# Production Deployment Configuration
# Docker Configuration
# Dockerfile
FROM python:3.11-slim
WORKDIR /app
# Install system dependencies
RUN apt-get update && apt-get install -y \
gcc \
g++ \
&& rm -rf /var/lib/apt/lists/*
# Copy requirements and install Python dependencies
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
# Copy application code
COPY . .
# Create non-root user for security
RUN useradd -m -u 1000 agent && chown -R agent:agent /app
USER agent
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD curl -f http://localhost:8000/health || exit 1
EXPOSE 8000
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]
---
# Kubernetes Deployment Configuration
apiVersion: apps/v1
kind: Deployment
metadata:
name: ai-agent-deployment
namespace: production
labels:
app: ai-agent
version: v1.0.0
spec:
replicas: 3
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
app: ai-agent
template:
metadata:
labels:
app: ai-agent
version: v1.0.0
spec:
serviceAccountName: ai-agent-service-account
securityContext:
runAsNonRoot: true
runAsUser: 1000
fsGroup: 1000
containers:
- name: ai-agent
image: your-registry/ai-agent:v1.0.0
ports:
- containerPort: 8000
name: http
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: ai-agent-secrets
key: database-url
- name: OPENAI_API_KEY
valueFrom:
secretKeyRef:
name: ai-agent-secrets
key: openai-api-key
- name: REDIS_URL
valueFrom:
configMapKeyRef:
name: ai-agent-config
key: redis-url
- name: LOG_LEVEL
value: "INFO"
- name: ENVIRONMENT
value: "production"
resources:
requests:
memory: "512Mi"
cpu: "250m"
limits:
memory: "1Gi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 8000
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /ready
port: 8000
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
volumeMounts:
- name: agent-config
mountPath: /app/config
readOnly: true
- name: logs
mountPath: /app/logs
volumes:
- name: agent-config
configMap:
name: ai-agent-config
- name: logs
emptyDir: {}
---
# Service Configuration
apiVersion: v1
kind: Service
metadata:
name: ai-agent-service
namespace: production
labels:
app: ai-agent
spec:
selector:
app: ai-agent
ports:
- name: http
port: 80
targetPort: 8000
protocol: TCP
type: ClusterIP
---
# Horizontal Pod Autoscaler
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: ai-agent-hpa
namespace: production
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: ai-agent-deployment
minReplicas: 3
maxReplicas: 20
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
behavior:
scaleUp:
stabilizationWindowSeconds: 60
policies:
- type: Percent
value: 100
periodSeconds: 15
scaleDown:
stabilizationWindowSeconds: 300
policies:
- type: Percent
value: 10
periodSeconds: 60
---
# Ingress Configuration
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ai-agent-ingress
namespace: production
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/rate-limit: "100"
nginx.ingress.kubernetes.io/rate-limit-window: "1m"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
tls:
- hosts:
- api.yourdomain.com
secretName: ai-agent-tls
rules:
- host: api.yourdomain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: ai-agent-service
port:
number: 80
---
# ConfigMap for Application Configuration
apiVersion: v1
kind: ConfigMap
metadata:
name: ai-agent-config
namespace: production
data:
redis-url: "redis://redis-service:6379"
max-conversation-length: "100"
default-timeout: "30"
rate-limit-per-minute: "60"
log-format: "json"
metrics-enabled: "true"
---
# Secret for Sensitive Configuration
apiVersion: v1
kind: Secret
metadata:
name: ai-agent-secrets
namespace: production
type: Opaque
data:
database-url:
openai-api-key:
jwt-secret:
---
# ServiceAccount and RBAC
apiVersion: v1
kind: ServiceAccount
metadata:
name: ai-agent-service-account
namespace: production
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ai-agent-role
namespace: production
rules:
- apiGroups: [""]
resources: ["configmaps", "secrets"]
verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ai-agent-role-binding
namespace: production
subjects:
- kind: ServiceAccount
name: ai-agent-service-account
namespace: production
roleRef:
kind: Role
name: ai-agent-role
apiGroup: rbac.authorization.k8s.io
---
# Network Policy for Security
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: ai-agent-network-policy
namespace: production
spec:
podSelector:
matchLabels:
app: ai-agent
policyTypes:
- Ingress
- Egress
ingress:
- from:
- namespaceSelector:
matchLabels:
name: ingress-nginx
ports:
- protocol: TCP
port: 8000
egress:
- to:
