operator changes to fix aap-50667

Author: justjais

roles/chatbot/templates/chatbot.configmap_lightspeed_stack_config.yaml.j2

@@ -13,11 +13,14 @@ data:
     name: Ansible Lightspeed Intelligent Assistant
     service:
       host: 0.0.0.0
-      port: 8080
+      port: 8321
       auth_enabled: false
       workers: 1
       color_log: true
       access_log: true
+      tls_config:
+        tls_certificate_path: /app-root/certs/tls.crt
+        tls_key_path: /app-root/certs/tls.key
     llama_stack:
       use_as_library_client: true
       library_client_config_path: /.llama/distributions/llama-stack/config/ansible-chatbot-run.yaml

roles/chatbot/templates/chatbot.deployment.yaml.j2

@@ -106,7 +106,7 @@ spec:
           - name: INFERENCE_MODEL
             value: {{ chatbot_model }}
         ports:
-          - containerPort: 8080
+          - containerPort: 8443
             protocol: TCP
         volumeMounts:
           - name: ansible-chatbot-storage
@@ -117,6 +117,12 @@ spec:
             mountPath: /.llama/distributions/llama-stack/config
           - name: ansible-chatbot-system-prompt
             mountPath: /.llama/distributions/ansible-chatbot/system-prompts
+          - name: lm-stack-tls-certs
+            mountPath: /app-root/certs/
+            readOnly: true
+          - name: service-ca-bundle
+            mountPath: /var/run/secrets/kubernetes.io/serviceaccount/
+            readOnly: true
 {% if is_openshift %}
           - name: server-tls-certs
             mountPath: /var/run/secrets/kubernetes.io/serviceaccount/
@@ -245,6 +251,22 @@ spec:
             items:
               - key: DEFAULT_SYSTEM_PROMPT
                 path: default.txt
+        - name: lm-stack-tls-certs
+          secret:
+            secretName: '{{ ansible_operator_meta.name }}-chatbot-api-tls'
+            defaultMode: 0644
+            items:
+              - key: tls.crt
+                path: tls.crt
+              - key: tls.key
+                path: tls.key
+        - name: service-ca-bundle
+          configMap:
+            name: openshift-service-ca.crt
+            defaultMode: 0644
+            items:
+              - key: service-ca.crt
+                path: service-ca.crt
 {% if is_openshift %}
         - name: server-tls-certs
           configMap:

roles/chatbot/templates/chatbot.service.yaml.j2

@@ -7,16 +7,17 @@ metadata:
   labels:
     {{ lookup("template", "../common/templates/labels/common.yaml.j2")  | indent(width=4) | trim }}
     app.kubernetes.io/component: '{{ deployment_type }}-chatbot-api'
-{% if service_annotations %}
   annotations:
+    service.beta.openshift.io/serving-cert-secret-name: '{{ ansible_operator_meta.name }}-chatbot-api-tls'
+{% if service_annotations %}
     {{ service_annotations | indent(width=4) }}
 {% endif %}
 spec:
   ports:
-  - port: 8080
+  - port: 8443
     protocol: TCP
-    targetPort: 8080
-    name: http
+    targetPort: 8321
+    name: https-api
   clusterIP: None
   selector:
     {{ lookup("template", "../common/templates/labels/common.yaml.j2")  | indent(width=4) | trim }}

roles/model/templates/secrets/model_pipeline_config.yaml.j2

@@ -16,13 +16,15 @@ stringData:
     ModelPipelineChatBot:
       config:
 {% if not is_openshift %}
-        inference_url: 'http://{{ ansible_operator_meta.name }}-chatbot-api.{{ ansible_operator_meta.namespace }}:8080'
+        inference_url: 'https://{{ ansible_operator_meta.name }}-chatbot-api.{{ ansible_operator_meta.namespace }}:8443'
 {% endif %}
 {% if is_openshift %}
-        inference_url: 'http://{{ ansible_operator_meta.name }}-chatbot-api.{{ ansible_operator_meta.namespace }}.svc.cluster.local:8080'
+        inference_url: 'https://{{ ansible_operator_meta.name }}-chatbot-api.{{ ansible_operator_meta.namespace }}.svc.cluster.local:8443'
 {% endif %}
         model_id: '{{ chatbot_model }}'
         enable_health_check: 'True'
+        verify_ssl: true
+        ca_cert_file: '/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt'
 {% if _aap_gateway_url is defined or _aap_controller_url is defined %}
         mcp_servers:
 {% if _aap_gateway_url is defined and _aap_controller_url is defined %}
@@ -38,13 +40,15 @@ stringData:
     ModelPipelineStreamingChatBot:
       config:
 {% if not is_openshift %}
-        inference_url: 'http://{{ ansible_operator_meta.name }}-chatbot-api.{{ ansible_operator_meta.namespace }}:8080'
+        inference_url: 'https://{{ ansible_operator_meta.name }}-chatbot-api.{{ ansible_operator_meta.namespace }}:8443'
 {% endif %}
 {% if is_openshift %}
-        inference_url: 'http://{{ ansible_operator_meta.name }}-chatbot-api.{{ ansible_operator_meta.namespace }}.svc.cluster.local:8080'
+        inference_url: 'https://{{ ansible_operator_meta.name }}-chatbot-api.{{ ansible_operator_meta.namespace }}.svc.cluster.local:8443'
 {% endif %}
         model_id: '{{ chatbot_model }}'
         enable_health_check: 'True'
+        verify_ssl: true
+        ca_cert_file: '/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt'
 {% if _aap_gateway_url is defined or _aap_controller_url is defined %}
         mcp_servers:
 {% if _aap_gateway_url is defined and _aap_controller_url is defined %}