issue #1: GKE cluster using Terraform (first iteration)

.github/workflows/workflow.yml

@@ -0,0 +1,18 @@
+name: Ai-cfia repo standard and markdown check
+
+on: 
+  pull_request:
+    types:
+      - opened
+      - closed
+      - synchronize
+
+jobs:
+  repo-standard:
+    uses: ai-cfia/github-workflows/.github/workflows/workflow-repo-standards-validation.yml@main
+    secrets: inherit
+
+  markdown-check:
+    uses: ai-cfia/github-workflows/.github/workflows/workflow-markdown-check.yml@main
+    with:
+      config-file-path: '.mlc_config.json'

.mlc_config.json

@@ -0,0 +1,3 @@
+{
+    "aliveStatusCodes": [999,200,403]
+}

.vscode/extensions.json

@@ -0,0 +1,9 @@
+{
+	"recommendations": [
+		"stkb.rewrap",
+		"DavidAnson.vscode-markdownlint"
+	],
+	"unwantedRecommendations": [
+
+	]
+}

.vscode/settings.json

@@ -0,0 +1,6 @@
+{
+    "editor.rulers": [80],
+    "files.trimTrailingWhitespace": true,
+    "files.trimFinalNewlines": true,
+    "files.insertFinalNewline": true
+}

README.md

@@ -1,16 +1,31 @@
 # Infrastructure Repository for ACIA-CFIA AI-Lab
 
-This repository is dedicated to the infrastructure management of the ACIA-CFIA AI-Lab. It contains scripts, configurations, and documentation pertinent to infrastructure and DevOps practices within the lab, facilitating setup, deployment, and management across multiple cloud platforms including AWS, GCP, and Azure.
+This repository contains all the infrastructure used by the ACIA/CFIA AI Lab.
+In this repository, you can find the Kubernetes manifests that deploy each of
+the applications on the three different cloud providers: Google Cloud Platform
+(GCP), Amazon Web Services (AWS), and Azure.
 
-## Contents:
+## Content
 
-Cross-Cloud Setup Scripts: Automation scripts for seamless configuration across AWS, GCP, and Azure, covering project initiation, billing account association, artifact repository orchestration, and service account setup.
-GitHub Repository Creation Guide: Detailed instructions for creating new repositories in alignment with ACIA-CFIA standards.
-Getting Started:
+- The Terraform configuration for the GCP cluster.
+- Kubernetes manifests used to deploy the following applications:
+    - [Nachet backend](https://github.com/ai-cfia/nachet-backend)
+    - [Nachet frontend](https://github.com/ai-cfia/nachet-frontend)
+    - [Finesse backend](https://github.com/ai-cfia/finesse-backend)
+    - [Finesse frontend](https://github.com/ai-cfia/finesse-frontend)
+- Configuration for Vault, Grafana, Prometheus, Alert Manager, Ingress NGINX,
+and Cert Manager to meet our requirements.
 
-## Clone this repository.
-1. Navigate to the desired script or documentation.
-2. Follow the provided instructions.
-3. Related Repositories:
+## Tooling
 
-Dev-Rel-Docs: Contains introductory files and documentation related to developer relations at ACIA-CFIA AI-Lab.
+- [Hashicorp Vault](https://www.vaultproject.io/)
+- [Grafana](https://grafana.com/)
+- [Prometheus](https://prometheus.io/docs/visualization/grafana/)
+- [Alert manager](https://github.com/prometheus/alertmanager)
+- [Cert manager](https://cert-manager.io/)
+- [Ingress NGINX](https://docs.nginx.com/nginx-ingress-controller/)
+- [OTEL](https://opentelemetry.io/)
+
+## Liens utiles
+
+[ai-cfia github container registry](https://github.com/orgs/ai-cfia/packages)

kubernetes/apps/demo/nginx-deployment.yml

@@ -0,0 +1,88 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: nginx
+  labels:
+    name: nginx
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  namespace: nginx
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.14.2
+        ports:
+        - containerPort: 80
+
+---
+apiVersion: v1
+kind: Service 
+metadata:
+  name: nginx
+  namespace: nginx
+spec:
+  clusterIP: None
+  selector:
+    app: nginx
+  ports:
+    - protocol: TCP
+      port: 80
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nginx-ingress
+  namespace: nginx
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-http
+    ingress.kubernetes.io/force-ssl-redirect: "true"
+    kubernetes.io/tls-acme: "true"
+spec:
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - nginx.ninebasetwo.xyz
+    secretName: aciacfia-tls
+  rules:
+  - host: nginx.ninebasetwo.xyz
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: nginx
+            port:
+              number: 80
+
+# ---
+# apiVersion: gateway.networking.k8s.io/v1beta1
+# kind: HTTPRoute
+# metadata:
+#   name: nginx-http-route
+#   namespace: nginx
+# spec:
+#   parentRefs:
+#   - name: gateway-gke-l7-rilb
+#   rules:
+#   - matches:
+#     - path:
+#         type: PathPrefix
+#         value: "/"
+#     backendRefs:
+#     - name: nginx
+#       port: 80

