From dc866a2fb5bf21340719cd8ab4c10d3a1be75e33 Mon Sep 17 00:00:00 2001 From: Leo Q Date: Thu, 21 Mar 2024 18:51:06 +0800 Subject: [PATCH] Add dify helm chart (#63) * add dify helm chart * add dify chart * Update dify helm chart configuration * newline * fix environment render error * add migration guide --- charts/dify/.helmignore | 23 ++ charts/dify/Chart.lock | 12 + charts/dify/Chart.yaml | 43 +++ charts/dify/README.md | 136 +++++++++ charts/dify/templates/NOTES.txt | 10 + charts/dify/templates/_helpers.tpl | 119 ++++++++ charts/dify/templates/deployment.yaml | 236 +++++++++++++++ charts/dify/templates/hpa.yaml | 90 ++++++ charts/dify/templates/ingress.yaml | 98 +++++++ charts/dify/templates/service.yaml | 39 +++ charts/dify/templates/serviceaccount.yaml | 12 + .../dify/templates/tests/test-connection.yaml | 15 + charts/dify/values.yaml | 271 ++++++++++++++++++ 13 files changed, 1104 insertions(+) create mode 100644 charts/dify/.helmignore create mode 100644 charts/dify/Chart.lock create mode 100644 charts/dify/Chart.yaml create mode 100644 charts/dify/README.md create mode 100644 charts/dify/templates/NOTES.txt create mode 100644 charts/dify/templates/_helpers.tpl create mode 100644 charts/dify/templates/deployment.yaml create mode 100644 charts/dify/templates/hpa.yaml create mode 100644 charts/dify/templates/ingress.yaml create mode 100644 charts/dify/templates/service.yaml create mode 100644 charts/dify/templates/serviceaccount.yaml create mode 100644 charts/dify/templates/tests/test-connection.yaml create mode 100644 charts/dify/values.yaml diff --git a/charts/dify/.helmignore b/charts/dify/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/dify/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/dify/Chart.lock b/charts/dify/Chart.lock new file mode 100644 index 0000000..28f0db2 --- /dev/null +++ b/charts/dify/Chart.lock @@ -0,0 +1,12 @@ +dependencies: +- name: redis + repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami + version: 17.15.6 +- name: postgresql + repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami + version: 12.8.5 +- name: minio + repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami + version: 12.7.0 +digest: sha256:a8975369493aea53c4c8fa652866a388d7c345cc2ebbe4dacb9d460f40c07e59 +generated: "2024-03-20T16:24:04.160197+08:00" diff --git a/charts/dify/Chart.yaml b/charts/dify/Chart.yaml new file mode 100644 index 0000000..1586080 --- /dev/null +++ b/charts/dify/Chart.yaml @@ -0,0 +1,43 @@ +apiVersion: v2 +name: dify +description: A Helm chart for Kubernetes + +home: https://github.com/langgenius/dify + +maintainers: + - name: douban + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.5.10" + +dependencies: + - name: redis + version: ~17.15.6 + repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami + condition: redis.embedded + - name: postgresql + version: ~12.8.5 + repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami + condition: postgresql.embedded + - name: minio + version: ~12.7.0 + repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami + condition: minio.embedded diff --git a/charts/dify/README.md b/charts/dify/README.md new file mode 100644 index 0000000..e3b595a --- /dev/null +++ b/charts/dify/README.md @@ -0,0 +1,136 @@ +# dify + +This helm chart is based on docker-compose provided by dify + +this helm is distributed with `Apache License 2.0` + +## install + +create your own values file , save as `values.yaml` + +```yaml +global: + host: "mydify.example.com" + enableTLS: false + +extraEnvs: +- name: SECRET_KEY + value: "generate your own one" +- name: LOG_LEVEL + value: "DEBUG" +- name: VECTOR_STORE + value: "milvus" + +ingress: + enabled: true + className: "nginx" + +minio: + embedded: true +``` + +``` +# install it +helm repo add douban https://douban.github.io/charts/ +helm upgrade dify douban/dify -f values.yaml --install --debug +``` + +``` +# run migration +kubectl exec -it dify-pod-name -- flask db upgrade +``` + +always run this command after dify upgrade + +## production use checklist +The minimal configure provided above is sufficient for experiment, however, you need extra work before put it into production, I advice you do all the checklist before provide services. + +### external postgresql + +1. set the `postgresql.embedded` to `false` +2. inject connection info with `global.extraBackendEnvs` + +``` +global: + extraBackendEnvs: + - name: DB_USERNAME + value: "foo" + # it is adviced to use secret to manage you sensitive info including password + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: dify + key: DB_PASSWORD + - name: DB_HOST + value: "my_pg.xxx" + - name: DB_PORT + value: "1234" + - name: DB_DATABASE + value: dify +``` + +### external redis +1. set the `redis.embedded` to `false` +2. inject connection info with `global.extraBackendEnvs` +``` +global: + extraBackendEnvs: + - name: REDIS_HOST + value: "foo" + - name: REDIS_PORT + value: "6379" + - name: REDIS_DB + value: "1" + # it is adviced to use secret to manage you sensitive info including password + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: dify + key: REDIS_PASSWORD + - name: CELERY_BROKER_URL + valueFrom: + secretKeyRef: + name: dify + key: CELERY_BROKER_URL +``` + +### external s3 bucket +1. set the `minio.embedded` to `false` +2. inject connection info with `global.extraBackendEnvs` + +``` +global: + extraBackendEnvs: + - name: S3_ENDPOINT + value: "https://my-endpoint.s3.com" + - name: S3_BUCKET_NAME + value: "dify" + # it is adviced to use secret to manage you sensitive info including password + - name: S3_ACCESS_KEY + valueFrom: + secretKeyRef: + name: dify + key: S3_ACCESS_KEY + - name: S3_SECRET_KEY + valueFrom: + secretKeyRef: + name: dify + key: S3_SECRET_KEY +``` + +### setup vector db + +due to the complexity of vector db, this component is not included, you have to use external vector db, likewise , you can inject environment variable to use it + +``` +global: + extraBackendEnvs: + - name: VECTOR_STORE + value: "milvus" + - name: MILVUS_HOST + value: "my-milvus" +``` + +this is not a complete configuration for vector db, please consult to [dify 文档](https://docs.dify.ai/v/zh-hans/getting-started/install-self-hosted/environments) [document](https://docs.dify.ai/getting-started/install-self-hosted/environments) for more info. + +Please consult to dify document if you have difficult to get dify running. diff --git a/charts/dify/templates/NOTES.txt b/charts/dify/templates/NOTES.txt new file mode 100644 index 0000000..7fd0420 --- /dev/null +++ b/charts/dify/templates/NOTES.txt @@ -0,0 +1,10 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else }} + ingress not enabled, service would be available only inside cluster +{{- end }} diff --git a/charts/dify/templates/_helpers.tpl b/charts/dify/templates/_helpers.tpl new file mode 100644 index 0000000..3dafa73 --- /dev/null +++ b/charts/dify/templates/_helpers.tpl @@ -0,0 +1,119 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "dify.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "dify.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "dify.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "dify.labels" -}} +helm.sh/chart: {{ include "dify.chart" . }} +{{ include "dify.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "dify.selectorLabels" -}} +app.kubernetes.io/name: {{ include "dify.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "dify.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "dify.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "dify.baseUrl" -}} +{{ if .Values.global.enableTLS }}https://{{ else }}http://{{ end }}{{.Values.global.host}} +{{- end }} + +{{/* +dify environments +commonEnvs are for all containers +commonBackendEnvs are for api and worker containers +*/}} +{{- define "dify.commonEnvs" -}} +- name: EDITION + value: {{ .Values.global.edition }} +{{- range tuple "CONSOLE_API_URL" "CONSOLE_WEB_URL" "SERVICE_API_URL" "APP_API_URL" "APP_WEB_URL" }} +- name: {{ . }} + value: {{ include "dify.baseUrl" $ }} +{{- end }} +{{- end }} + + +{{- define "dify.commonBackendEnvs" -}} +{{- if .Values.redis.embedded }} +- name: CELERY_BROKER_URL + value: redis://:{{ .Values.redis.auth.password }}@{{ include "dify.fullname" . }}-redis-master:6379/1 +- name: REDIS_HOST + value: {{ include "dify.fullname" . }}-redis-master +- name: REDIS_DB + value: "1" +- name: REDIS_PASSWORD + value: {{ .Values.redis.auth.password }} +{{- end }} +{{- if .Values.postgresql.embedded }} +- name: DB_USERNAME + value: postgres +- name: DB_PASSWORD + value: "{{ .Values.postgresql.auth.postgresPassword }}" +- name: DB_HOST + value: {{ include "dify.fullname" . }}-postgresql +- name: DB_PORT + value: "5432" +- name: DB_DATABASE + value: {{ .Values.postgresql.auth.database }} +{{- end }} +- name: STORAGE_TYPE + value: "s3" + +{{- if .Values.minio.embedded }} +- name: S3_ENDPOINT + value: http://{{ include "dify.fullname" . }}-minio:{{ .Values.minio.service.ports.api }} +- name: S3_BUCKET_NAME + value: {{ .Values.minio.defaultBuckets }} +- name: S3_ACCESS_KEY + value: {{ .Values.minio.auth.rootUser }} +- name: S3_SECRET_KEY + value: {{ .Values.minio.auth.rootPassword }} +{{- end }} +{{- end }} diff --git a/charts/dify/templates/deployment.yaml b/charts/dify/templates/deployment.yaml new file mode 100644 index 0000000..33fee24 --- /dev/null +++ b/charts/dify/templates/deployment.yaml @@ -0,0 +1,236 @@ +# api +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "dify.fullname" . }}-api + labels: + {{- include "dify.labels" . | nindent 4 }} + app.kubernetes.io/component: api +spec: + {{- if not .Values.api.autoscaling.enabled }} + replicas: {{ .Values.api.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "dify.