Skip to content
  • There are no suggestions because the search field is empty.

Checklist for Kubernetes deployment of CalypsoAI

📦 Kubernetes Environment

  • An operational Kubernetes cluster is available and accessible.
  • kubectl is installed and configured with appropriate access.
  • A cloud-based or on-premise Ingress Controller is deployed (e.g., NGINX, Istio, AWS ALB, AKS AGI

🧱 Namespaces

Kubernetes namespace cai-moderator is created:

kubectl create ns cai-moderator

Kubernetes namespace cai-scanner is created:

kubectl create ns cai-scanner

🖥️ Node Resources & Affinity

  • At least one CPU-heavy node (e.g., AWS c6i.4xlarge) is available for the cai-moderator pod.
  • At least one GPU-enabled node (e.g., AWS g5.xlarge or Azure Standard_NC24ads_A100_v4) is available for the cai-scanner pod.
  • GPU on the the GPU enabled node must be dedicated to the application and not be used by any other applications requiring GPU resources
  • GPU instance requirements:
    • vCPUs - 4
    • Memory - 16.0 GiB
    • CPU Architecture - x86_64 
    • Persistent Storage - 100.0 GiB
    • GPU - Nvidia A10G/L4 (CUDA Supported)

(Optional but recommended) Nodes are labeled appropriately:

kubectl label nodes <moderator-node-name> node_group=moderator
kubectl label nodes <scanner-node-name> node_group=cai-scanne


⚙️ GPU Support 

  • NVIDIA GPU drivers are installed on GPU nodes (avoid conflicts with preinstalled AKS drivers if on Azure).

NVIDIA GPU Operator is installed in the cluster:

helm repo add nvidia https://nvidia.github.io/gpu-operator
helm repo update
helm install --wait --generate-name nvidia/gpu-operator

🔐 Container Registry Access

Docker registry secret created in cai-moderator namespace:

kubectl create secret docker-registry regcred \
  --docker-server=harbor.calypsoai.app \
  --docker-username=<provided_username> \
  --docker-password=<provided_password> \
  -n cai-moderator

Docker registry secret created in cai-scanner namespace (if applicable):

kubectl create secret docker-registry regcred \
  --docker-server=harbor.calypsoai.app \
  --docker-username=<provided_username> \
  --docker-password=<provided_password> \
  -n cai-scanner

🌐 DNS & Load Balancer

  • A qualified domain name (FQDN) is configured and points to the Ingress or Load Balancer.
  • TLS/SSL certificate (self-signed for testing or CA-issued for production) is available and installed in your Ingress or Load Balancer.
    Ingress routes:
    • /auth/* → port 8080 (Keycloak)
    • / → port 5500 (Moderator App)
    • Ingress YAML Configuration
      apiVersion: networking.k8s.io/v1
      kind: Ingress
      metadata:
        name: cai-moderator-ingress
        namespace: cai-moderator
      spec:
        ingressClassName: public
        rules:
        - http:
            paths:
            - backend:
                service:
                  name: cai-moderator
                  port:
                    number: 5500
              path: /
              pathType: Prefix
            - backend:
                service:
                  name: cai-moderator
                  port:
                    number: 5500
              path: /backend/v1
              pathType: Prefix
            - backend:
                service:
                  name: cai-moderator
                  port:
                    number: 8080
              path: /auth
              pathType: Prefix

🔑 Secrets & Configuration Files

A values.yaml file will be created with:
  • Moderator environment variables
  • PostgreSQL passwords
  • TLS settings
  • Node affinity (if used)

Confirm whether you require authentication (CAI_MODERATOR_AUTH: true) or not.