From 4373ce0e188ad504ea4c8e1ca4e5ec965666aec0 Mon Sep 17 00:00:00 2001 From: Pavlo Chaikivskyi Date: Thu, 19 Mar 2026 18:15:49 +0200 Subject: [PATCH 1/3] docs(aws): update data layer documentation and keycloak installation steps --- .../aws/04-infrastructure-deployment/index.md | 13 ++-- .../scripted-deployment.md | 13 +++- .../aws/05-components-deployment/index.md | 17 +++-- .../manual-deployment/02-data-layer.md | 5 -- .../manual-deployment/index.md | 4 +- .../scripted-deployment.md | 2 +- .../manual-deployment/02-data-layer.md | 5 -- .../_network-requirements.mdx | 13 ++-- .../03-architecture/_container-resources.mdx | 5 +- .../data-layer/_data-layer-overview.mdx | 7 +- .../data-layer/_data-layer-validation.mdx | 3 - .../k8s/_storage-ingress-validation.mdx | 2 +- .../security/_security-keycloak-install.mdx | 65 +++++++++++++++++-- 13 files changed, 103 insertions(+), 51 deletions(-) diff --git a/docs/admin/deployment/aws/04-infrastructure-deployment/index.md b/docs/admin/deployment/aws/04-infrastructure-deployment/index.md index 457c3c31..5c5cb3b8 100644 --- a/docs/admin/deployment/aws/04-infrastructure-deployment/index.md +++ b/docs/admin/deployment/aws/04-infrastructure-deployment/index.md @@ -95,12 +95,13 @@ The core platform infrastructure provisions all AWS resources needed to run AI/R ### Data & Storage -| Resource | Purpose | -| -------------------- | ------------------------------------------------------------- | -| **RDS PostgreSQL** | Managed database service for CodeMie application data | -| **RDS Subnet Group** | Database subnet group for multi-AZ deployment | -| **S3 Bucket** | Persistent storage for CodeMie application data and artifacts | -| **EBS Volumes** | Block storage for Kubernetes persistent volumes | +| Resource | Purpose | +| ----------------------------- | ------------------------------------------------------------- | +| **RDS PostgreSQL** | Managed database service for CodeMie application data | +| **RDS PostgreSQL (Keycloak)** | Dedicated database instance for Keycloak (optional) | +| **RDS Subnet Group** | Database subnet group for multi-AZ deployment | +| **S3 Bucket** | Persistent storage for CodeMie application data and artifacts | +| **EBS Volumes** | Block storage for Kubernetes persistent volumes | ### Security & Identity diff --git a/docs/admin/deployment/aws/04-infrastructure-deployment/scripted-deployment.md b/docs/admin/deployment/aws/04-infrastructure-deployment/scripted-deployment.md index 6dc8d202..f1e214da 100644 --- a/docs/admin/deployment/aws/04-infrastructure-deployment/scripted-deployment.md +++ b/docs/admin/deployment/aws/04-infrastructure-deployment/scripted-deployment.md @@ -137,6 +137,10 @@ TF_VAR_enable_private_connections=true TF_VAR_lb_prefix_list_ids='[]' TF_VAR_lb_specific_ips='[]' TF_VAR_security_group_ids='[]' + +# Optional: Keycloak Database +# Set to true to share the existing CodeMie RDS instance instead of creating a dedicated one +TF_VAR_keycloak_shared_database_instance=false ... ``` @@ -172,12 +176,19 @@ AWS_KMS_KEY_ID=12345678-90ab-cdef-1234-567890abcdef AWS_S3_BUCKET_NAME=codemie-platform-bucket CODEMIE_DOMAIN_NAME=airun.example.com -# Database Outputs +# RDS Database Outputs CODEMIE_POSTGRES_DATABASE_HOST=codemie-rds.123456789012.us-east-1.rds.amazonaws.com CODEMIE_POSTGRES_DATABASE_PORT=5432 CODEMIE_POSTGRES_DATABASE_NAME=codemie CODEMIE_POSTGRES_DATABASE_USER=dbadmin CODEMIE_POSTGRES_DATABASE_PASSWORD="generated-password" + +# Keycloak Database Outputs (present when TF_VAR_keycloak_shared_database_instance=false) +KEYCLOAK_POSTGRES_DATABASE_HOST=codemie-keycloak-rds.123456789012.us-east-1.rds.amazonaws.com +KEYCLOAK_POSTGRES_DATABASE_PORT=5432 +KEYCLOAK_POSTGRES_DATABASE_NAME=keycloak +KEYCLOAK_POSTGRES_DATABASE_USER=keycloak_admin +KEYCLOAK_POSTGRES_DATABASE_PASSWORD="generated-password" ``` :::tip Save These Outputs diff --git a/docs/admin/deployment/aws/05-components-deployment/index.md b/docs/admin/deployment/aws/05-components-deployment/index.md