Merge branch 'main' into cloud-1132

CODEOWNERS

@@ -6,5 +6,5 @@ conductor/** @sjmiller609 @nhudson @ianstanton @ChuckHend
 tembo-pod-init/** @nhudson
 tembo-cli/** @shahadarsh @vrmiguel @DarrenBaldwin07 @sjmiller609
 tembo-py/** @chuckhend @EvanHStanton
-tembo-stacks/** @chuckhend @jasonmp85
+tembo-stacks/** @chuckhend @jasonmp85 @shhnwz
 inference-gateway/** @chuckhend @jasonmp85 @shhnwz

charts/tembo-ai/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.4
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/tembo-ai/templates/inference-gateway/service-lb.yaml

@@ -0,0 +1,24 @@
+{{- if .Values.inferenceGateway.internalLoadBalancer.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "tembo-ai.fullname" . }}-gateway-internal-lb
+  labels:
+    {{- include "tembo-ai.inferenceGateway.labels" . | nindent 4 }}
+  annotations:
+    {{- toYaml .Values.inferenceGateway.internalLoadBalancer.annotations | nindent 4 }}
+    {{- if .Values.inferenceGateway.internalLoadBalancer.route53.enabled }}
+    external-dns.alpha.kubernetes.io/hostname: {{ .Values.inferenceGateway.internalLoadBalancer.route53.recordName }}.{{ .Values.inferenceGateway.internalLoadBalancer.route53.zoneName }}
+    external-dns.alpha.kubernetes.io/ttl: {{ .Values.inferenceGateway.internalLoadBalancer.route53.ttl | quote }}
+    {{- end }}
+
+spec:
+  type: LoadBalancer
+  ports:
+    - port: {{ .Values.inferenceGateway.internalLoadBalancer.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "tembo-ai.inferenceGateway.selectorLabels" . | nindent 4 }}
+{{- end }}

charts/tembo-ai/values.yaml

@@ -54,6 +54,17 @@ inferenceGateway:
     annotations: {}
   service:
     port: 8080
+  internalLoadBalancer:
+    enabled: false
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-type: nlb
+      service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+      service.beta.kubernetes.io/aws-load-balancer-scheme: internal
+    route53:
+      enabled: false
+      zoneName: ""
+      recordName: "inference-gateway"
+    port: 8080
   args: []
   command:
     - "/usr/local/bin/gateway"
@@ -82,13 +93,13 @@ inferenceService:
     tag: latest
   resources:
     requests:
-      cpu: '4'
-      memory: '16Gi'
-      nvidia.com/gpu: '1'
+      cpu: "4"
+      memory: "16Gi"
+      nvidia.com/gpu: "1"
     limits:
-      cpu: '8'
-      memory: '16Gi'
-      nvidia.com/gpu: '1'
+      cpu: "8"
+      memory: "16Gi"
+      nvidia.com/gpu: "1"
   livenessProbe:
     enabled: true
     path: /health
@@ -140,10 +151,10 @@ inferenceService:
   #   # readOnlyRootFilesystem: true
   nodeSelector: {}
   tolerations:
-  - key: "tembo.io/gpu"
-    operator: "Equal"
-    value: "true"
-    effect: "NoSchedule"
+    - key: "tembo.io/gpu"
+      operator: "Equal"
+      value: "true"
+      effect: "NoSchedule"
   affinity: {}
   podAnnotations: {}
   podSecurityContext: {}

conductor/Dockerfile

@@ -1,4 +1,4 @@
-FROM quay.io/tembo/rust:1.76-slim-bookworm as builder
+FROM quay.io/tembo/rust:1.79-slim as builder
 
 RUN apt-get update && \
     apt-get install -y pkg-config libssl-dev && apt-get clean && \

dataplane-webserver/Dockerfile

@@ -1,4 +1,4 @@
-FROM quay.io/tembo/rust:1.77-slim
+FROM quay.io/tembo/rust:1.79-slim
 
 RUN apt-get update \
     && apt-get install -y pkg-config libssl-dev \

inference-gateway/Dockerfile

@@ -1,4 +1,4 @@
-FROM rust:1.77.0-slim-buster as builder
+FROM rust:1.79.0-slim-buster as builder
 
 RUN apt-get update && \
     apt-get install -y pkg-config libssl-dev && apt-get clean && \
@@ -13,7 +13,7 @@ COPY migrations/ /build/migrations
 
