diff --git a/vector/deployment/container/Dockerfile b/vector/deployment/container/Dockerfile index 6ad6f35..fdd90b0 100644 --- a/vector/deployment/container/Dockerfile +++ b/vector/deployment/container/Dockerfile @@ -1,26 +1,32 @@ # deployment/container/Dockerfile -# Vector DB API Service Image - 완전히 최소화된 버전 +# Vector DB API Service Image - 디버깅 버전 (사용자 정보 및 Poetry 환경 수정) ARG BASE_IMAGE=vector-api-base:latest FROM ${BASE_IMAGE} # 메타데이터 LABEL maintainer="admin@example.com" -LABEL version="1.0.6" -LABEL description="Vector DB API Service - 완전히 최소화 (권한 변경 불필요)" +LABEL version="1.0.6-debug-fixed" +LABEL description="Vector DB API Service - Debug Version (사용자 정보 수정)" -# 작업 디렉토리 설정 (명확성과 안정성을 위해 명시적 선언) +# 🔧 사용자 정보 수정 (root 권한으로) +USER root + +# passwd 파일에 appuser 정보 추가 +RUN echo "appuser:x:1000:1000:App User:/home/appuser:/bin/bash" >> /etc/passwd && \ + echo "appuser:x:1000:" >> /etc/group + +# appuser로 전환 +USER appuser + +# 작업 디렉토리 설정 WORKDIR /home/appuser -# 🚀 애플리케이션 소스 코드 복사 (상대경로로 간단하게) +# 🚀 애플리케이션 소스 코드 복사 COPY app/ app/ # 포트 노출 EXPOSE 8000 -# 헬스체크 -HEALTHCHECK --interval=30s --timeout=15s --start-period=60s --retries=3 \ - CMD poetry run python -c "import app.main; print('✅ 헬스체크 성공')" || exit 1 - -# 애플리케이션 실행 -CMD ["poetry", "run", "python", "app/main.py"] - +# 🛠️ 디버깅용: 컨테이너를 계속 실행 상태로 유지 +CMD ["sleep", "infinity"] +#CMD ["poetry", "run", "python", "app/main.py"] diff --git a/vector/deployment/container/Dockerfile-base b/vector/deployment/container/Dockerfile-base index 35d1163..a4e9096 100644 --- a/vector/deployment/container/Dockerfile-base +++ b/vector/deployment/container/Dockerfile-base @@ -1,11 +1,11 @@ # deployment/container/Dockerfile-base -# Poetry 기반 Vector DB API Base Image - 홈 디렉토리 사용 (안전한 방식) +# 최적화된 Poetry 기반 Vector DB API Base Image - 필수 라이브러리만 설치 FROM python:3.11-slim # 메타데이터 -LABEL description="Vector DB API Base Image with Poetry - Home Directory" -LABEL version="poetry-home-v1.0" +LABEL description="Optimized Vector DB API Base Image with Poetry - dotenv 0.9.9 package" +LABEL version="optimized-dotenv-0.9.9-v1.0" LABEL maintainer="admin@example.com" # 환경 변수 설정 - Poetry 가상환경을 홈 디렉토리로 이동 @@ -19,11 +19,13 @@ ENV PYTHONDONTWRITEBYTECODE=1 \ POETRY_VIRTUALENVS_CREATE=true \ POETRY_VIRTUALENVS_PATH=/home/appuser/.cache/pypoetry/venvs \ POETRY_CACHE_DIR=/home/appuser/.cache/pypoetry/cache \ + POETRY_CONFIG_DIR=/home/appuser/.config/pypoetry \ + POETRY_DATA_DIR=/home/appuser/.local/share/pypoetry \ HF_HUB_CACHE=/home/appuser/.cache/huggingface \ TRANSFORMERS_CACHE=/home/appuser/.cache/transformers \ SENTENCE_TRANSFORMERS_HOME=/home/appuser/.cache/sentence_transformers -# 🔧 시스템 패키지 설치 +# 🔧 시스템 패키지 설치 (최소화) RUN apt-get update && apt-get install -y --no-install-recommends \ build-essential \ gcc \ @@ -33,39 +35,37 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ wget \ ca-certificates \ git \ - sudo \ - lsb-release \ - bc \ - python3.11 \ - python3.11-venv \ - python3.11-dev \ - python3.11-distutils \ && rm -rf /var/lib/apt/lists/* \ && apt-get clean # 📦 pip 업그레이드 RUN python3.11 -m pip install --no-cache-dir --upgrade pip setuptools wheel -# 👤 비root 사용자 생성 (Poetry 설치 전에) -RUN groupadd -r appuser && \ - useradd -r -g appuser -d /home/appuser -s /bin/bash appuser && \ +# 👤 비root 사용자 생성 (UID/GID를 명시적으로 1000으로 설정) +RUN groupadd -g 1000 appuser && \ + useradd -r -u 1000 -g 1000 -d /home/appuser -s /bin/bash appuser && \ mkdir -p /home/appuser && \ - chown -R appuser:appuser /home/appuser + chown -R 1000:1000 /home/appuser -# 🔧 Poetry 가상환경 디렉토리 생성 (홈 디렉토리 사용) +# 🔧 Poetry 디렉토리 생성 (config 디렉토리 추가) RUN mkdir -p /home/appuser/.cache/pypoetry/venvs \ - /home/appuser/.cache/pypoetry/cache && \ + /home/appuser/.cache/pypoetry/cache \ + /home/appuser/.config/pypoetry \ + /home/appuser/.local/share/pypoetry && \ chown -R appuser:appuser /home/appuser/.cache && \ - chmod -R 755 /home/appuser/.cache + chown -R appuser:appuser /home/appuser/.config && \ + chown -R appuser:appuser /home/appuser/.local && \ + chmod -R 755 /home/appuser/.cache && \ + chmod -R 755 /home/appuser/.config && \ + chmod -R 755 /home/appuser/.local # 🐍 Poetry를 appuser로 설치 USER appuser ENV PATH="/home/appuser/.local/bin:$PATH" -# appuser 홈 디렉토리에 Poetry 설치 RUN curl -sSL https://install.python-poetry.org | python3.11 - -# Poetry 실행 권한 및 심볼릭 링크 (root 권한 필요) +# Poetry 실행 권한 및 심볼릭 링크 USER root RUN chmod +x /home/appuser/.local/bin/poetry && \ ln -sf /home/appuser/.local/bin/poetry /usr/local/bin/poetry && \ @@ -74,66 +74,76 @@ RUN chmod +x /home/appuser/.local/bin/poetry && \ # appuser로 다시 전환 USER appuser -# 🔧 Poetry 설정 - 가상환경을 홈 디렉토리로 이동 +# 🔧 Poetry 설정 RUN poetry config virtualenvs.in-project false && \ poetry config virtualenvs.create true && \ poetry config virtualenvs.path /home/appuser/.cache/pypoetry/venvs && \ poetry config cache-dir /home/appuser/.cache/pypoetry/cache -# Poetry 버전 확인 및 설정 검증 -RUN poetry --version && \ - poetry config --list && \ - ls -la /home/appuser/.local/bin/poetry && \ - which poetry - -# 🏗️ 작업 디렉토리 설정 (홈 디렉토리 사용) +# 🏗️ 작업 디렉토리 설정 WORKDIR /home/appuser # 애플리케이션 디렉토리 생성 USER root RUN mkdir -p /home/appuser/app && \ - chown -R appuser:appuser /home/appuser - -# 📋 Poetry 설치 스크립트 복사 및 권한 설정 -COPY setup.sh /home/appuser/setup.sh -RUN chmod +x /home/appuser/setup.sh && \ - chown appuser:appuser /home/appuser/setup.sh - -# appuser로 전환하여 Poetry 환경 설정 + chown appuser:appuser /home/appuser/app USER appuser -# 🚀 Poetry 환경 설정 및 의존성 설치 -RUN cd /home/appuser && \ - export DEBIAN_FRONTEND=noninteractive && \ - ./setup.sh --skip-poetry-install --skip-python311-check --force-reinstall +# 🔧 간단한 pyproject.toml 생성 (dotenv 0.9.9 사용) +RUN cat > pyproject.toml << 'EOF' +[tool.poetry] +name = "vector-api" +version = "1.0.0" +description = "Vector DB API with AI/ML capabilities" +authors = ["Developer "] +packages = [{include = "app"}] -# 🗂️ 필요한 디렉토리 생성 및 권한 설정 -USER root -RUN mkdir -p /home/appuser/.cache/huggingface \ - /home/appuser/.cache/transformers \ - /home/appuser/.cache/sentence_transformers \ - /home/appuser/vectordb \ - /home/appuser/data \ - /home/appuser/logs && \ - chmod -R 755 /home/appuser/.cache /home/appuser/vectordb /home/appuser/data /home/appuser/logs && \ - chown -R appuser:appuser /home/appuser && \ - # Poetry 가상환경 디렉토리 권한 재확인 - chown -R appuser:appuser /home/appuser/.cache && \ - chmod -R 755 /home/appuser/.cache +[tool.poetry.dependencies] +python = "^3.11" +dotenv = "^0.9.9" -# 🧹 캐시 정리 -RUN rm -rf /tmp/* /var/tmp/* +[build-system] +requires = ["poetry-core"] +build-backend = "poetry.core.masonry.api" +EOF -# 🚀 포트 노출 +# 🔧 Poetry 의존성 설치 (최적화된 순서) +RUN echo "🚀 최적화된 의존성 설치 시작..." && \ + \ + echo "1️⃣ 기본 웹 프레임워크 설치..." && \ + poetry add fastapi==0.115.9 && \ + poetry add "uvicorn[standard]" pydantic python-dotenv && \ + \ + echo "2️⃣ HTTP 클라이언트 설치..." && \ + poetry add aiohttp requests && \ + \ + echo "3️⃣ PyTorch CPU 버전 설치..." && \ + poetry source add pytorch-cpu https://download.pytorch.org/whl/cpu --priority=supplemental && \ + poetry add torch==2.7.1+cpu --source pytorch-cpu && \ + \ + echo "4️⃣ AI/ML 라이브러리 설치..." && \ + poetry add tokenizers transformers huggingface-hub && \ + poetry add sentence-transformers && \ + \ + echo "5️⃣ 벡터 DB 라이브러리 설치..." && \ + poetry add chromadb duckdb hnswlib && \ + \ + echo "6️⃣ Claude AI 라이브러리 설치..." && \ + poetry add anthropic && \ + echo "2️⃣ dotenv 0.9.9 설치..." && \ + poetry add dotenv==0.9.9 && \ + \ + echo "✅ 최적화된 의존성 설치 완료!" + +# 🧹 캐시 정리 (컨테이너 크기 최소화) +RUN poetry cache clear pypi --all && \ + rm -rf /home/appuser/.cache/pip && \ + find /home/appuser/.cache -name "*.pyc" -delete && \ + find /home/appuser/.cache -name "__pycache__" -type d -exec rm -rf {} + 2>/dev/null || true + +# 🏁 최종 설정 EXPOSE 8000 +WORKDIR /home/appuser -# 🏥 간단한 헬스체크 (appuser 권한으로 실행) -HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \ - CMD su -c "poetry --version && poetry config virtualenvs.path" appuser || exit 1 - -# 👤 최종 사용자 설정 -USER appuser - -# 🎯 기본 명령어 +# 🔧 베이스 이미지 테스트용 CMD (실제 서비스에서는 오버라이드됨) CMD ["poetry", "--version"] - diff --git a/vector/deployment/container/Dockerfile-base.bk b/vector/deployment/container/Dockerfile-base.bk new file mode 100644 index 0000000..35d1163 --- /dev/null +++ b/vector/deployment/container/Dockerfile-base.bk @@ -0,0 +1,139 @@ +# deployment/container/Dockerfile-base +# Poetry 기반 Vector DB API Base Image - 홈 디렉토리 사용 (안전한 방식) + +FROM python:3.11-slim + +# 메타데이터 +LABEL description="Vector DB API Base Image with Poetry - Home Directory" +LABEL version="poetry-home-v1.0" +LABEL maintainer="admin@example.com" + +# 환경 변수 설정 - Poetry 가상환경을 홈 디렉토리로 이동 +ENV