issue #1: GKE cluster using Terraform (first iteration) (#4)

* issue #1: GKE cluster using Terraform

* issue #1: Added vault to manage secrets

* issue #1: removed aws and azure provider it doesnt belong to this issue

* issue #1: removed unused cluster node pool

* issue #1: nachet-backend kubernetes deployment

* issue #1: added namespace to sa inside nachet deployment + finesse deployment

* increse proxy-read-timeout to 30m

* issue #1: kube-prometheus-stack (Prometheus, grafana and alertmanager)

* issue #1: Nachet deployment, with backend and frontend

* issue #1: updated the nachet backend image

* issue #1: fixed both ingress name for nachet

* issue #1: finesse frontend and backend deployed with our images from GCR

* issue #1: reviewed and added EOF on files

* issue #1: added new version to finesse-frontend

* issue #1: added github workflow

* issue #1: adding the workflow to the right folder

* issue #1: fixed md max line length

* issue #1: testing the workflow repo standard with applied patch

* issue #1: removed testing branch for repo standard action

* issue #1: testing the repo standard with new token

* issue #1: testing the repo standard with new token

* issue #1: EOF for workflow

* issue #1: fixed 413 error from frontend to backend

* issue #1: changed nachet images tag for PR number

* issue #1: changed README.md content

* issue #1: removed unused code

* issue #1: changed image version for finesse (default is main representing the develop branch)

* issue #1: changed default version of nachet-frontend

* deleted the GKE cluster

* added providers for the GKE cluster. Note: the cluster isn't supported anymore

* issue #1: fixed yaml linting error for nginx deployment

* issue #1: fixed yaml linting error for nginx deployment

* issue #1: fixed yaml linting error for nginx deployment

* issue #1: fixed some yaml linting error

.github/workflows/infra-ci-workflow.yaml → .github/workflows/workflow.yml

@@ -1,5 +1,4 @@
----
-name: Infra integration workflow
+name: Infrastructure integration workflow
 
 on:
   pull_request:
@@ -9,7 +8,6 @@ on:
       - synchronize
 
 jobs:
-
   markdown-check:
     uses:
       ai-cfia/github-workflows/.github/workflows/workflow-markdown-check.yml@76-as-a-devops-i-would-like-to-fix-the-markdown-lint-workflow

.mlc_config.json

@@ -0,0 +1,3 @@
+{
+    "aliveStatusCodes": [200,403]
+}

.vscode/extensions.json

@@ -0,0 +1,9 @@
+{
+	"recommendations": [
+		"stkb.rewrap",
+		"DavidAnson.vscode-markdownlint"
+	],
+	"unwantedRecommendations": [
+
+	]
+}

.vscode/settings.json

@@ -0,0 +1,6 @@
+{
+    "editor.rulers": [80],
+    "files.trimTrailingWhitespace": true,
+    "files.trimFinalNewlines": true,
+    "files.insertFinalNewline": true
+}

README.md

@@ -1,24 +1,31 @@
 # Infrastructure Repository for ACIA-CFIA AI-Lab
 
-This repository is dedicated to the infrastructure management of the ACIA-CFIA
-AI-Lab. It contains scripts, configurations, and documentation pertinent to
-infrastructure and DevOps practices within the lab, facilitating setup,
-deployment, and management across multiple cloud platforms including AWS, GCP,
-and Azure.
+This repository contains all the infrastructure used by the ACIA/CFIA AI Lab.
+In this repository, you can find the Kubernetes manifests that deploy each of
+the applications on the three different cloud providers: Google Cloud Platform
+(GCP), Amazon Web Services (AWS), and Azure.
 
-## Contents
+## Content
 
-Cross-Cloud Setup Scripts: Automation scripts for seamless configuration across
-AWS, GCP, and Azure, covering project initiation, billing account association,
-artifact repository orchestration, and service account setup. GitHub Repository
-Creation Guide: Detailed instructions for creating new repositories in alignment
-with ACIA-CFIA standards. Getting Started:
+- The Terraform configuration for the GCP cluster.
+- Kubernetes manifests used to deploy the following applications:
+    - [Nachet backend](https://github.com/ai-cfia/nachet-backend)
+    - [Nachet frontend](https://github.com/ai-cfia/nachet-frontend)
+    - [Finesse backend](https://github.com/ai-cfia/finesse-backend)
+    - [Finesse frontend](https://github.com/ai-cfia/finesse-frontend)
+- Configuration for Vault, Grafana, Prometheus, Alert Manager, Ingress NGINX,
+and Cert Manager to meet our requirements.
 
-## Clone this repository
+## Tooling
 
-1. Navigate to the desired script or documentation.
-2. Follow the provided instructions.
-3. Related Repositories:
+- [Hashicorp Vault](https://www.vaultproject.io/)
+- [Grafana](https://grafana.com/)
+- [Prometheus](https://prometheus.io/docs/visualization/grafana/)
+- [Alert manager](https://github.com/prometheus/alertmanager)
+- [Cert manager](https://cert-manager.io/)
+- [Ingress NGINX](https://docs.nginx.com/nginx-ingress-controller/)
+- [OTEL](https://opentelemetry.io/)
 
