Merge pull request #375 from Gregory-Pereira/model-endpoints-healthch…

…eck-sidecar

implementing healthcheck sidecar and probe

.env.github.example

@@ -19,3 +19,5 @@ IL_MERLINITE_MODEL_NAME=<MERLINITE_MODEL_NAME>
 IL_ENABLE_DEV_MODE=true #Enable this option if you want to enable UI features that helps in development, such as form Auto-Fill feature.
 
 NEXT_PUBLIC_EXPERIMENTAL_FEATURES=false
+
+SLACK_WEBHOOK_URL=

.github/workflows/pr-healthcheck-sidecar-image.yml

@@ -0,0 +1,167 @@
+name: Publish QA Healthcheck Sidecar Container Images
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "healthcheck-sidecar/*"
+      - "!healthcheck-sidecar/stubbed_model_server.py"
+
+env:
+  GHCR_REGISTRY: ghcr.io
+  GHCR_HS_IMAGE_NAME: "${{ github.repository }}/healthcheck-sidecar"
+  QUAY_REGISTRY: quay.io
+  QUAY_HS_IMAGE_NAME: instructlab-ui/healthcheck-sidecar
+
+jobs:
+  build_and_publish_hs_qa_image:
+    name: Push QA Healthcheck Sidecar container image to GHCR and QUAY
+    runs-on: ubuntu-latest
+    environment: registry-creds
+    permissions:
+      packages: write
+      contents: write
+      attestations: write
+      id-token: write
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.BOT_PAT }}
+          ref: 'main'
+
+      - name: Log in to the GHCR container image registry
+        uses: docker/login-action@v3
+        with:
+          registry: "${{ env.GHCR_REGISTRY }}"
+          username: "${{ github.actor }}"
+          password: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Log in to the Quay container image registry
+        uses: docker/login-action@v3
+        with:
+          registry: "${{ env.QUAY_REGISTRY }}"
+          username: "${{ secrets.QUAY_USERNAME }}"
+          password: "${{ secrets.QUAY_TOKEN }}"
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Cache Docker layers
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.buildx-cache
+          key: "${{ runner.os }}-buildx-${{ github.sha }}"
+          restore-keys: |
+            "${{ runner.os }}-buildx-"
+
+      - name: Get Pull Request Number from Commit
+        id: get_pr_number
+        uses: actions/github-script@v7
+        with:
+          script: |
+            console.log("Repository owner:", context.repo.owner);
+            console.log("Repository name:", context.repo.repo);
+            console.log("Current commit SHA:", context.sha);
+
+            const prs = await github.rest.pulls.list({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              state: 'closed',
+              sort: 'updated',
+              direction: 'desc'
+            });
+            console.log("Number of closed PRs fetched:", prs.data.length);
+
+            for (const pr of prs.data) {
+              console.log("Checking PR #", pr.number, "- Merged:");
+              if (pr.merged_at != "") {
+                console.log("Found merged PR:", pr.number);
+                return pr.number;
+              }
+            }
+
+            console.log("No merged PR found in the recent closed PRs.");
+            return '';
+
+      - name: Extract GHCR metadata (tags, labels) for HS image
+        id: ghcr_hs_meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_HS_IMAGE_NAME }}
+
+      - name: Extract Quay metadata (tags, labels) for HS image
+        id: quay_hs_meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_HS_IMAGE_NAME }}
+
+      - name: Build and push HS image to GHCR
+        id: push-hs-ghcr
+        uses: docker/build-push-action@v6
+        with:
+          context: healthcheck-sidecar
+          push: true
+          tags: |-
+            "${{ steps.ghcr_hs_meta.outputs.tags }}"
+            "${{ env.GHCR_REGISTRY }}/${{ env.GHCR_HS_IMAGE_NAME }}:pr-${{ steps.get_pr_number.outputs.result }}"
+          labels: ${{ steps.ghcr_hs_meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          file: healthcheck-sidecar/Containerfile
+
+      - name: Generate GHCR artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_HS_IMAGE_NAME}}
+          subject-digest: ${{ steps.push-hs-ghcr.outputs.digest }}
+          push-to-registry: true
+
+      - name: Build and push HS image to QUAY
+        id: push-hs-quay
+        uses: docker/build-push-action@v6
+        with:
+          context: healthcheck-sidecar
+          push: true
+          tags: |-
+            "${{ steps.quay_hs_meta.outputs.tags }}"
+            "${{ env.QUAY_REGISTRY }}/${{ env.QUAY_HS_IMAGE_NAME }}:pr-${{ steps.get_pr_number.outputs.result }}"
+          labels: ${{ steps.quay_hs_meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          file: healthcheck-sidecar/Containerfile
+
+      - name: Generate QA HS Quay artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_HS_IMAGE_NAME}}
+          subject-digest: ${{ steps.push-hs-quay.outputs.digest }}
+          push-to-registry: true
+
+      - name: Update coderefs before code changes
+        run: |-
+          git pull --ff-only
+
+      - name: Update QA Quay HS image
+        id: update_qa_hs_manifest_image
+        env:
+          PR_TAG:  "pr-${{ steps.get_pr_number.outputs.result }}"
+        run: |-
+          sudo wget https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64 -O /usr/local/bin/yq
+          sudo chmod +x /usr/local/bin/yq
+          yq -i '
+            (.images[] | select(.name == "quay.io/${{ env.QUAY_HS_IMAGE_NAME }}") | .newTag) = env(PR_TAG)
+          ' deploy/k8s/overlays/openshift/qa/kustomization.yaml
+
+      - name: Commit and push bump QA HS Image manifest
+        run: |-
+          git config user.name "platform-engineering-bot"
+          git config user.email "[email protected]"
+          git add deploy/k8s/overlays/openshift/qa/kustomization.yaml
+          git commit -m "[CI AUTOMATION]: Bumping QA HS image to tag: pr-${{ steps.get_pr_number.outputs.result }}" -s
+          git push origin main
+

