Copyright ©
2022- basebox GmbH, all rights reserved.
AISRV
Overview
AISRV is the main AI server that provides a GraphQL API for the basebox AI application. It handles user authentication via OpenID Connect (OIDC/Keycloak), connects to a PostgreSQL database, and integrates with LLM providers, RAG services, Whisper transcription, and other external services.
Important: The server is designed to run behind a reverse proxy (e.g., nginx) and does not provide TLS support on its own. Configure your reverse proxy or ingress controller to handle TLS/SSL termination.
Deployment
AISRV is deployed via Helm chart to Kubernetes clusters with an integrated PostgreSQL database managed by CloudNativePG.
Helm Chart Configuration
Basic Settings
Parameter
Default
Description
replicaCount1Number of AISRV pod replicas
image.repositorygitea.basebox.health/basebox-distribution/aisrvContainer image repository
image.pullPolicyIfNotPresentImage pull policy
image.taglatestImage tag to deploy
fullnameOverrideaisrvOverride the full name of the deployment
Service Configuration
Parameter
Default
Description
service.typeClusterIPKubernetes service type
service.port8888Service port
Resource Management
Parameter
Description
resources.requestsCPU/memory resource requests
resources.limitsCPU/memory resource limits
autoscaling.enabledEnable horizontal pod autoscaling
autoscaling.minReplicasMinimum number of replicas
autoscaling.maxReplicasMaximum number of replicas
autoscaling.targetCPUUtilizationPercentageTarget CPU for scaling
Health Checks
Parameter
Description
livenessProbeLiveness probe configuration
readinessProbeReadiness probe configuration
Database Configuration
Database Settings
Parameter
Default
Description
database.enabledtrueEnable database creation
database.imageNameghcr.io/cloudnative-pg/postgresql:16-standard-bookwormPostgreSQL image
database.hostaisrv-db-rwDatabase host (read-write service)
database.port5432Database port
database.useraisrvDatabase username
database.password<secure-password>Database password
database.nameaisrvDatabase name
database.sslModedisableDatabase SSL mode (disable, require, verify-full)
CloudNativePG Cluster Settings
Parameter
Default
Description
aisrv-db.cluster.instances1Number of PostgreSQL instances
aisrv-db.cluster.storage.size10GiStorage size for database
aisrv-db.cluster.storage.storageClassdefaultStorage class to use
aisrv-db.cluster.monitoring.enablePodMonitorfalseEnable Prometheus monitoring
Migration Settings
Variable
Default
Description
AISRV_DB_MIGRATEfalseAutomatic database migration on startup
AISRV_DB_MIGRATE_BACKUPfalseBackup database before migrations
AISRV_DB_MIGRATE_BACKUP_DIRmigrations-backupsBackup directory path
AISRV_DB_MIGRATE_RUN_ONLYfalseRun only migrations then exit
Environment Variables
Server Configuration
Variable
Default
Description
AISRV_HOST0.0.0.0Host or IP address to listen on
AISRV_PORT8888Port to listen on
AISRV_LOG_LEVELinfoLog level (trace, debug, info, warn, error)
AISRV_SET_CORS_HEADERStrueSet CORS headers (disable when using reverse proxy)
AISRV_DEBUG_MODEfalseDebug mode: send errors verbatim to client
