748ded40fb
* Adds LightRAG API key support to deployment and secrets Introduces a new environment variable for the LightRAG API key sourced from secrets to enable authenticated access. Updates Helm values and templates to include LightRAG API key management alongside the existing OpenAI key, improving configuration consistency and security. Relates to MLO-339 * Adds optional API key authentication support to LightRAG client Enables passing custom headers, including an API key from environment variables, to all LightRAG HTTP requests for authentication. Improves security by allowing authenticated access without breaking existing unauthenticated usage. Relates to MLO-446 * Adds basic user authentication support to Helm deployment Introduces configurable user accounts and token secret in values and templates to enable authentication. Generates an encoded authentication string from account data stored in secrets and exposes relevant environment variables in the deployment only when authentication is enabled and configured. This enhancement allows secure management of multiple user credentials and token secrets, improving the deployment's security and flexibility. Relates to MLO-446 * Adds support for external secret references in PostgreSQL auth Introduces parameters to allow PostgreSQL credentials to be sourced from existing Kubernetes secrets instead of inline passwords. Improves security and flexibility by enabling integration with external secret management without changing deployment structure. Relates to MLO-446 * Streamline deployment docs and remove preset environment configs Consolidates deployment instructions by removing separate dev and prod values files and related workflows, encouraging users to customize a single values file instead. Simplifies the README to focus on flexible chart deployment without environment-specific templates or variable substitution, improving maintainability and clarity. * Adds Helm packaging and publishing Makefile for LightRAG Introduces a Makefile to automate Helm chart packaging, versioning, and publishing to a container registry. Uses git tags or user-defined versions for chart versioning with sanitization. Ensures streamlined CI/CD by handling dependencies, packaging, registry login, and cleanup, simplifying release workflows. Relates to MLO-446
178 lines
6.6 KiB
YAML
178 lines
6.6 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ include "lightrag-minimal.fullname" . }}
|
|
labels:
|
|
{{- include "lightrag-minimal.labels" . | nindent 4 }}
|
|
spec:
|
|
{{- if not .Values.autoscaling.enabled }}
|
|
replicas: {{ .Values.replicaCount }}
|
|
{{- end }}
|
|
selector:
|
|
matchLabels:
|
|
{{- include "lightrag-minimal.selectorLabels" . | nindent 6 }}
|
|
template:
|
|
metadata:
|
|
{{- with .Values.podAnnotations }}
|
|
annotations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
labels:
|
|
{{- include "lightrag-minimal.selectorLabels" . | nindent 8 }}
|
|
spec:
|
|
{{- with .Values.imagePullSecrets }}
|
|
imagePullSecrets:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
serviceAccountName: {{ include "lightrag-minimal.serviceAccountName" . }}
|
|
securityContext:
|
|
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
|
containers:
|
|
- name: {{ .Chart.Name }}
|
|
securityContext:
|
|
{{- toYaml .Values.securityContext | nindent 12 }}
|
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
ports:
|
|
- name: http
|
|
containerPort: {{ .Values.service.targetPort }}
|
|
protocol: TCP
|
|
env:
|
|
# Basic server configuration
|
|
- name: HOST
|
|
value: {{ .Values.env.HOST | quote }}
|
|
- name: PORT
|
|
value: {{ .Values.env.PORT | quote }}
|
|
|
|
# Web UI configuration
|
|
- name: WEBUI_TITLE
|
|
value: {{ .Values.env.WEBUI_TITLE | quote }}
|
|
- name: WEBUI_DESCRIPTION
|
|
value: {{ .Values.env.WEBUI_DESCRIPTION | quote }}
|
|
|
|
