ci(compose,helm): add artifact-backend-worker (#1424)

This commit

- adds artifact-backend-worker in the deployment suite.

Author: pinglin

.env.secrets.component

@@ -1,6 +1,9 @@
 # Provide your API key for the AI vendors so that you can set the components up
 # with default credentials.
 
+# Gemini API key is needed for the RAG feature in artifact-backend.
+CFG_RAG_MODEL_GEMINI_APIKEY=
+
 # OpenAI key is needed for the embedding feature in artifact-backend.
 CFG_COMPONENT_SECRETS_OPENAI_APIKEY=
 

charts/core/README.md

@@ -1,6 +1,6 @@
 # core
 
-![Version: 0.1.65](https://img.shields.io/badge/Version-0.1.65-informational?style=flat-square) ![AppVersion: 0.54.0](https://img.shields.io/badge/AppVersion-0.54.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.1.70](https://img.shields.io/badge/Version-0.1.70-informational?style=flat-square) ![AppVersion: 0.58.0](https://img.shields.io/badge/AppVersion-0.58.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 The Helm chart of Instill Core
 

charts/core/templates/_helpers.tpl

@@ -148,6 +148,13 @@ artifact-backend
 {{- printf "%s-artifact-backend" (include "core.fullname" .) -}}
 {{- end -}}
 
+{{/*
+artifact-backend-worker
+*/}}
+{{- define "core.artifactBackendWorker" -}}
+  {{- printf "%s-artifact-backend-worker" (include "core.fullname" .) -}}
+{{- end -}}
+
 {{/* artifact-backend service and container public port */}}
 {{- define "core.artifactBackend.publicPort" -}}
 {{- printf "8082" -}}

charts/core/templates/artifact-backend/configmap.yaml

@@ -60,6 +60,12 @@ data:
     openfga:
       host: {{ include "core.openfga" . }}
       port: 8081
+    temporal:
+      hostport: {{ default (printf "%s:%s" (include "temporal.host" .) (include "temporal.frontend.grpcPort" .)) .Values.artifactBackend.temporal.hostPort }}
+      namespace: {{ default "instill-core" .Values.artifactBackend.temporal.namespace }}
+      apikey: {{ default "" .Values.artifactBackend.temporal.apiKey }}
+      insecureskipverify: {{ default "true" .Values.artifactBackend.temporal.insecureSkipVerify }}
+      metricsport: {{ include "temporal.frontend.metricsPort" . }}
     registry:
       host: {{ include "core.registry" . }}
       port: {{ include "core.registry.port" . }}