AISRV_ON_PREMISEfalseOn-premise deployment mode
AISRV_METRICS_PORTNone
Metrics port (Prometheus)
Database Connection (from Secrets)
Variable
Source
Description
AISRV_DB_HOSTaisrv-database secretDatabase hostname
AISRV_DB_PORTaisrv-database secretDatabase port
AISRV_DB_USERaisrv-database secretDatabase username
AISRV_DB_PASSWORDaisrv-database secretDatabase password
AISRV_DB_NAMEaisrv-database secretDatabase name
AISRV_DB_SSL_MODEConfiguration
SSL mode for database connection
OIDC/Authentication Configuration
Variable
Description
AISRV_OIDC_IDP_URLBase URL of IdP (Keycloak) server (without realm)
AISRV_OIDC_ISSUER_URLOptional issuer URL for token validation
AISRV_OIDC_AUDOIDC audience field contents
AISRV_OIDC_JWKS_FILEPATHPath to OIDC JWKS file
AISRV_OIDC_SUPER_ADMIN_USERSuper admin username
AISRV_OIDC_SUPER_ADMIN_PASSWORDSuper admin password
AISRV_OIDC_SUPER_ADMIN_CLIENT_IDSuper admin client ID
AISRV_OIDC_SUPER_ADMIN_CLIENT_SECRETSuper admin client secret
AISRV_BASE_DOMAINBase domain for organizations (e.g., basebox.ai)
AISRV_USE_TLSAssume HTTPS URLs (true for production)
GraphQL Configuration
Variable
Default
Description
AISRV_QUERY_DEPTH_LIMIT6GraphQL query depth limit
AISRV_QUERY_COMPLEXITY_LIMIT20GraphQL query complexity limit
AISRV_GRAPHQL_ALLOW_INTROSPECTIONfalseAllow introspection queries
AISRV_GRAPHQL_APOLLO_TRACINGfalseEnable Apollo tracing
AISRV_GRAPHQL_GRAPHIQLfalseEnable GraphiQL interface
LLM Configuration
Variable
Description
AISRV_LLM_URLURL of the LLM server
AISRV_LLM_CHAT_ENDPOINTChat completions endpoint path
AISRV_LLM_API_KEYAPI key for LLM service
AISRV_LLM_MODELLLM model identifier
AISRV_LLM_PROVIDERLLM provider (determines auth scheme)
AISRV_LLM_CONTEXT_SIZEMaximum context size in tokens
AISRV_LLM_WORD_LIMITEstimated word limit per request
AISRV_LLM_MAX_TOKENSMaximum output tokens (default: 8000)
AISRV_LLM_TEMPERATURESampling temperature (0-1)
AISRV_LLM_TOP_PNucleus sampling parameter (0-1)
AISRV_LLM_REPETITION_PENALTYRepetition penalty (>1.0 discourages repetition)
RAG Configuration
Variable
Description
AISRV_ENABLE_RAG_APIEnable RAG endpoints
AISRV_RAG_URLBase URL of RAG server API
AISRV_RAG_DOWNLOAD_URLURL for RAG server to download files
AISRV_RAG_API_KEYAPI key for RAG service
AISRV_MAX_RAG_FILE_SIZEMaximum file size for uploads
AISRV_MAX_RAG_FILES_PER_APPMaximum files per application
Whisper Configuration
Variable
Default
Description
AISRV_WHISPER_URLhttp://localhost:6000/inferenceWhisper service endpoint
AISRV_WHISPER_API_KEYNone
API key for Whisper service
SMTP Configuration
Variable
Description
AISRV_SMTP_HOSTSMTP server hostname
AISRV_SMTP_PORTSMTP server port
AISRV_SMTP_USERNAMESMTP username
AISRV_SMTP_PASSWORDSMTP password
AISRV_SMTP_TLS_TYPESMTP connection type (tls, starttls)
AISRV_SENDER_EMAILFrom-email address
Variable
Description
AISRV_STORE_URLURL for store server
AISRV_MEDIA_ROOTRoot directory for uploaded files
AISRV_MEDIA_URLURL to media server root
AISRV_ENABLE_STATIC_FILESEnable static file server
API Configuration
Variable
Default
Description
