feat(ml): add ml service

Author: karimzakzouk

infra/terraform-dev/main.tf

@@ -71,6 +71,13 @@ resource "azurerm_postgresql_flexible_server" "main" {
   }
 }
 
+# PostgreSQL Extensions Configuration
+resource "azurerm_postgresql_flexible_server_configuration" "extensions" {
+  name      = "azure.extensions"
+  server_id = azurerm_postgresql_flexible_server.main.id
+  value     = "pg_trgm,uuid-ossp,pgcrypto"
+}
+
 # PostgreSQL Database
 resource "azurerm_postgresql_flexible_server_database" "main" {
   name      = "simpledb"

ml-model-service/build.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+cd "$SCRIPT_DIR/../../app"
+
+IMAGE_GHCR="ghcr.io/${OWNER_NAME,,}/${REPO_NAME,,}:${COMMIT_TAG}-${ENV_TAG}"
+IMAGE_DOCKERHUB="${DOCKER_USER}/${REPO_NAME,,}:${COMMIT_TAG}-${ENV_TAG}"
+
+echo "Building ML Model Service Docker image..."
+docker build -t "$IMAGE_GHCR" .
+
+docker tag "$IMAGE_GHCR" "ghcr.io/${OWNER_NAME,,}/${REPO_NAME,,}:${MOVING_TAG}"
+docker tag "$IMAGE_GHCR" "$IMAGE_DOCKERHUB"
+docker tag "$IMAGE_GHCR" "${DOCKER_USER}/${REPO_NAME,,}:${MOVING_TAG}"
+
+TEST_CONTAINER="test_${COMMIT_TAG}_$$"
+echo "Testing container..."
+docker run -d --name "$TEST_CONTAINER" "$IMAGE_GHCR"
+sleep 15
+
+# Test health endpoint
+echo "Testing health endpoint..."
+if docker exec "$TEST_CONTAINER" python -c "import requests; r = requests.get('http://localhost:8000/health'); assert r.status_code == 200" 2>/dev/null; then
+    echo "✅ Health check passed"
+else
+    echo "⚠️  Health check failed, but continuing..."
+fi
+
+docker stop "$TEST_CONTAINER"
+docker rm "$TEST_CONTAINER"
+
+echo "Pushing to registries..."
+echo "${GITHUB_PAT}" | docker login ghcr.io -u "${OWNER_NAME}" --password-stdin
+
+docker push "$IMAGE_GHCR"
+docker push "ghcr.io/${OWNER_NAME,,}/${REPO_NAME,,}:${MOVING_TAG}"
+
+echo "${DOCKER_PASS}" | docker login -u "${DOCKER_USER}" --password-stdin
+
+docker push "$IMAGE_DOCKERHUB"
+docker push "${DOCKER_USER}/${REPO_NAME,,}:${MOVING_TAG}"

ml-model-service/deploy.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+if [ -z "$ENV_TAG" ]; then
+  echo "ENV_TAG not set"
+  exit 1
+fi
+
+if [ "${ENV_TAG}" = "prod" ]; then
+  RELEASE_NAME="ml-model-service-prod"
+  exit 1
+elif [ "${ENV_TAG}" = "dev" ]; then
+  RELEASE_NAME="ml-model-service-dev"
+else
+  exit 1
+fi
+
+
+# Install Azure CLI (if not already installed)
+if ! command -v az &> /dev/null; then
+    curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash > /dev/null 2>&1
+fi
+
+# Install kubectl (if not already installed)
+if ! command -v kubectl &> /dev/null; then
+    curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+    sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
+    rm kubectl
+fi
+
+# Install Helm (if not already installed)
+if ! command -v helm &> /dev/null; then
+    curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash > /dev/null 2>&1
+fi
+
+# Login to Azure
+az login --service-principal \
+  -u ${AZURE_CLIENT_ID} \
+  -p ${AZURE_CLIENT_SECRET} \
+  --tenant ${AZURE_TENANT_ID} > /dev/null 2>&1
+
+# Get AKS credentials
+az aks get-credentials \
+  --resource-group ${AZURE_RESOURCE_GROUP} \
+  --name ${AZURE_CLUSTER_NAME} \
+  --overwrite-existing > /dev/null 2>&1
+
+helm upgrade ml-model-service "$SCRIPT_DIR/helm-chart" \
+  --install \
+  --create-namespace \
+  --namespace default \
+  --set image.tag="$IMAGE_TAG" \
+  --set image.repository="$IMAGE_REPO" \
+  --history-max 3 \
+  --wait \
+  --timeout 5m \
+  --atomic