.gitignore

@@ -20,8 +20,7 @@ auth.log
 tsconfig.tsbuildinfo
 .idea
 .vscode
-ui.pid
-pathservice.pid
+*.pid
 /test-results/
 /playwright-report/
 /blob-report/
@@ -34,4 +33,5 @@ deploy/k8s/overlays/openshift/umami/qa/umami-secret.yaml
 deploy/k8s/overlays/openshift/umami/prod/umami-secret.yaml
 deploy/podman/github/secret.yaml
 deploy/podman/native/secret.yaml
-
+healthcheck-sidecar/sidecar.log
+*/venv

Makefiles/containers-base/Makefile

@@ -36,3 +36,8 @@ ps-image: validate-container-engine pathservice/Containerfile ## Build container
 	$(ECHO_PREFIX) printf "  %-12s pathservice/Containerfile\n" "[$(CONTAINER_ENGINE), linux/$(TARGET_IMAGE_ARCH)]"
 	$(CMD_PREFIX) $(CONTAINER_ENGINE) build --platform linux/$(TARGET_IMAGE_ARCH) -f pathservice/Containerfile -t quay.io/instructlab-ui/pathservice:$(TAG) .
 	$(CMD_PREFIX) $(CONTAINER_ENGINE) tag quay.io/instructlab-ui/pathservice:$(TAG) quay.io/instructlab-ui/pathservice:main
+
+healthcheck-sidecar-image: validate-container-engine healthcheck-sidecar/Containerfile ## Build container image for the InstructLab Healthcheck-Sidecar
+	$(ECHO_PREFIX) printf "  %-12s healthcheck-sidecar/Containerfile\n" "[$(CONTAINER_ENGINE), linux/$(TARGET_IMAGE_ARCH)]"
+	$(CMD_PREFIX) $(CONTAINER_ENGINE) build -f healthcheck-sidecar/Containerfile -t quay.io/instructlab-ui/healthcheck-sidecar:$(TAG) healthcheck-sidecar
+	$(CMD_PREFIX) $(CONTAINER_ENGINE) tag quay.io/instructlab-ui/healthcheck-sidecar:$(TAG) quay.io/instructlab-ui/healthcheck-sidecar:main

