improvement(helm): added more to helm charts, remove instance selector for various cloud providers (#2412)

* improvement(helm): added more to helm charts, remove instance selector for various cloud providers

* ack PR comment

Author: waleedlatif1

helm/sim/examples/values-aws.yaml

@@ -4,17 +4,17 @@
 # Global configuration
 global:
   imageRegistry: "ghcr.io"
-  storageClass: "gp3"
+  storageClass: "gp2"  # Use gp2 (default on EKS) or create gp3 StorageClass for better performance
 
 # Main application
 app:
   enabled: true
   replicaCount: 2
-  
-  # Node selector for application pods (customize based on your EKS node labels)
-  nodeSelector:
-    kubernetes.io/arch: amd64
-    node.kubernetes.io/instance-type: "t3.large"
+
+  # Node selector for application pods
+  # Uncomment and customize based on your EKS node labels:
+  # nodeSelector:
+  #   node.kubernetes.io/instance-type: "t3.large"
 
   resources:
     limits:
@@ -28,8 +28,8 @@ app:
   env:
     NEXT_PUBLIC_APP_URL: "https://simstudio.acme.com"
     BETTER_AUTH_URL: "https://simstudio.acme.com"
-    SOCKET_SERVER_URL: "https://simstudio-ws.acme.com"
-    NEXT_PUBLIC_SOCKET_URL: "https://simstudio-ws.acme.com"
+    # SOCKET_SERVER_URL is auto-detected (uses internal service http://sim-realtime:3002)
+    NEXT_PUBLIC_SOCKET_URL: "https://simstudio-ws.acme.com"  # Public WebSocket URL for browsers
 
     # Security settings (REQUIRED - replace with your own secure secrets)
     # Generate using: openssl rand -hex 32
@@ -52,11 +52,11 @@ app:
 realtime:
   enabled: true
   replicaCount: 2
-  
-  # Node selector for realtime pods (customize based on your EKS node labels)
-  nodeSelector:
-    kubernetes.io/arch: amd64
-    node.kubernetes.io/instance-type: "t3.medium"
+
+  # Node selector for realtime pods
+  # Uncomment and customize based on your EKS node labels:
+  # nodeSelector:
+  #   node.kubernetes.io/instance-type: "t3.medium"
 
   resources:
     limits:
@@ -89,10 +89,11 @@ migrations:
 # PostgreSQL database
 postgresql:
   enabled: true
-  
-  # Node selector for database pods (recommended: memory-optimized EC2 instances)
-  nodeSelector:
-    node.kubernetes.io/instance-type: "r5.large"
+
+  # Node selector for database pods
+  # Uncomment and customize (recommended: memory-optimized EC2 instances like r5.large):
+  # nodeSelector:
+  #   node.kubernetes.io/instance-type: "r5.large"
 
   # Database authentication (REQUIRED - set secure credentials)
   auth:
@@ -109,17 +110,17 @@ postgresql:
       memory: "2Gi"
       cpu: "1000m"
 
-  # Persistent storage using AWS EBS GP3 volumes
+  # Persistent storage using AWS EBS volumes
   persistence:
     enabled: true
-    storageClass: "gp3"
+    storageClass: "gp2"  # Use gp2 (default) or create gp3 StorageClass
     size: 50Gi
     accessModes:
       - ReadWriteOnce
 
-  # SSL/TLS configuration
+  # SSL/TLS configuration (requires cert-manager to be installed)
   tls:
-    enabled: true
+    enabled: false  # Set to true if cert-manager is installed
     certificatesSecret: postgres-tls-secret
 
