🏠 Ana Sayfa 📖 Sözlük 💬 Doküman asistanı
Ana sayfaPlatform & AltyapıGKE Dağıtım

☁️GKE Dağıtım ve Altyapı

10.1 GPU Node Pool ve LLM Inference Scaling

# GPU node pool için HPA (queue-based scaling)
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: llm-inference-hpa
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: llm-inference
  minReplicas: 1
  maxReplicas: 10
  metrics:
  - type: External
    external:
      metric:
        name: redis_queue_length
        selector:
          matchLabels:
            queue: llm-requests
      target:
        type: AverageValue
        averageValue: "5"  # Queue'da 5 iş başına 1 pod

10.2 Istio Service Mesh ve mTLS

# Istio PeerAuthentication — mTLS zorunlu
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
  name: komtas-mtls
  namespace: komtas-prod
spec:
  mtls:
    mode: STRICT  # Tüm servisler arası mTLS zorunlu
---
# AuthorizationPolicy — servis bazlı erişim kontrolü
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: qdrant-access
  namespace: komtas-prod
spec:
  selector:
    matchLabels:
      app: qdrant
  rules:
  - from:
    - source:
        principals:
        - "cluster.local/ns/komtas-prod/sa/rag-service"
        - "cluster.local/ns/komtas-prod/sa/agent-service"
    to:
    - operation:
        methods: ["GET", "POST"]
        paths: ["/collections/*", "/search"]

10.3 Google Secret Manager Entegrasyonu

from google.cloud import secretmanager

def get_secret(secret_id: str, project_id: str = "komtas-prod") -> str:
    """Google Secret Manager'dan sır al"""
    client = secretmanager.SecretManagerServiceClient()
    name = f"projects/{project_id}/secrets/{secret_id}/versions/latest"
    response = client.access_secret_version(request={"name": name})
    return response.payload.data.decode("UTF-8")

# Kubernetes ExternalSecret ile Secret Manager entegrasyonu
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: llm-api-keys
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: gcp-secret-store
    kind: ClusterSecretStore
  target:
    name: llm-api-keys
  data:
  - secretKey: ANTHROPIC_API_KEY
    remoteRef:
      key: komtas-anthropic-api-key
  - secretKey: OPENAI_API_KEY
    remoteRef:
      key: komtas-openai-api-key
  - secretKey: LAKERA_API_KEY
    remoteRef:
      key: komtas-lakera-api-key
🔗 İlgili bölümler
→ Komtaş Mimarisi→ Qdrant→ Gözlemlenebilirlik
← ÖncekiQdrant Vektör DB Sonraki →Gözlemlenebilirlik