charts/core/templates/artifact-backend/deployment.yaml

@@ -182,3 +182,128 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "core.artifactBackendWorker" . }}
+  labels:
+    {{- include "core.labels" . | nindent 4 }}
+    app.kubernetes.io/component: artifact-backend-worker
+  annotations:
+    rollme: {{ randAlphaNum 5 | quote }}
+    {{- with .Values.artifactBackendWorker.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  strategy:
+    type: {{ .Values.updateStrategy.type }}
+    {{- if eq .Values.updateStrategy.type "RollingUpdate" }}
+    rollingUpdate:
+      maxSurge: {{ .Values.updateStrategy.rollingUpdate.maxSurge }}
+      maxUnavailable: {{ .Values.updateStrategy.rollingUpdate.maxUnavailable }}
+    {{- else}}
+    rollingUpdate: null
+    {{- end }}
+  {{- if not .Values.artifactBackendWorker.autoscaling.enabled }}
+  replicas: {{ .Values.artifactBackendWorker.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "core.matchLabels" . | nindent 6 }}
+      app.kubernetes.io/component: artifact-backend-worker
+  template:
+    metadata:
+      labels:
+        {{- include "core.matchLabels" . | nindent 8 }}
+        app.kubernetes.io/component: artifact-backend-worker
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/artifact-backend/configmap.yaml") . | sha256sum }}
+        {{- with .Values.artifactBackendWorker.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      # Distroless nonroot:nonroot is 65532:65532
+      securityContext:
+        runAsUser: 65532
+        runAsGroup: 65532
+      {{- if .Values.artifactBackend.serviceAccountName }}
+      serviceAccountName: {{ .Values.artifactBackend.serviceAccountName }}
+      {{- end }}
+      automountServiceAccountToken: {{ .Values.artifactBackend.automountServiceAccountToken | default false }}
+      terminationGracePeriodSeconds: 120
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      initContainers:
+        {{- with .Values.artifactBackendWorker.extraInitFirstContainers }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+        {{- if .Values.database.enabled }}
+        - name: wait-for-db
+          image: {{ .Values.database.image.repository }}:{{ .Values.database.image.tag }}
+          imagePullPolicy: {{ $.Values.database.image.pullPolicy }}
+          command: ['sh', '-c', "until pg_isready; do echo waiting for db; sleep 2; done"]
+          env:
+            - name: PGHOST
+              value: {{ include "core.database" . }}
+            - name: PGUSER
+              value: {{ include "core.database.username" . }}
+        {{- end }}
+        - name: wait-for-dependencies
+          image: curlimages/curl:8.00.1
+          command: ['sh', '-c']
+          args:
+          - >
+            while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' ${ARTIFACT_BACKEND_HOST}:${ARTIFACT_BACKEND_PORT}/v1alpha/health/artifact)" != "200" ]]; do echo waiting for artifact-backend; sleep 1; done
+          env:
+            - name: ARTIFACT_BACKEND_HOST
+              value: "{{ include "core.artifactBackend" . }}"
+            - name: ARTIFACT_BACKEND_PORT
+              value: "{{ include "core.artifactBackend.publicPort" . }}"
+        {{- with .Values.artifactBackend.extraInitContainers }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      containers:
+        - name: artifact-backend-worker
+          image: {{ .Values.artifactBackend.image.repository }}:{{ .Values.artifactBackend.image.tag }}
+          imagePullPolicy: {{ .Values.artifactBackend.image.pullPolicy }}
+          livenessProbe:
+            tcpSocket:
+              port: rpc
+          {{- if .Values.artifactBackendWorker.resources }}
+          resources:
+            {{- toYaml .Values.artifactBackendWorker.resources | nindent 12 }}
+          {{- end }}
+          command: ["./{{ .Values.artifactBackendWorker.commandName.worker }}"]
+          env:
+          {{- if .Values.artifactBackendWorker.extraEnv }}
+            {{- toYaml .Values.artifactBackendWorker.extraEnv | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: config
+              mountPath: {{ .Values.artifactBackend.configPath }}
+              subPath: config.yaml
+            {{- with .Values.artifactBackend.extraVolumeMounts }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
+      volumes:
+        - name: config
+          configMap:
+            name: {{ include "core.artifactBackend" . }}
+        {{- with .Values.artifactBackend.extraVolumes }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      {{- with .Values.artifactBackendWorker.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.artifactBackendWorker.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.artifactBackendWorker.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

charts/core/templates/artifact-backend/hpa.yml

@@ -3,14 +3,14 @@ apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
   name: {{ include "core.artifactBackend" . }}
+  labels:
+    {{- include "core.labels" . | nindent 4 }}
+    app.kubernetes.io/component: artifact-backend
 spec:
   scaleTargetRef:
     apiVersion: apps/v1
     kind: Deployment
     name: {{ include "core.artifactBackend" . }}
-    labels:
-    {{- include "core.labels" . | nindent 4 }}
-    app.kubernetes.io/component: artifact-backend
   minReplicas: {{ .Values.artifactBackend.autoscaling.minReplicas }}
   maxReplicas: {{ .Values.artifactBackend.autoscaling.maxReplicas }}
   metrics:
@@ -31,3 +31,37 @@ spec:
           averageUtilization: {{ . }}
 {{- end }}
 {{- end }}
+---
+{{- if .Values.artifactBackendWorker.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "core.artifactBackendWorker" . }}
+  labels:
+    {{- include "core.labels" . | nindent 4 }}
+    app.kubernetes.io/component: artifact-backend-worker
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "core.artifactBackendWorker" . }}
+  minReplicas: {{ .Values.artifactBackendWorker.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.artifactBackendWorker.autoscaling.maxReplicas }}
+  metrics:
+{{- with .Values.artifactBackendWorker.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ . }}
+{{- end }}
+{{- with .Values.artifactBackendWorker.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ . }}
+{{- end }}
+{{- end }}