   # PostgreSQL performance tuning for AWS infrastructure
@@ -130,14 +131,15 @@ postgresql:
     minWalSize: "160MB"
 
 # Ollama AI models with GPU acceleration (AWS EC2 GPU instances)
+# Set ollama.enabled: false if you don't need local AI models
 ollama:
-  enabled: true
+  enabled: false
   replicaCount: 1
-  
-  # GPU node targeting (recommended: g4dn.xlarge or p3.2xlarge instances)
-  nodeSelector:
-    node.kubernetes.io/instance-type: "g4dn.xlarge"
-    kubernetes.io/arch: amd64
+
+  # GPU node targeting - uncomment and customize for GPU instances
+  # Recommended: g4dn.xlarge or p3.2xlarge instances
+  # nodeSelector:
+  #   node.kubernetes.io/instance-type: "g4dn.xlarge"
 
   tolerations:
     - key: "nvidia.com/gpu"
@@ -162,7 +164,7 @@ ollama:
   # High-performance storage for AI models
   persistence:
     enabled: true
-    storageClass: "gp3"
+    storageClass: "gp2"  # Use gp2 (default) or create gp3 StorageClass
     size: 100Gi
     accessModes:
       - ReadWriteOnce

helm/sim/examples/values-azure.yaml

@@ -4,16 +4,19 @@
 # Global configuration
 global:
   imageRegistry: "ghcr.io"
-  storageClass: "managed-csi-premium"
+  # Use "managed-csi-premium" for Premium SSD (requires Premium storage-capable VMs like Standard_DS*)
+  # Use "managed-csi" for Standard SSD (works with all VM types)
+  storageClass: "managed-csi"
 
 # Main application
 app:
   enabled: true
-  replicaCount: 1
-  
-  # Node selector for application pods (customize based on your AKS node labels)
-  nodeSelector:
-    node-role: application
+  replicaCount: 2
+
+  # Node selector for application pods
+  # Uncomment and customize based on your AKS node labels:
+  # nodeSelector:
+  #   agentpool: "application"
 
   resources:
     limits:
@@ -26,8 +29,8 @@ app:
   env:
     NEXT_PUBLIC_APP_URL: "https://simstudio.acme.com"
     BETTER_AUTH_URL: "https://simstudio.acme.com"
-    SOCKET_SERVER_URL: "https://simstudio-ws.acme.com"
-    NEXT_PUBLIC_SOCKET_URL: "https://simstudio-ws.acme.com"
+    # SOCKET_SERVER_URL is auto-detected (uses internal service http://sim-realtime:3002)
+    NEXT_PUBLIC_SOCKET_URL: "https://simstudio-ws.acme.com"  # Public WebSocket URL for browsers
 
     # Security settings (REQUIRED - replace with your own secure secrets)
     # Generate using: openssl rand -hex 32
@@ -46,11 +49,12 @@ app:
 # Realtime service
 realtime:
   enabled: true
-  replicaCount: 1
-  
-  # Node selector for application pods (customize based on your AKS node labels)
-  nodeSelector:
-    node-role: application
+  replicaCount: 2
+
+  # Node selector for realtime pods
+  # Uncomment and customize based on your AKS node labels:
+  # nodeSelector:
+  #   agentpool: "application"
 
   resources:
     limits:
@@ -74,10 +78,11 @@ migrations:
 # PostgreSQL database
 postgresql:
   enabled: true
-  
-  # Node selector for database pods (recommended: memory-optimized VM sizes)
-  nodeSelector:
-    node-role: datalake
+
+  # Node selector for database pods
+  # Uncomment and customize (recommended: memory-optimized VM sizes):
+  # nodeSelector:
+  #   agentpool: "database"
 
   # Database authentication (REQUIRED - set secure credentials)
   auth:
@@ -93,15 +98,15 @@ postgresql:
       memory: "1Gi"
       cpu: "500m"
 
-  # Persistent storage using Azure Premium SSD
+  # Persistent storage using Azure Managed Disk
   persistence:
     enabled: true
-    storageClass: "managed-csi-premium"
+    storageClass: "managed-csi"
     size: 10Gi
 
-  # SSL/TLS configuration (recommended for production)
+  # SSL/TLS configuration (requires cert-manager to be installed)
   tls:
-    enabled: true
+    enabled: false  # Set to true if cert-manager is installed
     certificatesSecret: postgres-tls-secret
 