kubernetes/apps/finesse/finesse-backend-deployment.yml

@@ -0,0 +1,76 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: secrets-reader
+  namespace: finesse
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: finesse-backend
+  namespace: finesse
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: finesse-backend
+  template:
+    metadata:
+      labels:
+        app: finesse-backend
+      annotations:
+        vault.hashicorp.com/agent-inject: 'true'
+        vault.hashicorp.com/role: 'secrets-reader'
+        vault.hashicorp.com/tls-skip-verify: 'true'
+        vault.hashicorp.com/agent-inject-template-.env: |
+          {{- with secret "apps/finesse" -}}
+          AZURE_OPENAI_CHATGPT_DEPLOYMENT="{{ .Data.data.AZURE_OPENAI_CHATGPT_DEPLOYMENT }}"
+          AZURE_OPENAI_GPT_DEPLOYMENT="{{ .Data.data.AZURE_OPENAI_GPT_DEPLOYMENT }}"
+          FINESSE_BACKEND_AZURE_SEARCH_API_KEY="{{ .Data.data.FINESSE_BACKEND_AZURE_SEARCH_API_KEY }}"
+          FINESSE_BACKEND_AZURE_SEARCH_ENDPOINT="{{ .Data.data.FINESSE_BACKEND_AZURE_SEARCH_ENDPOINT }}"
+          FINESSE_BACKEND_AZURE_SEARCH_INDEX_NAME="{{ .Data.data.FINESSE_BACKEND_AZURE_SEARCH_INDEX_NAME }}"
+          FINESSE_BACKEND_GITHUB_STATIC_FILE_URL="{{ .Data.data.FINESSE_BACKEND_GITHUB_STATIC_FILE_URL }}"
+          FINESSE_BACKEND_STATIC_FILE_URL="{{ .Data.data.FINESSE_BACKEND_STATIC_FILE_URL }}"
+          FINESSE_BACKEND_DEBUG_MODE="{{ .Data.data.FINESSE_BACKEND_DEBUG_MODE }}"
+          FINESSE_WEIGHTS="{{ .Data.data.FINESSE_WEIGHTS }}"
+          LOUIS_DSN="{{ .Data.data.LOUIS_DSN }}"
+          LOUIS_SCHEMA="{{ .Data.data.LOUIS_SCHEMA }}"
+          OPENAI_API_ENGINE="{{ .Data.data.OPENAI_API_ENGINE }}"
+          OPENAI_API_KEY="{{ .Data.data.OPENAI_API_KEY }}"
+          OPENAI_API_VERSION="{{ .Data.data.OPENAI_API_VERSION }}"
+          OPENAI_ENDPOINT="{{ .Data.data.OPENAI_ENDPOINT }}"
+          {{- end }}
+    spec:
+      serviceAccountName: secrets-reader
+      containers:
+      - name: finesse-backend
+        image: ghcr.io/ai-cfia/finesse-backend:main
+        imagePullPolicy: Always
+        command: ["/bin/sh", "-c"]
+        args:
+        - >
+          cp /vault/secrets/.env . &&
+          gunicorn --bind :8080 --workers 1 --threads 8 --timeout 0 --forwarded-allow-ips "*" app:app
+        ports:
+        - containerPort: 8080
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+          initialDelaySeconds: 60
+          periodSeconds: 10
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: finesse-backend-svc
+  namespace: finesse
+spec:
+  clusterIP: None
+  selector:
+    app: finesse-backend
+  ports:
+    - protocol: TCP
+      port: 8080

kubernetes/apps/finesse/finesse-frontend-deployment.yml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: finesse-frontend
+  namespace: finesse
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: finesse-frontend
+  template:
+    metadata:
+      labels:
+        app: finesse-frontend
+    spec:
+      serviceAccountName: secrets-reader
+      containers:
+      - name: finesse-frontend
+        image: ghcr.io/ai-cfia/finesse-frontend:main
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 3000
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 3000
+          initialDelaySeconds: 60
+          periodSeconds: 10
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: finesse-frontend-svc
+  namespace: finesse
+spec:
+  clusterIP: None
+  selector:
+    app: finesse-frontend
+  ports:
+    - protocol: TCP
+      port: 3000