Skip to main content

Application Management

PhariaOS manages the lifecycle of usecases, which are full-stack, end-to-end AI applications.

Each application exposes the necessary REST endpoints so AI skills can be consumed and, optionally, a custom user interface (UI) to interact with the implemented workflows.

Default Environment Variables

Each usecase application is deployed with default environment variables that can be used to interact with other PhariaAI services.

INFERENCE_URL # Use this to reach the Inference API
DOCUMENT_INDEX_URL # Use this to reach the Document Index
PHARIA_STUDIO_URL # Use this to forward traces to PhariaStudio
AA_API_TOKEN # Use this for any service request that requires authorization

The API token that is injected into the environment is shared across all custom applications, and it does not need to be refreshed. The service user is defined with the following permissions

# Permissions assigned to the Application Service User
- ExecuteJobs
- AccessModel
- AccessNamespace (Studio, Assistant)
- KernelAccess

Applications requiring special permissions should instead inject a shorter-lived machine credential. To create one, see the Credential Management page.

Preparing your Usecase

PhariaOS relies on Kubernetes (K8s) to deploy usecases as K8s resources (a deployment with pod(s)).

In order to trigger a deployment with PhariaOS, you need to provide your containerized application in a registry that is accessible by the credentials provided to PhariaOS during installation.

Image Requirements

tip

At minimum, the application image must meet the following requirements:

  1. Run as non-root user (required by the pod security context)
  2. Expose port 8080 (which is used for the readiness and liveness probes)

Security Context

PhariaOS allows the customization of applications Pods and Containers security context. By default, the following configurations are used to deploy applications in Kubernetes. Customize these values for your environment by modifying your PhariaAI helm values.

phariaos-manager:
  usecase:
     # -- Annotations for the Deployment resource.
    annotations: {}
    # -- Security context for the usecase container.
    container:
      securityContext:
        readOnlyRootFilesystem: false
      # -- Custom volume mounts for usecase container
      volumeMounts: []
    # -- Security context for the usecase pod.
    pod:
      securityContext:
        # -- Run as user with provided uid
        runAsUser: 2024
        # -- Run as group with provided gid
        runAsGroup: 2024
      # -- Custom volumes for usecase pods
      volumes: []

Application Requirements

warning

The PhariaOS Applications Proxy server handles Cross-Origin Resource Sharing (CORS) requests. It is important that no application implements CORS policies when the Proxy is enabled, as this can result in duplicated CORS headers and CORS errors.