 RUN SQLX_OFFLINE=true cargo build --release
 
-FROM rust:1.77.0-slim-buster
+FROM rust:1.79.0-slim-buster
 
 COPY --from=builder /build/target/release/gateway /usr/local/bin/gateway
 

inference-gateway/src/config.rs

@@ -4,11 +4,19 @@ use url::Url;
 
 #[derive(Clone, Debug)]
 pub struct Config {
+    /// service and port of the inference service
+    /// Must be an OpenAI compatible interface
     pub llm_service_host_port: Url,
+    /// Postgres connection string to the timeseries databse which logs token usage
     pub pg_conn_str: String,
+    /// Port to run the inference gateway on
     pub server_port: u16,
+    /// Number of actix workers to spawn
     pub server_workers: u16,
+    /// Boolean to toggle billing request authorization.
+    /// When true, callers must have an active payment method on file
     pub org_auth_enabled: bool,
+    /// Interval to refresh the billing authorization cache
     pub org_auth_cache_refresh_interval_sec: u64,
 }
 

tembo-operator/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "controller"
 description = "Tembo Operator for Postgres"
-version = "0.49.6"
+version = "0.49.7"
 edition = "2021"
 default-run = "controller"
 license = "Apache-2.0"

tembo-operator/src/app_service/manager.rs

@@ -24,7 +24,7 @@ use kube::{
     Client, Resource,
 };
 use lazy_static::lazy_static;
-use std::{collections::BTreeMap, sync::Arc, time::Duration};
+use std::{collections::BTreeMap, ops::Not, sync::Arc, time::Duration};
 
 use crate::{
     app_service::ingress::{generate_ingress_tcp_routes, reconcile_ingress_tcp},
@@ -432,21 +432,32 @@ fn generate_deployment(
         }
     }
 
+    let has_instance_id = env_vars.iter().any(|env| env.name == "TEMBO_INSTANCE_ID");
+    let has_org_id = env_vars.iter().any(|env| env.name == "TEMBO_ORG_ID");
+
     // Check for tembo.io/instance_id and tembo.io/organization_id annotations
-    if let Some(instance_id) = annotations.get("tembo.io/instance_id") {
-        env_vars.push(EnvVar {
-            name: "TEMBO_INSTANCE_ID".to_string(),
-            value: Some(instance_id.clone()),
-            ..EnvVar::default()
-        });
+    if has_instance_id.not() {
+        if let Some(instance_id) = annotations.get("tembo.io/instance_id") {
+            env_vars.push(EnvVar {
+                name: "TEMBO_INSTANCE_ID".to_string(),
+                value: Some(instance_id.clone()),
+                ..EnvVar::default()
+            });
+        }
+    } else {
+        tracing::info!("Not applying TEMBO_INSTANCE_ID to env since it's already present");
     }
 
-    if let Some(organization_id) = annotations.get("tembo.io/organization_id") {
-        env_vars.push(EnvVar {
-            name: "TEMBO_ORG_ID".to_string(),
-            value: Some(organization_id.clone()),
-            ..EnvVar::default()
-        });
+    if has_org_id.not() {
+        if let Some(organization_id) = annotations.get("tembo.io/organization_id") {
+            env_vars.push(EnvVar {
+                name: "TEMBO_ORG_ID".to_string(),
+                value: Some(organization_id.clone()),
+                ..EnvVar::default()
+            });
+        }
+    } else {
+        tracing::info!("Not applying TEMBO_ORG_ID to env since it's already present");
     }
 
     // Add the pre-loaded forwarded environment variables

tembo-operator/src/extensions/toggle.rs

@@ -495,7 +495,7 @@ async fn get_trunk_project_version(
     if let Some(extension_version) = &location_to_toggle.version {
         let maybe_trunk_project = get_trunk_project_metadata_for_version(
             trunk_project_name,
-            trunk::Version::Extension(&extension_version),
+            trunk::Version::Extension(extension_version),
         )
         .await;
 

tembo-operator/src/network_policies.rs

@@ -311,6 +311,46 @@ pub async fn reconcile_network_policies(client: Client, namespace: &str) -> Resu
 
     apply_network_policy(namespace, &np_api, allow_proxy_to_access_tembo_ai_gateway).await?;
 