   # PostgreSQL performance tuning for Azure infrastructure
@@ -112,13 +117,15 @@ postgresql:
     minWalSize: "80MB"
 
 # Ollama AI models with GPU acceleration (Azure NC-series VMs)
+# Set ollama.enabled: false if you don't need local AI models
 ollama:
-  enabled: true
+  enabled: false
   replicaCount: 1
-  
-  # GPU node targeting (recommended: NC6s_v3 or NC12s_v3 VMs)
-  nodeSelector:
-    accelerator: nvidia
+
+  # GPU node targeting - uncomment and customize for GPU node pools
+  # Recommended: NC6s_v3 or NC12s_v3 VMs
+  # nodeSelector:
+  #   agentpool: "gpu"
 
   tolerations:
     - key: "sku"
@@ -139,7 +146,7 @@ ollama:
       memory: "4Gi"
       cpu: "1000m"
 
-  # High-performance storage for AI models
+  # High-performance storage for AI models (use managed-csi-premium for GPU workloads)
   persistence:
     enabled: true
     storageClass: "managed-csi-premium"

helm/sim/examples/values-gcp.yaml

@@ -10,11 +10,11 @@ global:
 app:
   enabled: true
   replicaCount: 2
-  
-  # Node selector for application pods (customize based on your GKE node labels)
-  nodeSelector:
-    kubernetes.io/arch: amd64
-    cloud.google.com/gke-nodepool: "default-pool"
+
+  # Node selector for application pods
+  # Uncomment and customize based on your GKE node labels:
+  # nodeSelector:
+  #   cloud.google.com/gke-nodepool: "default-pool"
 
   resources:
     limits:
@@ -28,8 +28,8 @@ app:
   env:
     NEXT_PUBLIC_APP_URL: "https://simstudio.acme.com"
     BETTER_AUTH_URL: "https://simstudio.acme.com"
-    SOCKET_SERVER_URL: "https://simstudio-ws.acme.com"
-    NEXT_PUBLIC_SOCKET_URL: "https://simstudio-ws.acme.com"
+    # SOCKET_SERVER_URL is auto-detected (uses internal service http://sim-realtime:3002)
+    NEXT_PUBLIC_SOCKET_URL: "https://simstudio-ws.acme.com"  # Public WebSocket URL for browsers
 
     # Security settings (REQUIRED - replace with your own secure secrets)
     # Generate using: openssl rand -hex 32
@@ -53,11 +53,11 @@ app:
 realtime:
   enabled: true
   replicaCount: 2
-  
-  # Node selector for realtime pods (customize based on your GKE node labels)
-  nodeSelector:
-    kubernetes.io/arch: amd64
-    cloud.google.com/gke-nodepool: "default-pool"
+
+  # Node selector for realtime pods
+  # Uncomment and customize based on your GKE node labels:
+  # nodeSelector:
+  #   cloud.google.com/gke-nodepool: "default-pool"
 
   resources:
     limits:
@@ -90,11 +90,11 @@ migrations:
 # PostgreSQL database
 postgresql:
   enabled: true
-  
-  # Node selector for database pods (recommended: memory-optimized machine types)
-  nodeSelector:
-    cloud.google.com/gke-nodepool: "database-pool"
-    cloud.google.com/machine-family: "n2"
+
+  # Node selector for database pods
+  # Uncomment and customize (recommended: memory-optimized machine types):
+  # nodeSelector:
+  #   cloud.google.com/gke-nodepool: "database-pool"
 
   # Database authentication (REQUIRED - set secure credentials)
   auth:
@@ -119,9 +119,9 @@ postgresql:
     accessModes:
       - ReadWriteOnce
 
-  # SSL/TLS configuration
+  # SSL/TLS configuration (requires cert-manager to be installed)
   tls:
-    enabled: true
+    enabled: false  # Set to true if cert-manager is installed
     certificatesSecret: postgres-tls-secret
 