Makefiles/local/Makefile

@@ -2,6 +2,16 @@
 # ║                Local Development Targets                 ║
 # ╚══════════════════════════════════════════════════════════╝
 
+#################### DEPENDENCY FUNCTIONS ####################
+
+.PHONY: check-python3
+check-python3:
+	$(CMD_PREFIX) if ! command -v python3 >/dev/null 2>&1; then \
+		echo "Error: 'python3' is not installed."; \
+		echo "Please visit https://www.python.org/downloads/ for installation instructions."; \
+		exit 1; \
+	fi
+
 #################### DEPLOYMENT FUNCTIONS ####################
 
 .PHONY: start-dev-local
@@ -17,3 +27,35 @@ stop-dev-local:  ## Stop the npm and pathservice local instances
 	$(CMD_PREFIX) if [ -f ui.pid ]; then kill -2 `cat ui.pid` && rm ui.pid || echo "Failed to stop ui"; fi
 	$(CMD_PREFIX) if [ -f pathservice.pid ]; then kill -2 `cat pathservice.pid` && rm pathservice.pid || echo "Failed to stop pathservice"; fi
 	$(CMD_PREFIX) echo "Development environment stopped."
+
+.PHONY: start-healthcheck-sidecar-local
+start-healthcheck-sidecar-local: check-python3 ## Start the healthcheck-sidecar local instance
+	$(CMD_PREFIX) echo "Starting healthcheck-sidecar..."
+	$(CMD_PREFIX) cd healthcheck-sidecar; \
+                  python3 -m venv venv; \
+                  source venv/bin/activate; \
+	              venv/bin/python -m pip install -r requirements.txt; \
+	              python sidecar_script.py & echo $$! > healthcheck-sidecar.pid
+	$(CMD_PREFIX) echo "Healthcheck-Sidecar started at http://localhost:8080/health."
+
+.PHONY: stop-healthcheck-sidecar-local
+stop-healthcheck-sidecar-local:  ## Stop the healtcheck-sidecar local instance
+	$(CMD_PREFIX) echo "Stopping healthcheck-sidecar..."
+	$(CMD_PREFIX) if [ -f healthcheck-sidecar.pid ]; then kill -2 `cat healthcheck-sidecar.pid` && rm healthcheck-sidecar.pid || echo "Failed to stop healthcheck-sidecar"; fi
+	$(CMD_PREFIX) echo "Healthcheck-Sidecar stopped."
+
+.PHONY: start-healthcheck-sidecar-model-server-local
+start-healthcheck-sidecar-model-server-local: check-python3 ## Start the healthcheck-sidecar model server instance
+	$(CMD_PREFIX) echo "Starting Stubbed model server..."
+	$(CMD_PREFIX) cd healthcheck-sidecar; \
+                  python3 -m venv venv; \
+                  source venv/bin/activate; \
+	              venv/bin/python -m pip install -r requirements.txt; \
+	              python stubbed_model_server.py & echo $$! > stubbed-model-server.pid
+	$(CMD_PREFIX) echo "Stubbed Model Server started at http://localhost:8001, serving `/health` and `/v1/models`."
+
+.PHONY: stop-healthcheck-sidecar-model-server-local
+stop-healthcheck-sidecar-model-server-local:  ## Stop the healtcheck-sidecar model server local instance
+	$(CMD_PREFIX) echo "Stopping stubbed model server..."
+	$(CMD_PREFIX) if [ -f stubbed-model-server.pid ]; then kill -2 `cat stubbed-model-server.pid` && rm stubbed-model-server.pid || echo "Failed to stop stubbed model server"; fi
+	$(CMD_PREFIX) echo "Stubbed Model Server stopped."