index d29f2b45..27d88d8e 100644 --- a/docs/admin/deployment/aws/05-components-deployment/index.md +++ b/docs/admin/deployment/aws/05-components-deployment/index.md @@ -14,7 +14,7 @@ pagination_next: admin/deployment/aws/components-deployment/components-scripted- This section guides you through deploying the AI/Run CodeMie application stack on your EKS cluster. After completing infrastructure deployment, this phase installs all necessary Kubernetes components including: - **Core AI/Run CodeMie services** (API, UI, MCP Connect, NATS Auth) -- **Data layer** (Elasticsearch, PostgreSQL via operators) +- **Data layer** (Elasticsearch) - **Security & Identity** (Keycloak, OAuth2 Proxy) - **Infrastructure services** (Ingress controller, storage) - **Observability** (Kibana, Fluent Bit) @@ -63,11 +63,10 @@ bash get-codemie-latest-release-version.sh -c /path/to/key.json Database and search components for data persistence: -| Component | Container Registry | Description | -| ----------------------- | ----------------------------------------------------------------- | ---------------------------------------------------------------------------------- | -| **Elasticsearch** | `docker.elastic.co/elasticsearch/elasticsearch:x.y.z` | Primary data store for AI/Run CodeMie (datasources, projects, conversations, etc.) | -| **Kibana** | `docker.elastic.co/kibana/kibana:x.y.z` | Analytics and visualization interface for Elasticsearch data | -| **PostgreSQL Operator** | `registry.developers.crunchydata.com/.../postgres-operator:x.y.z` | Manages PostgreSQL instances for Keycloak | +| Component | Container Registry | Description | +| ----------------- | ----------------------------------------------------- | ---------------------------------------------------------------------------------- | +| **Elasticsearch** | `docker.elastic.co/elasticsearch/elasticsearch:x.y.z` | Primary data store for AI/Run CodeMie (datasources, projects, conversations, etc.) | +| **Kibana** | `docker.elastic.co/kibana/kibana:x.y.z` | Analytics and visualization interface for Elasticsearch data | #### Security & Identity Management @@ -117,9 +116,9 @@ Components that can be omitted based on configuration: Components must be deployed in the following order due to dependencies: 1. **Infrastructure** → Ingress Controller, Storage Class -2. **Operators** → PostgreSQL Operator, Keycloak Operator -3. **Data Layer** → Elasticsearch, PostgreSQL instances -4. **Security** → Keycloak, OAuth2 Proxy +2. **Operators** → Keycloak Operator +3. **Data Layer** → Elasticsearch +4. **Security** → Keycloak (with database credentials), OAuth2 Proxy 5. **Messaging** → NATS 6. **Core Services** → CodeMie API, UI, MCP Connect, NATS Auth 7. **Observability** → Fluent Bit, Kibana diff --git a/docs/admin/deployment/aws/05-components-deployment/manual-deployment/02-data-layer.md b/docs/admin/deployment/aws/05-components-deployment/manual-deployment/02-data-layer.md index 644a89cb..a9e24af8 100644 --- a/docs/admin/deployment/aws/05-components-deployment/manual-deployment/02-data-layer.md +++ b/docs/admin/deployment/aws/05-components-deployment/manual-deployment/02-data-layer.md @@ -9,7 +9,6 @@ pagination_next: admin/deployment/aws/components-deployment/manual-deployment/se import DataLayerOverview from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/\_data-layer-overview.mdx'; import DataLayerElasticsearch from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/\_data-layer-elasticsearch.mdx'; -import DataLayerPostgresOperator from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/\_data-layer-postgresql-operator.mdx'; import DataLayerPostgresConfig from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/\_data-layer-postgresql-config.mdx'; import DataLayerValidation from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/\_data-layer-validation.mdx'; @@ -17,10 +16,6 @@ import DataLayerValidation from '../../../common/deployment/05-components-deploy - - - - +{`helm