AI Service Helm Chart
The service integrates 3rd party AI solutions like Chat GPT from OpenAI and exposes a common API for App Suite UI
Introduction
All configuration values can be found in values.yaml.
Note: You need to add the shared secret for JWT verification and this must match the secret configured for switchboard.
Requirements
This section will provide any missing details for specific requirements.
Accounting / Plans
Various commercial models within the AI service by restricting user access to paid APIs can be implemented. For instance, a "free" model might allow 10 requests per day or month, while a paid model allows 1000 requests per month. The user and brand limits can be configured via config map on the helm chart. A plan is an object with its key as the id for the plan and has the following properties:
name: The name of the planplan: The type of the plan (free, paid)strategy: The strategy for the plan (duration, monthly)duration: The duration of the plan (only for duration strategy, format is30dfor 30 days)limit: The limit of requests per user and brandenabled: The plan is enabled or not
example for plans:
plans:
- premium:
name: "Premium Plan"
plan: "paid"
strategy: "monthly"
limit: 100
enabled: true
- trial:
name: "Trial Plan"
plan: "free"
strategy: "duration"
duration: "30d"
limit: 100
enabled: true
- specialTrial:
name: "Special Trial Plan"
plan: "free"
strategy: "monthly"
limit: 5
enabled: true
AI Service Database Configuration Documentation
This documentation provides a clear guide for configuring the AI service with an existing database, detailing the necessary steps and minimal grants required for the database user.
Steps to Configure the AI Service
Enable Database Configuration: Add the following configuration to enable the database for the AI service:
database: enabled: truePrepare the Database: The service expects an existing database to connect to and run initial migrations. Follow the steps below to set up the database correctly.
Database Schema Setup
To ensure the AI service operates correctly, you need to create the necessary tables and procedures in your database. Although the actual migration script will be executed automatically, it is essential to ensure that the database user has the appropriate permissions.
Minimal Required Grants
The minimal grants needed for the database user are:
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, TRIGGER ON `your_database_name`.* TO 'your_db_user'@'%';
Replace your_database_name with the name of your database and your_db_user with the name of your database user.
Example Configuration
Here's an example of how to grant the necessary permissions:
CREATE USER 'ai_service_user'@'%' IDENTIFIED BY 'secure_password';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, TRIGGER ON `ai_service_db`.* TO 'ai_service_user'@'%';
FLUSH PRIVILEGES;
In this example:
ai_service_useris the database user for the AI service.secure_passwordis the password for the database user.ai_service_dbis the database name for the AI service.
Summary
By following this documentation, you will ensure that the AI service has the necessary database schema and that the database user has the appropriate permissions to perform all required operations. This setup avoids the need for trial and error and provides a clear, concise reference for configuring the AI service with an existing database.
Configuration
| Parameter | Description | Default |
|---|---|---|
image.repository | The image to be used for the deployment | registry.open-xchange.com/core/ai-service |
image.pullPolicy | The imagePullPolicy for the deployment | IfNotPresent |
image.tag | The image tag, defaults to app version | "" |
hostname | hostname for the ai-service deployment | "" |
origins | Allowed origins for CORS | * |
logLevel | specify log level for service | "info" |
logJson | log in JSON format | false |
exposeApiDocs | Expose API documentation via Swagger UI at /api-docs | false |
ingress.enabled | Generate ingress resource | false |
ingress.annotations | Map of key-value pairs that will be added as annotations to the ingress resource | {} |
overrides.name | Name of the chart | "ai-service" |
overrides.fullname | Full name of the chart installation | "RELEASE-NAME-ai-service" |
jwtSecret.enabled | Enable the secret for JWT | true |
jwt.sharedSecret | Shared secret for JWT verification. This must match the secret configured for switchboard | "" |
jwks.domain | Domain of JWKS issuer like example.com leave empty if you want to use sharedSecret | "" |
openaiSecret.enabled | Enable the secret for openai | true |
openaiAPIKey | OpenAI API Key | "" |
azureSecret.enabled | Enable the secret for Azure | false |
azureAPIUrl | OpenAI Azure API Url (Internal use only) | "" |
azureAPIKey | OpenAI Azure API Key (Internal use only) | "" |
database.enabled | Use Database (mandatory for usage tracking and rate limiting) | false |
database.host | SQL server hostname | RELEASE-NAME-ai-service-sql |
database.name | Database name | RELEASE-NAME-ai-service |
database.connections | Number of concurrent connections to the DB server | "10" |
database.user | DB User with access rights to sqlDB | "" |
database.password | DB Password of swDBUser | "" |
database.rootPassword | Database root password to perform admin tasks | "" |
database.rollback | WARNING: This will roll back the migrations this version has rolled out | false |
cron.cleanupDb | Database cleanup interval (Cron notation) | 0 0 * * * * |
azureAPIVersion | OpenAI Azure API Key (Internal use only) | "" |
openaiBaseUrl | Url of the OpenAI service (internal use only) | "" |
usageTracking.enabled | Enable usage tracking for requests per user and brand | false |
plans | List of plans with limits for users and brands | see example above |