diff --git a/deploy/helm/context-engine/templates/configmap.yaml b/deploy/helm/context-engine/templates/configmap.yaml index 2a0f1f85..7134afcf 100644 --- a/deploy/helm/context-engine/templates/configmap.yaml +++ b/deploy/helm/context-engine/templates/configmap.yaml @@ -19,8 +19,8 @@ data: FASTMCP_HTTP_PORT: {{ .Values.config.fastmcp.httpPort | quote }} FASTMCP_INDEXER_HTTP_PORT: {{ .Values.config.fastmcp.indexerHttpPort | quote }} FASTMCP_HTTP_TRANSPORT: {{ .Values.config.fastmcp.httpTransport | quote }} - FASTMCP_HTTP_HEALTH_PORT: "18002" - FASTMCP_INDEXER_HTTP_HEALTH_PORT: "18003" + FASTMCP_HTTP_HEALTH_PORT: {{ .Values.config.fastmcp.httpHealthPort | quote }} + FASTMCP_INDEXER_HTTP_HEALTH_PORT: {{ .Values.config.fastmcp.indexerHttpHealthPort | quote }} INDEX_MICRO_CHUNKS: {{ .Values.config.indexing.microChunks | quote }} MAX_MICRO_CHUNKS_PER_FILE: {{ .Values.config.indexing.maxMicroChunksPerFile | quote }} diff --git a/deploy/helm/context-engine/templates/networkpolicy.yaml b/deploy/helm/context-engine/templates/networkpolicy.yaml new file mode 100644 index 00000000..7eaf1059 --- /dev/null +++ b/deploy/helm/context-engine/templates/networkpolicy.yaml @@ -0,0 +1,89 @@ +{{- if .Values.networkPolicy.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: qdrant-network-policy + namespace: {{ include "context-engine.namespace" . }} + labels: + {{- include "context-engine.labels" . | nindent 4 }} + component: qdrant +spec: + podSelector: + matchLabels: + {{- include "context-engine.selectorLabels" . | nindent 6 }} + component: qdrant + policyTypes: + - Ingress + ingress: + - from: + - podSelector: + matchLabels: + {{- include "context-engine.selectorLabels" . | nindent 14 }} + ports: + - protocol: TCP + port: {{ .Values.qdrant.service.httpPort }} + - protocol: TCP + port: {{ .Values.qdrant.service.grpcPort }} + {{- if .Values.networkPolicy.qdrant.allowExternal }} + # Allow external access to Qdrant (any source) + - ports: + - protocol: TCP + port: {{ .Values.qdrant.service.httpPort }} + - protocol: TCP + port: {{ .Values.qdrant.service.grpcPort }} + {{- end }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: mcp-services-network-policy + namespace: {{ include "context-engine.namespace" . }} + labels: + {{- include "context-engine.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "context-engine.selectorLabels" . | nindent 6 }} + policyTypes: + - Ingress + - Egress + ingress: + - from: + - namespaceSelector: {} + podSelector: {} + ports: + - protocol: TCP + port: 8000 + - protocol: TCP + port: 8001 + - protocol: TCP + port: 8002 + - protocol: TCP + port: 8003 + - protocol: TCP + port: 18000 + - protocol: TCP + port: 18001 + egress: + - to: + - podSelector: + matchLabels: + component: qdrant + ports: + - protocol: TCP + port: {{ .Values.qdrant.service.httpPort }} + - protocol: TCP + port: {{ .Values.qdrant.service.grpcPort }} + # Allow DNS resolution (kube-dns) + - to: + - namespaceSelector: {} + ports: + - protocol: TCP + port: 53 + - protocol: UDP + port: 53 + # Allow external HTTPS egress (for model downloads, external APIs) + - ports: + - protocol: TCP + port: 443 +{{- end }} diff --git a/deploy/helm/context-engine/templates/pdb.yaml b/deploy/helm/context-engine/templates/pdb.yaml new file mode 100644 index 00000000..3162050d --- /dev/null +++ b/deploy/helm/context-engine/templates/pdb.yaml @@ -0,0 +1,93 @@ +{{- if .Values.podDisruptionBudget.enabled }} +{{- if .Values.qdrant.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: qdrant-pdb + namespace: {{ include "context-engine.namespace" . }} + labels: + {{- include "context-engine.labels" . | nindent 4 }} + component: qdrant +spec: + {{- if .Values.podDisruptionBudget.qdrant.