feat: release module

chore: scaffold project

feat: scaffold postgres server

smoke tests

finalize postgres server setup

update doc

feat: key vault

scaffold AKS

chore: CI workflow

chore: CI workflow

fixes

update CI

fix

add worker pools

pr workflow

add linting

fix

fix linting target

update doc

fix: linting

feat: generate helm values

feat: storage account, refactor networking

chore: add doc check to CI

chore: update doc

update triggers

update

fix: doc check

chore: fix triggers

add identity

feat: azure openai

chore: update doc

simplify, fill helm values template

update templates

refactor openai deployments

feat: jwt signing key

feat: secret provider class

feat: optional networks, if not provided create new ones

fix: terraform fmt

chore: add tags to test resources

chore: improve validation

fix: typo

don't run tests in verbose mode

remove deprectaed attributes

add todo example

several fixes

fix postgres networking -> never expose to the internet

minor fixes

use service endpoints instead of private links for storage

simplify networking

update doc

update defaults

fix rbac

fix: rbac and outputs

fix: kafka storage class name

update doc

update doc

fix: typo

fix: invalid count argument

update doc

update doc

cleanup

update doc

link model registry

update doc

update tests

fix secret provider class generation

update doc

update doc

include cert-manager annotations and ssl config in values

update default k8s version

don't run lion linguist on GPU

.github/workflows/ci.yaml

@@ -0,0 +1,53 @@
+name: CI Pipeline
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - "main"
+    paths-ignore:
+      - ".github/**"
+      - "*.md"
+      - "docs/**"
+      - "!README.md"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  CI:
+    env:
+      ARM_TENANT_ID: ${{secrets.TENANT_ID }}
+      ARM_SUBSCRIPTION_ID: ${{secrets.SUBSCRIPTION_ID }}
+      ARM_CLIENT_ID: ${{secrets.CLIENT_ID }}
+      ARM_CLIENT_SECRET: ${{secrets.CLIENT_SECRET }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.9.3"
+
+      - name: Check is doc is update to date
+        run: |
+          make doc
+          if ! git diff --exit-code; then
+              echo "Documentation not up to date. Please run \"make doc\" and commit changes!" >&2
+              exit 1
+          fi
+
+      - uses: terraform-linters/setup-tflint@v4
+        name: Setup TFLint
+
+      - name: Init TFLint
+        run: tflint --init
+        env:
+          # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
+          GITHUB_TOKEN: ${{ github.token }}
+
+      - run: terraform init
+
+      - run: make check

.github/workflows/pull-requests.yaml

@@ -0,0 +1,49 @@
+name: Pull Request Pipeline
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - "main"
+    paths-ignore:
+      - ".github/**"
+      - "*.md"
+      - "docs/**"
+      - "!README.md"
+
+jobs:
+  CI:
+    env:
+      ARM_TENANT_ID: ${{secrets.TENANT_ID }}
+      ARM_SUBSCRIPTION_ID: ${{secrets.SUBSCRIPTION_ID }}
+      ARM_CLIENT_ID: ${{secrets.CLIENT_ID }}
+      ARM_CLIENT_SECRET: ${{secrets.CLIENT_SECRET }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.9.3"
+
+      - name: Check is doc is update to date
+        run: |
+          make doc
+          if ! git diff --exit-code; then
+              echo "Documentation not up to date. Please run \"make doc\" and commit changes!" >&2
+              exit 1
+          fi
+
+      - uses: terraform-linters/setup-tflint@v4
+        name: Setup TFLint
+
+      - name: Init TFLint
+        run: tflint --init
+        env:
+          # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
+          GITHUB_TOKEN: ${{ github.token }}
+
+      - run: terraform init
+
+      - run: make check-no-tests

.gitignore

@@ -0,0 +1,6 @@
+**/.terraform/
+*.secrets.auto.tfvars
+secrets.auto.tfvars
+.idea/
+backend.tfvars
+.terraform.lock.hcl