upgrade --install keycloak keycloak-helm/. \\ + -n security \\ + --values keycloak-helm/${props.valuesFileName} \\ + --set keycloakx.database.hostname="\${KEYCLOAK_POSTGRES_DATABASE_HOST}" \\ + --set sharedDatabaseInstance.enabled=false \\ + --wait \\ + --timeout 900s \\ + --dependency-update`} + + +**Shared database:** {`helm upgrade --install keycloak keycloak-helm/. \\ -n security \\ --values keycloak-helm/${props.valuesFileName} \\ + --set keycloakx.database.hostname="\${CODEMIE_POSTGRES_DATABASE_HOST}" \\ + --set sharedDatabaseInstance.enabled=true \\ --wait \\ --timeout 900s \\ --dependency-update`} -### Step 3: Verify Keycloak Deployment +### Step 4: Verify Keycloak Deployment Check that Keycloak is running: @@ -46,7 +103,7 @@ Expected output: - Keycloak pods should be in `Running` state - Logs should indicate successful startup -### Step 4: Access Keycloak Admin Console +### Step 5: Access Keycloak Admin Console Keycloak Admin UI can be accessed at: From 5e3fd4a26d574cb92b7f2ca6f10546b5cc8b732b Mon Sep 17 00:00:00 2001 From: Pavlo Chaikivskyi Date: Fri, 20 Mar 2026 14:34:15 +0200 Subject: [PATCH 2/3] docs: update deployment documentation for keycloak and postgresql integration --- .../azure/04-infrastructure-deployment/index.md | 11 ++++++----- .../scripted-deployment.md | 13 ++++++++++++- .../azure/05-components-deployment/index.md | 17 ++++++++--------- .../manual-deployment/index.md | 4 +--- .../scripted-deployment.md | 2 +- .../02-prerequisites/_cluster-requirements.mdx | 12 ------------ .../security/_security-keycloak-install.mdx | 4 ++-- .../security/_security-oauth2-proxy.mdx | 2 +- 8 files changed, 31 insertions(+), 34 deletions(-) diff --git a/docs/admin/deployment/azure/04-infrastructure-deployment/index.md b/docs/admin/deployment/azure/04-infrastructure-deployment/index.md index a9c1dca2..700b754c 100644 --- a/docs/admin/deployment/azure/04-infrastructure-deployment/index.md +++ b/docs/admin/deployment/azure/04-infrastructure-deployment/index.md @@ -72,11 +72,12 @@ The core platform infrastructure provisions all Azure resources needed to run AI ### Data & Storage -| Resource | Purpose | -| ------------------------------ | ------------------------------------------------------------------------------- | -| **PostgreSQL Flexible Server** | Managed database service for CodeMie application data with private connectivity | -| **Storage Account** | Persistent storage for CodeMie application data and artifacts | -| **Container Registry (ACR)** | Private Docker image repository for CodeMie container images | +| Resource | Purpose | +| ----------------------------------------- | ------------------------------------------------------------------------------- | +| **PostgreSQL Flexible Server** | Managed database service for CodeMie application data with private connectivity | +| **PostgreSQL Flexible Server (Keycloak)** | Dedicated database instance for Keycloak (optional) | +| **Storage Account** | Persistent storage for CodeMie application data and artifacts | +| **Container Registry (ACR)** | Private Docker image repository for CodeMie container images | :::info Optional: Azure Container Registry ACR deployment is optional. If you plan to use an external container registry (e.g., Google Container Registry, Docker Hub, or a corporate registry), ACR can be omitted from the deployment. diff --git a/docs/admin/deployment/azure/04-infrastructure-deployment/scripted-deployment.md b/docs/admin/deployment/azure/04-infrastructure-deployment/scripted-deployment.md index e5db2f98..7f27a04e 100644 --- a/docs/admin/deployment/azure/04-infrastructure-deployment/scripted-deployment.md +++ b/docs/admin/deployment/azure/04-infrastructure-deployment/scripted-deployment.md @@ -84,6 +84,10 @@ TF_VAR_tags='{"createdWith":"Terraform","environment":"production"}' # Optional: AI Models Deployment DEPLOY_AI_MODELS="true" # Set to "false" to skip Azure OpenAI deployment + +# Optional: Keycloak Database +# Set to true to