# LLM configuration
|
|
- name: LLM_BINDING
|
|
value: {{ .Values.env.LLM_BINDING | quote }}
|
|
- name: LLM_MODEL
|
|
value: {{ .Values.env.LLM_MODEL | quote }}
|
|
- name: LLM_BINDING_HOST
|
|
value: {{ .Values.env.LLM_BINDING_HOST | quote }}
|
|
- name: LLM_BINDING_API_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "lightrag-minimal.secretName" . }}
|
|
key: llm-api-key
|
|
|
|
# Embedding configuration
|
|
- name: EMBEDDING_BINDING
|
|
value: {{ .Values.env.EMBEDDING_BINDING | quote }}
|
|
- name: EMBEDDING_MODEL
|
|
value: {{ .Values.env.EMBEDDING_MODEL | quote }}
|
|
- name: EMBEDDING_DIM
|
|
value: {{ .Values.env.EMBEDDING_DIM | quote }}
|
|
- name: EMBEDDING_BINDING_HOST
|
|
value: {{ .Values.env.EMBEDDING_BINDING_HOST | quote }}
|
|
- name: EMBEDDING_BINDING_API_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "lightrag-minimal.secretName" . }}
|
|
key: embedding-api-key
|
|
- name: LIGHTRAG_API_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "lightrag-minimal.secretName" . }}
|
|
key: lightrag-api-key
|
|
{{- if and .Values.auth.enabled (gt (len .Values.auth.accounts) 0) }}
|
|
- name: AUTH_ACCOUNTS
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "lightrag-minimal.secretName" . }}
|
|
key: auth-accounts
|
|
{{- end }}
|
|
{{- if and .Values.auth.enabled .Values.auth.tokenSecret }}
|
|
- name: TOKEN_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "lightrag-minimal.secretName" . }}
|
|
key: token-secret
|
|
{{- end }}
|
|
|
|
# Storage configuration
|
|
- name: LIGHTRAG_KV_STORAGE
|
|
value: {{ .Values.env.LIGHTRAG_KV_STORAGE | quote }}
|
|
- name: LIGHTRAG_VECTOR_STORAGE
|
|
value: {{ .Values.env.LIGHTRAG_VECTOR_STORAGE | quote }}
|
|
- name: LIGHTRAG_DOC_STATUS_STORAGE
|
|
value: {{ .Values.env.LIGHTRAG_DOC_STATUS_STORAGE | quote }}
|
|
- name: LIGHTRAG_GRAPH_STORAGE
|
|
value: {{ .Values.env.LIGHTRAG_GRAPH_STORAGE | quote }}
|
|
|
|
# PostgreSQL configuration
|
|
- name: POSTGRES_HOST
|
|
value: {{ include "lightrag-minimal.postgresqlHost" . | quote }}
|
|
- name: POSTGRES_PORT
|
|
value: {{ .Values.env.POSTGRES_PORT | quote }}
|
|
- name: POSTGRES_USER
|
|
value: {{ .Values.env.POSTGRES_USER | quote }}
|
|
- name: POSTGRES_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "lightrag-minimal.secretName" . }}
|
|
key: postgres-password
|
|
- name: POSTGRES_DATABASE
|
|
value: {{ .Values.env.POSTGRES_DATABASE | quote }}
|
|
- name: POSTGRES_WORKSPACE
|
|
value: {{ .Values.env.POSTGRES_WORKSPACE | quote }}
|
|
|
|
{{- if .Values.healthCheck.enabled }}
|
|
livenessProbe:
|
|
httpGet:
|
|
path: {{ .Values.healthCheck.path }}
|
|
port: http
|
|
initialDelaySeconds: {{ .Values.healthCheck.initialDelaySeconds }}
|
|
periodSeconds: {{ .Values.healthCheck.periodSeconds }}
|
|
timeoutSeconds: {{ .Values.healthCheck.timeoutSeconds }}
|
|
failureThreshold: {{ .Values.healthCheck.failureThreshold }}
|
|
readinessProbe:
|
|
httpGet:
|
|
path: {{ .Values.healthCheck.path }}
|
|
port: http
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 3
|
|
{{- end }}
|
|
|
|
resources:
|
|
{{- toYaml .Values.resources | nindent 12 }}
|
|
|
|
{{- if .Values.persistence.enabled }}
|
|
volumeMounts:
|
|
- name: rag-storage
|
|
mountPath: /app/rag_storage
|
|
- name: inputs
|
|
mountPath: /app/inputs
|
|
{{- end }}
|
|
|
|
{{- if .Values.persistence.enabled }}
|
|
volumes:
|
|
- name: rag-storage
|
|
persistentVolumeClaim:
|
|
claimName: {{ include "lightrag-minimal.fullname" . }}-rag-storage
|
|
- name: inputs
|
|
persistentVolumeClaim:
|
|
claimName: {{ include "lightrag-minimal.fullname" . }}-inputs
|
|
{{- end }}
|
|
|
|
{{- with .Values.nodeSelector }}
|
|
nodeSelector:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.affinity }}
|
|
affinity:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.tolerations }}
|
|
tolerations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|