charts/core/templates/pipeline-backend/configmap.yaml

@@ -89,7 +89,7 @@ data:
       namespace: {{ default "instill-core" .Values.pipelineBackend.temporal.namespace }}
       apikey: {{ default "" .Values.pipelineBackend.temporal.apiKey }}
       insecureskipverify: {{ default "true" .Values.pipelineBackend.temporal.insecureSkipVerify }}
-      metricsport: 9090
+      metricsport: {{ include "temporal.frontend.metricsPort" . }}
     otelcollector:
       enable: {{ index .Values "opentelemetry-collector" "enabled" }}
       host: {{ include "core.otel" . }}

charts/core/values.yaml

@@ -620,6 +620,12 @@ artifactBackend:
   configPath: /artifact-backend/config/config.yaml
   # -- The host of instill-core
   instillCoreHost:
+  # -- The configuration of Temporal
+  temporal:
+    hostPort:
+    namespace:
+    apiKey:
+    insecureSkipVerify:
   # -- Set the service account to be used, default if left empty
   serviceAccountName: ""
   # -- Mount the service account token
@@ -679,6 +685,57 @@ artifactBackend:
   numberOfWorkers: 20
   blob:
     hostport: http://localhost:8080
+artifactBackendWorker:
+  # -- Annotation for deployment
+  annotations: {}
+  # -- The command names to be executed
+  commandName:
+    worker: artifact-backend-worker
+  # -- The path of configuration file for artifact-backend-worker
+  configPath: /artifact-backend/config/config.yaml
+  # -- The number of replica for artifact-backend-worker
+  replicaCount: 1
+  # -- Add extra env variables
+  extraEnv: []
+  # -- Mount external volumes
+  # For example, mount a secret containing Certificate root CA to verify database
+  # TLS connection.
+  extraVolumes: []
+  # - name: my-volume
+  #   secret:
+  #     secretName: my-secret
+  extraVolumeMounts: []
+  # - name: my-volume
+  #   mountPath: /etc/secrets/my-secret
+  #   readOnly: true
+  # -- Add extra init first containers
+  extraInitFirstContainers: []
+  # extraInitFirstContainers:
+  #  - name: ...
+  #    image: ...
+  # -- Add extra init containers
+  extraInitContainers: []
+  # extraInitContainers:
+  #  - name: ...
+  #    image: ...
+  # -- Additional pod annotations
+  podAnnotations: {}
+  # -- The pod resource
+  resources: {}
+  nodeSelector: {}
+  tolerations: []
+  affinity: {}
+  autoscaling:
+    enabled: false
+    minReplicas:
+    maxReplicas:
+    targetCPUUtilizationPercentage:
+    targetMemoryUtilizationPercentage:
+  podDisruptionBudget:
+    enabled: false
+    spec:
+      minAvailable:
+      maxUnavailable:
 # -- The configuration of console
 console:
   # -- Enable console deployment or not
@@ -1034,7 +1091,12 @@ openfga:
       - name: wait-for-db
         image: postgres:15-alpine
         imagePullPolicy: IfNotPresent
-        command: ["sh", "-c", "until pg_isready; do echo waiting for db; sleep 2; done"]
+        command:
+          [
+            "sh",
+            "-c",
+            "until pg_isready; do echo waiting for db; sleep 2; done",
+          ]
         env:
           - name: PGHOST
             value: "core-database"

docker-compose-dev.yml

@@ -28,6 +28,11 @@ services:
       - ${ARTIFACT_BACKEND_HOST_PRIVATEPORT}:${ARTIFACT_BACKEND_PRIVATEPORT}
       - ${ARTIFACT_BACKEND_HOST_PUBLICPORT}:${ARTIFACT_BACKEND_PUBLICPORT}
 
