production deployment chanhes

Author: buildorin

.gitignore

@@ -183,4 +183,8 @@ models.yaml
 *.pdfs.zip.part.2
 *.pdfs.zip.part.3
 
-otel-collector-config.yaml
+otel-collector-config.yaml
+# Deployment files with sensitive data
+current-values.yaml
+apps/web/.env.production
+

apps/web/nginx.conf

@@ -1,5 +1,5 @@
 server {
-    listen 8000;
+    listen 80;
     location / {
         root /usr/share/nginx/html;
         index index.html;

apps/web/src/components/Upload/Upload.tsx

@@ -111,7 +111,7 @@ export default function Upload({
                 weight="bold"
                 style={{ color: "#111" }}
               >
-                Create Extracts
+                Extract Document
               </Text>
             </Flex>
             {files.length > 0 && (

apps/web/src/components/Upload/UploadDialog.tsx

@@ -88,7 +88,7 @@ export default function UploadDialog({
             </defs>
           </svg>
           <Text size="3" weight="bold">
-            Create Extract
+            Extract Document
           </Text>
         </BetterButton>
       </Dialog.Trigger>

cloudflared-config.yaml

@@ -4,27 +4,32 @@ credentials-file: /root/.cloudflared/YOUR_TUNNEL_ID.json
 ingress:
   # Main web application
   - hostname: app.useorin.com
-    service: http://localhost:5173
+    service: http://127.0.0.1:80
     originRequest:
       noTLSVerify: true
+      connectTimeout: 30s
 
   # API server
   - hostname: api.app.useorin.com
-    service: http://localhost:8000
+    service: http://127.0.0.1:8000
     originRequest:
       noTLSVerify: true
+      connectTimeout: 30s
 
-  # Authentication
+  # Authentication - point directly to Keycloak HTTP (official approach)
   - hostname: auth.app.useorin.com
-    service: http://localhost:8080
+    service: http://127.0.0.1:8080
     originRequest:
       noTLSVerify: true
+      connectTimeout: 30s
+      httpHostHeader: auth.app.useorin.com
 
   # S3/MinIO console (optional, for admin access)
   - hostname: s3.app.useorin.com
-    service: http://localhost:9001
+    service: http://127.0.0.1:9001
     originRequest:
       noTLSVerify: true
+      connectTimeout: 30s
 
   # Catch-all rule - return 404 for unmatched hostnames
   - service: http_status:404 

compose-cpu.yaml

@@ -57,21 +57,22 @@ services:
 
   # Web Frontend - Orin Build
   web:
-    image: ghcr.io/buildorin/orin-web:latest
+    build:
+      context: .
+      dockerfile: docker/web/Dockerfile
+      args:
+        VITE_KEYCLOAK_URL: https://auth.app.useorin.com
+        VITE_KEYCLOAK_REALM: orin
+        VITE_KEYCLOAK_CLIENT_ID: orin
+        VITE_KEYCLOAK_REDIRECT_URI: https://app.useorin.com
+        VITE_KEYCLOAK_POST_LOGOUT_REDIRECT_URI: https://app.useorin.com
+        VITE_API_URL: https://api.app.useorin.com
     platform: linux/amd64
     ports:
-      - "5173:8000"
+      - "80:80"
     env_file:
-      - .env
+      - apps/web/.env
     restart: always
-    environment:
-      - VITE_API_URL=https://api.app.useorin.com
-      - VITE_DOCS_URL=https://docs.useorin.com
-      - VITE_KEYCLOAK_CLIENT_ID=orin
-      - VITE_KEYCLOAK_POST_LOGOUT_REDIRECT_URI=https://app.useorin.com
-      - VITE_KEYCLOAK_REALM=orin
-      - VITE_KEYCLOAK_REDIRECT_URI=https://app.useorin.com
-      - VITE_KEYCLOAK_URL=https://auth.app.useorin.com
 