share the existing CodeMie PostgreSQL instance instead of creating a dedicated one +TF_VAR_keycloak_shared_database_instance=false ``` :::tip Required vs Optional Variables @@ -368,12 +372,19 @@ AZURE_AI_TENANT_ID="00000000-0000-0000-0000-000000000000" AZURE_AI_CLIENT_ID="00000000-0000-0000-0000-000000000000" AZURE_AI_CLIENT_SECRET="some-secret" -# Database Outputs +# CodeMie PostgreSQL CODEMIE_POSTGRES_DATABASE_HOST="codemie-psql-abc123.postgres.database.azure.com" CODEMIE_POSTGRES_DATABASE_PORT="5432" CODEMIE_POSTGRES_DATABASE_NAME="codemie" CODEMIE_POSTGRES_DATABASE_USER="pgadmin" CODEMIE_POSTGRES_DATABASE_PASSWORD="password" + +# Keycloak PostgreSQL (present when TF_VAR_keycloak_shared_database_instance=false) +KEYCLOAK_POSTGRES_DATABASE_HOST="keycloak-psql-abc123.postgres.database.azure.com" +KEYCLOAK_POSTGRES_DATABASE_PORT="5432" +KEYCLOAK_POSTGRES_DATABASE_NAME="keycloak" +KEYCLOAK_POSTGRES_DATABASE_USER="keycloak_admin" +KEYCLOAK_POSTGRES_DATABASE_PASSWORD="password" ``` :::tip Save These Outputs diff --git a/docs/admin/deployment/azure/05-components-deployment/index.md b/docs/admin/deployment/azure/05-components-deployment/index.md index 7130d98f..0b87e2e5 100644 --- a/docs/admin/deployment/azure/05-components-deployment/index.md +++ b/docs/admin/deployment/azure/05-components-deployment/index.md @@ -14,7 +14,7 @@ pagination_next: admin/deployment/azure/components-deployment/components-scripte This section guides you through deploying the AI/Run CodeMie application stack on your AKS cluster. After completing infrastructure deployment, this phase installs all necessary Kubernetes components including: - **Core AI/Run CodeMie services** (API, UI, MCP Connect, NATS Auth) -- **Data layer** (Elasticsearch, PostgreSQL via operators) +- **Data layer** (Elasticsearch) - **Security & Identity** (Keycloak, OAuth2 Proxy) - **Infrastructure services** (Ingress controller, storage) - **Observability** (Kibana, Fluent Bit) @@ -63,11 +63,10 @@ bash get-codemie-latest-release-version.sh -c /path/to/key.json Database and search components for data persistence: -| Component | Container Registry | Description | -| ----------------------- | ----------------------------------------------------------------- | ---------------------------------------------------------------------------------- | -| **Elasticsearch** | `docker.elastic.co/elasticsearch/elasticsearch:x.y.z` | Primary data store for AI/Run CodeMie (datasources, projects, conversations, etc.) | -| **Kibana** | `docker.elastic.co/kibana/kibana:x.y.z` | Analytics and visualization interface for Elasticsearch data | -| **PostgreSQL Operator** | `registry.developers.crunchydata.com/.../postgres-operator:x.y.z` | Manages PostgreSQL instances for Keycloak | +| Component | Container Registry | Description | +| ----------------- | ----------------------------------------------------- | ---------------------------------------------------------------------------------- | +| **Elasticsearch** | `docker.elastic.co/elasticsearch/elasticsearch:x.y.z` | Primary data store for AI/Run CodeMie (datasources, projects, conversations, etc.) | +| **Kibana** | `docker.elastic.co/kibana/kibana:x.y.z` | Analytics and visualization interface for Elasticsearch data | #### Security & Identity Management @@ -117,9 +116,9 @@ Components that can be omitted based on configuration: Components must be deployed in the following order due to dependencies: 1. **Infrastructure** → Ingress Controller, Storage Class -2. **Operators** → PostgreSQL Operator, Keycloak Operator -3. **Data Layer** → Elasticsearch, PostgreSQL instances -4. **Security** → Keycloak, OAuth2 Proxy +2. **Operators** → Keycloak Operator +3. **Data Layer** → Elasticsearch +4. **Security** → Keycloak (with database credentials), OAuth2 Proxy 5. **Messaging** → NATS 6. **Core Services** → CodeMie API, UI, MCP Connect, NATS Auth 7. **Observability** → Fluent Bit, Kibana diff --git a/docs/admin/deployment/azure/05-components-deployment/manual-deployment/index.md