+  artifact_backend_worker:
+    environment:
+      CFG_SERVER_DEBUG: "true"
+      CFG_SERVER_EDITION: ${EDITION}
+
   model_backend:
     environment:
       CFG_SERVER_DEBUG: "true"

docker-compose.yml

@@ -164,6 +164,7 @@ services:
     container_name: ${ARTIFACT_BACKEND_HOST}
     image: ${ARTIFACT_BACKEND_IMAGE}:${ARTIFACT_BACKEND_VERSION}
     restart: unless-stopped
+    env_file: ${ENV_SECRETS_COMPONENT}
     environment:
       CFG_SERVER_PRIVATEPORT: ${ARTIFACT_BACKEND_PRIVATEPORT}
       CFG_SERVER_PUBLICPORT: ${ARTIFACT_BACKEND_PUBLICPORT}
@@ -212,6 +213,40 @@ services:
       pipeline_backend:
         condition: service_healthy
 
+  artifact_backend_worker:
+    pull_policy: missing
+    container_name: ${ARTIFACT_BACKEND_HOST}-worker
+    image: ${ARTIFACT_BACKEND_IMAGE}:${ARTIFACT_BACKEND_VERSION}
+    restart: unless-stopped
+    env_file: ${ENV_SECRETS_COMPONENT}
+    environment:
+      CFG_SERVER_PRIVATEPORT: ${ARTIFACT_BACKEND_PRIVATEPORT}
+      CFG_SERVER_PUBLICPORT: ${ARTIFACT_BACKEND_PUBLICPORT}
+      CFG_SERVER_DEBUG: "false"
+      CFG_SERVER_USAGE_ENABLED: ${USAGE_ENABLED}
+      CFG_SERVER_INSTILLCOREHOST: http://${INSTILL_CORE_HOST}:${API_GATEWAY_PORT}
+      CFG_SERVER_EDITION: ${EDITION}
+      CFG_MGMTBACKEND_HOST: ${MGMT_BACKEND_HOST}
+      CFG_MGMTBACKEND_PUBLICPORT: ${MGMT_BACKEND_PUBLICPORT}
+      CFG_MGMTBACKEND_PRIVATEPORT: ${MGMT_BACKEND_PRIVATEPORT}
+      CFG_PIPELINEBACKEND_HOST: ${PIPELINE_BACKEND_HOST}
+      CFG_PIPELINEBACKEND_PUBLICPORT: ${PIPELINE_BACKEND_PUBLICPORT}
+      CFG_PIPELINEBACKEND_PRIVATEPORT: ${PIPELINE_BACKEND_PRIVATEPORT}
+      CFG_MODELBACKEND_HOST: ${MODEL_BACKEND_HOST}
+      CFG_MODELBACKEND_PUBLICPORT: ${MODEL_BACKEND_PUBLICPORT}
+      CFG_MODELBACKEND_PRIVATEPORT: ${MODEL_BACKEND_PRIVATEPORT}
+      CFG_REGISTRY_HOST: ${REGISTRY_HOST}
+      CFG_REGISTRY_PORT: ${REGISTRY_PORT}
+      CFG_DATABASE_HOST: ${POSTGRESQL_HOST}
+      CFG_DATABASE_PORT: ${POSTGRESQL_PORT}
+      CFG_DATABASE_USERNAME: postgres
+      CFG_DATABASE_PASSWORD: password
+      CFG_INFLUXDB_URL: http://${INFLUXDB_HOST}:${INFLUXDB_PORT}
+    entrypoint: ./artifact-backend-worker
+    depends_on:
+      artifact_backend:
+        condition: service_healthy
+
   model_backend:
     pull_policy: missing
     container_name: ${MODEL_BACKEND_HOST}