Values.domain.euler_copilot }} + http: + paths: + - path: {{ default "/" .Values.euler_copilot.web.ingress.prefix }} + pathType: Prefix + backend: + service: + name: web-service + port: + number: 8080 + +--- apiVersion: apps/v1 kind: Deployment metadata: - name: web-deploy-{{ .Release.Name }} + name: web-deploy namespace: {{ .Release.Namespace }} labels: - app: web-{{ .Release.Name }} + app: web spec: selector: matchLabels: - app: web-{{ .Release.Name }} + app: web template: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/web/web-config.yaml") . | sha256sum }} labels: - app: web-{{ .Release.Name }} + app: web spec: automountServiceAccountToken: false securityContext: fsGroup: 1001 containers: - name: web - image: "{{ if ne ( .Values.euler_copilot.web.image.registry | toString ) ""}}{{ .Values.euler_copilot.web.image.registry }}{{ else }}{{ .Values.globals.imageRegistry }}{{ end }}/{{ .Values.euler_copilot.web.image.name }}:{{ .Values.euler_copilot.web.image.tag | toString }}" - imagePullPolicy: {{ if ne ( .Values.euler_copilot.web.image.imagePullPolicy | toString ) "" }}{{ .Values.euler_copilot.web.image.imagePullPolicy }}{{ else }}{{ .Values.globals.imagePullPolicy }}{{ end }} + image: {{ default "hub.oepkgs.net/neocopilot/euler-copilot-web:0.9.3-x86" .Values.euler_copilot.web.image }} + imagePullPolicy: {{ default "IfNotPresent" .Values.globals.imagePullPolicy }} ports: - containerPort: 8080 protocol: TCP @@ -47,9 +82,13 @@ spec: name: web-env-volume subPath: .env resources: - {{- toYaml .Values.euler_copilot.web.resources | nindent 12 }} + requests: + cpu: 0.05 + memory: 64Mi + limits: + {{ toYaml .Values.euler_copilot.web.resourceLimits | nindent 14 }} securityContext: - readOnlyRootFilesystem: {{ .Values.euler_copilot.web.readOnly }} + readOnlyRootFilesystem: {{ default false .Values.euler_copilot.web.readOnly }} capabilities: drop: - ALL @@ -64,8 +103,8 @@ spec: medium: Memory - name: web-env-volume configMap: - name: web-config-{{ .Release.Name }} + name: web-config - name: web-tmp emptyDir: medium: Memory -{{- end }} \ No newline at end of file +{{- end -}} \ No newline at end of file diff --git a/deploy/chart/euler_copilot/values.yaml b/deploy/chart/euler_copilot/values.yaml index a2fa1e0d..7b35340e 100644 --- a/deploy/chart/euler_copilot/values.yaml +++ b/deploy/chart/euler_copilot/values.yaml @@ -1,267 +1,167 @@ # 全局设置 globals: - # [必填] 镜像仓库 - imageRegistry: "hub.oepkgs.net/neocopilot" - # [必填] 镜像拉取策略 - imagePullPolicy: IfNotPresent - # 用于问答和推理的大模型(OpenAI兼容) - llm: - # [必填] 模型URL + # 镜像拉取策略, 默认为IfNotPresent + imagePullPolicy: + # 存储类;默认为local-path + storageClass: + +# 模型设置 +models: + # 用于问答的大模型;需要为OpenAI兼容接口 + answer: + # [必填] 接口URL(无需带上“v1”后缀) url: - # [必填] 模型 API Key + # [必填] 接口API Key;默认置空 key: # [必填] 模型名称 - model: - # [必填] 模型最大token数 - max_tokens: 8096 - # 用于Function Call的模型 - scheduler: - # [必填] 推理框架类型,可以是vllm、sglang、ollama - backend: vllm - # [必填] 模型地址 + name: + # [必填] 模型最大上下文数;建议>=8192 + ctx_length: 8192 + # 模型最大输出长度,建议>=2048 + max_tokens: 2048 + # 用于Function Call的模型;建议使用特定推理框架 + functioncall: + # 推理框架类型,默认为ollama + # 可用的框架类型:["vllm", "sglang", "ollama", "openai"] + backend: + # 模型地址;不填则与问答模型一致 url: - # [必填] 模型 API Key + # API Key;不填则与问答模型一致 key: - # [必填] 模型名称 - model: - # 数据库设置 - databases: - # [必填] database helm安装时的app name - app_name: - # [必填] database helm安装时的namespace - app_namespace: - # 数据库密码 - passwords: - # [必填] MySQL数据库的密码 - mongo: - # [必填] Redis数据库的密码 - redis: - # [必填] PostgreSQL数据库密码 - postgres: - # MinIO连接信息 - minio: - # [必填] MinIO AK - access_key: - # [必填] MinIO SK - secret_key: - # [必填] MinIO 是否启用安全连接 - secure: false + # 模型名称;不填则与问答模型一致 + name: + # 模型最大上下文数;不填则与问答模型一致 + ctx_length: + # 模型最大输出长度;不填则与问答模型一致 + max_tokens: + # 用于数据向量化(Embedding)的模型 + embedding: + # [必填] Embedding URL(需要带上“v1”后缀) + url: + # [必填] Embedding 模型API Key + key: + # [必填] Embedding 模型名称 + name: + +# 登录设置 +login: + # 登录类型;默认为authhub + # 可用的类型:["authhub", "oidc", "linux", "bypass"] + type: + # 固定UID设置,仅在type为bypass时有效 + uid: + # 客户端ID设置,仅在type为authhub和oidc时有效 + client: + # [必填] 客户端ID + id: + # [必填] 客户端密钥 + secret: + # OIDC设置,仅在type为oidc时有效 + oidc: + # OIDC AccessToken获取地址 + token_url: + # OIDC UserToken获取地址 + user_url: + # OIDC RefreshToken地址 + refresh_url: + # OIDC登录跳转地址 + redirect: + +# 域名设置 +domain: + # 用于EulerCopilot的域名;默认为www.eulercopilot.local + euler_copilot: + # 部署authhub时使用的域名;默认为suthhub.eulercopilot.local + authhub: + +# 存储设置 +storage: + # 语义接口 + framework_semantics: + # 语义接口地址 + path: + # 语义接口存储大小,默认为5GB + size: euler_copilot: - # 配置文件安全复制工具 - init: - # 镜像设置 - image: - # 镜像仓库。留空则使用全局设置。 - registry: "" - # [必填] 镜像名 - name: secret_inject - # [必填] 镜像标签,为latest或arm - tag: latest - # 拉取策略。留空则使用全局设置。 - imagePullPolicy: "" - - vectorize: - # [必填] 是否部署Vectorize模型服务工具 - enabled: true - # 镜像设置 - image: - # 镜像仓库。留空则使用全局设置。 - registry: "" - # [必填] 镜像名 - name: euler-copilot-vectorize-agent - # [必填] 镜像标签 - tag: "0.9.1" - # 拉取策略。留空则使用全局设置。 - imagePullPolicy: "" - # [必填] 容器根目录只读 - readOnly: true - # 性能限制设置 - resources: {} - # Volume设置 - volume: - # [必填] Embedding模型的位置 - models: /home/EulerCopilot/models - # Service设置 - service: - # [必填] Service类型,ClusterIP或NodePort - type: ClusterIP - # 当类型为nodePort时,填写主机的端口号 - nodePort: "" - # 模型名称 - model: - # [必填] Embedding模型名称 - embedding: bge-mixed-model - # [必填] 检索模型名称 - rerank: bge-reranker-large + # 配置文件工具 + secret_inject: + # 镜像设置;默认为hub.oepkgs.net/neocopilot/secret_inject:x86 + # 镜像标签:["x86", "arm"] + image: "hub.oepkgs.net/neocopilot/secret_inject:dev" framework: # [必填] 是否部署Framework后端框架服务 enabled: true - # 镜像设置 + # 镜像设置;默认为hub.oepkgs.net/neocopilot/euler-copilot-framework:0.9.3-x86 + # 镜像标签:["0.9.3-x86", "0.9.3-arm"] image: - # 镜像仓库。留空则使用全局设置。 - registry: "" - # [必填] 镜像名 - name: euler-copilot-framework - # [必填] 镜像标签 - tag: "0.9.3" - # 拉取策略。