AIBrix Console#
AIBrix Console is an optional web control plane for AIBrix. It provides a UI for model deployment workflows, OpenAI-compatible batch jobs, and playground traffic against an AIBrix gateway. The same workflows remain available through Kubernetes resources and APIs, so the Console can be introduced independently.
The Console is made of three parts:
a React frontend in
apps/console/weba Go backend in
cmd/consoleandapps/console/apiintegrations with the Metadata Service (MDS), the AIBrix gateway, and a persistent Console store
Run locally#
Build the backend from the repository root:
make build-console
Start the backend in development auth mode:
STORE_URI=sqlite:/tmp/aibrix-console.db \
METADATA_SERVICE_URL=http://localhost:8090 \
GATEWAY_ENDPOINT=http://localhost:8888 \
AUTH_MODE=dev \
DEV_MODE=true \
./bin/console --http-addr :8080 --grpc-addr :50060
Start the frontend development server:
cd apps/console/web
npm install
npm run dev
The frontend development server listens on http://localhost:3000. The
backend REST API listens on http://localhost:8080 by default.
Serve a production frontend build#
Build the frontend assets and serve them from the Go backend:
cd apps/console/web
VITE_ENABLE_DEPLOYMENTS=false VITE_ENABLE_PLAYGROUND=false npm run build
cd ../../..
# Add auth settings from the Authentication section before production use.
STATIC_FILES_DIR=apps/console/web/dist \
STORE_URI=mysql://aibrix:password@mysql:3306/aibrix \
AUTH_MODE=oidc \
OIDC_ISSUER_URL=https://issuer.example.com \
OIDC_CLIENT_ID=aibrix-console \
OIDC_REDIRECT_URL=https://console.example.com/api/v1/auth/callback \
SESSION_SECRET=your-session-secret \
SECRETS_ENCRYPTION_KEY=your-secrets-encryption-key \
./bin/console --http-addr :8080
Use a stable STORE_URI, SESSION_SECRET, and SECRETS_ENCRYPTION_KEY
for any environment where user sessions, credentials, or job history must
survive process restarts.
Storage#
The Console backend stores users, sessions, templates, job metadata, and
secrets in the configured store. Set the store with STORE_URI:
Store |
URI example |
Use case |
|---|---|---|
SQLite |
|
Single-instance deployments and local testing |
In-memory |
|
Short-lived development only |
MySQL |
|
Shared or production deployments |
SQLite paths under /tmp are convenient for local testing but are not
appropriate for durable environments.
Authentication#
Set AUTH_MODE to choose how users sign in.
Mode |
Required settings |
Notes |
|---|---|---|
|
none |
Uses |
|
|
Simple password login for restricted environments. |
|
|
Use an external identity provider. |
Example OIDC configuration:
export AUTH_MODE=oidc
export OIDC_ISSUER_URL=https://issuer.example.com
export OIDC_CLIENT_ID=aibrix-console
export OIDC_CLIENT_SECRET=replace-me
export OIDC_REDIRECT_URL=https://console.example.com/api/v1/auth/callback
export OIDC_ADMIN_GROUPS=aibrix-admins
export SESSION_SECRET="$(openssl rand -hex 32)"
export SECRETS_ENCRYPTION_KEY="$(openssl rand -hex 32)"
Register the redirect URL with the identity provider. For production, serve the
Console over HTTPS and keep SESSION_SECRET and SECRETS_ENCRYPTION_KEY
stable across restarts.
OIDC authorization can be restricted with these settings:
OIDC_GROUPS_CLAIM: JWT claim used to read groups. Defaults togroups.OIDC_ADMIN_GROUPS: comma-separated groups that receive admin access.OIDC_ADMIN_EMAILS: comma-separated email addresses that receive admin access.OIDC_SIGNING_ALG: token signing algorithm. Defaults toRS256.
Configuration reference#
Setting |
Default |
Purpose |
|---|---|---|
|
|
Backend HTTP and REST API address. Also available as
|
|
|
Backend gRPC address. Also available as |
|
|
Console database connection string. Also available as
|
|
|
MDS endpoint used for files and OpenAI-compatible batch APIs. |
|
|
AIBrix gateway endpoint used by the playground and inference flows.
Also available as |
|
empty |
Default model deployment template name for Console-created batch jobs. |
|
|
Batch resource provisioner. Supported values include |
|
|
Planning policy used by the batch resource manager. |
|
|
Number of planner workers for batch scheduling. |
|
empty |
Directory that contains the built Console frontend assets. |
|
empty |
Comma-separated CORS origins for browser clients. |
|
|
Enables development-oriented backend behavior and logging. Also
available as |
Batch workflow#
The Console batch workflow uses the same backend concepts as the Batch API and Batch Resource Manager:
Create or select a model deployment template.
Upload or select an input JSONL file through MDS.
Create a batch job from the Console.
The Console stores the job metadata and submits the batch request to MDS.
The planner and resource manager provision resources when configured.
Monitor job status and download output or error files after completion.
For the underlying API and resource planning behavior, see Batch API, Batch Model Deployment Templates, and Batch Resource Manager for Neoclouds.
Feature flags#
The web frontend uses build-time feature flags:
Flag |
Purpose |
|---|---|
|
Enables deployment management UI. |
|
Enables the playground UI. |
Both flags are enabled by default when running the frontend development server. Production builds should set them explicitly so the generated assets match the intended Console surface:
VITE_ENABLE_DEPLOYMENTS=false VITE_ENABLE_PLAYGROUND=false npm run build