PYTHONDONTWRITEBYTECODE=1 \ + PYTHONUNBUFFERED=1 \ + DEBIAN_FRONTEND=noninteractive \ + PIP_NO_CACHE_DIR=1 \ + PIP_DISABLE_PIP_VERSION_CHECK=1 \ + POETRY_NO_INTERACTION=1 \ + POETRY_VENV_IN_PROJECT=false \ + POETRY_VIRTUALENVS_CREATE=true \ + POETRY_VIRTUALENVS_PATH=/home/appuser/.cache/pypoetry/venvs \ + POETRY_CACHE_DIR=/home/appuser/.cache/pypoetry/cache \ + HF_HUB_CACHE=/home/appuser/.cache/huggingface \ + TRANSFORMERS_CACHE=/home/appuser/.cache/transformers \ + SENTENCE_TRANSFORMERS_HOME=/home/appuser/.cache/sentence_transformers + +# 🔧 시스템 패키지 설치 +RUN apt-get update && apt-get install -y --no-install-recommends \ + build-essential \ + gcc \ + g++ \ + python3-dev \ + curl \ + wget \ + ca-certificates \ + git \ + sudo \ + lsb-release \ + bc \ + python3.11 \ + python3.11-venv \ + python3.11-dev \ + python3.11-distutils \ + && rm -rf /var/lib/apt/lists/* \ + && apt-get clean + +# 📦 pip 업그레이드 +RUN python3.11 -m pip install --no-cache-dir --upgrade pip setuptools wheel + +# 👤 비root 사용자 생성 (Poetry 설치 전에) +RUN groupadd -r appuser && \ + useradd -r -g appuser -d /home/appuser -s /bin/bash appuser && \ + mkdir -p /home/appuser && \ + chown -R appuser:appuser /home/appuser + +# 🔧 Poetry 가상환경 디렉토리 생성 (홈 디렉토리 사용) +RUN mkdir -p /home/appuser/.cache/pypoetry/venvs \ + /home/appuser/.cache/pypoetry/cache && \ + chown -R appuser:appuser /home/appuser/.cache && \ + chmod -R 755 /home/appuser/.cache + +# 🐍 Poetry를 appuser로 설치 +USER appuser +ENV PATH="/home/appuser/.local/bin:$PATH" + +# appuser 홈 디렉토리에 Poetry 설치 +RUN curl -sSL https://install.python-poetry.org | python3.11 - + +# Poetry 실행 권한 및 심볼릭 링크 (root 권한 필요) +USER root +RUN chmod +x /home/appuser/.local/bin/poetry && \ + ln -sf /home/appuser/.local/bin/poetry /usr/local/bin/poetry && \ + chown appuser:appuser /home/appuser/.local/bin/poetry + +# appuser로 다시 전환 +USER appuser + +# 🔧 Poetry 설정 - 가상환경을 홈 디렉토리로 이동 +RUN poetry config virtualenvs.in-project false && \ + poetry config virtualenvs.create true && \ + poetry config virtualenvs.path /home/appuser/.cache/pypoetry/venvs && \ + poetry config cache-dir /home/appuser/.cache/pypoetry/cache + +# Poetry 버전 확인 및 설정 검증 +RUN poetry --version && \ + poetry config --list && \ + ls -la /home/appuser/.local/bin/poetry && \ + which poetry + +# 🏗️ 작업 디렉토리 설정 (홈 디렉토리 사용) +WORKDIR /home/appuser + +# 애플리케이션 디렉토리 생성 +USER root +RUN mkdir -p /home/appuser/app && \ + chown -R appuser:appuser /home/appuser + +# 📋 Poetry 설치 스크립트 복사 및 권한 설정 +COPY setup.sh /home/appuser/setup.sh +RUN chmod +x /home/appuser/setup.sh && \ + chown appuser:appuser /home/appuser/setup.sh + +# appuser로 전환하여 Poetry 환경 설정 +USER appuser + +# 🚀 Poetry 환경 설정 및 의존성 설치 +RUN cd /home/appuser && \ + export DEBIAN_FRONTEND=noninteractive && \ + ./setup.sh --skip-poetry-install --skip-python311-check --force-reinstall + +# 🗂️ 필요한 디렉토리 생성 및 권한 설정 +USER root +RUN mkdir -p /home/appuser/.cache/huggingface \ + /home/appuser/.cache/transformers \ + /home/appuser/.cache/sentence_transformers \ + /home/appuser/vectordb \ + /home/appuser/data \ + /home/appuser/logs && \ + chmod -R 755 /home/appuser/.cache /home/appuser/vectordb /home/appuser/data /home/appuser/logs && \ + chown -R appuser:appuser /home/appuser && \ + # Poetry 가상환경 디렉토리 권한 재확인 + chown -R appuser:appuser /home/appuser/.cache && \ + chmod -R 755 /home/appuser/.cache + +# 🧹 캐시 정리 +RUN rm -rf /tmp/* /var/tmp/* + +# 🚀 포트 노출 +EXPOSE 8000 + +# 🏥 간단한 헬스체크 (appuser 권한으로 실행) +HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \ + CMD su -c "poetry --version && poetry config virtualenvs.path" appuser || exit 1 + +# 👤 최종 사용자 설정 +USER appuser + +# 🎯 기본 명령어 +CMD ["poetry", "--version"] + diff --git a/vector/deployment/manifest/configmap.yaml b/vector/deployment/manifest/configmap.yaml index e19ae82..a5b1524 100644 --- a/vector/deployment/manifest/configmap.yaml +++ b/vector/deployment/manifest/configmap.yaml @@ -62,6 +62,12 @@ data: # 🔧 Poetry 캐시 설정 POETRY_CACHE_DIR: "/home/appuser/.cache/pypoetry/cache" POETRY_VENV_PATH: "/home/appuser/.cache/pypoetry/venvs" + POETRY_CONFIG_DIR: "/home/appuser/.config/pypoetry" + POETRY_DATA_DIR: "/home/appuser/.local/share/pypoetry" + POETRY_NO_INTERACTION: "1" + POETRY_VENV_IN_PROJECT: "false" + POETRY_VIRTUALENVS_CREATE: "true" + # 🔧 FastAPI 설정 FASTAPI_ENV: "production" diff --git a/vector/deployment/manifest/deployment.yaml b/vector/deployment/manifest/deployment.yaml index bb2febc..ad2139c 100644 --- a/vector/deployment/manifest/deployment.yaml +++ b/vector/deployment/manifest/deployment.yaml @@ -1,4 +1,4 @@ -# deployment/manifests/deployment.yaml - 간소화된 버전 (initContainer 제거) +# deployment/manifests/deployment.yaml - initContainer로 권한 문제 해결 apiVersion: apps/v1 kind: Deployment metadata: @@ -8,7 +8,7 @@ metadata: version: v1.0.0 annotations: deployment.kubernetes.io/revision: "1" - description: "Vector DB API with Simplified Home Directory Structure" + description: "Vector DB API with initContainer Permission Fix" spec: replicas: 1 strategy: @@ -29,8 +29,53 @@ spec: prometheus.io/port: "8000" prometheus.io/path: "/metrics" spec: - # 🚫 initContainer 제거 - 홈 디렉토리 사용으로 불필요 - + # 🚀 initContainer로 Poetry 설정 파일 생성 (볼륨에) + initContainers: + - name: setup-poetry-config + image: busybox:1.35 + command: + - /bin/sh + - -c + - | + echo "🔧 Poetry 설정 생성 중... (볼륨 기반)" + + # 볼륨 마운트된 경로에 Poetry 설정 생성 + mkdir -p /cache/poetry-config + mkdir -p /cache/poetry-data + + # Poetry 설정 파일을 볼륨에 생성 + cat > /cache/poetry-config/config.toml << 'EOF' + [virtualenvs] + create = true + in-project = false + path = "/home/appuser/.cache/pypoetry/venvs" + + [cache-dir] + path = "/home/appuser/.cache/pypoetry/cache" + + [installer] + no-cache = false + EOF + + echo "✅ Poetry 설정 생성 완료!" + echo "📝 설정 파일 내용:" + cat /cache/poetry-config/config.toml + echo "📁 캐시 디렉토리:" + ls -la /cache/ + + securityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + capabilities: + drop: + - ALL + volumeMounts: + - name: cache-volume + mountPath: /cache + containers: - name: vector-api image: acrdigitalgarage03.azurecr.io/vector-api:latest @@ -97,15 +142,14 @@ spec: failureThreshold: 30 # 최대 5분 대기 successThreshold: 1 - # 📂 볼륨 마운트 (홈 디렉토리 기반) + # 📂 볼륨 마운트 (홈 디렉토리 기반 + Poetry 설정) volumeMounts: - name: vector-db-storage mountPath: /home/appuser/vectordb # ✅ PVC 마운트 - name: tmp-volume mountPath: /tmp - name: cache-volume - mountPath: /home/appuser/.cache - subPath: "vector-api" + mountPath: /home/appuser/.cache # 전체 캐시 디렉토리 # 🌍 환경변수 설정 - ConfigMap에서 모든 값 가져오기 envFrom: @@ -120,13 +164,27 @@ spec: name: vector-api-secret key: CLAUDE_API_KEY - # 🔧 런타임 환경변수 + # 🔧 런타임 환경변수 (Poetry 설정을 볼륨으로 이동) - name: PYTHONPATH value: "/home/appuser" - name: HOME value: "/home/appuser" - name: USER value: "appuser" + - name: POETRY_CONFIG_DIR + value: "/home/appuser/.cache/poetry-config" # 볼륨 마운트된 경로로 변경 + - name: POETRY_DATA_DIR + value: "/home/appuser/.cache/poetry-data" # 볼륨 마운트된 경로로 변경 + - name: POETRY_CACHE_DIR + value: "/home/appuser/.cache/pypoetry/cache" + - name: POETRY_VENV_PATH + value: "/home/appuser/.cache/pypoetry/venvs" + - name: POETRY_NO_INTERACTION + value: "1" + - name: POETRY_VIRTUALENVS_CREATE + value: "true" + - name: POETRY_VIRTUALENVS_IN_PROJECT + value: "false" # 🔧 성능 최적화 환경변수 - name: MALLOC_ARENA_MAX diff --git a/vector/poetry.lock b/vector/poetry.lock index 6b970c0..a840e46 100644 --- a/vector/poetry.lock +++ b/vector/poetry.lock @@ -543,6 +543,19 @@ files = [ {file = "distro-1.9.0.tar.gz", hash = "sha256:2fa77c6fd8940f116ee1d6b94a2f90b13b5ea8d019b98bc8bafdcabcdd9bdbed"}, ] +[[package]] +name = "dotenv" +version = "0.9.9" +description = "Deprecated package" +optional = false +python-versions = "*" +files = [ + {file = "dotenv-0.9.9-py2.py3-none-any.whl", hash = "sha256:29cf74a087b31dafdb5a446b6d7e11cbce8ed2741540e2339c69fbef92c94ce9"}, +] + +[package.dependencies] +python-dotenv = "*" + [[package]] name = "duckdb" version = "1.3.0" @@ -4271,4 +4284,4 @@ type = ["pytest-mypy"] [metadata] lock-version = "2.0" python-versions = "^3.11" -content-hash = "4cd10a7ded9e15de48c8786ab2753a366106f4930f07124996c0c4716e8eff04" +content-hash = "8112684b9c99ce8648e1b84f05748c7120b5162110c47fd674620fba8293fabe" diff --git a/vector/pyproject.toml b/vector/pyproject.toml index efee533..a571b30 100644 --- a/vector/pyproject.toml +++ b/vector/pyproject.toml @@ -30,6 +30,7 @@ torch = {version = "^2.7.1+cpu", source = "pytorch-cpu"} torchvision = {version = "^0.22.1+cpu", source = "pytorch-cpu"} torchaudio = {version = "^2.7.1+cpu", source = "pytorch-cpu"} starlette = ">=0.40.0,<0.46.0" +dotenv = "^0.9.9" [[tool.poetry.source]] name = "pytorch-cpu"