.terraform-docs.yml

@@ -0,0 +1,166 @@
+formatter: "markdown" # this is required
+
+version: ""
+
+header-from: main.tf
+footer-from: ""
+
+recursive:
+  enabled: false
+  path: modules
+
+sections:
+  hide: []
+  show: []
+
+content: |-
+  # Nebuly Platform (Azure)
+
+  Terraform module for provisioning Nebuly Platform resources on Microsoft Azure.
+
+  Available on [Terraform Registry](https://registry.terraform.io/modules/nebuly-ai/nebuly-platform/azurerm/latest).
+
+  ## Quickstart
+
+  > ⚠️  **Prerequisite**:
+  > before using this Terraform module, ensure that you have your Nebuly credentials ready. 
+  > These credentials are necessary to activate your installation and should be provided as input via the `nebuly_credentials` input.
+
+  To get started with Nebuly installation on Microsoft Azure, you can follow the steps below. 
+
+  These instructions will guide you through the installation using Nebuly's default standard configuration with the Nebuly Helm Chart.
+
+  For specific configurations or assistance, reach out to the Nebuly Slack channel or email [[email protected]](mailto:[email protected]).
+
+  ### 1. Terraform setup
+
+  Import Nebuly into your Terraform root module, provide the necessary variables, and apply the changes.
+
+  For configuration examples, you can refer to the [Examples](#examples). 
+
+  Once the Terraform changes are applied, proceed with the next steps to deploy Nebuly on the provisioned Azure Kubernetes Service (AKS) cluster.
+
+  ### 2. Connect to the Azure Kubernetes Service cluster
+
+  Prerequisites: install the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli).
+
+  * Fetch the command for retrieving the credentials from the module outputs:
+
+  ```shell
+  terraform output aks_get_credentials
+  ```
+
+  * Run the command you got from the previous step
+
+  ### 3. Create image pull secret
+
+  The auto-generated Helm values use the name defined in the k8s_image_pull_secret_name input variable for the Image Pull Secret. If you prefer a custom name, update either the Terraform variable or your Helm values accordingly.
+  Create a Kubernetes [Image Pull Secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) for 
+  authenticating with your Docker registry and pulling the Nebuly Docker images.
+
+
+  ### 4. Create Secret Provider Class
+  Create a Secret Provider Class to allow AKS to fetch credentials from the provisioned Key Vault.
+
+  * Get the Secret Provider Class YAML definition from the Terraform module outputs:
+    ```shell
+    terraform output secret_provider_class
+    ```
+
+  * Copy the output of the command into a file named secret-provider-class.yaml.
+
+  * Run the following commands to install Nebuly in the Kubernetes namespace nebuly:
+
+    ```shell
+    kubectl create ns nebuly
+    kubectl apply --server-side -f secret-provider-class.yaml
+    ```
+
+  ### 5. Bootstrap AKS cluster
+
+  Install the bootstrap Helm chart to set up all the dependencies required for installing the Nebuly Platform Helm chart on AKS.
+
+  Refer to the [chart documentation](https://github.com/nebuly-ai/helm-charts/tree/main/bootstrap-azure) for all the configuration details.
+
+  ```shell
+  helm install oci://ghcr.io/nebuly-ai/helm-charts/bootstrap-azure \
+    --namespace nebuly-bootstrap \
+    --generate-name \
+    --create-namespace
+  ```
+
+  ### 6. Install nebuly-platform chart
+
+  Retrieve the auto-generated values from the Terraform outputs and save them to a file named `values.yaml`:
+
+  ```shell
+  terraform output helm_values
+  ```
+
+  Install the Nebuly Platform Helm chart. 
+  Refer to the [chart documentation](https://github.com/nebuly-ai/helm-charts/tree/main/nebuly-platform) for detailed configuration options.
+
+  ```shell
+  helm install oci://ghcr.io/nebuly-ai/helm-charts/nebuly-platform \
+    --namespace nebuly \
+    -f values.yaml \
+    --timeout 10m \
+    <your-release-name> 
+  ```
+
+  > ℹ️  During the initial installation of the chart, all required Nebuly LLMs are uploaded to your model registry. 
+  > This process can take approximately 5 minutes. If the helm install command appears to be stuck, don't worry: it's simply waiting for the upload to finish.
+
+
+  ## Examples
+
+  You can find examples of code that uses this Terraform module in the [examples](./examples) directory.
+
+
+  {{ .Header }}
+
+
+  {{ .Providers }}
+
+
+  {{ .Outputs }}
+
+
+  {{ .Inputs }}
+
+  ## Resources
+
+  {{ range .Module.Resources }}
+  - {{ .GetMode }}.{{ .Spec }} ({{ .Position.Filename }}#{{ .Position.Line }})
+  {{- end }}
+
+output:
+  file: ""
+  mode: inject
+  template: |-
+    <!-- BEGIN_TF_DOCS -->
+    {{ .Content }}
+    <!-- END_TF_DOCS -->
+
+output-values:
+  enabled: false
+  from: ""
+
+sort:
+  enabled: true
+  by: name
+
+settings:
+  anchor: true
+  color: true
+  default: true
+  description: false
+  escape: true
+  hide-empty: false
+  html: true
+  indent: 2
+  lockfile: false
+  read-comments: true
+  required: true
+  sensitive: true
+  type: true

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2024 NebulyAI Inc. 
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

Makefile

@@ -0,0 +1,48 @@
+OK?=\033[0;32m[Ok]\033[0m
+
+##@ General
+.PHONY: help
+help: ## Display this help.
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+
+##@ Dev
+.PHONY: doc
+doc: ## Generate the doc
+	docker run --rm --volume "$$(pwd):/terraform-docs" -u $$(id -u) quay.io/terraform-docs/terraform-docs:0.18.0 markdown /terraform-docs > README.md
+
+
+.PHONY: lint 
+lint: ## Lint the codebase
+	@echo "\033[0;33m[Linting...]\033[0m"
+	@if command -v tflint > /dev/null; then \
+		tflint; \
+	else \
+		docker run --rm -v $$(pwd):/data -t ghcr.io/terraform-linters/tflint; \
+	fi
+	@echo "${OK}"
+
+.PHONY: validate 
+validate: 
+	@echo "\033[0;33m[Terraform validate...]\033[0m"
+	@terraform validate 
+	@echo "${OK}"
+
+.PHONY: test 
+test: ## Run the tests
+	@echo "\033[0;33m[Running tests...]\033[0m"
+	@terraform test 
+	@echo "${OK}"
+
+.PHONY: formatting
+formatting:
+	@echo "\033[0;33m[Terraform fmt...]\033[0m"
+	@terraform fmt -check 
+	@echo "${OK}"
+
+
+.PHONY: check-no-tests
+check-no-tests: formatting validate lint
+
+.PHONY: check
+check: check-no-tests test