留空则使用全局设置 - imagePullPolicy: "" - # [必填] 容器根目录只读 - readOnly: false + # 容器根目录只读 + readOnly: # 性能限制设置 - resources: {} + resourceLimits: {} # Service设置 service: - # [必填] Service类型,ClusterIP或NodePort - type: ClusterIP + # Service类型,例如NodePorts + type: # 当类型为nodePort时,填写主机的端口号 - nodePort: "" - # Volume设置 - volume: - # [必填] 插件包路径 - service_dir: # 修改为实际的插件文件夹地址 - # [必填] Vectorize服务地址 - vectorize: - # [必填] 是否使用内部Vectorize服务 - use_internal: true - # Vectorize服务url - url: "" - # [必填] JWT Key - jwtKey: 13e46d8963c997814f996c3294ccc92d - # 加密密钥设置 - half_keys: - # [必填] 加密密钥1 - key1: - # [必填] 加密密钥2 - key2: - # [必填] 加密密钥3 - key3: - # [必填] Web前端地址,需要添加http/https前缀 - web_url: - # 登录设置 - login: - # [必填] 是否启用登录 - enabled: true - # [enabled为false时必填] 若不启用登录,则需要手动填写默认登录的用户ID - user_id: "" - # OIDC 设置 - oidc: - # [enabled为true时必填] OIDC 客户端ID - client_id: - # [enabled为true时必填] OIDC 客户端密钥 - client_secret: - # [enabled为true时必填] OIDC Token获取地址 - token_url: http://authhub-backend-service-authhub.euler-copilot.svc.cluster.local:11120/oauth2/token - # [enabled为true时必填] OIDC 用户信息地址 - user_url: http://authhub-backend-service-authhub.euler-copilot.svc.cluster.local:11120/oauth2/introspect - # [enabled为true时必填] OIDC 刷新Token地址 - refresh_token_url: http://authhub-backend-service-authhub.euler-copilot.svc.cluster.local:11120/oauth2/refresh-token - # [enabled为true时必填] EulerCopilot主页地址; 替换为 EulerCopilot 实际的域名 - euler_copilot_front: https:///api/auth/login - # [enabled为true时必填] OIDC登录跳转地址:请将修改为authhub实际域名, 替换为实际的Client ID,将替换为EulerCopilot域名 - redirect: https:///oauth2/authorize?client_id=&redirect_uri=https:///api/auth/login&scope=openid offline_access&access_type=offline&response_type=code&prompt=consent&state=235345&nonce=loser + nodePort: web: # [必填] 是否部署Web前端用户界面 enabled: true - # 镜像设置 + # 镜像设置;默认为hub.oepkgs.net/neocopilot/euler-copilot-web:0.9.3-x86 + # 镜像标签:["0.9.3-x86", "0.9.3-arm"] image: - # 镜像仓库。留空则使用全局设置。 - registry: "" - # [必填] 镜像名 - name: euler-copilot-web - # [必填] 镜像标签 - tag: "0.9.3" - # 拉取策略。留空则使用全局设置 - imagePullPolicy: "" - # [必填] 容器根目录只读 - readOnly: true + # 容器根目录只读 + readOnly: # 性能限制设置 - resources: {} + resourceLimits: {} # Service设置 service: - # [必填] Service类型,ClusterIP或NodePort - type: ClusterIP - nodePort: "" + # Service类型,例如NodePort + type: + # 当类型为NodePort时,填写主机的端口号 + nodePort: # Ingress设置 ingress: - # [必填] 是否启用Ingress - enabled: true - # [必填] URI前缀 - prefix: / - # [必填] 部署域名 - # 需要修改为EulerCopilot域名。单节点部署时,服务基于Host进行区分,无法使用IP地址 - domain: + # URI前缀,默认为/ + prefix: rag_web: # [必填] 是否部署RAG Web前端用户界面 enabled: true - # 镜像设置 + # 镜像设置;默认为hub.oepkgs.net/neocopilot/data_chain_web:0.9.3-x86 + # 镜像标签:["0.9.3-x86", "0.9.3-arm"] image: - # 镜像仓库。留空则使用全局设置。 - registry: "" - # [必填] 镜像名 - name: data_chain_web - # [必填] 镜像标签 - tag: "0.9.3" - # 拉取策略。留空则使用全局设置 - imagePullPolicy: "" - # [必填] 容器根目录只读 - readOnly: true + # 容器根目录只读 + readOnly: # 性能限制设置 - resources: {} + resourceLimits: {} # Service设置 service: - # [必填] Service类型,ClusterIP或NodePort - type: ClusterIP - nodePort: "" + # Service类型,例如NodePort + type: + # 当类型为NodePort时,填写主机的端口号 + nodePort: # Ingress设置 ingress: - # [必填] 是否启用Ingress - enabled: true - # [必填] URI前缀 - prefix: / - # [必填] 部署域名 - # 需要修改为WitchainD域名。单节点部署时,服务基于Host进行区分,无法使用IP地址 - domain: + # URI前缀;默认为/ + prefix: rag: # [必填] 是否部署RAG后端服务 enabled: true - # 镜像设置 + # 镜像设置;默认为hub.oepkgs.net/neocopilot/data_chain_back_end:0.9.3-x86 + # 镜像标签:["0.9.3-x86", "0.9.3-arm"] image: - # 镜像仓库。留空则使用全局设置。 - registry: "" - # [必填] 镜像名 - name: data_chain_back_end - # [必填] 镜像标签 - tag: "0.9.3" - # 拉取策略。留空则使用全局设置 - imagePullPolicy: "" - # [必填] 容器根目录只读 - readOnly: true + # 容器根目录只读 + readOnly: # 性能限制设置 - resources: {} + resourceLimits: {} # Service设置 service: - # [必填] Service类型,ClusterIP或NodePort - type: ClusterIP - nodePort: "" - # [必填] Embedding模型URL - vectorize: - # [必填] 是否使用内部Vectorize服务 - use_internal: true - # Vectorize服务url - url: "" - # [必填] 密钥设置 - security: - # [必填] CSRF密钥 - csrf_key: - # [必填] 工作密钥1 - half_key_1: - # [必填] 工作密钥2 - half_key_2: - # [必填] 工作密钥3 - half_key_3: + # Service类型,例如NodePort + type: + # 当类型为NodePort时,填写主机的端口号 + nodePort: diff --git a/deploy/secret_helper/Dockerfile b/deploy/secret_helper/Dockerfile new file mode 100644 index 00000000..ca8421e3 --- /dev/null +++ b/deploy/secret_helper/Dockerfile @@ -0,0 +1,11 @@ +FROM hub.oepkgs.net/openeuler/openeuler:22.03-lts-sp4 +RUN mkdir /app && \ + mkdir /secrets +WORKDIR /app +COPY . . +RUN yum update -y && \ + yum install python3 python3-pip -y && \ + yum clean all && \ + pip3 install --no-cache-dir -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple +ENV PYTHONPATH=/app +ENTRYPOINT ["python3", "./main.py"] \ No newline at end of file diff --git a/deploy/secret_helper/__init__.py b/deploy/secret_helper/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/deploy/secret_helper/config.example.yaml b/deploy/secret_helper/config.example.yaml new file mode 100644 index 00000000..bde10ed5 --- /dev/null +++ b/deploy/secret_helper/config.example.yaml @@ -0,0 +1,14 @@ +copy: + - from: /config + to: /config-rw + mode: + uid: 1000 + gid: 1000 + mode: "0o750" + + - from: /etc/config + to: /config-rw/secret + mode: + uid: 1000 + gid: 1000 + mode: "0o750" diff --git a/deploy/secret_helper/file_copy.py b/deploy/secret_helper/file_copy.py new file mode 100644 index 00000000..71b80a52 --- /dev/null +++ b/deploy/secret_helper/file_copy.py @@ -0,0 +1,73 @@ +"""Copy files and directories + +Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved. +""" +import os +from pathlib import Path +from typing import Any + + +def chown_chmod(path: Path, mode_number: int, uid: int, gid: int) -> None: + """Change ownership and permissions""" + os.chown(str(path), uid, gid) # type: ignore[] + path.chmod(mode_number) + + for file in path.rglob("*"): + os.chown(str(file), uid, gid) # type: ignore[] + file.chmod(mode_number) + +def copy_file(file: Path, out_path: Path, secrets: dict[str, str]) -> None: + print(f"copying: {file} to {out_path}") + with file.open("r", encoding="utf-8") as f: + data = f.read() + if secrets: + for key, value in secrets.items(): + data = data.replace(r"${" + key + "}", value) + with out_path.open("w", encoding="utf-8") as f: + f.write(data) + +def copy_single_item(from_path: Path, to_path: Path, secrets: dict[str, str]) -> None: + """Copy a single file""" + if from_path.is_file(): + print(f"found: {from_path}") + copy_file(from_path, to_path, secrets) + + for file in from_path.rglob("*"): + print(f"found: {file}") + if any(p for p in file.parts if