   # Segmentation Service - Orin Build
   segmentation-backend:
@@ -175,6 +176,8 @@ services:
   # Authentication
   keycloak:
     image: quay.io/keycloak/keycloak:25.0.2
+    ports:
+      - "8080:8080"
     environment:
       - KEYCLOAK_ADMIN=admin
       - KEYCLOAK_ADMIN_PASSWORD=admin
@@ -183,6 +186,9 @@ services:
       - KC_HOSTNAME_STRICT=false
       - KC_HOSTNAME_STRICT_HTTPS=false
       - KC_HTTP_ENABLED=true
+      - KC_HTTPS_ENABLED=false
+      - KC_HOSTNAME=auth.app.useorin.com
+      - KC_HOSTNAME_PORT=443
       - KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak
       - KC_DB_USERNAME=postgres
       - KC_DB_PASSWORD=postgres
@@ -195,12 +201,13 @@ services:
       test: [ "CMD", "curl", "-f", "http://localhost:8080/health" ]
       interval: 30s
       timeout: 10s
-      retries: 10
-      start_period: 600s
+      retries: 3
+      start_period: 40s
     depends_on:
       postgres:
         condition: service_healthy
-    restart: always
+    networks:
+      - default
 
 volumes:
   postgres_data:

docker/web/Dockerfile

@@ -3,7 +3,33 @@ FROM node:18 as build
 
 WORKDIR /app
 
-COPY apps/web/ .
+# Accept build arguments
+ARG VITE_KEYCLOAK_URL
+ARG VITE_KEYCLOAK_REALM
+ARG VITE_KEYCLOAK_CLIENT_ID
+ARG VITE_KEYCLOAK_REDIRECT_URI
+ARG VITE_KEYCLOAK_POST_LOGOUT_REDIRECT_URI
+ARG VITE_API_URL
+
+# Set environment variables for build
+ENV VITE_KEYCLOAK_URL=$VITE_KEYCLOAK_URL
+ENV VITE_KEYCLOAK_REALM=$VITE_KEYCLOAK_REALM
+ENV VITE_KEYCLOAK_CLIENT_ID=$VITE_KEYCLOAK_CLIENT_ID
+ENV VITE_KEYCLOAK_REDIRECT_URI=$VITE_KEYCLOAK_REDIRECT_URI
+ENV VITE_KEYCLOAK_POST_LOGOUT_REDIRECT_URI=$VITE_KEYCLOAK_POST_LOGOUT_REDIRECT_URI
+ENV VITE_API_URL=$VITE_API_URL
+
+# Debug: Print environment variables
+RUN echo "VITE_KEYCLOAK_URL: $VITE_KEYCLOAK_URL"
+RUN echo "VITE_KEYCLOAK_REALM: $VITE_KEYCLOAK_REALM"
+RUN echo "VITE_KEYCLOAK_CLIENT_ID: $VITE_KEYCLOAK_CLIENT_ID"
+RUN echo "VITE_KEYCLOAK_REDIRECT_URI: $VITE_KEYCLOAK_REDIRECT_URI"
+RUN echo "VITE_KEYCLOAK_POST_LOGOUT_REDIRECT_URI: $VITE_KEYCLOAK_POST_LOGOUT_REDIRECT_URI"
+RUN echo "VITE_API_URL: $VITE_API_URL"
+
+# Copy only the web app files
+COPY apps/web/package.json apps/web/pnpm-lock.yaml ./
+COPY apps/web/ ./
 
 # Install pnpm, turbo, and required type definitions
 RUN npm install -g pnpm turbo

kube/charts/chunkr/infrastructure.yaml

@@ -38,7 +38,7 @@ services:
       - configMapRef:
           name: keycloak-config
       - secretRef:
-          name: chunkr-secret
+          name: orin-secret
     readinessProbe:
       httpGet:
         path: /realms/master
@@ -130,12 +130,12 @@ services:
       - name: MINIO_ROOT_USER
         valueFrom:
           secretKeyRef:
-            name: chunkr-secret
+            name: orin-secret
             key: AWS__ACCESS_KEY
       - name: MINIO_ROOT_PASSWORD
         valueFrom:
           secretKeyRef:
-            name: chunkr-secret
+            name: orin-secret
             key: AWS__SECRET_KEY
     args:
       - server
@@ -185,12 +185,12 @@ services:
       - name: MINIO_ROOT_USER
         valueFrom:
           secretKeyRef:
-            name: chunkr-secret
+            name: orin-secret
             key: AWS__ACCESS_KEY
       - name: MINIO_ROOT_PASSWORD
         valueFrom:
           secretKeyRef:
-            name: chunkr-secret
+            name: orin-secret
             key: AWS__SECRET_KEY
     volumes:
       - name: init-script