b/docs/admin/deployment/azure/05-components-deployment/manual-deployment/index.md index 91dadc0a..82967ce3 100644 --- a/docs/admin/deployment/azure/05-components-deployment/manual-deployment/index.md +++ b/docs/admin/deployment/azure/05-components-deployment/manual-deployment/index.md @@ -86,8 +86,6 @@ Components must be installed in the following order to satisfy dependencies: **Components**: - Elasticsearch (document storage and search engine) -- PostgreSQL Operator (database lifecycle management) -- PostgreSQL (relational database instances) **Dependencies**: Requires storage class from Step 1 @@ -101,7 +99,7 @@ Components must be installed in the following order to satisfy dependencies: - Keycloak (identity and access management) - OAuth2 Proxy (authentication proxy) -**Dependencies**: Requires PostgreSQL from Step 2 +**Dependencies**: Requires PostgreSQL from infrastructure deployment ### 4. [Plugin Engine](./plugin-engine) diff --git a/docs/admin/deployment/azure/05-components-deployment/scripted-deployment.md b/docs/admin/deployment/azure/05-components-deployment/scripted-deployment.md index 9914df0c..42a638b7 100644 --- a/docs/admin/deployment/azure/05-components-deployment/scripted-deployment.md +++ b/docs/admin/deployment/azure/05-components-deployment/scripted-deployment.md @@ -20,7 +20,7 @@ Scripted deployment is recommended for standard installations as it automates co The deployment script automates the installation of: - **Infrastructure services** (Nginx Ingress, Storage Class) -- **Data layer** (Elasticsearch, PostgreSQL Operator) +- **Data layer** (Elasticsearch) - **Security components** (Keycloak, OAuth2 Proxy) - **Messaging system** (NATS) - **Core CodeMie services** (API, UI, MCP Connect) diff --git a/docs/admin/deployment/common/deployment/02-prerequisites/_cluster-requirements.mdx b/docs/admin/deployment/common/deployment/02-prerequisites/_cluster-requirements.mdx index 5ea1394e..77301938 100644 --- a/docs/admin/deployment/common/deployment/02-prerequisites/_cluster-requirements.mdx +++ b/docs/admin/deployment/common/deployment/02-prerequisites/_cluster-requirements.mdx @@ -44,18 +44,6 @@ Requires cluster-wide permissions for identity and access management operations. - - -**Kubernetes APIs:** `ClusterRole`, `ClusterRoleBinding`, Custom Resource Definitions (CRDs), Custom Resources (CRs) - -**Purpose:** Manages PostgreSQL database instances and their lifecycle - -:::note -Requires cluster-wide permissions for database provisioning and management. -::: - - - **Kubernetes API:** `Pod` with `securityContext` diff --git a/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/security/_security-keycloak-install.mdx b/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/security/_security-keycloak-install.mdx index df54fe59..6e534a29 100644 --- a/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/security/_security-keycloak-install.mdx +++ b/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/security/_security-keycloak-install.mdx @@ -6,7 +6,7 @@ Keycloak provides centralized authentication and user management for AI/Run Code ### Step 1: Configure Domain Name -Fill in values in `keycloak-helm/values-gcp.yaml` file by replacing `%%DOMAIN%%` with your domain name, e.g., `airun.example.com` +Fill in values in keycloak-helm/{props.valuesFileName} by replacing `%%DOMAIN%%` with your domain name, e.g., `airun.example.com` :::tip Domain Configuration If you followed the Getting Started steps in the [overview](./), this should already be configured. @@ -18,7 +18,7 @@ Create the required Kubernetes secrets in the `security` namespace before instal Keycloak can use a dedicated database instance or share the existing CodeMie database. Choose the appropriate option based on your infrastructure. -**Dedicated database instance** (AWS with `TF_VAR_keycloak_shared_database_instance=false`): +**Dedicated database instance** (when `TF_VAR_keycloak_shared_database_instance=false`): ```bash # Source the infrastructure outputs diff --git a/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/security/_security-oauth2-proxy.mdx b/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/security/_security-oauth2-proxy.mdx index cac122f4..9105789d 100644 --- a/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/security/_security-oauth2-proxy.mdx +++ b/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/security/_security-oauth2-proxy.mdx @@ -56,7 +56,7 @@ kubectl get secret keycloak-admin -n security -o yaml | \ ### Step 4: Configure Domain Name -Fill in missing values in `oauth2-proxy/values-gcp.yaml` file by replacing `%%DOMAIN%%` with your domain name, e.g., `example.com` +Fill in missing values in oauth2-proxy/{props.valuesFileName} file by replacing `%%DOMAIN%%` with your domain name, e.g., `example.com` :::tip Domain Configuration If you followed the Getting Started steps in the [overview](./), this should already be configured. From 6e1080372a598d21a10fdf210f19af0f0e2dc0e9 Mon Sep 17 00:00:00 2001 From: Pavlo Chaikivskyi Date: Fri, 20 Mar 2026 16:17:16 +0200 Subject: [PATCH 3/3] docs(gcp): update data layer documentation and remove postgresql operator references --- .../03-architecture/_container-resources.mdx | 30 ++++++++--------- .../_data-layer-postgresql-operator.mdx | 33 ------------------- .../gcp/04-infrastructure-deployment/index.md | 9 ++--- .../manual-deployment.md | 7 +++- .../gcp/05-components-deployment/index.md | 18 +++++----- .../manual-deployment/02-data-layer.mdx | 5 --- .../manual-deployment/index.md | 3 +- .../scripted-deployment.md | 2 +- 8 files changed, 36 insertions(+), 71 deletions(-) delete mode 100644 docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-postgresql-operator.mdx diff --git a/docs/admin/deployment/common/deployment/03-architecture/_container-resources.mdx b/docs/admin/deployment/common/deployment/03-architecture/_container-resources.mdx index 00448b83..005b49b4 100644 --- a/docs/admin/deployment/common/deployment/03-architecture/_container-resources.mdx +++ b/docs/admin/deployment/common/deployment/03-architecture/_container-resources.mdx @@ -2,21 +2,21 @@ The table below specifies resource requirements for AI/Run CodeMie components sized for **high-scale production deployments** supporting 500+ concurrent users. -| Component | Pods | RAM | vCPU | Storage | -| ------------------- | ------------------------ | ----- | ---- | -------------- | -| CodeMie API | 2 | 8Gi | 4.0 | – | -| CodeMie UI | 1 | 128Mi | 0.1 | – | -| Elasticsearch | 2 | 16Gi | 4.0 | 200 GB per pod | -| Kibana | 1 | 1Gi | 1.0 | – | -| Mermaid-server | 1 | 512Mi | 1.0 | – | -| PostgreSQL | Managed service in cloud | – | – | 30-50 GB | -| Keycloak RDS | Managed service in cloud | – | – | 20 GB | -| Keycloak | 1 | 4Gi | 2.0 | – | -| Oauth2-proxy | 1 | 128Mi | 0.1 | – | -| NATS + Auth Callout | 1 + 1 | 512Mi | 1.0 | – | -| MCP Connect | 1 | 1Gi | 0.5 | – | -| Fluent Bit | DaemonSet | 128Mi | 0.1 | – | -| LLM Proxy | 1 | 1Gi | 1.0 | – | +| Component | Pods | RAM | vCPU | Storage | +| ------------------------------ | ------------------------ | ----- | ---- | -------------- | +| CodeMie API | 2 | 8Gi | 4.0 | – | +| CodeMie UI | 1 | 128Mi | 0.1 | – | +| Elasticsearch | 2 | 16Gi | 4.0 | 200 GB per pod | +| Kibana | 1 | 1Gi | 1.0 | – | +| Mermaid-server | 1 | 512Mi | 1.0 | – | +| PostgreSQL | Managed service in cloud | – | – | 30-50 GB | +| Keycloak PostgreSQL (optional) | Managed service in cloud | – | – | 20 GB | +| Keycloak | 1 | 4Gi | 2.0 | – | +| Oauth2-proxy | 1 | 128Mi | 0.1 | – | +| NATS + Auth Callout | 1 + 1 | 512Mi | 1.0 | – | +| MCP Connect | 1 | 1Gi | 0.5 | – | +| Fluent Bit | DaemonSet | 128Mi | 0.1 | – | +| LLM Proxy | 1 | 1Gi | 1.0 | – | :::info Scaling Considerations diff --git a/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-postgresql-operator.mdx b/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-postgresql-operator.mdx deleted file mode 100644 