   # PostgreSQL performance tuning for GCP infrastructure
@@ -132,14 +132,16 @@ postgresql:
     minWalSize: "160MB"
 
 # Ollama AI models with GPU acceleration (GCP GPU instances)
+# Set ollama.enabled: false if you don't need local AI models
 ollama:
-  enabled: true
+  enabled: false
   replicaCount: 1
-  
-  # GPU node targeting (recommended: T4 or V100 GPU instances)
-  nodeSelector:
-    cloud.google.com/gke-nodepool: "gpu-pool"
-    cloud.google.com/gke-accelerator: "nvidia-tesla-t4"
+
+  # GPU node targeting - uncomment and customize for GPU node pools
+  # Recommended: T4 or V100 GPU instances
+  # nodeSelector:
+  #   cloud.google.com/gke-nodepool: "gpu-pool"
+  #   cloud.google.com/gke-accelerator: "nvidia-tesla-t4"
 
   tolerations:
     - key: "nvidia.com/gpu"

helm/sim/templates/_helpers.tpl

@@ -204,9 +204,15 @@ Validate required secrets and reject default placeholder values
 {{- if and .Values.postgresql.enabled (eq .Values.postgresql.auth.password "CHANGE-ME-SECURE-PASSWORD") }}
 {{- fail "postgresql.auth.password must not use the default placeholder value. Set a secure password for production" }}
 {{- end }}
+{{- if and .Values.postgresql.enabled (not (regexMatch "^[a-zA-Z0-9._-]+$" .Values.postgresql.auth.password)) }}
+{{- fail "postgresql.auth.password must only contain alphanumeric characters, hyphens, underscores, or periods to ensure DATABASE_URL compatibility. Generate with: openssl rand -base64 16 | tr -d '/+='" }}
+{{- end }}
 {{- if and .Values.externalDatabase.enabled (not .Values.externalDatabase.password) }}
 {{- fail "externalDatabase.password is required when using external database" }}
 {{- end }}
+{{- if and .Values.externalDatabase.enabled .Values.externalDatabase.password (not (regexMatch "^[a-zA-Z0-9._-]+$" .Values.externalDatabase.password)) }}
+{{- fail "externalDatabase.password must only contain alphanumeric characters, hyphens, underscores, or periods to ensure DATABASE_URL compatibility." }}
+{{- end }}
 {{- end }}
 
 {{/*

helm/sim/templates/deployment-app.yaml

@@ -68,7 +68,7 @@ spec:
             - name: DATABASE_URL
               value: {{ include "sim.databaseUrl" . | quote }}
             - name: SOCKET_SERVER_URL
-              value: {{ .Values.app.env.SOCKET_SERVER_URL | default "http://localhost:3002" | quote }}
+              value: {{ include "sim.socketServerUrl" . | quote }}
             - name: OLLAMA_URL
               value: {{ include "sim.ollamaUrl" . | quote }}
             {{- range $key, $value := omit .Values.app.env "DATABASE_URL" "SOCKET_SERVER_URL" "OLLAMA_URL" }}

helm/sim/values.schema.json

@@ -185,8 +185,7 @@
             },
             "OLLAMA_URL": {
               "type": "string",
-              "format": "uri",
-              "description": "Ollama local LLM server URL"
+              "description": "Ollama local LLM server URL (leave empty if not using Ollama)"
             },
             "ELEVENLABS_API_KEY": {
               "type": "string",
@@ -238,18 +237,15 @@
             },
             "NEXT_PUBLIC_BRAND_LOGO_URL": {
               "type": "string",
-              "format": "uri",
-              "description": "Custom logo URL (must be a full URL, e.g., https://example.com/logo.png)"
+              "description": "Custom logo URL (leave empty for default)"
             },
             "NEXT_PUBLIC_BRAND_FAVICON_URL": {
               "type": "string",
-              "format": "uri",
-              "description": "Custom favicon URL (must be a full URL, e.g., https://example.com/favicon.ico)"
+              "description": "Custom favicon URL (leave empty for default)"
             },
             "NEXT_PUBLIC_CUSTOM_CSS_URL": {
               "type": "string",
-              "format": "uri",
-              "description": "Custom stylesheet URL (must be a full URL)"
+              "description": "Custom stylesheet URL (leave empty for none)"
             },
             "NEXT_PUBLIC_SUPPORT_EMAIL": {
               "type": "string",