kube/charts/chunkr/templates/_deployment.tpl

@@ -50,6 +50,9 @@ spec:
       {{- if $service.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml $service.imagePullSecrets | nindent 8 }}
+      {{- else if $.Values.global.image.pullSecrets }}
+      imagePullSecrets:
+        {{- toYaml $.Values.global.image.pullSecrets | nindent 8 }}
       {{- end }}
       containers:
       - name: {{ $name }}

kube/charts/chunkr/values.yaml

@@ -4,7 +4,7 @@ ingress:
   className: cloudflare
   annotations:
     kubernetes.io/ingress.class: nginx
-  domain: chunkr.ai
+  domain: app.useorin.com
   subdomains:
     root: true
   tls:
@@ -18,11 +18,10 @@ ingress:
       tag: 2024.12.1
       pullPolicy: Always
     config:
-      tunnelName: chunkr
+      tunnelName: app-tunnel
       services:
         - name: server
         - name: keycloak
-        - name: web
         - name: minio
 common:
   standardEnv:
@@ -61,8 +60,10 @@ common:
         .Values.ingress.domain }}
 global:
   image:
-    registry: luminainc
+    registry: ghcr.io/buildorin
     pullPolicy: Always
+    pullSecrets:
+      - name: ghcr-secret
   storageClass: standard
   topologySpreadConstraints:
     - maxSkew: 1
@@ -112,16 +113,16 @@ services:
     enabled: true
     useStandardEnv: true
     image:
-      repository: server
-      tag: 1.20.1
+      repository: orin-server
+      tag: latest
     port: 8000
     targetPort: 8000
     ingress:
       enabled: true
       subdomain: api
     envFrom:
       - secretRef:
-          name: chunkr-secret
+          name: orin-secret
     volumes:
       - name: llm-models-config
         configMap:
@@ -135,11 +136,11 @@ services:
     enabled: true
     useStandardEnv: true
     image:
-      repository: task
-      tag: 1.20.1
+      repository: orin-task
+      tag: latest
     envFrom:
       - secretRef:
-          name: chunkr-secret
+          name: orin-secret
     env:
       - name: PG__POOL__MAX_SIZE
         value: '3'
@@ -155,20 +156,20 @@ services:
   web:
     enabled: true
     image:
-      repository: web
-      tag: 1.20.1
-    port: 8000
-    targetPort: 8000
+      repository: orin-web
+      tag: prod
+    port: 80
+    targetPort: 80
     ingress:
       enabled: true
-      subdomain: www
+      subdomain: ""
     env:
       - name: VITE_API_URL
         value: >-
           https://{{ .Values.services.server.ingress.subdomain }}.{{
           .Values.ingress.domain }}
       - name: VITE_DOCS_URL
-        value: https://docs.chunkr.ai
+        value: https://docs.useorin.com
       - name: VITE_KEYCLOAK_CLIENT_ID
         value: orin
       - name: VITE_KEYCLOAK_POST_LOGOUT_REDIRECT_URI
@@ -188,8 +189,8 @@ services:
   ocr:
     enabled: true
     image:
-      repository: doctr
-      tag: 1.20.1
+      repository: orin-ocr
+      tag: latest
     port: 8000
     targetPort: 8000
     useGPU: true
@@ -202,8 +203,8 @@ services:
   segmentation:
     enabled: true
     image:
-      repository: segmentation
-      tag: 1.5.0
+      repository: orin-segmentation
+      tag: latest
     port: 8000
     targetPort: 8000
     useGPU: true
@@ -219,3 +220,8 @@ services:
         value: '0.025'
       - name: SCORE_THRESHOLD
         value: '0.2'
+  postgres:
+    enabled: true
+    credentials:
+      username: postgres
+      password: postgres