ml-model-service/helm-chart/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: ml-model-service
+description: ML Model Service for Content Quality Prediction
+type: application
+version: 1.0.0
+appVersion: "1.0.0"

ml-model-service/helm-chart/templates/_helpers.tpl

@@ -0,0 +1,49 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "ml-model-service.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+*/}}
+{{- define "ml-model-service.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ml-model-service.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "ml-model-service.labels" -}}
+helm.sh/chart: {{ include "ml-model-service.chart" . }}
+{{ include "ml-model-service.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "ml-model-service.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "ml-model-service.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

ml-model-service/helm-chart/templates/deployment.yaml

@@ -0,0 +1,45 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "ml-model-service.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "ml-model-service.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "ml-model-service.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "ml-model-service.selectorLabels" . | nindent 8 }}
+      annotations:
+        # Force pod restart on upgrade by adding timestamp
+        rollme: {{ randAlphaNum 5 | quote }}
+    spec:
+      containers:
+      - name: ml-model-service
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        ports:
+        - name: http
+          containerPort: {{ .Values.service.targetPort }}
+          protocol: TCP
+        env:
+        - name: PORT
+          value: {{ .Values.env.PORT | quote }}
+        - name: APP_VERSION
+          value: {{ .Values.env.APP_VERSION | quote }}
+        - name: LOG_LEVEL
+          value: {{ .Values.env.LOG_LEVEL | quote }}
+        resources:
+          {{- toYaml .Values.resources | nindent 10 }}
+        {{- with .Values.livenessProbe }}
+        livenessProbe:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+        {{- with .Values.readinessProbe }}
+        readinessProbe:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}

ml-model-service/helm-chart/templates/ingress.yaml

@@ -0,0 +1,40 @@
+{{- if .Values.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "ml-model-service.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "ml-model-service.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+  - hosts:
+    {{- range .hosts }}
+    - {{ . | quote }}
+    {{- end }}
+    secretName: {{ .secretName }}
+  {{- end }}
+  {{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+  - host: {{ .host | quote }}
+    http:
+      paths:
+      {{- range .paths }}
+      - path: {{ .path }}
+        pathType: {{ .pathType }}
+        backend:
+          service:
+            name: {{ include "ml-model-service.fullname" $ }}
+            port:
+              number: {{ $.Values.service.port }}
+      {{- end }}
+  {{- end }}
+{{- end }}

ml-model-service/helm-chart/templates/service.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "ml-model-service.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "ml-model-service.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: {{ .Values.service.targetPort }}
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "ml-model-service.selectorLabels" . | nindent 4 }}

ml-model-service/helm-chart/values.yaml

@@ -0,0 +1,57 @@
+replicaCount: 1
+
+image:
+  repository: karimzakzouk/ml-model-service
+  pullPolicy: Always
+  tag: "dev"
+
+nameOverride: ""
+fullnameOverride: ""
+
+service:
+  type: ClusterIP
+  port: 8000
+  targetPort: 8000
+
+ingress:
+  enabled: true
+  className: nginx
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+  hosts:
+    - host: "ml.hankers.myaddr.tools"
+      paths:
+        - path: /
+          pathType: Prefix
+  tls:
+    - secretName: ml-model-tls
+      hosts:
+        - ml.hankers.myaddr.tools
+
+resources:
+  limits:
+    cpu: 500m
+    memory: 512Mi
+  requests:
+    cpu: 250m
+    memory: 256Mi
+
+livenessProbe:
+  httpGet:
+    path: /health
+    port: 8000
+  initialDelaySeconds: 30
+  periodSeconds: 10
+
+readinessProbe:
+  httpGet:
+    path: /health
+    port: 8000
+  initialDelaySeconds: 10
+  periodSeconds: 5
+
+env:
+  PORT: "8000"
+  APP_VERSION: "v1.0"
+  LOG_LEVEL: "INFO"