p.startswith(".")): + print(f"skipping: {file}") + continue + out_path = to_path / file.relative_to(from_path) + if file.is_file(): + copy_file(file, out_path, secrets) + else: + out_path.mkdir(parents=True, exist_ok=True) + + +def copy(from_path_str: str, to_path_str: str, mode: dict[str, Any]) -> None: + """Copy files and directories""" + # 校验Secrets是否存在 + secrets_path = Path("/secrets") + if not secrets_path.exists(): + secrets = {} + else: + # 读取secrets + secrets = {} + for secret in secrets_path.iterdir(): + with secret.open("r") as f: + secrets[secret.name] = f.read() + + # 检查文件位置 + from_path = Path(from_path_str) + to_path = Path(to_path_str) + + # 检查文件是否存在 + if not from_path.exists(): + raise FileNotFoundError + + # 递归复制文件 + copy_single_item(from_path, to_path, secrets) + + # 设置权限 + mode_number = int(mode["mode"], 8) + chown_chmod(to_path, mode_number, mode["uid"], mode["gid"]) diff --git a/deploy/secret_helper/job.py b/deploy/secret_helper/job.py new file mode 100644 index 00000000..928be73e --- /dev/null +++ b/deploy/secret_helper/job.py @@ -0,0 +1,9 @@ +"""Recreate failed pods + +Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved. +""" +import pykube + + +def job() -> None: + pass diff --git a/deploy/secret_helper/main.py b/deploy/secret_helper/main.py new file mode 100644 index 00000000..be90de10 --- /dev/null +++ b/deploy/secret_helper/main.py @@ -0,0 +1,22 @@ +"""Secret Injector + +Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved. +""" +from pathlib import Path + +import yaml + +from file_copy import copy +from job import job + +if __name__ == "__main__": + config = Path("config.yaml") + if not config.exists(): + job() + + else: + with config.open("r") as f: + config = yaml.safe_load(f) + + for copy_config in config["copy"]: + copy(copy_config["from"], copy_config["to"], copy_config["mode"]) diff --git a/deploy/secret_helper/requirements.txt b/deploy/secret_helper/requirements.txt new file mode 100644 index 00000000..425af8d8 --- /dev/null +++ b/deploy/secret_helper/requirements.txt @@ -0,0 +1 @@ +pykube-ng==23.6.0 \ No newline at end of file diff --git "a/docs/user-guide/\351\203\250\347\275\262\346\214\207\345\215\227/\346\227\240\347\275\221\347\273\234\347\216\257\345\242\203\344\270\213\351\203\250\347\275\262\346\214\207\345\215\227.md" "b/docs/user-guide/\351\203\250\347\275\262\346\214\207\345\215\227/\346\227\240\347\275\221\347\273\234\347\216\257\345\242\203\344\270\213\351\203\250\347\275\262\346\214\207\345\215\227.md" index 60ac9257..e4135d9c 100644 --- "a/docs/user-guide/\351\203\250\347\275\262\346\214\207\345\215\227/\346\227\240\347\275\221\347\273\234\347\216\257\345\242\203\344\270\213\351\203\250\347\275\262\346\214\207\345\215\227.md" +++ "b/docs/user-guide/\351\203\250\347\275\262\346\214\207\345\215\227/\346\227\240\347\275\221\347\273\234\347\216\257\345\242\203\344\270\213\351\203\250\347\275\262\346\214\207\345\215\227.md" @@ -10,13 +10,12 @@ openEuler Copilot System 是一款智能问答工具,使用 openEuler Copilot | ----------------------------- | --------------- | -------------------- | | euler-copilot-framework | 8002 (内部端口) | 智能体框架服务 | | euler-copilot-web | 8080 | 智能体前端界面 | -| euler-copilot-rag | 8005 (内部端口) | 检索增强服务 | +| euler-copilot-rag | 9988 (内部端口) | 检索增强服务 | | euler-copilot-vectorize-agent | 8001 (内部端口) | 文本向量化服务 | | mysql | 3306 (内部端口) | MySQL数据库 | | redis | 6379 (内部端口) | Redis数据库 | | postgres | 5432 (内部端口) | 向量数据库 | | secret_inject | 无 | 配置文件安全复制工具 | - ## 环境要求 ### 软件要求 @@ -41,7 +40,7 @@ openEuler Copilot System 是一款智能问答工具,使用 openEuler Copilot 注意: -1. 若无 GPU 或 NPU 资源,建议通过调用 OpenAI 接口的方式来实现功能。(接口样例:) +1. 若无 GPU 或 NPU 资源,建议通过调用 OpenAI 接口的方式来实现功能。 2. 调用第三方 OpenAI 接口的方式不需要安装高版本的 python (>=3.9.9) 3. 英伟达 GPU 对 Docker 的支持必需要新版本 Docker (>= v25.4.0) @@ -95,7 +94,7 @@ openEuler Copilot System 是一款智能问答工具,使用 openEuler Copilot - SELinux设置 ```bash - # 永久关闭SELinux + # 永久关闭 SELinux sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config # 临时关闭 setenforce 0 @@ -113,8 +112,25 @@ openEuler Copilot System 是一款智能问答工具,使用 openEuler Copilot wget https://repo.oepkgs.net/openEuler/rpm/openEuler-22.03-LTS/contrib/EulerCopilot/bge-reranker-large.tar.gz ``` -- 镜像包下载 - - x86或arm架构的EulerCopilot服务的各组件镜像和tag可在values.yaml文件中查看 +- 镜像包下载 + + 您可在联网的宿主机通过docker pull 拉取下面镜像到本地(即执行 docker pull remote_image_address ),并上传至待部署服务器。 + ```bash + # X86架构镜像地址如下所示,ARM架构修改tag为arm + hub.oepkgs.net/neocopilot/euler-copilot-framework:0.9.3-x86 + hub.oepkgs.net/neocopilot/euler-copilot-vectorize-agent:0.9.3-x86 + hub.oepkgs.net/neocopilot/euler-copilot-web:0.9.3-x86 + hub.oepkgs.net/neocopilot/data_chain_back_end:0.9.3-x86 + hub.oepkgs.net/neocopilot/data_chain_web:0.9.3-x86 + hub.oepkgs.net/neocopilot/authhub-backend:0.9.1-x86 + hub.oepkgs.net/neocopilot/authhub-web:0.9.1-x86 + hub.oepkgs.net/neocopilot/pgsql-empty:pg16-x86 + hub.oepkgs.net/neocopilot/redis:7.4-alpine-x86 + hub.oepkgs.net/neocopilot/mysql:8-x86 + hub.oepkgs.net/neocopilot/minio:empty-x86 + hub.oepkgs.net/neocopilot/mongo:7.0.15-x86 + hub.oepkgs.net/neocopilot/secret_inject:x86 + ``` ### 3. 安装部署工具 @@ -124,39 +140,47 @@ openEuler Copilot System 是一款智能问答工具,使用 openEuler Copilot ```bash yum install -y container-selinux selinux-policy-base - # packages里有k3s-selinux-0.1.1-rc1.el7.noarch.rpm的离线包 - rpm -i https://rpm.rancher.io/k3s-selinux-0.1.1-rc1.el7.noarch.rpm ``` -- x86 架构安装 k3s + ```bash + rpm -i https://rpm.rancher.io/k3s-selinux-0.1.1-rc1.el7.noarch.rpm + ``` +- 安装 k3s + + 可以在有网络的环境上获取 k3s 相关包并上传至服务器, 并执行安装操作,以 'v1.30.3+k3s1' 示例 + ```bash - # 在有网络的环境上获取k3s相关包并上传至服务器,以v1.30.3+k3s1示例 + # x86 架构 wget https://github.com/k3s-io/k3s/releases/download/v1.30.3%2Bk3s1/k3s wget https://github.com/k3s-io/k3s/releases/download/v1.30.3%2Bk3s1/k3s-airgap-images-amd64.tar.zst - cp k3s /usr/local/bin/ - cd /var/lib/rancher/k3s/agent - mkdir images - cp k3s-airgap-images-arm64.tar.zst /var/lib/rancher/k3s/agent/images - # packages里有k3s-install.sh的离线包 - curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh - INSTALL_K3S_SKIP_DOWNLOAD=true ./k3s-install.sh - export KUBECONFIG=/etc/rancher/k3s/k3s.yaml + # Arm 架构 + wget https://github.com/k3s-io/k3s/releases/download/v1.30.3%2Bk3s1/k3s-arm64 + wget https://github.com/k3s-io/k3s/releases/download/v1.30.3%2Bk3s1/k3s-airgap-images-arm64.tar.zst ``` -- arm 架构安装 k3s - ```bash - # 在有网络的环境上获取k3s相关包并上传至服务器,以v1.30.3+k3s1示例 - wget https://github.com/k3s-io/k3s/releases/download/v1.30.3%2Bk3s1/k3s-arm64 - wget https://github.com/k3s-io/k3s/releases/download/v1.30.3%2Bk3s1/k3s-airgap-images-arm64.tar.zst - cp k3s-arm64 /usr/local/bin/k3s - cd /var/lib/rancher/k3s/agent - mkdir images + # x86 架构 + cp k3s /usr/local/bin/ + # Arm 架构 + cp k3s-arm64 /usr/local/bin/ + ``` + ```bash + mkdir -p /var/lib/rancher/k3s/agent + ``` + ```bash + # x86 架构 + cp k3s-airgap-images-amd64.tar.zst /var/lib/rancher/k3s/agent/images + # Arm 架构 cp k3s-airgap-images-arm64.tar.zst /var/lib/rancher/k3s/agent/images - # packages里有k3s-install.sh的离线包 - curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh + ``` + ```bash + curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh + ``` + ```bash INSTALL_K3S_SKIP_DOWNLOAD=true ./k3s-install.sh + ``` + ```bash export KUBECONFIG=/etc/rancher/k3s/k3s.yaml ``` @@ -187,9 +211,17 @@ openEuler Copilot System 是一款智能问答工具,使用 openEuler Copilot rm -rf linux-arm64 ``` -#### 3.3 大模型准备 +#### 3.3 域名配置 + - 需要准备4个域名`minio\authhub\eulercopilot\witchaind`,可预先申请域名或在 `C:\Windows\System32\drivers\etc\hosts`下配置。 + - 必须是同根域名,如`minio.test.com`、`authhub.test.com`、`eulercopilot.test.com`、`witchaind.test.com` + + +#### 3.4 大模型准备 + + - 使用第三方 openai 在线接口 + - 基于硬件本都部署大模型,本地部署大模型可参考附录部分。 + -提供第三方openai接口或基于硬件本都部署大模型,本地部署大模型可参考附录部分。 ## 安装 @@ -235,32 +267,33 @@ openEuler Copilot System 是一款智能问答工具,使用 openEuler Copilot │   └── web └── values.yaml ``` - -### 1. 安装数据库 - -- 编辑 values.yaml +- 创建命名空间 ```bash - cd deploy/chart/databases + kubectl create namespace euler-copilot ``` - 请根据对应的架构修改镜像标签,并设置数据库密码。 + 设置环境变量 ```bash - vim values.yaml + export KUBECONFIG=/etc/rancher/k3s/k3s.yaml ``` -- 创建命名空间 +### 1. 安装数据库 + +- 编辑 values.yaml ```bash - kubectl create namespace euler-copilot + cd deploy/chart/databases ``` - 设置环境变量 - ```bash - export KUBECONFIG=/etc/rancher/k3s/k3s.yaml + vim values.yaml ``` + **填写说明:** + 1. **密码设置**:所有密码必须设置为数字与字母的组合,并请确认所有条目均已准确填写; + 2. **域名设置**:依据之前的域名配置,请正确填写 MinIO 的域名; + 3. **镜像标签调整**:根据系统架构,请相应地调整镜像标签(tag)。 - 安装数据库 @@ -277,17 +310,38 @@ openEuler Copilot System 是一款智能问答工具,使用 openEuler Copilot ```bash pgsql-deploy-databases-86b4dc4899-ppltc 1/1 Running 0 17d redis-deploy-databases-f8866b56-kj9jz 1/1 Running 0 17d - mysql-deploy-databases-57f5f94ccf-sbhzp 2/2 Running 0 17d + minio-deploy-databases-6b8dfcdc5d-7d4td 1/1 Running 0 17d + mongo-deploy-databases-85c75cbb-v88r6 1/1 Running 0 17d ``` -- 若服务器之前部署过 mysql,则可预先清除下 pvc,再部署 databases。 +- 问题定位 + + - 查看 Pod 的 日志 + + ```bash + kubectl -n euler-copilot logs minio-deploy-databases-6b8dfcdc5d-7d4td + ``` + - 进入 Pod + + ```bash + kubectl -n euler-copilot exec pgsql-deploy-databases-86b4dc4899-ppltc -- bash + ``` + ```bash + # 连接数据库 + psql -U postgres -d postgres + ``` + - 清除 PVC ```bash kubectl -n euler-copilot get pvc ``` ```bash - kubectl -n euler-copilot delete pvc mysql-pvc + kubectl -n euler-copilot delete pvc minio-pvc-databases + ``` + - 更新配置 + ```bash + helm upgrade -n euler-copilot databases . ``` ### 2. 安装鉴权平台Authhub @@ -295,20 +349,15 @@ openEuler Copilot System 是一款智能问答工具,使用 openEuler Copilot - 编辑 values.yaml ```bash - cd deploy/chart/authhub + cd ../authhub ``` - - 请结合 YAML 中的注释中的[必填]项进行修改 - ```bash vim values.yaml ``` - - - 注意: - 1. authHub 需要域名,可预先申请域名或在 'C:\Windows\System32\drivers\etc\hosts' 下配置。 - authhub和euler-copilot必须是同一个根域名的两个子域名, 例如authhub.test.com和 - eulercopilot.test.com - 2. 根据对应的架构修改镜像标签,并填写数据库密码。 + **填写说明:** + 1. **密码设置**:所有密码必须设置为数字与字母的组合,并请确认所有条目均已准确填写; + 2. **域名设置**:依据之前的域名配置,请正确填写 authhub-web 的域名; + 3. **镜像标签调整**:根据系统架构,请相应地调整镜像标签(tag)。 - 安装 AuthHub @@ -316,8 +365,6 @@ openEuler Copilot System 是一款智能问答工具,使用 openEuler Copilot helm install -n euler-copilot authhub . ``` - AuthHub 默认账号 `administrator`, 密码 `changeme` - - 查看 pod 状态 ```bash @@ -330,46 +377,48 @@ openEuler Copilot System 是一款智能问答工具,使用 openEuler Copilot authhub-web-deploy-authhub-7c48695966-h8d2p 1/1 Running 0 17d pgsql-deploy-databases-86b4dc4899-ppltc 1/1 Running 0 17d redis-deploy-databases-f8866b56-kj9jz 1/1 Running 0 17d - mysql-deploy-databases-57f5f94ccf-sbhzp 2/2 Running 0 17d + minio-deploy-databases-6b8dfcdc5d-7d4td 1/1 Running 0 17d + mongo-deploy-databases-85c75cbb-v88r6 1/1 Running 0 17d ``` - 登录 AuthHub - AuthHub 的域名以 为例,浏览器输入`https://authhub.test.com`, 登录界面如下图所示: + AuthHub 的域名以 为例,浏览器输入`https://authhub.test.com`,登录界面如下图所示: ![部署图](./pictures/authhub登录界面.png) + **AuthHub 登录默认账号 `administrator`, 密码 `changeme`** + - 创建应用eulercopilot ![部署图](./pictures/创建应用界面.png) - 点击创建应用,输入应用名称、应用主页和应用回调地址(登录后回调地址),参考如下: - - 应用名称:eulercopilot - - 应用主页: - - 应用回调地址: - - 应用创建好后会生成 Client ID 和 Client Secret,将生成的 Client ID 和 Client Secret 配置到应用里,以 eulercopilot 为例,创建应用后在配置文件中添加配置 `deploy/chart/euler_copilot/values.yaml` 中添加配置 + + 点击**创建应用**后,请按照以下示例填写相关信息: + - **应用名称**: eulercopilot + - **应用主页 URL**: https://eulercopilot.test.com + - **应用回调地址(登录后)**: https://eulercopilot.test.com/api/auth/login + - 点击**创建**,即可完成应用创建流程,系统将自动生成一个 **Client ID** 和 **Client Secret**。请保存好这对凭据,稍后在 `deploy/chart/euler_copilot/values.yaml` 配置文件中需要添加它们。 ![部署图](./pictures/创建应用成功界面.png) -### 2. 安装 openEuler Copilot System +### 3. 安装 openEuler Copilot System - 编辑 values.yaml ```bash - cd deploy/chart/euler_copilot + cd ../euler_copilot ``` - - 请结合 YAML 中的注释中的[必填]项进行修改 - ```bash vim values.yaml ``` + **填写说明:** - - 注意: - 1. 根据对应的架构修改镜像标签,并填写数据库密码。; - 2. 修改values.yaml中的globals的domain为EulerCopilot域名,并配置大模型的相关信息 - 3. 手动创建`docs_dir`、`plugin_dir`、`models`三个文件挂载目录 - 4. 修改values.yaml中framework章节的web_url和oidc设置 - 5. 如果部署插件,则需要配置用于Function Call的模型,此时必须有GPU环境用于部署sglang,可参考附件 + 1. **密码设置**:所有密码必须是数字与字母的组合,请确保所有条目均已准确无误地填写。 + 2. **域名配置**:请根据先前的域名设置,正确填写 eulercopilot 和 witchind 的对应域名。 + 3. **镜像标签调整**:依据系统的架构要求,适当调整容器镜像的标签(tag)。 + 4. **Volume挂载目录**:创建并指定正确的卷(volume)挂载路径。 + 5. **OIDC 设置**:完成 framework章节中 OIDC 的正确配置。 + 6. **插件部署(可选)**:如果选择部署插件,需配置用于Function Call的模型。注意,部署sglang时需要有GPU支持环境,详情请参阅附件。 - 安装 openEuler Copilot System @@ -398,49 +447,64 @@ openEuler Copilot System 是一款智能问答工具,使用 openEuler Copilot web-deploy-service-74fbf7999f-r46rg 1/1 Running 0 2d ``` - 注意:如果 Pod 状态出现失败,建议按照以下步骤进行排查 - 1. 查看 Kubernetes 集群的事件 (Events),以获取更多关于 Pod 失败的上下文信息 + **故障排查:** + + 当 Pod 状态显示为失败时,建议遵循以下步骤进行问题排查: + + 1. **获取集群事件信息** + + 为了更好地定位 Pod 失败的原因,请首先检查 Kubernetes 集群中的事件 (Events)。这可以提供有关 Pod 状态变化的上下文信息。 ```bash - kubectl -n euler-copilot get events + kubectl get events -n euler-copilot ``` - 2. 查看镜像拉取是否成功 + 2. **验证镜像拉取状态** + + 确认容器镜像是否成功拉取。如果镜像未能正确加载,可能是由于网络问题或镜像仓库配置错误。 ```bash k3s crictl images ``` - 3. 检查 RAG 的 Pod 日志,以确定是否有错误信息或异常行为。 + 3. **审查 Pod 日志** + + 检查相关 Pod 的日志,以寻找可能的错误信息或异常行为。这对于诊断应用程序级别的问题特别有用。 ```bash kubectl logs rag-deploy-service-5b7887644c-sm58z -n euler-copilot ``` - 4. 验证 Kubernetes 集群的资源状态,检查服务器资源或配额是否足够,资源不足常导致 Pod 镜像服拉取失败。 + 4. **评估资源可用性** + + 确保 Kubernetes 集群有足够的资源(如 CPU、内存和存储)来支持 Pod 的运行。资源不足可能导致镜像拉取失败或其他性能问题。 ```bash - df -h + kubectl top nodes ``` - 5. 如果未拉取成且镜像大小为0,请检查是否是 k3s 版本未满足要求,低于 v1.30.2 + 5. **确认 k3s 版本兼容性** + + 如果遇到镜像拉取失败且镜像大小为 0 的问题,请检查您的 k3s 版本是否符合最低要求(v1.30.2 或更高)。较低版本可能存在不兼容的问题。 ```bash k3s -v ``` - 6. 确认 values.yaml 中 framework 的 OIDC 设置是否正确配置,以确保身份验证和授权功能正常工作。 + 6. **检查 OIDC 设置** + + 审核 `values.yaml` 文件中关于框架的 OIDC 配置,确保身份验证和授权服务已正确设置,这对于集成外部认证服务至关重要。 ```bash - vim /home/euler-copilot-framework/deploy/chart/euler_copilot/values.yaml + cat /home/euler-copilot-framework/deploy/chart/euler_copilot/values.yaml | grep oidc ``` ## 验证安装 -恭喜您,openEuler Copilot System 的部署已完成!现在,您可以开启智能问答的非凡体验之旅了。 -请在浏览器中输入 https://$(host_ip):8080 或 (其中 port 默认值为8080,若更改则需相应调整)访问 openEuler Copilot System 网页,并尝试进行智能问答体验。 +恭喜您,**openEuler Copilot System** 已成功部署!为了开始您的体验,请在浏览器中输入 `https://您的EulerCopilot域名` 链接访问 openEuler Copilot System 的网页界面: + +首次访问时,您需要点击页面上的 **立即注册** 按钮来创建一个新的账号,并完成登录过程。 -首先请点击下方页面的“立即注册”按钮,完成账号的注册与登录。 ![Web登录界面](./pictures/WEB登录界面.png) ![Web 界面](./pictures/WEB界面.png) @@ -553,110 +617,84 @@ openEuler Copilot System 是一款智能问答工具,使用 openEuler Copilot NPU 环境部署可参考链接 [MindIE安装指南](https://www.hiascend.com/document/detail/zh/mindie/10RC2/whatismindie/mindie_what_0001.html) -## FAQ +### FAQ + +#### 1. 解决 Hugging Face 连接错误 -### 1. huggingface 使用报错? +如果遇到如下连接错误: ```text -File "/usr/lib/python3.9/site-packages/urllib3/connection.py", line 186, in _new_conn -raise NewConnectionError(urllib3.exceptions.eanconectionError: : Failed to establish a new conmection: [Errno 101] Network is unreachable +urllib3.exceptions.NewConnectionError: : Failed to establish a new connection: [Errno 101] Network is unreachable ``` -- 解决办法 +尝试以下解决方案: -```bash -pip3 install -U huggingface_hub -``` +- 更新 `huggingface_hub` 包到最新版本。 -```bash -export HF_ENDPOINT=https://hf-mirror.com -``` + ```bash + pip3 install -U huggingface_hub + ``` + +- 如果网络问题依旧存在,可以尝试使用镜像站点作为端点。 + + ```bash + export HF_ENDPOINT=https://hf-mirror.com + ``` -### 2. 如何在 RAG 容器中调用获取问答结果的接口? +#### 2. 在 RAG 容器中调用问答接口 -- 请先进入到 RAG 对应 Pod +进入对应的 RAG Pod 后,可以通过 `curl` 命令发送 POST 请求来获取问答结果。请确保在请求体中提供具体的问题文本。 ```bash curl -k -X POST "http://localhost:8005/kb/get_answer" \ -H "Content-Type: application/json" \ -d '{ - "question": "", + "question": "您的问题", "kb_sn": "default_test", "fetch_source": true }' ``` -### 3. 执行 `helm upgrade` 报错? +#### 3. 解决 `helm upgrade` 错误 -```text -Error: INSTALLATI0N FAILED: Kubernetes cluster unreachable: Get "http:/localhost:880/version": dial tcp [:1:8089: connect: connection refused -``` - -或者 +当 Kubernetes 集群不可达时,您可能会遇到类似下面的错误信息: ```text -Error: UPGRADE FAILED: Kubernetes cluster unreachable: the server could not find the requested resource +Error: UPGRADE FAILED: Kubernetes cluster unreachable ``` -- 解决办法 +确保设置了正确的 KUBECONFIG 环境变量指向有效的配置文件。 ```bash -export KUBECONFIG=/etc/rancher/k3s/k3s.yaml +echo "export KUBECONFIG=/etc/rancher/k3s/k3s.yaml" >> /root/.bashrc +source /root/.bashrc ``` -### 4. 无法查看 Pod 日志? +#### 4. 查看 Pod 日志失败 -```text -[root@localhost euler-copilot]# kubectl logs rag-deployservice65c75c48d8-44vcp-n euler-copilotDefaulted container "rag" out of: rag.rag-copy secret (init)Error from server: Get "https://172.21.31.11:10250/containerlogs/euler copilot/rag deploy"service 65c75c48d8-44vcp/rag": Forbidden -``` - -- 解决办法 - 如果设置了代理,需要将本机的网络 IP 从代理中剔除 +如果您遇到查看 Pod 日志时权限被拒绝的问题,检查是否正确配置了代理设置,并将本机 IP 地址添加到 `no_proxy` 环境变量中。 ```bash cat /etc/systemd/system/k3s.service.env ``` +编辑文件并确保包含: + ```bash -http_proxy="http://XXX:XXX" -https_proxy="http://XXX:XXX" -# 代理中剔除本机IP -no_proxy=XXX.XXX.XXX.XXX +no_proxy=XXX.XXX.XXX.XXX ``` -### 5. GPU环境部署大模型时出现无法流式回复? +#### 5. GPU环境中大模型流式回复问题 -在服务执行 curl 大模型失败,但是将 `"stream": true` 改为 `"stream": false`就可以 curl 通? +对于某些服务执行 curl 大模型时无法进行流式回复的情况,尝试修改请求中的 `"stream"` 参数为 `false`。此外,确认已安装兼容版本的 Pydantic 库。 ```bash -curl -X POST http://localhost:30000/v1/chat/completions \ - -H "Content-Type: application/json" \ - -H "Authorization: Bearer sk-123456" \ - -d '{ - "model": "qwen1.5", - "messages": [ - { - "role": "system", - "content": "你是情感分析专家,你的任务是xxxx" - }, - { - "role": "user", - "content": "你好" - } - ], - "stream": true, - "n": 1, - "max_tokens": 8192 - }' +pip install pydantic==1.10.13 ``` -- 解决办法: +#### 6. sglang 模型部署指南 -```bash -pip install Pydantic=1.10.13 -``` - -### 6. sglang如何部署模型? +按照以下步骤部署基于 sglang 的模型: ```bash # 1. 激活名为 `myenv` 的 Conda 环境,该环境基于 Python 3.10 创建: @@ -686,39 +724,39 @@ python -m sglang.launch_server \ pip show flashinfer ``` -- 注意: -1. API Key:请确保 `--api-key` 参数中的 API 密钥是正确的 -2. 模型路径: 确保 `--model-path` 参数中的路径是正确的,并且模型文件存在于该路径下。 -3. CUDA 版本:确保你的系统上安装了 CUDA 12.1 和 PyTorch 2.4,因为 `flashinfer` 包依赖于这些特定版本。 -4. 线程池大小:根据你的GPU资源和预期负载调整线程池大小。如果你有 8 个 GPU,那么可以选择 --tp 8 来充分利用这些资源。 +**注意事项:** +- API Key:请确保 `--api-key` 参数中的 API 密钥是正确的 +- 模型路径: 确保 `--model-path` 参数中的路径是正确的,并且模型文件存在于该路径下。 +- CUDA 版本:确保你的系统上安装了 CUDA 12.1 和 PyTorch 2.4,因为 `flashinfer` 包依赖于这些特定版本。 +- 线程池大小:根据你的GPU资源和预期负载调整线程池大小。如果你有 8 个 GPU,那么可以选择 --tp 8 来充分利用这些资源。 + +#### 7. 获取 Embedding -### 7. 如何 curl embedding? +使用 curl 发送 POST 请求以获取 embedding 结果: ```bash curl -k -X POST http://$IP:8001/embedding \ -H "Content-Type: application/json" \ - -d '{"texts": ["sample text 1", "sample text 2"]}' -# $IP为vectorize的Embedding的内网地址 + -d '{"texts": ["sample text 1", "sample text 2"]}' ``` -### 8. 如何生成证书? +其中 `$IP` 是 vectorize 内网地址。 +#### 8. 