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.qdrant.minAvailable }} + {{- else if .Values.podDisruptionBudget.qdrant.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.qdrant.maxUnavailable }} + {{- else }} + maxUnavailable: 1 + {{- end }} + selector: + matchLabels: + {{- include "context-engine.selectorLabels" . | nindent 6 }} + component: qdrant +{{- end }} +--- +{{- if .Values.mcpIndexerHttp.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: mcp-indexer-http-pdb + namespace: {{ include "context-engine.namespace" . }} + labels: + {{- include "context-engine.labels" . | nindent 4 }} + component: mcp-indexer-http +spec: + {{- if .Values.podDisruptionBudget.mcpIndexerHttp.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.mcpIndexerHttp.minAvailable }} + {{- else if .Values.podDisruptionBudget.mcpIndexerHttp.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.mcpIndexerHttp.maxUnavailable }} + {{- else }} + maxUnavailable: 1 + {{- end }} + selector: + matchLabels: + {{- include "context-engine.selectorLabels" . | nindent 6 }} + component: mcp-indexer-http +{{- end }} +--- +{{- if .Values.mcpMemoryHttp.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: mcp-memory-http-pdb + namespace: {{ include "context-engine.namespace" . }} + labels: + {{- include "context-engine.labels" . | nindent 4 }} + component: mcp-memory-http +spec: + {{- if .Values.podDisruptionBudget.mcpMemoryHttp.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.mcpMemoryHttp.minAvailable }} + {{- else if .Values.podDisruptionBudget.mcpMemoryHttp.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.mcpMemoryHttp.maxUnavailable }} + {{- else }} + maxUnavailable: 1 + {{- end }} + selector: + matchLabels: + {{- include "context-engine.selectorLabels" . | nindent 6 }} + component: mcp-memory-http +{{- end }} +--- +{{- if .Values.uploadService.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: upload-service-pdb + namespace: {{ include "context-engine.namespace" . }} + labels: + {{- include "context-engine.labels" . | nindent 4 }} + component: upload-service +spec: + {{- if .Values.podDisruptionBudget.uploadService.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.uploadService.minAvailable }} + {{- else if .Values.podDisruptionBudget.uploadService.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.uploadService.maxUnavailable }} + {{- else }} + maxUnavailable: 1 + {{- end }} + selector: + matchLabels: + {{- include "context-engine.selectorLabels" . | nindent 6 }} + component: upload-service +{{- end }} +{{- end }} diff --git a/deploy/helm/context-engine/templates/qdrant-config.yaml b/deploy/helm/context-engine/templates/qdrant-config.yaml new file mode 100644 index 00000000..2c97735b --- /dev/null +++ b/deploy/helm/context-engine/templates/qdrant-config.yaml @@ -0,0 +1,57 @@ +{{- if and .Values.qdrant.enabled .Values.qdrant.config }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: qdrant-config + namespace: {{ include "context-engine.namespace" . }} + labels: + {{- include "context-engine.labels" . | nindent 4 }} + component: qdrant +data: + config.yaml: | + {{- if .Values.qdrant.config.storage }} + storage: + {{- if .Values.qdrant.config.storage.on_disk }} + on_disk: {{ .Values.qdrant.config.storage.on_disk }} + {{- end }} + {{- if .Values.qdrant.config.storage.performance }} + performance: + {{- toYaml .Values.qdrant.config.storage.performance | nindent 8 }} + {{- end }} + {{- if .Values.qdrant.config.storage.quantization }} + quantization: + {{- if .Values.qdrant.config.storage.quantization.scalar }} + scalar: + {{- toYaml .Values.qdrant.config.storage.quantization.scalar | nindent 10 }} + {{- end }} + {{- if .Values.qdrant.config.storage.quantization.product }} + product: + {{- toYaml .Values.qdrant.config.storage.quantization.product | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.qdrant.config.storage.hnsw_index }} + hnsw_index: + {{- toYaml .Values.qdrant.config.storage.hnsw_index | nindent 8 }} + {{- end }} + {{- if .Values.qdrant.config.storage.wal }} + wal: + {{- toYaml .Values.qdrant.config.storage.wal | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.qdrant.config.optimizers }} + optimizers: + {{- toYaml .Values.qdrant.config.optimizers | nindent 6 }} + {{- end }} + {{- if .Values.qdrant.config.service }} + service: + {{- toYaml .Values.qdrant.config.service | nindent 6 }} + {{- end }} + {{- if .Values.qdrant.config.cluster }} + cluster: + {{- toYaml .Values.qdrant.config.cluster | nindent 6 }} + {{- end }} + {{- if .Values.qdrant.config.telemetry }} + telemetry: + {{- toYaml .Values.qdrant.config.telemetry | nindent 6 }} + {{- end }} +{{- end }} diff --git a/deploy/helm/context-engine/templates/resourcequota.yaml b/deploy/helm/context-engine/templates/resourcequota.yaml new file mode 100644 index 00000000..915d7d7c --- /dev/null +++ b/deploy/helm/context-engine/templates/resourcequota.yaml @@ -0,0 +1,32 @@ +{{- if .Values.resourceQuota.enabled }} +apiVersion: v1 +kind: ResourceQuota +metadata: + name: {{ include "context-engine.fullname" . }}-quota + namespace: {{ include "context-engine.namespace" . }} + labels: + {{- include "context-engine.labels" . | nindent 4 }} +spec: + hard: + {{- if .Values.resourceQuota.requests.cpu }} + requests.cpu: {{ .Values.resourceQuota.requests.cpu | quote }} + {{- end }} + {{- if .Values.resourceQuota.requests.memory }} + requests.memory: {{ .Values.resourceQuota.requests.memory | quote }} + {{- end }} + {{- if .Values.resourceQuota.limits.cpu }} + limits.cpu: {{ .Values.resourceQuota.limits.cpu | quote }} + {{- end }} + {{- if .Values.resourceQuota.limits.memory }} + limits.memory: {{ .Values.resourceQuota.limits.memory | quote }} + {{- end }} + {{- if .Values.resourceQuota.pods }} + pods: {{ .Values.resourceQuota.pods | quote }} + {{- end }} + {{- if .Values.resourceQuota.persistentvolumeclaims }} + persistentvolumeclaims: {{ .Values.resourceQuota.persistentvolumeclaims | quote }} + {{- end }} + {{- if .Values.resourceQuota.storage }} + requests.storage: {{ .Values.resourceQuota.storage | quote }} + {{- end }} +{{- end }} diff --git a/deploy/helm/context-engine/templates/secret.yaml b/deploy/helm/context-engine/templates/secret.yaml new file mode 100644 index 00000000..a23774d9 --- /dev/null +++ b/deploy/helm/context-engine/templates/secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.secrets.create }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.secrets.name }} + namespace: {{ include "context-engine.namespace" . }} + labels: + {{- include "context-engine.labels" . | nindent 4 }} +type: Opaque +data: + {{- range $key, $value := .Values.secrets.data }} + {{ $key }}: {{ $value | b64enc | quote }} + {{- end }} +{{- end }} + diff --git a/deploy/helm/context-engine/values.yaml b/deploy/helm/context-engine/values.yaml index bdfc11be..4a150cfd 100644 --- a/deploy/helm/context-engine/values.yaml +++ b/deploy/helm/context-engine/values.yaml @@ -474,6 +474,8 @@ config: indexerPort: "8001" httpPort: "8002" indexerHttpPort: "8003" + httpHealthPort: "18002" + indexerHttpHealthPort: "18003" httpTransport: http # -- Indexing settings