AISRV_ENABLE_REST_APIfalseEnable REST API and token management
Configuration Examples
Production Configuration
# values-production.yaml
replicaCount : 3
image :
repository : gitea.basebox.health/basebox-distribution/aisrv
tag : "v1.2.3"
pullPolicy : IfNotPresent
service :
type : ClusterIP
port : 8888
ingress :
enabled : true
className : "nginx"
annotations :
cert-manager.io/cluster-issuer : "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect : "true"
hosts :
- host : company.com
paths :
- path : /graphql
pathType : Prefix
tls :
- secretName : aisrv-tls
hosts :
- company.com
resources :
requests :
cpu : 1000m
memory : 2Gi
limits :
cpu : 2000m
memory : 4Gi
autoscaling :
enabled : true
minReplicas : 3
maxReplicas : 10
targetCPUUtilizationPercentage : 70
livenessProbe :
httpGet :
path : /health
port : http
initialDelaySeconds : 30
periodSeconds : 10
readinessProbe :
httpGet :
path : /health
port : http
initialDelaySeconds : 15
periodSeconds : 5
database :
enabled : true
host : aisrv-db-rw
port : 5432
user : aisrv
password : "<generate-secure-password>"
name : aisrv
sslMode : "require"
aisrv-db :
cluster :
instances : 3
storage :
size : 50Gi
storageClass : fast-ssd
monitoring :
enablePodMonitor : true
env :
# Server
AISRV_HOST : "0.0.0.0"
AISRV_PORT : "8888"
AISRV_LOG_LEVEL : "info"
AISRV_SET_CORS_HEADERS : "false" # Using ingress
AISRV_DEBUG_MODE : "false"
AISRV_METRICS_PORT : "9090"
# Database (from secrets)
AISRV_DB_HOST :
valueFrom :
secretKeyRef :
name : aisrv-database
key : host
AISRV_DB_PORT :
valueFrom :
secretKeyRef :
name : aisrv-database
key : port
AISRV_DB_USER :
valueFrom :
secretKeyRef :
name : aisrv-database
key : username
AISRV_DB_PASSWORD :
valueFrom :
secretKeyRef :
name : aisrv-database
key : password
AISRV_DB_NAME :
valueFrom :
secretKeyRef :
name : aisrv-database
key : name
AISRV_DB_SSL_MODE : "require"
# Migrations
AISRV_DB_MIGRATE : "true"
AISRV_DB_MIGRATE_BACKUP : "true"
AISRV_DB_MIGRATE_BACKUP_DIR : "/backups"
# OIDC
AISRV_OIDC_IDP_URL : "http://idp:8080"
AISRV_OIDC_ISSUER_URL : "https://auth.company.com"
AISRV_OIDC_AUD : "aisrv"
AISRV_OIDC_SUPER_ADMIN_USER :
valueFrom :
secretKeyRef :
name : aisrv-admin
key : username
AISRV_OIDC_SUPER_ADMIN_PASSWORD :
valueFrom :
secretKeyRef :
name : aisrv-admin
key : password
AISRV_BASE_DOMAIN : "company.com"
AISRV_USE_TLS : "true"
# GraphQL
AISRV_QUERY_DEPTH_LIMIT : "8"
AISRV_QUERY_COMPLEXITY_LIMIT : "50"
AISRV_GRAPHQL_ALLOW_INTROSPECTION : "false"
AISRV_GRAPHQL_GRAPHIQL : "false"
# LLM
AISRV_LLM_URL : "http://inference:8080"
AISRV_LLM_CHAT_ENDPOINT : "/v1/chat/completions"
AISRV_LLM_API_KEY :
valueFrom :
secretKeyRef :
name : llm-credentials
key : api-key
AISRV_LLM_MODEL : "meta-llama/Llama-3.1-8B-Instruct"
AISRV_LLM_PROVIDER : "openai-compatible"
AISRV_LLM_CONTEXT_SIZE : "16000"
AISRV_LLM_MAX_TOKENS : "4096"
AISRV_LLM_TEMPERATURE : "0.7"
# RAG
AISRV_ENABLE_RAG_API : "true"
AISRV_RAG_URL : "http://ragsrv:3001"
AISRV_RAG_API_KEY :
valueFrom :
secretKeyRef :
name : rag-credentials
key : api-key
# Whisper
AISRV_WHISPER_URL : "http://whisper:6000/inference"