生成证书 + +为了生成自签名证书,首先下载 [mkcert](https://github.com/FiloSottile/mkcert/releases)工具,然后运行以下命令: ```bash -下载地址: https://github.com/FiloSottile/mkcert/releases -# 1. 下载 mkcert -# x86_64 -wget https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-amd64 -# arm64 -wget https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-arm64 -# 2. 执行下面的命令生成秘钥 mkcert -install -# mkcert 可直接接域名或 IP, 生成证书和秘钥 mkcert example.com -# 3. 将证书和秘钥拷贝到 `/home/euler-copilot-framework_openeuler/deploy/chart_ssl/traefik-secret.yaml` 中, 并执行下面命令使其生效。 +``` +最后,将生成的证书和私钥拷贝到 values.yaml 中, 并应用至 Kubernetes Secret。 +```bash +vim /home/euler-copilot-framework_openeuler/deploy/chart_ssl/traefik-secret.yaml +``` +```bash kubectl apply -f traefik-secret.yaml ``` -### 8. Pod状态由runnning变为pending? - -在Pod正常运行一段时间后,其状态从“Running”全部转变为 “Pending” 或 “Completed”, -可执行命令`df -h`,查看Pod所在宿主机的存储空间,确保可用空间不低于30%,以保证pod的正常运行。 \ No newline at end of file +#### 9. Pod 状态从 Running 变为 Pending 或 Completed + +Pod 状态变化可能是因为宿主机存储空间不足。使用 `df -h` 检查磁盘使用情况,并保证至少有 30% 的可用空间。这有助于维持 Pod 的稳定运行状态。 diff --git "a/docs/user-guide/\351\203\250\347\275\262\346\214\207\345\215\227/\346\234\254\345\234\260\350\265\204\344\272\247\345\272\223\346\236\204\345\273\272\346\214\207\345\215\227.md" "b/docs/user-guide/\351\203\250\347\275\262\346\214\207\345\215\227/\346\234\254\345\234\260\350\265\204\344\272\247\345\272\223\346\236\204\345\273\272\346\214\207\345\215\227.md" index e940c0b8..36ed5f2d 100644 --- "a/docs/user-guide/\351\203\250\347\275\262\346\214\207\345\215\227/\346\234\254\345\234\260\350\265\204\344\272\247\345\272\223\346\236\204\345\273\272\346\214\207\345\215\227.md" +++ "b/docs/user-guide/\351\203\250\347\275\262\346\214\207\345\215\227/\346\234\254\345\234\260\350\265\204\344\272\247\345\272\223\346\236\204\345\273\272\346\214\207\345\215\227.md" @@ -23,44 +23,10 @@ - 检索增强: 本平台最终解析的结果通过向量化、关键字的形式对外呈现检索结果,也提供了token压缩和问题补全等技术增强结果命中的概率,也使用了上下文随机关联的形式补全检索结果。 -## 准备工作 - -- 部署witchaind服务 - - ```bash - # 进入witchaind目录 - cd euler-copilot-framework_openeuler/deploy/chart/witchaind - ``` - ```bash - # 编辑values.yaml - vim values.yaml - # 注意: - # - domain的配置和EulerCopilot主页域名配置方法相同且同根域名 - # - LLM设置和EulerCopilot的values中模型配置相同 - # - Embedding模型URL可填写为 http://vectorize-agent-service-service.euler-copilot.svc.cluster.local:8001/embedding或查看Embedding模型的服务IP后填写 - # - 密钥可随意填写为随机字符串 - ``` - ```bash - # 安装witchaind - helm install -n euler-copilot witchaind . - ``` - - ```bash - # 查看pod状态 - kubectl -n euler-copilot get pods - ``` - ```bash - # witchaind相关服务已正常启动 - NAME READY STATUS RESTARTS AGE - witchaind-backend-deploy-witchaind-8fcccbfb7-8f42t 1/1 Running 0 3d1h - witchaind-redis-deploy-witchaind-7f9768c8c6-62bwt 1/1 Running 0 3d1h - witchaind-web-deploy-witchaind-6b4f4674fd-hz88g 1/1 Running 0 3d1h - minio-deploy-witchaind-7f779f5cf4-lqrd9 1/1 Running 0 3d1h - ``` ## 登录管理平台 -请在浏览器中输入 https://$(host_ip):9888 或 访问 openEuler Copilot witChainD 网页, +请在浏览器中输入 `https://$(wichaind域名)`访问 openEuler Copilot witChainD 网页, 登入界面如下,输入账号、密码点击登录按钮登录系统。 ![witchaind登录界面](./pictures/witChainD/witchaind登录界面.png) diff --git "a/docs/user-guide/\351\203\250\347\275\262\346\214\207\345\215\227/\347\275\221\347\273\234\347\216\257\345\242\203\344\270\213\351\203\250\347\275\262\346\214\207\345\215\227.md" "b/docs/user-guide/\351\203\250\347\275\262\346\214\207\345\215\227/\347\275\221\347\273\234\347\216\257\345\242\203\344\270\213\351\203\250\347\275\262\346\214\207\345\215\227.md" index fc4758c1..8bf2dfd4 100644 --- "a/docs/user-guide/\351\203\250\347\275\262\346\214\207\345\215\227/\347\275\221\347\273\234\347\216\257\345\242\203\344\270\213\351\203\250\347\275\262\346\214\207\345\215\227.md" +++ "b/docs/user-guide/\351\203\250\347\275\262\346\214\207\345\215\227/\347\275\221\347\273\234\347\216\257\345\242\203\344\270\213\351\203\250\347\275\262\346\214\207\345\215\227.md" @@ -10,7 +10,7 @@ openEuler Copilot System 是一款智能问答工具,使用 openEuler Copilot | ----------------------------- | --------------- | -------------------- | | euler-copilot-framework | 8002 (内部端口) | 智能体框架服务 | | euler-copilot-web | 8080 | 智能体前端界面 | -| euler-copilot-rag | 8005 (内部端口) | 检索增强服务 | +| euler-copilot-rag | 9988 (内部端口) | 检索增强服务 | | euler-copilot-vectorize-agent | 8001 (内部端口) | 文本向量化服务 | | mysql | 3306 (内部端口) | MySQL数据库 | | redis | 6379 (内部端口) | Redis数据库 | @@ -83,12 +83,15 @@ cd /home/euler-copilot-framework/deploy/scripts && tree └── prepare_docker.sh ``` -| 序号 | 步骤内容 | 相关指令 | 说明 | +| 序号 | 步骤内容 | 相关指令 | 说明 | |-------------- |----------|---------------------------------------------|------------------------------------------ | |1| 环境检查 | `bash check_env.sh` | 主要对服务器的主机名、DNS、防火墙设置、磁盘剩余空间大小、网络、检查SELinux的设置 | |2| 文件下载 | `bash download_file.sh` | 模型bge-reranker-large、bge-mixed-mode下载 | |3| 安装部署工具 | `bash install_tools.sh v1.30.2+k3s1 v3.15.3 cn` | 安装helm、k3s工具。注意:cn的使用是使用镜像站,可以去掉不用 | -|4| 大模型准备 | 提供第三方 OpenAI 接口或基于硬件本都部署大模型 | 本地部署大模型可参考附录部分 | +|4| 域名配置 | 需要准备4个域名`minio\authhub\eulercopilot\witchaind` | 预先申请域名或在 'C:\Windows\System32\drivers\etc\hosts' 下配置。必须是同根域名, 例如`minio.test.com`、`authhub.test.com`、`eulercopilot.test.com`、`witchaind.test.com` | +|5| 大模型准备 | 提供第三方 OpenAI 接口或基于硬件本都部署大模型 | 本地部署大模型可参考附录部分 | + + ## 安装 @@ -134,32 +137,33 @@ cd /home/euler-copilot-framework/deploy/scripts && tree │   └── web └── values.yaml ``` - -### 1. 安装数据库 - -- 编辑 values.yaml +- 创建命名空间 ```bash - cd deploy/chart/databases + kubectl create namespace euler-copilot ``` - 请根据对应的架构修改镜像标签,并设置数据库密码。 + 设置环境变量 ```bash - vim values.yaml + export KUBECONFIG=/etc/rancher/k3s/k3s.yaml ``` -- 创建命名空间 +### 1. 安装数据库 + +- 编辑 values.yaml ```bash - kubectl create namespace euler-copilot + cd deploy/chart/databases ``` - 设置环境变量 - ```bash - export KUBECONFIG=/etc/rancher/k3s/k3s.yaml + vim values.yaml ``` + **填写说明:** + 1. **密码设置**:所有密码必须设置为数字与字母的组合,并请确认所有条目均已准确填写; + 2. **域名设置**:依据之前的域名配置,请正确填写 MinIO 的域名; + 3. **镜像标签调整**:根据系统架构,请相应地调整镜像标签(tag)。 - 安装数据库 @@ -176,17 +180,38 @@ cd /home/euler-copilot-framework/deploy/scripts && tree ```bash pgsql-deploy-databases-86b4dc4899-ppltc 1/1 Running 0 17d redis-deploy-databases-f8866b56-kj9jz 1/1 Running 0 17d - mysql-deploy-databases-57f5f94ccf-sbhzp 2/2 Running 0 17d + minio-deploy-databases-6b8dfcdc5d-7d4td 1/1 Running 0 17d + mongo-deploy-databases-85c75cbb-v88r6 1/1 Running 0 17d ``` -- 若服务器之前部署过 mysql,则可预先清除下 pvc,再部署 databases。 +- 问题定位 + + - 查看 Pod 的 日志 + + ```bash + kubectl -n euler-copilot logs minio-deploy-databases-6b8dfcdc5d-7d4td + ``` + - 进入 Pod + + ```bash + kubectl -n euler-copilot exec pgsql-deploy-databases-86b4dc4899-ppltc -- bash + ``` + ```bash + # 连接数据库 + psql -U postgres -d postgres + ``` + - 清除 PVC ```bash kubectl -n euler-copilot get pvc ``` ```bash - kubectl -n euler-copilot delete pvc mysql-pvc + kubectl -n euler-copilot delete pvc minio-pvc-databases + ``` + - 更新配置 + ```bash + helm upgrade -n euler-copilot databases . ``` ### 2. 安装鉴权平台Authhub @@ -194,20 +219,15 @@ cd /home/euler-copilot-framework/deploy/scripts && tree - 编辑 values.yaml ```bash - cd deploy/chart/authhub + cd ../authhub ``` - - 请结合 YAML 中的注释中的[必填]项进行修改 - ```bash vim values.yaml ``` - - - 注意: - 1. authHub 需要域名,可预先申请域名或在 'C:\Windows\System32\drivers\etc\hosts' 下配置。 - authhub和euler-copilot必须是同一个根域名的两个子域名, 例如authhub.test.com和 - eulercopilot.test.com - 2. 根据对应的架构修改镜像标签,并填写数据库密码。 + **填写说明:** + 1. **密码设置**:所有密码必须设置为数字与字母的组合,并请确认所有条目均已准确填写; + 2. **域名设置**:依据之前的域名配置,请正确填写 authhub-web 的域名; + 3. **镜像标签调整**:根据系统架构,请相应地调整镜像标签(tag)。 - 安装 AuthHub @@ -215,8 +235,6 @@ cd /home/euler-copilot-framework/deploy/scripts && tree helm install -n euler-copilot authhub . ``` - AuthHub 默认账号 `administrator`, 密码 `changeme` - - 查看 pod 状态 ```bash @@ -229,46 +247,48 @@ cd /home/euler-copilot-framework/deploy/scripts && tree authhub-web-deploy-authhub-7c48695966-h8d2p 1/1 Running 0 17d pgsql-deploy-databases-86b4dc4899-ppltc 1/1 Running 0 17d redis-deploy-databases-f8866b56-kj9jz 1/1 Running 0 17d - mysql-deploy-databases-57f5f94ccf-sbhzp 2/2 Running 0 17d + minio-deploy-databases-6b8dfcdc5d-7d4td 1/1 Running 0 17d + mongo-deploy-databases-85c75cbb-v88r6 1/1 Running 0 17d ``` - 登录 AuthHub - AuthHub 的域名以 为例,浏览器输入`https://authhub.test.com`, 登录界面如下图所示: + AuthHub 的域名以 为例,浏览器输入`https://authhub.test.com`,登录界面如下图所示: ![部署图](./pictures/authhub登录界面.png) + **AuthHub 登录默认账号 `administrator`, 密码 `changeme`** + - 创建应用eulercopilot ![部署图](./pictures/创建应用界面.png) - 点击创建应用,输入应用名称、应用主页和应用回调地址(登录后回调地址),参考如下: - - 应用名称:eulercopilot - - 应用主页: - - 应用回调地址: - - 应用创建好后会生成 Client ID 和 Client Secret,将生成的 Client ID 和 Client Secret 配置到应用里,以 eulercopilot 为例,创建应用后在配置文件中添加配置 `deploy/chart/euler_copilot/values.yaml` 中添加配置 + + 点击**创建应用**后,请按照以下示例填写相关信息: + - **应用名称**: eulercopilot + - **应用主页 URL**: https://eulercopilot.test.com + - **应用回调地址(登录后)**: https://eulercopilot.test.com/api/auth/login + - 点击**创建**,即可完成应用创建流程,系统将自动生成一个 **Client ID** 和 **Client Secret**。请保存好这对凭据,稍后在 `deploy/chart/euler_copilot/values.yaml` 配置文件中需要添加它们。 ![部署图](./pictures/创建应用成功界面.png) -### 2. 安装 openEuler Copilot System +### 3. 安装 openEuler Copilot System - 编辑 values.yaml ```bash - cd deploy/chart/euler_copilot + cd ../euler_copilot ``` - - 请结合 YAML 中的注释中的[必填]项进行修改 - ```bash vim values.yaml ``` + **填写说明:** - - 注意: - 1. 根据对应的架构修改镜像标签,并填写数据库密码。; - 2. 修改values.yaml中的globals的domain为EulerCopilot域名,并配置大模型的相关信息 - 3. 手动创建`docs_dir`、`plugin_dir`、`models`三个文件挂载目录 - 4. 修改values.yaml中framework章节的web_url和oidc设置 - 5. 如果部署插件,则需要配置用于Function Call的模型,此时必须有GPU环境用于部署sglang,可参考附件 + 1. **密码设置**:所有密码必须是数字与字母的组合,请确保所有条目均已准确无误地填写。 + 2. **域名配置**:请根据先前的域名设置,正确填写 eulercopilot 和 witchind 的对应域名。 + 3. **镜像标签调整**:依据系统的架构要求,适当调整容器镜像的标签(tag)。 + 4. **Volume挂载目录**:创建并指定正确的卷(volume)挂载路径。 + 5. **OIDC 设置**:完成 framework章节中 OIDC 的正确配置。 + 6. **插件部署(可选)**:如果选择部署插件,需配置用于Function Call的模型。注意,部署sglang时需要有GPU支持环境,详情请参阅附件。 - 安装 openEuler Copilot System @@ -297,49 +317,64 @@ cd /home/euler-copilot-framework/deploy/scripts && tree web-deploy-service-74fbf7999f-r46rg 1/1 Running 0 2d ``` - 注意:如果 Pod 状态出现失败,建议按照以下步骤进行排查 - 1. 查看 Kubernetes 集群的事件 (Events),以获取更多关于 Pod 失败的上下文信息 + **故障排查:** + + 当 Pod 状态显示为失败时,建议遵循以下步骤进行问题排查: + + 1. **获取集群事件信息** + + 为了更好地定位 Pod 失败的原因,请首先检查 Kubernetes 集群中的事件 (Events)。这可以提供有关 Pod 状态变化的上下文信息。 ```bash - kubectl -n euler-copilot get events + kubectl get events -n euler-copilot ``` - 2. 查看镜像拉取是否成功 + 2. **验证镜像拉取状态** + + 确认容器镜像是否成功拉取。如果镜像未能正确加载,可能是由于网络问题或镜像仓库配置错误。 ```bash k3s crictl images ``` - 3. 检查 RAG 的 Pod 日志,以确定是否有错误信息或异常行为。 + 3. **审查 Pod 日志** + + 检查相关 Pod 的日志,以寻找可能的错误信息或异常行为。这对于诊断应用程序级别的问题特别有用。 ```bash kubectl logs rag-deploy-service-5b7887644c-sm58z -n euler-copilot ``` - 4. 验证 Kubernetes 集群的资源状态,检查服务器资源或配额是否足够,资源不足常导致 Pod 镜像服拉取失败。 + 4. **评估资源可用性** + + 确保 Kubernetes 集群有足够的资源(如 CPU、内存和存储)来支持 Pod 的运行。资源不足可能导致镜像拉取失败或其他性能问题。 ```bash - df -h + kubectl top nodes ``` - 5. 如果未拉取成且镜像大小为0,请检查是否是 k3s 版本未满足要求,低于 v1.30.2 + 5. **确认 k3s 版本兼容性** + + 如果遇到镜像拉取失败且镜像大小为 0 的问题,请检查您的 k3s 版本是否符合最低要求(v1.30.2 或更高)。较低版本可能存在不兼容的问题。 ```bash k3s -v ``` - 6. 确认 values.yaml 中 framework 的 OIDC 设置是否正确配置,以确保身份验证和授权功能正常工作。 + 6. **检查 OIDC 设置** + + 审核 `values.yaml` 文件中关于框架的 OIDC 配置,确保身份验证和授权服务已正确设置,这对于集成外部认证服务至关重要。 ```bash - vim /home/euler-copilot-framework/deploy/chart/euler_copilot/values.yaml + cat /home/euler-copilot-framework/deploy/chart/euler_copilot/values.yaml | grep oidc ``` ## 验证安装 -恭喜您,openEuler Copilot System 的部署已完成!现在,您可以开启智能问答的非凡体验之旅了。 -请在浏览器中输入 https://$(host_ip):8080 或 (其中 port 默认值为8080,若更改则需相应调整)访问 openEuler Copilot System 网页,并尝试进行智能问答体验。 +恭喜您,**openEuler Copilot System** 已成功部署!为了开始您的体验,请在浏览器中输入 `https://您的EulerCopilot域名` 链接访问 openEuler Copilot System 的网页界面: + +首次访问时,您需要点击页面上的 **立即注册** 按钮来创建一个新的账号,并完成登录过程。 -首先请点击下方页面的“立即注册”按钮,完成账号的注册与登录。 ![Web登录界面](./pictures/WEB登录界面.png) ![Web 界面](./pictures/WEB界面.png) @@ -452,110 +487,84 @@ cd /home/euler-copilot-framework/deploy/scripts && tree NPU 环境部署可参考链接 [MindIE安装指南](https://www.hiascend.com/document/detail/zh/mindie/10RC2/whatismindie/mindie_what_0001.html) -## FAQ +### FAQ -### 1. huggingface 使用报错? +#### 1. 解决 Hugging Face 连接错误 + +如果遇到如下连接错误: ```text -File "/usr/lib/python3.9/site-packages/urllib3/connection.py", line 186, in _new_conn -raise NewConnectionError(urllib3.exceptions.eanconectionError: : Failed to establish a new conmection: [Errno 101] Network is unreachable +urllib3.exceptions.NewConnectionError: : Failed to establish a new connection: [Errno 101] Network is unreachable ``` -- 解决办法 +尝试以下解决方案: -```bash -pip3 install -U huggingface_hub -``` +- 更新 `huggingface_hub` 包到最新版本。 -```bash -export HF_ENDPOINT=https://hf-mirror.com -``` + ```bash + pip3 install -U huggingface_hub + ``` -### 2. 如何在 RAG 容器中调用获取问答结果的接口? +- 如果网络问题依旧存在,可以尝试使用镜像站点作为端点。 -- 请先进入到 RAG 对应 Pod + ```bash + export HF_ENDPOINT=https://hf-mirror.com + ``` + +#### 2. 在 RAG 容器中调用问答接口 + +进入对应的 RAG Pod 后,可以通过 `curl` 命令发送 POST 请求来获取问答结果。请确保在请求体中提供具体的问题文本。 ```bash curl -k -X POST "http://localhost:8005/kb/get_answer" \ -H "Content-Type: application/json" \ -d '{ - "question": "", + "question": "您的问题", "kb_sn": "default_test", "fetch_source": true }' ``` -### 3. 执行 `helm upgrade` 报错? +#### 3. 解决 `helm upgrade` 错误 -```text -Error: INSTALLATI0N FAILED: Kubernetes cluster unreachable: Get "http:/localhost:880/version": dial tcp [:1:8089: connect: connection refused -``` - -或者 +当 Kubernetes 集群不可达时,您可能会遇到类似下面的错误信息: ```text -Error: UPGRADE FAILED: Kubernetes cluster unreachable: the server could not find the requested resource +Error: UPGRADE FAILED: Kubernetes cluster unreachable ``` -- 解决办法 +确保设置了正确的 KUBECONFIG 环境变量指向有效的配置文件。 ```bash -export KUBECONFIG=/etc/rancher/k3s/k3s.yaml +echo "export KUBECONFIG=/etc/rancher/k3s/k3s.yaml" >> /root/.bashrc +source /root/.bashrc ``` -### 4. 无法查看 Pod 日志? - -```text -[root@localhost euler-copilot]# kubectl logs rag-deployservice65c75c48d8-44vcp-n euler-copilotDefaulted container "rag" out of: rag.rag-copy secret (init)Error from server: Get "https://172.21.31.11:10250/containerlogs/euler copilot/rag deploy"service 65c75c48d8-44vcp/rag": Forbidden -``` +#### 4. 查看 Pod 日志失败 -- 解决办法 - 如果设置了代理,需要将本机的网络 IP 从代理中剔除 +如果您遇到查看 Pod 日志时权限被拒绝的问题,检查是否正确配置了代理设置,并将本机 IP 地址添加到 `no_proxy` 环境变量中。 ```bash cat /etc/systemd/system/k3s.service.env ``` +编辑文件并确保包含: + ```bash -http_proxy="http://XXX:XXX" -https_proxy="http://XXX:XXX" -# 代理中剔除本机IP -no_proxy=XXX.XXX.XXX.XXX +no_proxy=XXX.XXX.XXX.XXX ``` -### 5. GPU环境部署大模型时出现无法流式回复? +#### 5. GPU环境中大模型流式回复问题 -在服务执行 curl 大模型失败,但是将 `"stream": true` 改为 `"stream": false`就可以 curl 通? +对于某些服务执行 curl 大模型时无法进行流式回复的情况,尝试修改请求中的 `"stream"` 参数为 `false`。此外,确认已安装兼容版本的 Pydantic 库。 ```bash -curl -X POST http://localhost:30000/v1/chat/completions \ - -H "Content-Type: application/json" \ - -H "Authorization: Bearer sk-123456" \ - -d '{ - "model": "qwen1.5", - "messages": [ - { - "role": "system", - "content": "你是情感分析专家,你的任务是xxxx" - }, - { - "role": "user", - "content": "你好" - } - ], - "stream": true, - "n": 1, - "max_tokens": 8192 - }' +pip install pydantic==1.10.13 ``` -- 解决办法: - -```bash -pip install Pydantic=1.10.13 -``` +#### 6. sglang 模型部署指南 -### 6. sglang如何部署模型? +按照以下步骤部署基于 sglang 的模型: ```bash # 1. 激活名为 `myenv` 的 Conda 环境,该环境基于 Python 3.10 创建: @@ -585,39 +594,39 @@ python -m sglang.launch_server \ pip show flashinfer ``` -- 注意: -1. API Key:请确保 `--api-key` 参数中的 API 密钥是正确的 -2. 模型路径: 确保 `--model-path` 参数中的路径是正确的,并且模型文件存在于该路径下。 -3. CUDA 版本:确保你的系统上安装了 CUDA 12.1 和 PyTorch 2.4,因为 `flashinfer` 包依赖于这些特定版本。 -4. 线程池大小:根据你的GPU资源和预期负载调整线程池大小。如果你有 8 个 GPU,那么可以选择 --tp 8 来充分利用这些资源。 +**注意事项:** +- API Key:请确保 `--api-key` 参数中的 API 密钥是正确的 +- 模型路径: 确保 `--model-path` 参数中的路径是正确的,并且模型文件存在于该路径下。 +- CUDA 版本:确保你的系统上安装了 CUDA 12.1 和 PyTorch 2.4,因为 `flashinfer` 包依赖于这些特定版本。 +- 线程池大小:根据你的GPU资源和预期负载调整线程池大小。如果你有 8 个 GPU,那么可以选择 --tp 8 来充分利用这些资源。 + +#### 7. 获取 Embedding -### 7. 如何 curl embedding? +使用 curl 发送 POST 请求以获取 embedding 结果: ```bash curl -k -X POST http://$IP:8001/embedding \ -H "Content-Type: application/json" \ - -d '{"texts": ["sample text 1", "sample text 2"]}' -# $IP为vectorize的Embedding的内网地址 + -d '{"texts": ["sample text 1", "sample text 2"]}' ``` -### 8. 如何生成证书? +其中 `$IP` 是 vectorize 内网地址。 +#### 8. 生成证书 + +为了生成自签名证书,首先下载 [mkcert](https://github.com/FiloSottile/mkcert/releases)工具,然后运行以下命令: ```bash -下载地址: https://github.com/FiloSottile/mkcert/releases -# 1. 下载 mkcert -# x86_64 -wget https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-amd64 -# arm64 -wget https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-arm64 -# 2. 执行下面的命令生成秘钥 mkcert -install -# mkcert 可直接接域名或 IP, 生成证书和秘钥 mkcert example.com -# 3. 将证书和秘钥拷贝到 `/home/euler-copilot-framework_openeuler/deploy/chart_ssl/traefik-secret.yaml` 中, 并执行下面命令使其生效。 +``` +最后,将生成的证书和私钥拷贝到 values.yaml 中, 并应用至 Kubernetes Secret。 +```bash +vim /home/euler-copilot-framework_openeuler/deploy/chart_ssl/traefik-secret.yaml +``` +```bash kubectl apply -f traefik-secret.yaml ``` -### 8. Pod状态由runnning变为pending? - -在Pod正常运行一段时间后,其状态从“Running”全部转变为 “Pending” 或 “Completed”, -可执行命令`df -h`,查看Pod所在宿主机的存储空间,确保可用空间不低于30%,以保证pod的正常运行。 +#### 9. Pod 状态从 Running 变为 Pending 或 Completed + +Pod 状态变化可能是因为宿主机存储空间不足。使用 `df -h` 检查磁盘使用情况,并保证至少有 30% 的可用空间。这有助于维持 Pod 的稳定运行状态。 diff --git a/sample/apps/test_app/flows/flow.yaml b/sample/apps/test_app/flows/test.yaml similarity index 85% rename from sample/apps/test_app/flows/flow.yaml rename to sample/apps/test_app/flows/test.yaml index 5f52807a..d25e4bfb 100644 --- a/sample/apps/test_app/flows/flow.yaml +++ b/sample/apps/test_app/flows/test.yaml @@ -1,8 +1,9 @@ -# [必填] Flow 名称 -name: test -# [必填] Flow 描述。将影响大模型效果。 -description: 测试工作流 -# Flow出错时的错误处理步骤 +# 【必填】Flow 名称,展示用 +name: 测试工作流 +# 【必填】Flow 描述。将影响大模型效果。 +description: | + 这是一个测试工作流,用于测试工作流的执行流程。 +# 【必填】Flow出错时的错误处理步骤 on_error: # [必填] 是否直接使用大模型自动向用户报错? use_llm: false @@ -24,7 +25,7 @@ steps: params: # 节点的参数 endpoint: GET /api/test # API Endpoint名称 - id: check_data - node: check_data + node: choice name: 判断数据 description: 判断工具的返回值是否包含有效数据 pos: # 节点在画布上的位置 @@ -62,7 +63,7 @@ steps: 使用自然语言解释这一信息,并展示为Markdown列表。 - id: format_output - node: format_output + node: convert name: 格式化输出 description: 按照特定格式输出 pos: # 节点在画布上的位置 @@ -88,6 +89,19 @@ steps: "time": extras.time, "machines": [x for x.id in storage[-1].output.result.machines] } + - id: gen_suggest + node: suggest + name: 问题推荐 + description: 推荐问题 + pos: # 节点在画布上的位置 + x: 500 + y: 100 + params: + num: 3 + configs: + - flow_id: flow_01 + question: 这是固定的推荐问题 + - flow_id: flow_02 # 各个边定义 # 格式:边ID: 来源节点名称 --> 目标节点名称 @@ -112,8 +126,3 @@ edges: - id: edge_05 from: format_output to: - -# 手动设置Flow推荐 -next_flow: - - flow_id: test2 # 展示在推荐区域的Flow - question: xxxxx # 固定的推荐问题 -- Gitee