feat: include values for bootstrap chart

README.md

@@ -128,6 +128,7 @@ module "main" {
 | <a name="output_eks_load_balancer_security_group"></a> [eks\_load\_balancer\_security\_group](#output\_eks\_load\_balancer\_security\_group) | The security group linked with the EKS load balancer. |
 | <a name="output_eks_service_accounts"></a> [eks\_service\_accounts](#output\_eks\_service\_accounts) | The service accounts that will able to assume the EKS IAM Role. |
 | <a name="output_helm_values"></a> [helm\_values](#output\_helm\_values) | The `values.yaml` file for installing Nebuly with Helm.<br><br>  The default standard configuration is used, which uses Nginx as ingress controller and exposes the application to the Internet. This configuration can be customized according to specific needs. |
+| <a name="output_helm_values_bootstrap"></a> [helm\_values\_bootstrap](#output\_helm\_values\_bootstrap) | The `bootrap.values.yaml` file for installing the Nebuly AWS Boostrap chart with Helm. |
 | <a name="output_openai_api_key_secret_name"></a> [openai\_api\_key\_secret\_name](#output\_openai\_api\_key\_secret\_name) | The name of the secret storing the OpenAI API Key. |
 | <a name="output_s3_bucket_ai_models"></a> [s3\_bucket\_ai\_models](#output\_s3\_bucket\_ai\_models) | The details of the bucket used as model registry for storing the AI Models |
 | <a name="output_secret_provider_class"></a> [secret\_provider\_class](#output\_secret\_provider\_class) | The `secret-provider-class.yaml` file to make Kubernetes reference the secrets stored in the Key Vault. |

main.tf

@@ -481,8 +481,8 @@ resource "aws_secretsmanager_secret_version" "nebuly_credentials" {
   secret_id = aws_secretsmanager_secret.nebuly_credentials.id
   secret_string = jsonencode(
     {
-      "client-id" : var.nebuly_credentials.client_id
-      "client-secret" : var.nebuly_credentials.client_secret
+      "client_id" : var.nebuly_credentials.client_id
+      "client_secret" : var.nebuly_credentials.client_secret
     }
   )
 }
@@ -518,6 +518,14 @@ locals {
   k8s_secret_key_nebuly_client_id      = "nebuly-azure-client-id"
   k8s_secret_key_nebuly_client_secret  = "nebuly-azure-client-secret"
 
+  bootstrap_helm_values = templatefile(
+    "${path.module}/templates/helm-values-bootstrap.tpl.yaml",
+    {
+
+      eks_cluster_name = local.eks_cluster_name
+      eks_iam_role_arn = module.eks_iam_role.iam_role_arn
+    }
+  )
   helm_values = templatefile(
     "${path.module}/templates/helm-values.tpl.yaml",
     {
@@ -546,6 +554,7 @@ locals {
       analytics_postgres_db_name    = "analytics"
       auth_postgres_server_url      = module.rds_postgres_auth.db_instance_address
       auth_postgres_db_name         = "auth"
+      eks_iam_role_arn              = module.eks_iam_role.iam_role_arn
     },
   )
   secret_provider_class = templatefile(

output.tf

@@ -110,6 +110,13 @@ output "auth_jwt_key_secret_name" {
 
 
 # ------ Deploy ------ #
+output "helm_values_bootstrap" {
+  value       = local.bootstrap_helm_values
+  sensitive   = true
+  description = <<EOT
+  The `bootrap.values.yaml` file for installing the Nebuly AWS Boostrap chart with Helm.
+  EOT
+}
 output "helm_values" {
   value       = local.helm_values
   sensitive   = true

templates/helm-values-bootstrap.tpl.yaml

@@ -0,0 +1,8 @@
+cluster-autoscaler:
+  enabled: true
+  autoDiscovery:
+    clusterName: ${eks_cluster_name}
+  rbac:
+    serviceAccount:
+      annotations:
+        eks.amazonaws.com/role-arn: ${eks_iam_role_arn}

templates/helm-values.tpl.yaml

@@ -4,6 +4,12 @@ strimzi:
 imagePullSecrets:
   - name: ${image_pull_secret_name}
 
+serviceAccount:
+  name: nebuly
+  create: true
+  annotations:
+    eks.amazonaws.com/role-arn: ${eks_iam_role_arn}
+
 backend:
   image:
     repository: "ghcr.io/nebuly-ai/nebuly-backend"
@@ -85,19 +91,15 @@ lionLinguist:
   image:
     repository: "ghcr.io/nebuly-ai/nebuly-lion-linguist"
 
