gmakstutis/LightRAG
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
LightRAG/k8s-deploy/lightrag-minimal/values.yaml
Taddeus 748ded40fb
MLO-446: Adds API key authentication support to LightRAG client (#12) 
* Adds LightRAG API key support to deployment and secrets

Introduces a new environment variable for the LightRAG API key sourced from secrets to enable authenticated access.

Updates Helm values and templates to include LightRAG API key management alongside the existing OpenAI key, improving configuration consistency and security.

Relates to MLO-339

* Adds optional API key authentication support to LightRAG client

Enables passing custom headers, including an API key from environment variables, to all LightRAG HTTP requests for authentication.

Improves security by allowing authenticated access without breaking existing unauthenticated usage.

Relates to MLO-446

* Adds basic user authentication support to Helm deployment

Introduces configurable user accounts and token secret in values and templates to enable authentication.

Generates an encoded authentication string from account data stored in secrets and exposes relevant environment variables in the deployment only when authentication is enabled and configured.

This enhancement allows secure management of multiple user credentials and token secrets, improving the deployment's security and flexibility.

Relates to MLO-446

* Adds support for external secret references in PostgreSQL auth

Introduces parameters to allow PostgreSQL credentials to be sourced from existing Kubernetes secrets instead of inline passwords.

Improves security and flexibility by enabling integration with external secret management without changing deployment structure.

Relates to MLO-446

* Streamline deployment docs and remove preset environment configs

Consolidates deployment instructions by removing separate dev and prod values files and related workflows, encouraging users to customize a single values file instead.

Simplifies the README to focus on flexible chart deployment without environment-specific templates or variable substitution, improving maintainability and clarity.

* Adds Helm packaging and publishing Makefile for LightRAG

Introduces a Makefile to automate Helm chart packaging, versioning, and publishing to a container registry.

Uses git tags or user-defined versions for chart versioning with sanitization.

Ensures streamlined CI/CD by handling dependencies, packaging, registry login, and cleanup, simplifying release workflows.

Relates to MLO-446
2025-10-29 14:31:56 +02:00

179 lines
3.9 KiB
YAML
Raw Blame History

# LightRAG Minimal Configuration
# Matches docker-compose.minimal.yml setup
replicaCount: 1
image:
repository: ghcr.io/hkuds/lightrag
tag: 1.3.8
pullPolicy: IfNotPresent
nameOverride: ""
fullnameOverride: ""
service:
type: ClusterIP
port: 9621
targetPort: 9621
ingress:
enabled: false
className: ""
clusterName: ""
annotations: {}
hosts:
- host: lightrag-minimal.local
paths:
- path: /
pathType: Prefix
tls: []
# Resource limits and requests
resources:
limits:
cpu: 2000m
memory: 4Gi
requests:
cpu: 500m
memory: 1Gi
# Persistence for data volumes
persistence:
enabled: true
ragStorage:
accessMode: ReadWriteOnce
size: 20Gi
storageClass: ""
inputs:
accessMode: ReadWriteOnce
size: 10Gi
storageClass: ""
# PostgreSQL configuration (embedded chart with pgvector)
postgresql:
enabled: true
# Use pgvector image instead of standard PostgreSQL
image:
registry: docker.io
repository: pgvector/pgvector
tag: pg16
auth:
database: lightrag
username: lightrag_user
password: ""
existingSecret: ""
secretKeys:
userPasswordKey: postgres-password
primary:
persistence:
enabled: true
size: 20Gi
resources:
limits:
cpu: 1000m
memory: 2Gi
requests:
cpu: 250m
memory: 512Mi
initdb:
scripts:
00-pgvector.sql: |
CREATE EXTENSION IF NOT EXISTS vector;
# LightRAG Environment Configuration
# This matches the minimal docker-compose setup
env:
# Server configuration
HOST: "0.0.0.0"
PORT: "9621"
# Web UI configuration
WEBUI_TITLE: "LightRAG - Graph Knowledge Base"
WEBUI_DESCRIPTION: "Simple and Fast Graph Based RAG System for Apolo Documentation"
# LLM configuration (OpenRouter)
LLM_BINDING: "openai"
LLM_MODEL: "openai/gpt-4o"
LLM_BINDING_HOST: "https://openrouter.ai/api/v1"
# LLM_BINDING_API_KEY: Set via secret
# OPENAI_API_KEY: Set via secret
# Embedding configuration (Gemini)
EMBEDDING_BINDING: "openai"
EMBEDDING_MODEL: "gemini-embedding-001"
EMBEDDING_DIM: "3072"
EMBEDDING_BINDING_HOST: "https://generativelanguage.googleapis.com/v1beta/openai/"
# EMBEDDING_BINDING_API_KEY: Set via secret
# Storage configuration - Minimal setup
LIGHTRAG_KV_STORAGE: "PGKVStorage"
LIGHTRAG_VECTOR_STORAGE: "PGVectorStorage"
LIGHTRAG_DOC_STATUS_STORAGE: "PGDocStatusStorage"
LIGHTRAG_GRAPH_STORAGE: "NetworkXStorage" # Local storage, no external DB needed
# PostgreSQL connection (internal service)
POSTGRES_HOST: '{{ include "lightrag-minimal.fullname" . }}-postgresql'
POSTGRES_PORT: "5432"
POSTGRES_USER: "lightrag_user"
POSTGRES_DATABASE: "lightrag"
POSTGRES_WORKSPACE: "default"
# LightRAG Processing Configuration
ENABLE_LLM_CACHE: true
ENABLE_LLM_CACHE_FOR_EXTRACT: true
TIMEOUT: 240
TEMPERATURE: 0
MAX_ASYNC: 4
MAX_TOKENS: 32768
CHUNK_SIZE: 1200
CHUNK_OVERLAP_SIZE: 100
TOP_K: 60
# Secret configuration for API keys
secrets:
# Create a secret with your API keys
openaiApiKey: "" # Legacy field, kept for backward compatibility
llmApiKey: "" # API key for LLM service (e.g., OpenRouter)
embeddingApiKey: "" # API key for embedding service (e.g., Google Gemini)
lightragApiKey: ""
auth:
enabled: false
accounts: []
tokenSecret: ""
# Node selector and affinity
nodeSelector: {}
tolerations: []
affinity: {}
# Security context
securityContext: {}
podSecurityContext: {}
# Service account
serviceAccount:
create: true
annotations: {}
name: ""
# Pod annotations
podAnnotations: {}
# Auto scaling (disabled by default for minimal setup)
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 3
targetCPUUtilizationPercentage: 80
targetMemoryUtilizationPercentage: 80
# Health checks
healthCheck:
enabled: true
path: "/health"
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
failureThreshold: 5
Reference in a new issue View git blame Copy permalink