deploy/k8s/base/healthcheck-sidecar/kustomization.yaml

@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: instructlab
+resources:
+  - service.yaml
+labels:
+  - includeSelectors: true
+    pairs:
+      app.kubernetes.io/component: ui
+      app.kubernetes.io/instance: ui
+      app.kubernetes.io/name: ui

deploy/k8s/base/healthcheck-sidecar/service.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: healthcheck-sidecar
+  labels:
+    app.kubernetes.io/component: ui
+spec:
+  ports:
+    - name: web
+      port: 8080
+  selector:
+    app.kubernetes.io/name: ui
+  type: ClusterIP

deploy/k8s/overlays/kind/kustomization.yaml

@@ -24,10 +24,7 @@ patches:
     patch: |-
       - op: replace
         path: /spec/template/spec/containers/0/image
-        value: quay.io/instructlab-ui/ui:main # Override this image if you want to use a different UI image
-      - op: replace
-        path: /spec/template/spec/containers/0/imagePullPolicy
-        value: Always
+        value: quay.io/instructlab-ui/ui:main
 
   # Override the pathservice image for Kind deployment
   - target:
@@ -37,6 +34,3 @@ patches:
       - op: replace
         path: /spec/template/spec/containers/0/image
         value: quay.io/instructlab-ui/pathservice:main # Override this image if you want to use a different pathservice image
-      - op: replace
-        path: /spec/template/spec/containers/0/imagePullPolicy
-        value: Always

deploy/k8s/overlays/openshift/common/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../../base/healthcheck-sidecar/

deploy/k8s/overlays/openshift/prod/kustomization.yaml

@@ -3,6 +3,7 @@ kind: Kustomization
 namespace: instructlab
 resources:
   - ../../../base
+  - ../common
   - issuer.yaml
   - certificate.yaml
   - prod.env.sealedsecret.yaml
@@ -23,16 +24,38 @@ patches:
       - op: replace
         path: /spec/tls/0/hosts/0
         value: ui.instructlab.ai
-
   - target:
       kind: Deployment
       name: ui
     patch: |-
       - op: replace
         path: /spec/template/spec/containers/0/envFrom/0/secretRef/name
         value: prod.env
+      - op: add 
+        path: /spec/template/spec/containers/0/readinessProbe
+        value:
+          exec:
+            command:
+              - sh
+              - -c
+              - "/opt/app-root/src/src/healthcheck-probe.sh"
+          initialDelaySeconds: 5
+          periodSeconds: 10
+      - op: add
+        path: /spec/template/spec/containers/-
+        value:
+          name: model-endpoint-healthcheck-sidecar
+          image: quay.io/instructlab-ui/healthcheck-sidecar
+          # imagePullPolicy: Always # until image lands in quay cannot use pullPolicy: Always
+          ports:
+            - containerPort: 8080
+          envFrom:
+            - secretRef:
+                name: prod.env
 images:
   - name: quay.io/instructlab-ui/ui
     newTag: v1.0.0-beta.3
   - name: quay.io/instructlab-ui/pathservice
     newTag: v1.0.0-beta.3
+  - name: quay.io/instructlab-ui/healthcheck-sidecar
+    newTag: main # not currently available in our quay org

deploy/k8s/overlays/openshift/qa/kustomization.yaml

@@ -3,6 +3,7 @@ kind: Kustomization
 namespace: instructlab
 resources:
   - ../../../base
+  - ../common
   - issuer.yaml
   - certificate.yaml
   - qa.env.sealedsecret.yaml
@@ -30,8 +31,31 @@ patches:
       - op: replace
         path: /spec/template/spec/containers/0/envFrom/0/secretRef/name
         value: qa.env
+      - op: add 
+        path: /spec/template/spec/containers/0/readinessProbe
+        value:
+          exec:
+            command:
+              - sh
+              - -c
+              - "/opt/app-root/src/src/healthcheck-probe.sh"
+          initialDelaySeconds: 5
+          periodSeconds: 10
+      - op: add
+        path: /spec/template/spec/containers/-
+        value:
+          name: model-endpoint-healthcheck-sidecar
+          image: quay.io/instructlab-ui/healthcheck-sidecar
+          imagePullPolicy: Always # until image lands in quay cannot use pullPolicy: Always
+          ports:
+            - containerPort: 8080
+          envFrom:
+            - secretRef:
+                name: qa.env
 images:
   - name: quay.io/instructlab-ui/ui
     newTag: pr-435
   - name: quay.io/instructlab-ui/pathservice
     newTag: pr-435
+  - name: quay.io/instructlab-ui/healthcheck-sidecar
+    newTag: main