diff --git a/Makefile b/Makefile index 327e375..0c2deaf 100644 --- a/Makefile +++ b/Makefile @@ -5,6 +5,7 @@ build-images \ build-inspector build-assisted-mcp build-lightspeed-stack build-lightspeed-plus-llama-stack build-ui \ generate run resume stop rm logs query query-int query-stage query-interactive mcphost test-eval psql sqlite help + deploy-template ci-test deploy-template-local all: help ## Show help information @@ -32,10 +33,28 @@ build-ui: ## Build UI image @echo "Building UI image..." ./scripts/build-images.sh ui -.PHONY: -deploy-template: +deploy-template: ## Used by the CI. Deploys the template on the temporary CI cluster scripts/deploy_template.sh +ci-test: ## Used by the CI to test the assisted-chat services + ./scripts/ci_test.sh + +deploy-template-local: ## Used to test the CI flow locally. Deploys the template on whatever cluster `oc` is currently logged in to + @echo "Setting up local secrets directory..." + @mkdir -p /tmp/secrets/vertex + @if [ -z "$(VERTEX_SERVICE_ACCOUNT_PATH)" ]; then \ + echo "Error: VERTEX_SERVICE_ACCOUNT_PATH environment variable must be set"; \ + exit 1; \ + fi + @if [ -z "$(ASSISTED_CHAT_IMG)" ]; then \ + echo "Error: ASSISTED_CHAT_IMG environment variable must be set"; \ + exit 1; \ + fi + @cp "$(VERTEX_SERVICE_ACCOUNT_PATH)" /tmp/secrets/vertex/service_account + @echo "Deploying template locally..." + oc create namespace assisted-chat || true + NAMESPACE=assisted-chat SECRETS_BASE_PATH=/tmp/secrets ASSISTED_CHAT_IMG="$(ASSISTED_CHAT_IMG)" scripts/deploy_template.sh + generate: ## Generate configuration files @echo "Generating configuration files..." ./scripts/generate.sh diff --git a/scripts/ci_test.sh b/scripts/ci_test.sh new file mode 100755 index 0000000..15bfac5 --- /dev/null +++ b/scripts/ci_test.sh @@ -0,0 +1,55 @@ +#!/bin/bash + +set -o nounset +set -o errexit +set -o pipefail + +SECRETS_BASE_PATH="${SECRETS_BASE_PATH:-/var/run/secrets}" + +oc create secret generic -n "$NAMESPACE" assisted-chat-ssl-ci --from-file=client_id=/var/run/secrets/sso-ci/client_id \ + --from-file=client_secret=/var/run/secrets/sso-ci/client_secret + +oc process -p IMAGE_NAME="$ASSISTED_CHAT_TEST" -p SSL_CLIENT_SECRET_NAME=assisted-chat-ssl-ci -f test/prow/template.yaml --local | oc apply -n "$NAMESPACE" -f - + +sleep 5 +oc get pods -n "$NAMESPACE" +POD_NAME=$(oc get pods | tr -s ' ' | cut -d ' ' -f1 | grep assisted-chat-eval-tes) + +TIMEOUT=600 +ELAPSED=0 + +while [ $ELAPSED -lt $TIMEOUT ]; do + # Check if the pod's status is "Running" + CURRENT_STATUS=$(oc get pod "$POD_NAME" -n "$NAMESPACE" -o=jsonpath='{.status.phase}') + CURRENT_RESTARTS=$(oc get pod "$POD_NAME" -n "$NAMESPACE" -o=jsonpath='{.status.containerStatuses[0].restartCount}') + if [[ $CURRENT_RESTARTS -gt 0 ]]; then + echo "Pod ${POD_NAME} was restarted, so the tests should run at least once, exiting" + oc logs -n "$NAMESPACE" "$POD_NAME" + exit "$(oc get pod "$POD_NAME" -n "$NAMESPACE" -o=jsonpath='{.status.containerStatuses[0].lastState.terminated.exitCode}')" + fi + if [[ "$CURRENT_STATUS" == "Succeeded" ]]; then + echo "Pod ${POD_NAME} is successfully completed, exiting" + oc logs -n "$NAMESPACE" "$POD_NAME" + exit 0 + fi + if [[ "$CURRENT_STATUS" == "Completed" ]]; then + echo "Pod ${POD_NAME} is successfully completed, exiting" + oc logs -n "$NAMESPACE" "$POD_NAME" + exit 0 + fi + + if [[ "$CURRENT_STATUS" == "Failed" ]]; then + echo "Pod ${POD_NAME} is Failed, exiting" + oc logs -n "$NAMESPACE" "$POD_NAME" + exit "$(oc get pod "$POD_NAME" -n "$NAMESPACE" -o=jsonpath='{.status.containerStatuses[0].lastState.terminated.exitCode}')" + fi + + echo "Waiting for pod $POD_NAME to be ready..." + sleep 1 + ELAPSED=$((ELAPSED + 1)) +done + +oc logs -n "$NAMESPACE" "$POD_NAME" + +echo "Timeout reached. Pod $POD_NAME did not become ready in time." +exit 1 diff --git a/scripts/deploy_template.sh b/scripts/deploy_template.sh index 2880a59..ad853f6 100755 --- a/scripts/deploy_template.sh +++ b/scripts/deploy_template.sh @@ -4,32 +4,80 @@ set -o nounset set -o errexit set -o pipefail +SECRETS_BASE_PATH="${SECRETS_BASE_PATH:-/var/run/secrets}" + #All the secret are expected to be mounted under /var/run/secrets by the ci-operator #$ASSISTED_CHAT_IMG is not in repo/image:tag format but rather in repo/@sha256: #The template needs the tag, and it references the image by : so splitting the variable by ":" works for now -echo $ASSISTED_CHAT_IMG -IMAGE=$(echo $ASSISTED_CHAT_IMG | cut -d ":" -f1) -TAG=$(echo $ASSISTED_CHAT_IMG | cut -d ":" -f2) +echo "$ASSISTED_CHAT_IMG" +IMAGE=$(echo "$ASSISTED_CHAT_IMG" | cut -d ":" -f1) +TAG=$(echo "$ASSISTED_CHAT_IMG" | cut -d ":" -f2) + +# What secrets have we got? +ls -laR "$SECRETS_BASE_PATH" + +if ! oc get secret -n "$NAMESPACE" vertex-service-account &>/dev/null; then + echo "Creating vertex-service-account secret in namespace $NAMESPACE" + oc create secret generic -n "$NAMESPACE" vertex-service-account --from-file=service_account="$SECRETS_BASE_PATH/vertex/service_account" +fi + +if ! oc get secret -n "$NAMESPACE" insights-ingress &>/dev/null; then + echo "Creating insights-ingress secret in namespace $NAMESPACE" + oc create secret generic -n "$NAMESPACE" insights-ingress --from-literal=auth_token="dummy-token" +fi + +if ! oc get secret -n "$NAMESPACE" llama-stack-db &>/dev/null; then + echo "Creating llama-stack-db secret with local postgres credentials in namespace $NAMESPACE" + oc create secret generic -n "$NAMESPACE" llama-stack-db \ + --from-literal=db.host=postgres-service \ + --from-literal=db.port=5432 \ + --from-literal=db.name=assistedchat \ + --from-literal=db.user=assistedchat \ + --from-literal=db.password=assistedchat123 \ + --from-literal=db.ca_cert="" +fi + +if ! oc get secret -n "$NAMESPACE" postgres-secret &>/dev/null; then + echo "Creating postgres-secret in namespace $NAMESPACE" + + oc create secret generic -n "$NAMESPACE" postgres-secret \ + --from-literal=POSTGRESQL_DATABASE=assistedchat \ + --from-literal=POSTGRESQL_USER=assistedchat \ + --from-literal=POSTGRESQL_PASSWORD=assistedchat123 +fi -oc create secret generic -n $NAMESPACE gemini-api-key --from-file=api_key=/var/run/secrets/gemini/api_key -oc create secret generic -n $NAMESPACE llama-stack-db --from-file=db.ca_cert=/var/run/secrets/llama-stack-db/db.ca_cert \ - --from-file=db.host=/var/run/secrets/llama-stack-db/db.host \ - --from-file=db.name=/var/run/secrets/llama-stack-db/db.name \ - --from-file=db.password=/var/run/secrets/llama-stack-db/db.password \ - --from-file=db.port=/var/run/secrets/llama-stack-db/db.port \ - --from-file=db.user=/var/run/secrets/llama-stack-db/db.user +if ! oc get deployment -n "$NAMESPACE" postgres &>/dev/null; then + echo "Creating postgres deployment in namespace $NAMESPACE" + oc create deployment -n "$NAMESPACE" postgres --image=quay.io/sclorg/postgresql-16-c9s:c9s + oc set env -n "$NAMESPACE" deployment/postgres --from=secret/postgres-secret +fi -patch template.yaml -i test/prow/template_patch.diff -echo "GEMINI_API_KEY=$(cat /var/run/secrets/gemini/api_key)" > .env -make generate -sed -i 's/user_id_claim: sub/user_id_claim: client_id/g' config/lightspeed-stack.yaml -sed -i 's/username_claim: preferred_username/username_claim: clientHost/g' config/lightspeed-stack.yaml +if ! oc get service -n "$NAMESPACE" postgres-service &>/dev/null; then + echo "Creating postgres service in namespace $NAMESPACE" + oc expose -n "$NAMESPACE" deployment/postgres --name=postgres-service --port=5432 +fi -oc process -p IMAGE=$IMAGE -p IMAGE_TAG=$TAG -p GEMINI_API_SECRET_NAME=gemini-api-key -p ASSISTED_CHAT_DB_SECRET_NAME=llama-stack-db -f template.yaml --local | oc apply -n $NAMESPACE -f - +if ! oc get routes -n "$NAMESPACE" &>/dev/null; then + # Don't apply routes on clusters that don't have routes (e.g. minikube) + FILTER='select(.kind != "Route")' +else + FILTER='.' +fi +oc process \ + -p IMAGE="$IMAGE" \ + -p IMAGE_TAG="$TAG" \ + -p VERTEX_API_SECRET_NAME=vertex-service-account \ + -p ASSISTED_CHAT_DB_SECRET_NAME=llama-stack-db \ + -p USER_ID_CLAIM=client_id \ + -p USERNAME_CLAIM=clientHost \ + -p LIGHTSSPEED_STACK_POSTGRES_SSL_MODE=disable \ + -p LLAMA_STACK_POSTGRES_SSL_MODE=disable \ + -f template.yaml --local | + jq '. as $root | $root.items = [$root.items[] | '"$FILTER"']' | + oc apply -n "$NAMESPACE" -f - sleep 5 -POD_NAME=$(oc get pods -n $NAMESPACE | tr -s ' ' | cut -d ' ' -f1| grep assisted-chat) -oc wait --for=condition=Ready pod/$POD_NAME --timeout=300s +oc wait --for=condition=Available deployment/assisted-chat -n "$NAMESPACE" --timeout=300s diff --git a/scripts/generate.sh b/scripts/generate.sh index d95cfc1..5c8da82 100755 --- a/scripts/generate.sh +++ b/scripts/generate.sh @@ -19,6 +19,16 @@ if [[ ! -f "$PROJECT_ROOT/.env" ]]; then read -sr GEMINI_API_KEY echo "GEMINI_API_KEY=$GEMINI_API_KEY" >"$PROJECT_ROOT/.env" chmod 600 "$PROJECT_ROOT/.env" + + echo 'Gemini key successfully configured.' + + # Create a dummy Vertex AI service account credentials file + if [[ ! -f "$PROJECT_ROOT/config/vertex-credentials.json" ]]; then + echo 'Also creating a dummy Vertex AI service account credentials file at config/vertex-credentials.json. If you want to use to be able to use both, modify config/vertex-credentials.json manually.' + echo '{}' >"$PROJECT_ROOT/config/vertex-credentials.json" + chmod 600 "$PROJECT_ROOT/config/vertex-credentials.json" + fi + elif [[ "$auth_type" == "v" || "$auth_type" == "V" ]]; then echo 'Please enter the path to your Vertex AI service account credentials file:' read -r VERTEX_AI_SERVICE_ACCOUNT_CREDENTIALS_PATH @@ -27,6 +37,15 @@ if [[ ! -f "$PROJECT_ROOT/.env" ]]; then exit 1 fi + if [[ -f "$PROJECT_ROOT/config/vertex-credentials.json" ]]; then + echo "File $PROJECT_ROOT/config/vertex-credentials.json already exists. Do you want to overwrite it? (y/n)" + read -r overwrite + if [[ "$overwrite" != "y" && "$overwrite" != "Y" ]]; then + echo "Exiting without copying." + exit 1 + fi + fi + echo "$VERTEX_AI_SERVICE_ACCOUNT_CREDENTIALS_PATH will be copied to $PROJECT_ROOT/config/vertex-credentials.json, do you want to continue? (y/n)" read -r should_copy if [[ "$should_copy" != "y" && "$should_copy" != "Y" ]]; then @@ -43,6 +62,8 @@ if [[ ! -f "$PROJECT_ROOT/.env" ]]; then echo GEMINI_API_KEY="dummy" >"$PROJECT_ROOT/.env" chmod 600 "$PROJECT_ROOT/.env" + echo "Vertex credentials successfully configured." + echo "Your Gemini API key will be set to a dummy value, as it is not needed for Vertex AI service account authentication, if you want to be able to use both, modify .env manually." else echo "Invalid choice. Exiting." diff --git a/template-params.dev.env b/template-params.dev.env index 5b033a2..d18ce19 100644 --- a/template-params.dev.env +++ b/template-params.dev.env @@ -4,3 +4,4 @@ LLAMA_CLIENT_CONFIG_PATH=llama_stack_client_config.yaml LIGHTSPEED_TRANSCRIPTS_ENABLED=false LIGHTSPEED_FEEDBACK_ENABLED=false DISABLE_QUERY_SYSTEM_PROMPT=false +ASSISTED_CHAT_DEFAULT_MODEL=gemini/gemini-2.0-flash diff --git a/template.yaml b/template.yaml index d464598..2b4156c 100644 --- a/template.yaml +++ b/template.yaml @@ -44,10 +44,9 @@ parameters: - name: CPU_REQUEST value: "500m" description: "Initial CPU request for the container (in millicores)" -- name: GEMINI_API_SECRET_NAME - value: "assisted-chat-gemini-secret" - description: "Name of the Kubernetes secret containing the Gemini API key" - +- name: VERTEX_API_SECRET_NAME + value: "assisted-chat-vertex-secret" + description: "Name of the Kubernetes secret containing the Vertex service account credentials" - name: LIGHTSPEED_NAME value: "assisted-chat" description: "Name identifier for the lightspeed service instance" @@ -90,21 +89,6 @@ parameters: - name: LLAMA_STACK_TELEMETRY_SINKS value: "console,sqlite" description: "Comma-separated list of telemetry output destinations (console, sqlite)" -- name: LLAMA_STACK_INFERENCE_PROVIDER - value: "gemini" - description: "Provider identifier for the inference service" -- name: LLAMA_STACK_INFERENCE_PROVIDER_TYPE - value: "remote::gemini" - description: "Type specification for the inference provider (remote::gemini for Google Gemini)" -- name: LLAMA_STACK_2_5_PRO_MODEL - value: "gemini/gemini-2.5-pro" - description: "Default model to use for inference requests" -- name: LLAMA_STACK_2_5_FLASH_MODEL - value: "gemini/gemini-2.5-flash" - description: "Fast model to use for quick inference requests" -- name: LLAMA_STACK_2_0_FLASH_MODEL - value: "gemini/gemini-2.0-flash" - description: "Fast model to use for quick inference requests" - name: LLAMA_STACK_SERVER_PORT value: "8321" description: "Port number for the embedded Llama Stack server" @@ -123,6 +107,20 @@ parameters: - name: DISABLE_QUERY_SYSTEM_PROMPT value: "true" description: "Corresponds to the lightspeed config customization.disable_query_system_prompt" +- name: ASSISTED_CHAT_DEFAULT_MODEL + value: gemini-2.0-flash +- name: USER_ID_CLAIM + value: "sub" + description: "The claim to use as the user ID in the authentication module" +- name: USERNAME_CLAIM + value: "preferred_username" + description: "The claim to use as the username in the authentication module" +- name: LIGHTSSPEED_STACK_POSTGRES_SSL_MODE + value: "verify-full" + description: "SSL mode for the PostgreSQL database connection used by lightspeed-stack" +- name: LLAMA_STACK_POSTGRES_SSL_MODE + value: "verify-full" + description: "SSL mode for the PostgreSQL database connection used by llama-stack" objects: - apiVersion: v1 @@ -152,8 +150,8 @@ objects: jwk_config: url: ${SSO_BASE_URL}/protocol/openid-connect/certs jwt_configuration: - user_id_claim: sub - username_claim: preferred_username + user_id_claim: ${USER_ID_CLAIM} + username_claim: ${USERNAME_CLAIM} mcp_servers: - name: mcp::assisted url: "${MCP_SERVER_URL}" @@ -169,8 +167,8 @@ objects: system_prompt_path: "${SYSTEM_PROMPT_PATH}" disable_query_system_prompt: ${DISABLE_QUERY_SYSTEM_PROMPT} inference: - default_model: ${LLAMA_STACK_2_0_FLASH_MODEL} - default_provider: ${LLAMA_STACK_INFERENCE_PROVIDER} + default_model: ${ASSISTED_CHAT_DEFAULT_MODEL} + default_provider: gemini database: postgres: host: ${env.ASSISTED_CHAT_POSTGRES_HOST} @@ -178,7 +176,7 @@ objects: db: ${env.ASSISTED_CHAT_POSTGRES_NAME} user: ${env.ASSISTED_CHAT_POSTGRES_USER} password: ${env.ASSISTED_CHAT_POSTGRES_PASSWORD} - ssl_mode: "verify-full" + ssl_mode: ${LIGHTSSPEED_STACK_POSTGRES_SSL_MODE} ca_cert_path: /etc/tls/ca-bundle.pem namespace: lightspeed-stack system_prompt: | @@ -296,10 +294,10 @@ objects: - vector_io providers: inference: - - provider_id: ${LLAMA_STACK_INFERENCE_PROVIDER} - provider_type: ${LLAMA_STACK_INFERENCE_PROVIDER_TYPE} + - provider_id: gemini + provider_type: remote::gemini config: - api_key: ${env.GEMINI_API_KEY} + api_key: dummy-to-stop-llama-stack-from-complaining-even-though-we-use-vertex-and-not-gemini-directly vector_io: [] files: [] safety: [] @@ -314,7 +312,7 @@ objects: db: ${env.ASSISTED_CHAT_POSTGRES_NAME} user: ${env.ASSISTED_CHAT_POSTGRES_USER} password: ${env.ASSISTED_CHAT_POSTGRES_PASSWORD} - ssl_mode: "verify-full" + ssl_mode: ${LLAMA_STACK_POSTGRES_SSL_MODE} ca_cert_path: /etc/tls/ca-bundle.pem responses_store: type: postgres @@ -323,7 +321,7 @@ objects: db: ${env.ASSISTED_CHAT_POSTGRES_NAME} user: ${env.ASSISTED_CHAT_POSTGRES_USER} password: ${env.ASSISTED_CHAT_POSTGRES_PASSWORD} - ssl_mode: "verify-full" + ssl_mode: ${LLAMA_STACK_POSTGRES_SSL_MODE} ca_cert_path: /etc/tls/ca-bundle.pem telemetry: - provider_id: meta-reference @@ -358,24 +356,9 @@ objects: db: ${env.ASSISTED_CHAT_POSTGRES_NAME} user: ${env.ASSISTED_CHAT_POSTGRES_USER} password: ${env.ASSISTED_CHAT_POSTGRES_PASSWORD} - ssl_mode: "verify-full" + ssl_mode: ${LLAMA_STACK_POSTGRES_SSL_MODE} ca_cert_path: /etc/tls/ca-bundle.pem - models: - - metadata: {} - model_id: ${LLAMA_STACK_2_0_FLASH_MODEL} - provider_id: ${LLAMA_STACK_INFERENCE_PROVIDER} - provider_model_id: ${LLAMA_STACK_2_0_FLASH_MODEL} - model_type: llm - - metadata: {} - model_id: ${LLAMA_STACK_2_5_PRO_MODEL} - provider_id: ${LLAMA_STACK_INFERENCE_PROVIDER} - provider_model_id: ${LLAMA_STACK_2_5_PRO_MODEL} - model_type: llm - - metadata: {} - model_id: ${LLAMA_STACK_2_5_FLASH_MODEL} - provider_id: ${LLAMA_STACK_INFERENCE_PROVIDER} - provider_model_id: ${LLAMA_STACK_2_5_FLASH_MODEL} - model_type: llm + models: [] shields: [] vector_dbs: [] datasets: [] @@ -426,11 +409,8 @@ objects: containerPort: ${{SERVICE_PORT}} protocol: TCP env: - - name: GEMINI_API_KEY - valueFrom: - secretKeyRef: - name: ${GEMINI_API_SECRET_NAME} - key: api_key + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /app-root/google-vertex-service-account.json - name: LLAMA_STACK_SQLITE_STORE_DIR value: ${STORAGE_MOUNT_PATH}/sqlite - name: LLAMA_STACK_OTEL_SERVICE_NAME @@ -479,6 +459,9 @@ objects: - name: llama-stack-config mountPath: /app-root/llama_stack_client_config.yaml subPath: llama_stack_client_config.yaml + - name: google-vertex-service-account + mountPath: /app-root/google-vertex-service-account.json + subPath: service_account - name: data-storage mountPath: ${STORAGE_MOUNT_PATH} - name: db-ca-cert @@ -499,36 +482,6 @@ objects: periodSeconds: 10 timeoutSeconds: 2 - - name: lightspeed-to-dataverse-exporter - image: quay.io/lightspeed-core/lightspeed-to-dataverse-exporter:${LIGHTSPEED_EXPORTER_IMAGE_TAG} - imagePullPolicy: Always - args: - - "--mode" - - "manual" - - "--config" - - "/etc/config/config.yaml" - - "--log-level" - - "INFO" - env: - - name: INGRESS_SERVER_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: ${INSIGHTS_INGRESS_SECRET_NAME} - key: auth_token - resources: - limits: - memory: "512Mi" - cpu: "200m" - requests: - memory: "256Mi" - cpu: "100m" - volumeMounts: - - name: lightspeed-exporter-config - mountPath: /etc/config/config.yaml - subPath: config.yaml - - name: data-storage - mountPath: ${STORAGE_MOUNT_PATH} - volumes: - name: lightspeed-config configMap: @@ -539,6 +492,9 @@ objects: - name: llama-stack-config configMap: name: llama-stack-client-config + - name: google-vertex-service-account + secret: + secretName: ${VERTEX_API_SECRET_NAME} - name: data-storage emptyDir: {} - name: db-ca-cert diff --git a/test/prow/entrypoint.sh b/test/prow/entrypoint.sh index 0767576..88edba8 100644 --- a/test/prow/entrypoint.sh +++ b/test/prow/entrypoint.sh @@ -11,8 +11,8 @@ OCM_TOKEN=$(curl -X POST https://sso.redhat.com/auth/realms/redhat-external/prot -d "client_id=$CLIENT_ID" \ -d "client_secret=$CLIENT_SECRET" | jq '.access_token') -echo $OCM_TOKEN > test/evals/ocm_token.txt +echo "$OCM_TOKEN" > test/evals/ocm_token.txt cd test/evals -#python eval.py --agent_endpoint "${AGENT_URL}:${AGENT_PORT}" \ No newline at end of file +#python eval.py --agent_endpoint "${AGENT_URL}:${AGENT_PORT}" diff --git a/test/prow/template.yaml b/test/prow/template.yaml index 7a962fe..b930f72 100644 --- a/test/prow/template.yaml +++ b/test/prow/template.yaml @@ -34,11 +34,6 @@ objects: secretKeyRef: key: ${SSL_CLIENT_SECRET_KEY} name: ${SSL_CLIENT_SECRET_NAME} - - name: GEMINI_API_KEY - valueFrom: - secretKeyRef: - key: ${GEMINI_API_SECRET_KEY_NAME} - name: ${GEMINI_API_SECRET_NAME} - name: AGENT_URL value: ${AGENT_URL} - name: AGENT_PORT @@ -74,8 +69,4 @@ parameters: value: http://assisted-chat - name: AGENT_PORT value: "8090" -- name: GEMINI_API_SECRET_NAME - value: gemini -- name: GEMINI_API_SECRET_KEY_NAME - value: api_key diff --git a/test/prow/template_patch.diff b/test/prow/template_patch.diff deleted file mode 100644 index 1ff2070..0000000 --- a/test/prow/template_patch.diff +++ /dev/null @@ -1,132 +0,0 @@ ---- template.yaml 2025-08-12 21:43:04.576023093 +0200 -+++ template.yaml 2025-08-13 13:29:34.487449455 +0200 -@@ -171,14 +171,6 @@ - inference: - default_model: ${LLAMA_STACK_2_0_FLASH_MODEL} - default_provider: ${LLAMA_STACK_INFERENCE_PROVIDER} -- database: -- postgres: -- host: ${env.ASSISTED_CHAT_POSTGRES_HOST} -- port: ${env.ASSISTED_CHAT_POSTGRES_PORT} -- db: ${env.ASSISTED_CHAT_POSTGRES_NAME} -- user: ${env.ASSISTED_CHAT_POSTGRES_USER} -- password: ${env.ASSISTED_CHAT_POSTGRES_PASSWORD} -- namespace: lightspeed-stack - system_prompt: | - You are OpenShift Lightspeed Intelligent Assistant - an intelligent virtual assistant and expert on all things related to OpenShift installation, configuration, and troubleshooting, specifically with the Assisted Installer. - -@@ -296,19 +288,12 @@ - provider_type: inline::meta-reference - config: - persistence_store: -- type: postgres -- host: ${env.ASSISTED_CHAT_POSTGRES_HOST} -- port: ${env.ASSISTED_CHAT_POSTGRES_PORT} -- db: ${env.ASSISTED_CHAT_POSTGRES_NAME} -- user: ${env.ASSISTED_CHAT_POSTGRES_USER} -- password: ${env.ASSISTED_CHAT_POSTGRES_PASSWORD} -+ type: sqlite -+ namespace: null -+ db_path: ${STORAGE_MOUNT_PATH}/sqlite/agents_store.db - responses_store: -- type: postgres -- host: ${env.ASSISTED_CHAT_POSTGRES_HOST} -- port: ${env.ASSISTED_CHAT_POSTGRES_PORT} -- db: ${env.ASSISTED_CHAT_POSTGRES_NAME} -- user: ${env.ASSISTED_CHAT_POSTGRES_USER} -- password: ${env.ASSISTED_CHAT_POSTGRES_PASSWORD} -+ type: sqlite -+ db_path: ${STORAGE_MOUNT_PATH}/sqlite/responses_store.db - telemetry: - - provider_id: meta-reference - provider_type: inline::meta-reference -@@ -336,12 +321,8 @@ - type: sqlite - db_path: ${STORAGE_MOUNT_PATH}/sqlite/registry.db - inference_store: -- type: postgres -- host: ${env.ASSISTED_CHAT_POSTGRES_HOST} -- port: ${env.ASSISTED_CHAT_POSTGRES_PORT} -- db: ${env.ASSISTED_CHAT_POSTGRES_NAME} -- user: ${env.ASSISTED_CHAT_POSTGRES_USER} -- password: ${env.ASSISTED_CHAT_POSTGRES_PASSWORD} -+ type: sqlite -+ db_path: ${STORAGE_MOUNT_PATH}/sqlite/registry.db - models: - - metadata: {} - model_id: ${LLAMA_STACK_2_0_FLASH_MODEL} -@@ -409,37 +390,6 @@ - value: ${LLAMA_STACK_OTEL_SERVICE_NAME} - - name: LLAMA_STACK_TELEMETRY_SINKS - value: ${LLAMA_STACK_TELEMETRY_SINKS} -- - name: ASSISTED_CHAT_POSTGRES_HOST -- valueFrom: -- secretKeyRef: -- name: ${ASSISTED_CHAT_DB_SECRET_NAME} -- key: db.host -- - name: ASSISTED_CHAT_POSTGRES_PORT -- valueFrom: -- secretKeyRef: -- name: ${ASSISTED_CHAT_DB_SECRET_NAME} -- key: db.port -- - name: ASSISTED_CHAT_POSTGRES_NAME -- valueFrom: -- secretKeyRef: -- name: ${ASSISTED_CHAT_DB_SECRET_NAME} -- key: db.name -- - name: ASSISTED_CHAT_POSTGRES_USER -- valueFrom: -- secretKeyRef: -- name: ${ASSISTED_CHAT_DB_SECRET_NAME} -- key: db.user -- - name: ASSISTED_CHAT_POSTGRES_PASSWORD -- valueFrom: -- secretKeyRef: -- name: ${ASSISTED_CHAT_DB_SECRET_NAME} -- key: db.password -- - name: ASSISTED_CHAT_POSTGRES_CA_CERT -- valueFrom: -- secretKeyRef: -- name: ${ASSISTED_CHAT_DB_SECRET_NAME} -- key: db.ca_cert -- optional: true - resources: - limits: - memory: ${MEMORY_LIMIT} -@@ -474,36 +424,6 @@ - periodSeconds: 10 - timeoutSeconds: 2 - -- - name: lightspeed-to-dataverse-exporter -- image: quay.io/lightspeed-core/lightspeed-to-dataverse-exporter:${LIGHTSPEED_EXPORTER_IMAGE_TAG} -- imagePullPolicy: Always -- args: -- - "--mode" -- - "manual" -- - "--config" -- - "/etc/config/config.yaml" -- - "--log-level" -- - "INFO" -- env: -- - name: INGRESS_SERVER_AUTH_TOKEN -- valueFrom: -- secretKeyRef: -- name: ${INSIGHTS_INGRESS_SECRET_NAME} -- key: auth_token -- resources: -- limits: -- memory: "512Mi" -- cpu: "200m" -- requests: -- memory: "256Mi" -- cpu: "100m" -- volumeMounts: -- - name: lightspeed-exporter-config -- mountPath: /etc/config/config.yaml -- subPath: config.yaml -- - name: data-storage -- mountPath: ${STORAGE_MOUNT_PATH} -- - volumes: - - name: lightspeed-config - configMap: