Changes for release (#143)

* fix: separate SSL certificates (#101)

* fix: Set environment variables via .env file. (#99)

* Set environment variables via .env file.

* Missing change

* Change how hostnames and secret are set.

* changes for env template

* add env variable resolver on sso redirect value

* fix: add env_file to codetogether-intel (#105)

* fix: missing CT_HQ_BASE_URL env var (#107)

* feat: nginx auto config (#109)

* fix: add step for sso provider (#110)

* fix: add client_max_body_size to intel (#112)

* fix: tweak name of dhparam.pem env var (#113)

* tweak name of dhparam.pem env var

* fix env var name in nginx template

* fix pam to pem

* fix: missing env file on collab (#114)

* fix: handle nil ai.openai.api_key to prevent template er… (#116)

* fix(intel-chart): handle nil ai.openai.api_key to prevent template errors

Adjusted the Helm chart template for ai-secrets to avoid referencing ai.openai.api_key and
ai.external.api_key when undefined.
This fixes a fatal error during `helm template` when AI mode is set to `bundled`
and no OpenAI config is present. Ensures compatibility with bundled-only deployments.

* Changes to fix workflow issues

* fix: cleanup for sso tenants (#117)

* feat(intel): add option to disable AI integration entirely (#120)

Previously, the Helm chart required either 'bundled' or 'external' AI mode to be configured, making it
mandatory to include AI integration. This commit introduces a new flag `ai.enabled` to allow disabling
AI features entirely, enabling Intel to be deployed without any AI-related containers or resources.

* Change gen ai image name on values file (#122)

* fix: bump up version number (#123)

* docs: remove outdated metrics section from README (#130)

- Removed the section referring to metrics(prometeus), etc from the README

Co-authored-by: engineering <engineering@codetogether.com>

* fix: add note to env-template file (#127)

* fix: update LLM image URL to hub.edge (#132)

* docs: add deprecation notice to old Live chart (#131)

* 126 automatically configure ollama integration when llm is enabled (#128)

* Make sidecar AI container resource block optional in deployment

- Updated deployment.yaml to include the `resources` block for the `codetogether-llm` sidecar only if values are defined in values.yaml.
- Ensures the bundled AI container can run without specifying resource limits/requests by default.
- Improved overall Helm template flexibility for embedded AI mode.
- Validated that runs with AI Container embeeded.

* Enable support for external AI provider

- Updated deployment.yaml to support both bundled and external AI modes, allowing selection via .Values.ai.mode.
- Added manifests for external AI integration:
  - ai-config ConfigMap: defines external provider and URL.
  - ai-external-secret Secret: stores the external API key.
- Verified that external AI mode works by routing requests through the configured external service.

* feat: automate creation of external AI ConfigMap and Secret from values.yaml

- Added Helm templates to generate ai-config ConfigMap and ai-external-secret Secret automatically when AI external mode is enabled.
- ConfigMap values (ai_provider, ai_url) and Secret value (api-key) are now configurable via values.yaml.
- Ensured resources are only created when ai.enabled=true and ai.mode=external.

* feat: allow use of existing or Helm-managed ai-external-secret in deployment

- Updated deployment.yaml to support referencing a user-provided Secret for AI external API key, with fallback to Helm-managed creation.
- Added ai-external-secret.yaml template to optionally create the secret from values if not provided.

* Fixing helm template validations

* Adding values configuration

---------

Co-authored-by: engineering <engineering@codetogether.com>

* Gen AI Changes (#124)

* Change resources of ai

* Include gen ai on docker compose.

* undo changes

* Fix collab helm chart to allow usage of locator. (#134)

* fix: invalid values in AI values section (#137)

* fix: support automatic configuration of the LLM integration if AI is enabled (#138)

* Fixes after Testing (#139)

* Fixes after Testing
- Refactored deployment.yaml to reference ai.externalSecret.name when create: false
- Corrected CT_HQ_OLLAMA_AI_API_KEY key to apiKey to match Secret’s stringData
- Updated ai-external-secret.yaml to generate a Secret only when create: true

* Bump intel chart version to 1.2.5

* Fix to user http://codetogether-llm:8000/ always

---------

Co-authored-by: engineering <engineering@codetogether.com>

* Changes to use localhost always to avoid dns issues (#142)

Co-authored-by: engineering <engineering@codetogether.com>

---------

Co-authored-by: Wojciech Galanciak <wojtek@codetogether.com>
Co-authored-by: danc094codetogether <daniel@codetogether.com>
Co-authored-by: engineering <engineering@codetogether.com>

Author: 4 people

charts/collab/README.md

@@ -36,11 +36,6 @@ The following table lists configurable parameters of the CodeTogether Collab cha
 | `codetogether.noclients`                    | Disables the `/clients` endpoint if set to `true`                                              | `false`                                                   |
 | `codetogether.timeZone.enabled`             | Enables a customized time zone for the container                                               | `false`                                                   |
 | `codetogether.timeZone.region`              | Time zone region for the container                                                             | `America/Chicago`                                         |
-| `direct.metrics.statsdEnabled`              | Enables StatsD metrics collection                                                              | `false`                                                   |
-| `direct.metrics.statsdHost`                 | Host for StatsD metrics                                                                        | `https://my-graphite-fqdn`                                |
-| `direct.metrics.statsdPort`                 | Port for StatsD metrics                                                                        | `8125`                                                    |
-| `direct.metrics.statsdProtocol`             | Protocol for StatsD metrics                                                                    | `UDP`                                                     |
-| `direct.metrics.prometheusEnabled`          | Enables Prometheus metrics collection                                                          | `false`                                                   |
 | `locatorCentral.database.host`              | Host for locator-central database                                                              | `10.10.0.2`                                               |
 | `locatorCentral.database.port`              | Port for locator-central database                                                              | `3306`                                                    |
 | `locatorCentral.database.schema`            | Schema name for locator-central database                                                      | `codetogether`                                            |

charts/collab/templates/deployment.yaml

@@ -99,6 +99,10 @@ spec:
           {{- if eq .Values.codetogether.mode "locator-edge" }}
           - name: CT_LOCATOR
             value: {{ .Values.locatorEdge.locator | quote }}
+          {{- if .Values.locatorEdge.locatorLan }}
+          - name: CT_LOCATOR_INTERNAL
+            value: {{ .Values.locatorEdge.locatorLan | quote }}
+          {{- end }}
           - name: CT_REGION
             value: {{ .Values.locatorEdge.region | quote }}
           {{- end }}  

charts/collab/values.yaml

@@ -117,6 +117,9 @@ locatorCentral:
 locatorEdge:
   # URL that the Locator is listening on.
   locator: "https://codetogether.locator"
+  # Internal k8s url for the locator service.
+  # Optional - If not set k8s dns need to know how to resolve the locator url.
+  # locatorLan: "http://<collab-locator-service-name>.<namespace>.svc.cluster.local:443"
   # Optional region which can have CIDR IP address regions assigned to 
   # allowing regional routing of requests. Only enable if deploying
   # CodeTogether to multiple regional data centers.

charts/intel/Chart.yaml

@@ -3,8 +3,8 @@ name: codetogether-intel
 description: CodeTogether Intel provides advanced project insights for developers
 
 type: application
-version: 1.2.3
-appVersion: "2025.1.0"
+version: 1.2.5
+appVersion: "2025.3.0"
 
 icon: https://www.codetogether.com/wp-content/uploads/2020/02/codetogether-circle-128.png
 home: https://www.codetogether.com

charts/intel/templates/ai-config.yaml

@@ -0,0 +1,11 @@
+{{- if and .Values.ai.enabled (eq .Values.ai.mode "external") }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ai-config
+  namespace: {{ .Release.Namespace }}
+data:
+  ai_provider: {{ .Values.ai.provider | quote }}
+  ai_url: {{ .Values.ai.url | quote }}
+{{- end }}
+

charts/intel/templates/ai-external-secret.yaml

@@ -0,0 +1,12 @@
+{{- $extSecret := (index .Values.ai "externalSecret" | default dict) }}
+{{- if and .Values.ai.enabled (eq .Values.ai.mode "external") (or (not $extSecret.name) $extSecret.create) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $extSecret.name | default (printf "%s-ai-external-secret" (include "codetogether.fullname" .)) }}
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+stringData:
+  apiKey: {{ $extSecret.apiKey | quote }}
+{{- end }}
+

charts/intel/templates/deployment.yaml

@@ -28,38 +28,19 @@ spec:
       {{- end }}
       serviceAccountName: {{ include "codetogether.serviceAccountName" . }}
       containers:
-        {{- if .Values.ai.enabled }}
-          {{- if eq .Values.ai.mode "bundled" }}
-          - name: codetogether-llm
-            image: "{{ .Values.ai.image.repository }}:{{ .Values.ai.image.tag }}"
-            imagePullPolicy: Always
-            ports:
-              - name: ai
-                containerPort: 8000
-                protocol: TCP
-            resources:
-              requests:
-                cpu: {{ .Values.ai.resources.requests.cpu | quote }}
-                memory: {{ .Values.ai.resources.requests.memory | quote }}
-              limits:
-                cpu: {{ .Values.ai.resources.limits.cpu | quote }}
-                memory: {{ .Values.ai.resources.limits.memory | quote }}
-          {{- end }}
-        {{- end }}
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           env:
-          - name: AI_MODE
-            value: {{ .Values.ai.mode | quote }}
-          {{- if eq .Values.ai.mode "bundled" }}
-          - name: AI_BUNDLED_URL
-            value: "http://codetogether-llm:8000"
-          {{- end }}
-          {{- if .Values.ai.enabled }}
-            {{- if eq .Values.ai.mode "external" }}
+            - name: AI_MODE
+              value: {{ .Values.ai.mode | quote }}
+            {{- if eq .Values.ai.mode "bundled" }}
+            - name: AI_BUNDLED_URL
+              value: "http://localhost:8000"
+            {{- end }}
+            {{- if and .Values.ai.enabled (eq .Values.ai.mode "external") }}
             - name: AI_PROVIDER
               valueFrom:
                 configMapKeyRef:
@@ -73,36 +54,47 @@ spec:
             - name: AI_EXTERNAL_API_KEY
               valueFrom:
                 secretKeyRef:
-                  name: ai-external-secret
-                  key: api-key
+                  name: {{ default (printf "%s-ai-external-secret" (include "codetogether.fullname" .)) .Values.ai.externalSecret.name | quote }}
+                  key: apiKey
+            {{- end }}
+            # Set CodeTogether runtime configuration
+            - name: CT_HQ_BASE_URL
+              value: {{ .Values.codetogether.url | quote }}
+            {{- if .Values.java.customCacerts.enabled }}
+            - name: CT_TRUST_STORE
+              value: -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts
+            {{- end }}
+            {{- if .Values.java.customJavaOptions }}
+            - name: CT_JAVA_OPTIONS
+              value: "{{ .Values.java.customJavaOptions | default "" }}"
+            {{- end }}
+            {{- if and .Values.java.customCacerts.enabled .Values.java.customCacerts.trustStorePasswordKey }}
+            - name: CT_TRUST_STORE_PASSWD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.java.customCacerts.cacertsSecretName }}
+                  key: {{ .Values.java.customCacerts.trustStorePasswordKey }}
+                  optional: true
+            {{- end }}
+            {{- if .Values.ai.enabled }}
+            - name: CT_HQ_OLLAMA_AI_URL
+              value: {{ if eq .Values.ai.mode "bundled" }}
+                "http://localhost:8000"
+              {{ else }}
+                {{ .Values.ai.url | quote }}
+              {{ end }}
+            - name: CT_HQ_OLLAMA_AI_MODEL_NAME
+              value: {{ .Values.ai.modelName | default "gemma3:1b" | quote }}
+            - name: CT_HQ_OLLAMA_AI_API_KEY
+              {{- if eq .Values.ai.mode "bundled" }}
+              value: "apiKey"
+              {{- else }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ default (printf "%s-ai-external-secret" (include "codetogether.fullname" .)) .Values.ai.externalSecret.name | quote }}
+                  key: apiKey
+              {{- end }}
             {{- end }}
-          {{- end }}
-          #
-          # Set CodeTogether runtime configuration
-          #         
-          - name: CT_HQ_BASE_URL
-            value: {{ .Values.codetogether.url | quote }}
-          {{- if .Values.java.customCacerts.enabled }}
-          - name: CT_TRUST_STORE
-            value: -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts 
-          {{- end }}
-
-          # Custom Java options (excluding trust store related settings)
-          {{- if .Values.java.customJavaOptions }} 
-          - name: CT_JAVA_OPTIONS
-            value: "{{ .Values.java.customJavaOptions | default "" }}"
-          {{- end }}
-
-          # Set trust store password only if trustStorePasswordKey is provided
-          {{- if and .Values.java.customCacerts.enabled .Values.java.customCacerts.trustStorePasswordKey }}
-          - name: CT_TRUST_STORE_PASSWD
-            valueFrom:
-              secretKeyRef:
-                name: {{ .Values.java.customCacerts.cacertsSecretName }}
-                key: {{ .Values.java.customCacerts.trustStorePasswordKey }}
-                optional: true
-          {{- end }}
-
           volumeMounts:
             - name: properties-volume
               mountPath: /opt/codetogether/runtime/cthq.properties
@@ -112,29 +104,20 @@ spec:
               mountPath: /etc/ssl/certs/java/cacerts
               subPath: cacerts
             {{- end }}
-
-          # 
-          # Set container configuration
-          #
           ports:
             - name: http
               containerPort: 1080
               protocol: TCP
-          
           livenessProbe:
-            httpGet:
-              path: /
-              port: http
             initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
             periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
             timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
             successThreshold: {{ .Values.livenessProbe.successThreshold }}
             failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
-          readinessProbe:
             httpGet:
               path: /
               port: http
-          
+
           readinessProbe:
             initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
             periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
@@ -147,6 +130,19 @@ spec:
 
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+        {{- if and .Values.ai.enabled (eq .Values.ai.mode "bundled") }}
+        - name: codetogether-llm
+          image: "{{ .Values.ai.image.repository }}:{{ .Values.ai.image.tag }}"
+          imagePullPolicy: Always
+          ports:
+            - name: ai
+              containerPort: 8000
+              protocol: TCP
+          {{- if .Values.ai.resources }}
+          resources:
+            {{- toYaml .Values.ai.resources | nindent 12 }}
+          {{- end }}
+        {{- end }}
       volumes:
         - name: properties-volume
           secret:

charts/intel/values.yaml

@@ -141,20 +141,16 @@ securityContext: {}
 ai:
   enabled: false
   mode: "bundled"  # Options: bundled | external
-  provider: "ollama"  # No OpenAI dependency
-  resources:
-    requests:
-      cpu: "2"
-      memory: "4Gi"
-      gpu: false
-    limits:
-      cpu: "4"
-      memory: "8Gi"
-      gpu: false
   image:
-    repository: registry.digitalocean.com/codetogether-registry/ai-summarization
+    repository: hub.edge.codetogether.com/releases/codetogether-llm
     tag: latest
-
+#  resources:       # Recommended resources configuration
+ #   requests:
+  #    cpu: "2"
+   #   memory: "4Gi"
+    #limits:
+     # cpu: "4"
+      #memory: "4Gi"
 
 readinessProbe:
   initialDelaySeconds: 60

charts/live/README.md

@@ -1,7 +1,10 @@
 # README.md Helm Chart for CodeTogether Live
+# CodeTogether Live Chart (Legacy)
 
-## Summary
+> **⚠️ Legacy Chart**  
+> This chart is now considered legacy and is not longer supported, is not recommended for new deployments.
 
+## Summary
 This chart creates a CodeTogether Live server deployment on a Kubernetes cluster using the Helm package manager.
 
 ## Prerequisites

compose/.env-template

@@ -39,10 +39,15 @@ COLLAB_FQDN=collab.example.com
 INTEL_FQDN=intel.example.com
 INTEL_SECRET=super-secret-string
 
+# SSL cerfificate files should be placed in the `nginx/ssl` directory.
 SSL_COLLAB_CERT=ssl-collab.crt
 SSL_COLLAB_KEY=ssl-collab.key
 
 SSL_INTEL_CERT=ssl-intel.crt
 SSL_INTEL_KEY=ssl-intel.key
 
-DHPARAM_PEM=dhparam.pem
+DHPARAM_PEM=dhparam.pem
+
+# Uncomment the following lines to enable AI integration with Ollama
+#CT_HQ_OLLAMA_AI_URL=http://codetogether-llm:8000
+#CT_HQ_OLLAMA_AI_MODEL_NAME=gemma3:1b