-  # TODO: will be updated when we implement CPU + Batch Job mode
   modelsCache:
     enabled: true
-    storageClassName: managed-csi-zrs
+    storageClassName: gp2-csi
     accessModes:
       - ReadWriteOnce
 
   resources:
-    requests:
-      cpu: "1"
     limits:
-      memory: 8Gi
-      nvidia.com/gpu: 1
+      memory: 4Gi
 
   volumeMounts:
     - name: secrets-store
@@ -127,6 +129,29 @@ ingestionWorker:
         volumeAttributes:
           secretProviderClass: ${secret_provider_class_name}
 
+  topicsClustering:
+    affinity: 
+      nodeAffinity:
+        requiredDuringSchedulingIgnoredDuringExecution:
+          nodeSelectorTerms:
+            - matchExpressions:
+                - key: nebuly.com/accelerator
+                  operator: In
+                  values:
+                    - nvidia-tesla-t4
+
+  suggestionsGeneration:
+    affinity: 
+      nodeAffinity:
+        requiredDuringSchedulingIgnoredDuringExecution:
+          nodeSelectorTerms:
+            - matchExpressions:
+                - key: nebuly.com/accelerator
+                  operator: In
+                  values:
+                    - nvidia-tesla-t4
+
+
 actionsProcessing:
   schedule: "0 23 * * *" # Every day at 11:00 PM, cluster's timezone
   affinity:
@@ -148,13 +173,13 @@ kafka:
   zookeeper:
     replicas: 1
     storage:
-      class: managed-csi-zrs
+      class: gp2-csi
   replicas: 1
   config:
     offsets.topic.replication.factor: 1
     replica.selector.class: org.apache.kafka.common.replica.RackAwareReplicaSelector
   storage:
-    class: managed-csi-zrs
+    class: gp2-csi
     size: 32Gi
   resources:
     limits:

templates/secret-provider-class.tpl.yaml

@@ -14,7 +14,7 @@ spec:
         - key: ${k8s_secret_key_analytics_db_password}
           objectName: analytics-db-password
         - key: ${k8s_secret_key_analytics_db_username}
-          objectName: analytics-db-password
+          objectName: analytics-db-username
         - key: ${k8s_secret_key_openai_api_key}
           objectName: openai-api-key
         - key: ${k8s_secret_key_jwt_signing_key}
@@ -44,9 +44,9 @@ spec:
       - objectName: ${secret_name_nebuly_credentials}
         objectType: "secretsmanager"
         jmesPath:
-          - path: "client-id"
+          - path: "client_id"
             objectAlias: "nebuly-client-id"
-          - path: "client-secret"
+          - path: "client_secret"
             objectAlias: "nebuly-client-secret"
       - objectName: ${secret_name_openai_api_key}
         objectType: "secretsmanager"

tests/dev-provisioning/main.tf

@@ -121,7 +121,7 @@ module "main" {
   openai_api_key              = "test"
 
   nebuly_credentials          = var.nebuly_credentials
-  platform_domain             = "platform.azure.testing.nebuly.com"
+  platform_domain             = "platform.aws.testing.nebuly.com"
 }
 
 
@@ -134,24 +134,15 @@ output "eks_cluster_get_credentials" {
   description = "Command for getting the credentials for accessing the Kubernetes Cluster."
   value       = module.main.eks_cluster_get_credentials
 }
-output "eks_cluster_security_group_id" {
-  description = "Security group ids attached to the cluster control plane."
-  value       = module.main.eks_cluster_security_group_id
+output "helm_values" {
+  value = module.main.helm_values
+  sensitive = true
 }
-output "secret_names" {
-  value = {
-    "auth_jwt_key" : module.main.auth_jwt_key_secret_name
-    "openai_api_key" : module.main.openai_api_key_secret_name
-    "auth_db" : module.main.auth_db.password_secret_name
-    "analytics_db" : module.main.analytics_db.password_secret_name
-  }
-}
-output "s3_bucket_ai_models" {
-  value = module.main.s3_bucket_ai_models
-}
-output "auth_db" {
-  value = module.main.auth_db
+output "helm_values_bootstrap" {
+  value = module.main.helm_values_bootstrap
+  sensitive = true
 }
-output "analytics_db" {
-  value = module.main.analytics_db
+output "secret_provider_class" {
+  value = module.main.secret_provider_class
+  sensitive = true
 }