index 45941572..00000000 --- a/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-postgresql-operator.mdx +++ /dev/null @@ -1,33 +0,0 @@ -## PostgreSQL Operator Installation - -The PostgreSQL Operator automates the management of PostgreSQL databases in Kubernetes. While CodeMie uses a cloud-managed {props.postgresServiceName}, the operator is required for Keycloak database configuration. - -### Step 1: Install PostgreSQL Operator Helm Chart - -Deploy the PostgreSQL Operator: - -```bash -helm upgrade --install postgres-operator postgres-operator-helm/. \ - -n postgres-operator \ - --create-namespace \ - --wait \ - --timeout 900s \ - --dependency-update -``` - -### Step 2: Verify PostgreSQL Operator Deployment - -Check that the operator is running: - -```bash -# Check pod status -kubectl get pods -n postgres-operator - -# Check operator logs -kubectl logs -n postgres-operator deployment/postgres-operator --tail=50 -``` - -Expected output: - -- Operator pod should be in `Running` state -- Logs should show "controller started" or similar success message diff --git a/docs/admin/deployment/gcp/04-infrastructure-deployment/index.md b/docs/admin/deployment/gcp/04-infrastructure-deployment/index.md index 4b66b138..1f29ed92 100644 --- a/docs/admin/deployment/gcp/04-infrastructure-deployment/index.md +++ b/docs/admin/deployment/gcp/04-infrastructure-deployment/index.md @@ -64,10 +64,11 @@ The core platform infrastructure provisions all GCP resources needed to run AI/R ### Data & Storage -| Resource | Purpose | -| -------------------------- | ------------------------------------------------------------------------------------------ | -| **Cloud SQL (PostgreSQL)** | Managed PostgreSQL database service for CodeMie application data with private connectivity | -| **Cloud Storage Buckets** | Optional persistent storage for CodeMie application data and artifacts | +| Resource | Purpose | +| ----------------------------------- | ------------------------------------------------------------------------------------------ | +| **Cloud SQL (PostgreSQL)** | Managed PostgreSQL database service for CodeMie application data with private connectivity | +| **Cloud SQL PostgreSQL (Keycloak)** | Dedicated Cloud SQL instance for Keycloak (optional) | +| **Cloud Storage Buckets** | Optional persistent storage for CodeMie application data and artifacts | :::info Optional Components Some components like Cloud Storage buckets or public DNS zones may be optional depending on your deployment configuration and requirements. diff --git a/docs/admin/deployment/gcp/04-infrastructure-deployment/manual-deployment.md b/docs/admin/deployment/gcp/04-infrastructure-deployment/manual-deployment.md index 1176fd6c..ae4c1679 100644 --- a/docs/admin/deployment/gcp/04-infrastructure-deployment/manual-deployment.md +++ b/docs/admin/deployment/gcp/04-infrastructure-deployment/manual-deployment.md @@ -193,6 +193,10 @@ extra_authorized_networks = [ # Cluster Configuration private_cluster = false # Set to true for completely private GKE cluster create_private_dns_zone = false # Set to true if using private DNS + +# Optional: Keycloak Database +# Set to true to share the existing CodeMie Cloud SQL instance instead of creating a dedicated one +keycloak_shared_database_instance = false ``` :::info Configuration References @@ -239,7 +243,8 @@ gcloud compute networks list --project=your-project-id - GKE cluster connection commands - Bastion Host SSH/RDP commands -- Cloud SQL connection details +- Cloud SQL connection details (`pg_host`, `pg_port`, `pg_database`, `pg_user`, `pg_secret_name`) +- Keycloak Cloud SQL details (`keycloak_pg_host`, `keycloak_pg_database`, `keycloak_pg_user`, `keycloak_pg_secret_name`) — present when `keycloak_shared_database_instance = false` - Service account information :::tip Infrastructure Ready diff --git a/docs/admin/deployment/gcp/05-components-deployment/index.md b/docs/admin/deployment/gcp/05-components-deployment/index.md index 