feat: add ai-gateway deployment and service configuration with TLS support

This commit is contained in:
Nik Afiq 2026-04-21 22:04:22 +09:00
parent 91f8167323
commit 54d368d462
3 changed files with 113 additions and 2 deletions

View File

@ -0,0 +1,89 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ai-gateway
namespace: home-services
labels:
app: ai-gateway
spec:
replicas: 1
selector:
matchLabels:
app: ai-gateway
template:
metadata:
labels:
app: ai-gateway
spec:
imagePullSecrets:
- name: gitea-registry-secret
containers:
- name: ai-gateway
image: gitea.nik4nao.com/nik/ai-gateway:latest
ports:
- containerPort: 50052
name: grpc
env:
- name: GRPC_PORT
value: "50052"
- name: OLLAMA_URL
value: "http://192.168.7.96:11434"
- name: OLLAMA_MODEL
value: "llama3"
- name: OLLAMA_TIMEOUT
value: "30s"
- name: HA_GATEWAY_ADDR
value: "ha-gateway.home-services.svc.cluster.local:50051"
- name: HA_GATEWAY_SERVER_NAME
value: "ha-gateway.home-services.svc.cluster.local"
- name: OTEL_ENDPOINT
value: "otel-collector-opentelemetry-collector.monitoring.svc.cluster.local:4317"
- name: LOG_LEVEL
value: "info"
- name: LOG_FORMAT
value: "json"
- name: LIGHT_CACHE_TTL
value: "60s"
- name: TLS_DIR
value: /tls
readinessProbe:
tcpSocket:
port: 50052
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
tcpSocket:
port: 50052
initialDelaySeconds: 10
periodSeconds: 30
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 200m
memory: 128Mi
volumeMounts:
- name: tls
mountPath: /tls
readOnly: true
volumes:
- name: tls
secret:
secretName: ai-gateway-tls
---
apiVersion: v1
kind: Service
metadata:
name: ai-gateway
namespace: home-services
labels:
app: ai-gateway
spec:
selector:
app: ai-gateway
ports:
- name: grpc
port: 50052
targetPort: 50052
type: ClusterIP

View File

@ -31,4 +31,24 @@ spec:
usages: usages:
- client auth - client auth
- digital signature - digital signature
- key encipherment - key encipherment
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ai-gateway-tls
namespace: home-services
spec:
secretName: ai-gateway-tls
issuerRef:
name: internal-ca-issuer
kind: ClusterIssuer
commonName: ai-gateway
dnsNames:
- ai-gateway.home-services.svc.cluster.local
- ai-gateway
usages:
- server auth
- client auth
- digital signature
- key encipherment

View File

@ -33,6 +33,8 @@ spec:
key: GUILD_ID key: GUILD_ID
- name: HA_GATEWAY_ADDR - name: HA_GATEWAY_ADDR
value: "ha-gateway.home-services.svc.cluster.local:50051" value: "ha-gateway.home-services.svc.cluster.local:50051"
- name: AI_GATEWAY_ADDR
value: "ai-gateway.home-services.svc.cluster.local:50052"
- name: OTEL_ENDPOINT - name: OTEL_ENDPOINT
value: "otel-collector-opentelemetry-collector.monitoring.svc.cluster.local:4317" value: "otel-collector-opentelemetry-collector.monitoring.svc.cluster.local:4317"
- name: TLS_DIR - name: TLS_DIR
@ -51,4 +53,4 @@ spec:
volumes: volumes:
- name: tls - name: tls
secret: secret:
secretName: discord-bot-tls secretName: discord-bot-tls