+    let allow_proxy_to_access_tembo_ai_gateway_internal_lb = serde_json::json!({
+        "apiVersion": "networking.k8s.io/v1",
+        "kind": "NetworkPolicy",
+        "metadata": {
+          "name": "allow-proxy-to-access-tembo-ai-gateway-internal-lb",
+          "namespace": format!("{namespace}"),
+        },
+        "spec": {
+          "podSelector": {
+            "matchLabels": {
+              "app": format!("{}-ai-proxy", namespace)
+            }
+          },
+          "policyTypes": ["Egress"],
+          "egress": [
+            {
+              "ports": [
+                {
+                  "port": 8080,
+                  "protocol": "TCP"
+                }
+              ],
+              "to": [
+                {
+                  "ipBlock": {
+                    "cidr": "10.0.0.0/8"
+                  }
+                }
+              ]
+            }
+          ]
+        }
+    });
+
+    apply_network_policy(
+        namespace,
+        &np_api,
+        allow_proxy_to_access_tembo_ai_gateway_internal_lb,
+    )
+    .await?;
     Ok(())
 }
 

tembo-operator/src/trunk.rs

@@ -545,8 +545,23 @@ mod tests {
         let result = get_latest_trunk_project_metadata("pgmq").await;
         assert!(result.is_ok());
 
+        // latest pgmq release per repo
+        let url = "https://api.github.com/repos/tembo-io/pgmq/releases/latest";
+        let client = reqwest::Client::new();
+        let res = client
+            .get(url)
+            .header("User-Agent", "reqwest")
+            .send()
+            .await
+            .unwrap()
+            .json::<serde_json::Value>()
+            .await
+            .unwrap();
+        let latest_rag = res.get("tag_name").unwrap().as_str().unwrap();
+
         let project = result.unwrap();
-        assert!(project.version == "1.4.0");
+
+        assert_eq!(format!("v{}", project.version), latest_rag);
         assert!(project.name == "pgmq");
     }
 

tembo-stacks/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "tembo-stacks"
 description = "Tembo Stacks for Postgres"
-version = "0.12.0"
+version = "0.14.0"
 authors = ["tembo.io"]
 edition = "2021"
 license = "Apache-2.0"

tembo-stacks/src/stacks/mod.rs

@@ -6,6 +6,8 @@ use crate::stacks::types::{Stack, StackType};
 use lazy_static::lazy_static;
 
 lazy_static! {
+    pub static ref ANALYTICS: Stack = serde_yaml::from_str(include_str!("specs/analytics.yaml"))
+        .expect("analytics.yaml not found");
     pub static ref API: Stack =
         serde_yaml::from_str(include_str!("specs/api.yaml")).expect("api.yaml not found");
     pub static ref DATAWAREHOUSE: Stack =
@@ -36,6 +38,7 @@ lazy_static! {
 
 pub fn get_stack(entity: StackType) -> Stack {
     match entity {
+        StackType::Analytics => ANALYTICS.clone(),
         StackType::API => API.clone(),
         StackType::DataWarehouse => DATAWAREHOUSE.clone(),
         StackType::Geospatial => GEOSPATIAL.clone(),

tembo-stacks/src/stacks/specs/analytics.yaml

@@ -0,0 +1,61 @@
+name: Analytics
+description: A Postgres instance equipped ParadeDB's pg_analytics extension.
+repository: "quay.io/tembo"
+organization: tembo
+images:
+  14: "standard-cnpg:14-5120dd1"
+  15: "standard-cnpg:15-5120dd1"
+  16: "standard-cnpg:16-5120dd1"
+stack_version: 0.1.0
+postgres_config_engine: olap
+postgres_config:
+  - name: autovacuum_vacuum_scale_factor
+    value: 0.05
+  - name: autovacuum_vacuum_insert_scale_factor
+    value: 0.05
+  - name: checkpoint_completion_target
+    value: 0.95
+  - name: checkpoint_timeout
+    value: 30min
+  - name: cron.host
+    value: /controller/run
+  - name: pg_stat_statements.track
+    value: top
+  - name: shared_preload_libraries
+    value: pg_stat_statements,pg_cron
+  - name: track_io_timing
+    value: 'on'
+  - name: wal_level
+    value: logical
+trunk_installs:
+  - name: pg_stat_statements
+    version: 1.10.0
+  - name: pg_partman
+    version: 4.7.4
+  - name: pg_cron
+    version: 1.6.2
+  - name: pg_lakehouse
+    version: 0.9.0
+extensions:
+  - name: pg_stat_statements
+    locations:
+      - database: postgres
+        enabled: true
+        version: 1.10.0
+  - name: pg_partman
+    locations:
+      - database: postgres
+        enabled: true
+        version: 4.7.4
+  - name: pg_cron
+    description: pg_cron
+    locations:
+    - database: postgres
+      enabled: true
+      version: 1.6.2
+  - name: pg_lakehouse
+    description: pg_lakehouse
+    locations:
+    - database: postgres
+      enabled: true
+      version: 0.9.0