# SMTP
AISRV_SMTP_HOST : "smtp.company.com"
AISRV_SMTP_PORT : "587"
AISRV_SMTP_USERNAME :
valueFrom :
secretKeyRef :
name : smtp-credentials
key : username
AISRV_SMTP_PASSWORD :
valueFrom :
secretKeyRef :
name : smtp-credentials
key : password
AISRV_SMTP_TLS_TYPE : "starttls"
AISRV_SENDER_EMAIL : "noreply@company.com"
Installation
Prerequisites
Kubernetes cluster (1.23+)
Helm 3.x
CloudNativePG operator installed
Storage provisioner
OIDC/Keycloak instance configured
Install CloudNativePG Operator
repo add cnpg https://cloudnative-pg.github.io/charts
upgrade --install cnpg \
--namespace cnpg-system \
--create-namespace \
cnpg/cloudnative-pg
Install AISRV
# Install with custom values
install aisrv oci://hub.basebox.ai/helm/aisrv \
--values values-production.yaml \
--namespace basebox \
--create-namespace
# Verify installation
get pods -n basebox -l app.kubernetes.io/name= aisrv
get cluster -n basebox aisrv-db
Upgrade
upgrade aisrv oci://hub.basebox.ai/helm/aisrv \
--values values-production.yaml \
--namespace basebox
Uninstall
uninstall aisrv --namespace basebox
# Delete PVCs if needed
delete pvc -n basebox -l cnpg.io/cluster= aisrv-db
Migrations
How Migrations Work
Migration Tracking : _migrations_history table tracks applied migrationsNumbered Format : Vnnn__<migration_name> (double underscores)Sequential Execution : Migrations run in numerical orderChecksum Validation : Detects alterations to migration filesEmbedded : All migrations embedded in application binary
Running Migrations
Automatic on Startup:
env :
AISRV_DB_MIGRATE : "true"
AISRV_DB_MIGRATE_BACKUP : "true"
Migrations Only (No Server Start):
env :
AISRV_DB_MIGRATE : "true"
AISRV_DB_MIGRATE_RUN_ONLY : "true"
Verification
Check Deployment
# Check pods
get pods -n basebox -l app.kubernetes.io/name= aisrv
# Check database
get cluster -n basebox aisrv-db
# View logs
logs -n basebox -l app.kubernetes.io/name= aisrv --tail= 100
Test GraphQL API
# Port forward
port-forward -n basebox svc/aisrv 8888 :8888
# Test query
-X POST http://localhost:8888/graphql \
-H "Content-Type: application/json" \
-d '{"query": "{ __typename }"}'
Integration with Other Services
IDP (Keycloak)
env :
AISRV_OIDC_IDP_URL : "http://idp:8080"
Inference Server
env :
AISRV_LLM_URL : "http://inference:8080"
AISRV_LLM_CHAT_ENDPOINT : "/v1/chat/completions"
RAGSRV
env :
AISRV_ENABLE_RAG_API : "true"
AISRV_RAG_URL : "http://ragsrv:3001"
STORESRV
env :
AISRV_STORE_URL : "http://storesrv:8889"
Resource Allocation
resources :
requests :
cpu : 1000m
memory : 2Gi
limits :
cpu : 2000m
memory : 4Gi
Use read replicas (increase aisrv-db.cluster.instances)
Fast storage (SSD/NVMe)
Connection pooling (configured in application)
Monitoring
Metrics
Enable Prometheus metrics:
env :
AISRV_METRICS_PORT : "9090"
Health Checks
livenessProbe :
httpGet :
path : /health
port : http
initialDelaySeconds : 30
periodSeconds : 10
readinessProbe :
httpGet :
path : /health
port : http
initialDelaySeconds : 15
periodSeconds : 5
Database Monitoring
Enable CloudNativePG monitoring:
aisrv-db :
cluster :
monitoring :
enablePodMonitor : true