- namespaceSelector:
matchLabels:
name: database
ports:
- protocol: TCP
port: 5432
- to:
- namespaceSelector:
matchLabels:
name: redis
ports:
- protocol: TCP
port: 6379
- to: []
ports:
- protocol: TCP
port: 443 # HTTPS for external APIs
---
# Monitoring Configuration (Prometheus)
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: ai-agent-metrics
namespace: production
labels:
app: ai-agent
spec:
selector:
matchLabels:
app: ai-agent
endpoints:
- port: http
path: /metrics
interval: 30s
scrapeTimeout: 10s
---
# Application Configuration (Python)
# config/production.py
import os
from typing import Dict, Any
class ProductionConfig:
"""Production configuration for AI Agent"""
# Database Configuration
DATABASE_URL = os.getenv("DATABASE_URL")
REDIS_URL = os.getenv("REDIS_URL")
# API Configuration
OPENAI_API_KEY = os.getenv("OPENAI_API_KEY")
MAX_TOKENS = 4000
TEMPERATURE = 0.7
# Security Configuration
JWT_SECRET = os.getenv("JWT_SECRET")
JWT_EXPIRATION = 3600 # 1 hour
RATE_LIMIT_PER_MINUTE = 60
# Logging Configuration
LOG_LEVEL = "INFO"
LOG_FORMAT = "json"
# Performance Configuration
MAX_CONVERSATION_LENGTH = 100
DEFAULT_TIMEOUT = 30
CONNECTION_POOL_SIZE = 20
# Monitoring Configuration
METRICS_ENABLED = True
HEALTH_CHECK_INTERVAL = 30
# Feature Flags
ENABLE_CACHING = True
ENABLE_RATE_LIMITING = True
ENABLE_AUDIT_LOGGING = True
@classmethod
def get_config(cls) -> Dict[str, Any]:
"""Get configuration as dictionary"""
return {
key: getattr(cls, key)
for key in dir(cls)
if not key.startswith('_') and not callable(getattr(cls, key))
}
# Deployment Script
# deploy.py
import subprocess
import sys
import time
from typing import List
class ProductionDeployer:
"""Production deployment automation"""
def __init__(self, namespace: str = "production"):
self.namespace = namespace
def run_command(self, command: List[str]) -> bool:
"""Run shell command and return success status"""
try:
result = subprocess.run(
command,
check=True,
capture_output=True,
text=True
)
print(f"✓ {' '.join(command)}")
return True
except subprocess.CalledProcessError as e:
print(f"✗ {' '.join(command)}")
print(f"Error: {e.stderr}")
return False
def deploy(self) -> bool:
"""Deploy AI agent to production"""
print("🚀 Starting production deployment...")
# Build and push Docker image
if not self.build_and_push_image():
return False
# Apply Kubernetes configurations
if not self.apply_kubernetes_configs():
return False
# Wait for deployment to be ready
if not self.wait_for_deployment():
return False
# Run health checks
if not self.run_health_checks():
return False
print("✅ Production deployment completed successfully!")
return True
def build_and_push_image(self) -> bool:
"""Build and push Docker image"""
print("📦 Building Docker image...")
commands = [
["docker", "build", "-t", "ai-agent:latest", "."],
["docker", "tag", "ai-agent:latest", "your-registry/ai-agent:v1.0.0"],
["docker", "push", "your-registry/ai-agent:v1.0.0"]
]
for command in commands:
if not self.run_command(command):
return False
return True
def apply_kubernetes_configs(self) -> bool:
"""Apply Kubernetes configurations"""
print("⚙️ Applying Kubernetes configurations...")
config_files = [
"k8s/namespace.yaml",
"k8s/secrets.yaml",
"k8s/configmap.yaml",
"k8s/deployment.yaml",
"k8s/service.yaml",
"k8s/ingress.yaml",
"k8s/hpa.yaml",
"k8s/network-policy.yaml"
]
for config_file in config_files:
if not self.run_command(["kubectl", "apply", "-f", config_file]):
return False
return True
def wait_for_deployment(self) -> bool:
"""Wait for deployment to be ready"""
print("⏳ Waiting for deployment to be ready...")
command = [
"kubectl", "rollout", "status",
f"deployment/ai-agent-deployment",
"-n", self.namespace,
"--timeout=300s"
]
return self.run_command(command)
def run_health_checks(self) -> bool:
"""Run post-deployment health checks"""
print("🏥 Running health checks...")
# Get service endpoint
try:
result = subprocess.run([
"kubectl", "get", "service", "ai-agent-service",
"-n", self.namespace,
"-o", "jsonpath={.status.loadBalancer.ingress[0].ip}"
], capture_output=True, text=True, check=True)
service_ip = result.stdout.strip()
if not service_ip:
print("⚠️ Service IP not available yet")
return False
# Test health endpoint
health_command = [
"curl", "-f", f"http://{service_ip}/health"
]
return self.run_command(health_command)
except subprocess.CalledProcessError:
print("⚠️ Could not retrieve service information")
return False
if __name__ == "__main__":
deployer = ProductionDeployer()
success = deployer.deploy()
sys.exit(0 if success else 1)