0c01ff8b..f6395cc6 100644 --- a/docs/admin/deployment/gcp/05-components-deployment/index.md +++ b/docs/admin/deployment/gcp/05-components-deployment/index.md @@ -14,7 +14,7 @@ pagination_next: admin/deployment/gcp/components-deployment/components-scripted- This section guides you through deploying the AI/Run CodeMie application stack on your GKE cluster. After completing infrastructure deployment, this phase installs all necessary Kubernetes components including: - **Core AI/Run CodeMie services** (API, UI, MCP Connect, NATS Auth) -- **Data layer** (Elasticsearch, PostgreSQL via operators) +- **Data layer** (Elasticsearch) - **Security & Identity** (Keycloak, OAuth2 Proxy) - **Infrastructure services** (Ingress controller, storage) - **Observability** (Kibana, Fluent Bit) @@ -63,12 +63,10 @@ Make sure you logged in with `key.json` shared with you. Database and storage services for application data: -| Component | Container Image | Description | -| ----------------------- | ----------------------------------------------------------------- | --------------------------------------------------------------------------------------- | -| **Elasticsearch** | `docker.elastic.co/elasticsearch/elasticsearch:x.y.z` | Document storage, full-text search engine, and analytics platform | -| **Kibana** | `docker.elastic.co/kibana/kibana:x.y.z` | Visualization and exploration tool for Elasticsearch data and logs | -| **PostgreSQL Operator** | `registry.developers.crunchydata.com/.../postgres-operator:x.y.z` | Kubernetes operator for managing PostgreSQL database lifecycle | -| **PostgreSQL** | `registry.developers.crunchydata.com/.../crunchy-postgres:x.y.z` | Relational database for structured application data (managed via operator or Cloud SQL) | +| Component | Container Image | Description | +| ----------------- | ----------------------------------------------------- | ------------------------------------------------------------------ | +| **Elasticsearch** | `docker.elastic.co/elasticsearch/elasticsearch:x.y.z` | Document storage, full-text search engine, and analytics platform | +| **Kibana** | `docker.elastic.co/kibana/kibana:x.y.z` | Visualization and exploration tool for Elasticsearch data and logs | ##### Security & Identity Components @@ -119,9 +117,9 @@ Additional services for enhanced functionality: Components must be installed in the following sequence to satisfy dependencies: 1. **Infrastructure** → Ingress Controller, Storage Class -2. **Operators** → PostgreSQL Operator, Keycloak Operator -3. **Data Layer** → Elasticsearch, PostgreSQL instances -4. **Security** → Keycloak, OAuth2 Proxy +2. **Operators** → Keycloak Operator +3. **Data Layer** → Elasticsearch +4. **Security** → Keycloak (with database credentials), OAuth2 Proxy 5. **Messaging** → NATS 6. **Core Services** → CodeMie API, UI, MCP Connect, NATS Auth 7. **Observability** → Fluent Bit, Kibana diff --git a/docs/admin/deployment/gcp/05-components-deployment/manual-deployment/02-data-layer.mdx b/docs/admin/deployment/gcp/05-components-deployment/manual-deployment/02-data-layer.mdx index d1d8b00c..2289ef2b 100644 --- a/docs/admin/deployment/gcp/05-components-deployment/manual-deployment/02-data-layer.mdx +++ b/docs/admin/deployment/gcp/05-components-deployment/manual-deployment/02-data-layer.mdx @@ -7,7 +7,6 @@ sidebar_label: Data Layer import DataLayerOverview from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-overview.mdx'; import DataLayerElasticsearch from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-elasticsearch.mdx'; -import DataLayerPostgresOperator from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-postgresql-operator.mdx'; import DataLayerPostgresConfig from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-postgresql-config.mdx'; import DataLayerValidation from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-validation.mdx'; @@ -15,10 +14,6 @@ import DataLayerValidation from '../../../common/deployment/05-components-deploy - -