-Dev-Rel-Docs: Contains introductory files and documentation related to developer
-relations at ACIA-CFIA AI-Lab.
+## Liens utiles
+
+[ai-cfia github container registry](https://github.com/orgs/ai-cfia/packages)

kubernetes/apps/demo/nginx-deployment.yml

@@ -0,0 +1,89 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: nginx
+  labels:
+    name: nginx
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  namespace: nginx
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+        - name: nginx
+          image: nginx:1.14.2
+          ports:
+            - containerPort: 80
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx
+  namespace: nginx
+spec:
+  clusterIP: None
+  selector:
+    app: nginx
+  ports:
+    - protocol: TCP
+      port: 80
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nginx-ingress
+  namespace: nginx
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-http
+    ingress.kubernetes.io/force-ssl-redirect: "true"
+    kubernetes.io/tls-acme: "true"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - nginx.ninebasetwo.xyz
+      secretName: aciacfia-tls
+  rules:
+    - host: nginx.ninebasetwo.xyz
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: nginx
+                port:
+                  number: 80
+
+# ---
+# apiVersion: gateway.networking.k8s.io/v1beta1
+# kind: HTTPRoute
+# metadata:
+#   name: nginx-http-route
+#   namespace: nginx
+# spec:
+#   parentRefs:
+#   - name: gateway-gke-l7-rilb
+#   rules:
+#   - matches:
+#     - path:
+#         type: PathPrefix
+#         value: "/"
+#     backendRefs:
+#     - name: nginx
+#       port: 80

kubernetes/apps/finesse/finesse-backend-deployment.yml

@@ -0,0 +1,77 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: secrets-reader
+  namespace: finesse
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: finesse-backend
+  namespace: finesse
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: finesse-backend
+  template:
+    metadata:
+      labels:
+        app: finesse-backend
+      annotations:
+        vault.hashicorp.com/agent-inject: 'true'
+        vault.hashicorp.com/role: 'secrets-reader'
+        vault.hashicorp.com/tls-skip-verify: 'true'
+        vault.hashicorp.com/agent-inject-template-.env: |
+          {{- with secret "apps/finesse" -}}
+          AZURE_OPENAI_CHATGPT_DEPLOYMENT="{{ .Data.data.AZURE_OPENAI_CHATGPT_DEPLOYMENT }}"
+          AZURE_OPENAI_GPT_DEPLOYMENT="{{ .Data.data.AZURE_OPENAI_GPT_DEPLOYMENT }}"
+          FINESSE_BACKEND_AZURE_SEARCH_API_KEY="{{ .Data.data.FINESSE_BACKEND_AZURE_SEARCH_API_KEY }}"
+          FINESSE_BACKEND_AZURE_SEARCH_ENDPOINT="{{ .Data.data.FINESSE_BACKEND_AZURE_SEARCH_ENDPOINT }}"
+          FINESSE_BACKEND_AZURE_SEARCH_INDEX_NAME="{{ .Data.data.FINESSE_BACKEND_AZURE_SEARCH_INDEX_NAME }}"
+          FINESSE_BACKEND_GITHUB_STATIC_FILE_URL="{{ .Data.data.FINESSE_BACKEND_GITHUB_STATIC_FILE_URL }}"
+          FINESSE_BACKEND_STATIC_FILE_URL="{{ .Data.data.FINESSE_BACKEND_STATIC_FILE_URL }}"
+          FINESSE_BACKEND_DEBUG_MODE="{{ .Data.data.FINESSE_BACKEND_DEBUG_MODE }}"
+          FINESSE_WEIGHTS="{{ .Data.data.FINESSE_WEIGHTS }}"
+          LOUIS_DSN="{{ .Data.data.LOUIS_DSN }}"
+          LOUIS_SCHEMA="{{ .Data.data.LOUIS_SCHEMA }}"
+          OPENAI_API_ENGINE="{{ .Data.data.OPENAI_API_ENGINE }}"
+          OPENAI_API_KEY="{{ .Data.data.OPENAI_API_KEY }}"
+          OPENAI_API_VERSION="{{ .Data.data.OPENAI_API_VERSION }}"
+          OPENAI_ENDPOINT="{{ .Data.data.OPENAI_ENDPOINT }}"
+          {{- end }}
+    spec:
+      serviceAccountName: secrets-reader
+      containers:
+      - name: finesse-backend
+        image: ghcr.io/ai-cfia/finesse-backend:main
+        imagePullPolicy: Always
+        command: ["/bin/sh", "-c"]
+        args:
+        - >
+          cp /vault/secrets/.env . &&
+          gunicorn --bind :8080 --workers 1 --threads 8 --timeout 0 --forwarded-allow-ips "*" app:app
+        ports:
+        - containerPort: 8080
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+          initialDelaySeconds: 60
+          periodSeconds: 10
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: finesse-backend-svc
+  namespace: finesse
+spec:
+  clusterIP: None
+  selector:
+    app: finesse-backend
+  ports:
+    - protocol: TCP
+      port: 8080

kubernetes/apps/finesse/finesse-frontend-deployment.yml

@@ -0,0 +1,43 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: finesse-frontend
+  namespace: finesse
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: finesse-frontend
+  template:
+    metadata:
+      labels:
+        app: finesse-frontend
+    spec:
+      serviceAccountName: secrets-reader
+      containers:
+      - name: finesse-frontend
+        image: ghcr.io/ai-cfia/finesse-frontend:main
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 3000
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 3000
+          initialDelaySeconds: 60
+          periodSeconds: 10
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: finesse-frontend-svc
+  namespace: finesse
+spec:
+  clusterIP: None
+  selector:
+    app: finesse-frontend
+  ports:
+    - protocol: TCP
+      port: 3000