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: api + template: + metadata: + {{- with .Values.api.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "dify.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: api + spec: + {{- with .Values.api.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "dify.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.api.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }}-api + securityContext: + {{- toYaml .Values.api.securityContext | nindent 12 }} + image: "{{ .Values.api.image.repository }}:{{ .Values.api.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.api.image.pullPolicy }} + env: + - name: MODE + value: "api" + {{- include "dify.commonEnvs" . | nindent 12 }} + {{- include "dify.commonBackendEnvs" . | nindent 12 }} + {{- with .Values.global.extraEnvs }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.extraBackendEnvs }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.api.containerPort }} + protocol: TCP + # livenessProbe: + # httpGet: + # path: / + # port: http + # readinessProbe: + # httpGet: + # path: / + # port: http + resources: + {{- toYaml .Values.api.resources | nindent 12 }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.api.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.api.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.api.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + +# worker +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "dify.fullname" . }}-worker + labels: + {{- include "dify.labels" . | nindent 4 }} + app.kubernetes.io/component: worker +spec: + {{- if not .Values.worker.autoscaling.enabled }} + replicas: {{ .Values.worker.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "dify.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: worker + template: + metadata: + {{- with .Values.worker.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "dify.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: worker + spec: + {{- with .Values.worker.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "dify.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.worker.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.worker.securityContext | nindent 12 }} + image: "{{ .Values.worker.image.repository }}:{{ .Values.worker.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.worker.image.pullPolicy }} + args: + - worker + env: + - name: MODE + value: "worker" + {{- include "dify.commonEnvs" . | nindent 12 }} + {{- include "dify.commonBackendEnvs" . | nindent 12 }} + {{- with .Values.global.extraEnvs }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.extraBackendEnvs }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 10 }} + {{- end }} + resources: + {{- toYaml .Values.worker.resources | nindent 12 }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + +# frontend +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "dify.fullname" . }}-frontend + labels: + {{- include "dify.labels" . | nindent 4 }} + app.kubernetes.io/component: frontend +spec: + {{- if not .Values.frontend.autoscaling.enabled }} + replicas: {{ .Values.frontend.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "dify.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: frontend + template: + metadata: + {{- with .Values.frontend.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "dify.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: frontend + spec: + {{- with .Values.frontend.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "dify.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.frontend.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.frontend.securityContext | nindent 12 }} + image: "{{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.frontend.image.pullPolicy }} + env: + {{- include "dify.commonEnvs" . | nindent 12 }} + {{- with .Values.global.extraEnvs }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.frontend.envs }} + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.frontend.containerPort }} + protocol: TCP + # livenessProbe: + # httpGet: + # path: / + # port: http + # readinessProbe: + # httpGet: + # path: / + # port: http + resources: + {{- toYaml .Values.frontend.resources | nindent 12 }} + {{- with .Values.frontend.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.frontend.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.frontend.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/dify/templates/hpa.yaml b/charts/dify/templates/hpa.yaml new file mode 100644 index 0000000..6a48fd5 --- /dev/null +++ b/charts/dify/templates/hpa.yaml @@ -0,0 +1,90 @@ +{{- if .Values.api.autoscaling.enabled }} +--- +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "dify.fullname" . }}-api + labels: + {{- include "dify.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "dify.fullname" . }}-api + minReplicas: {{ .Values.api.autoscaling.minReplicas }} + maxReplicas: {{ .Values.api.autoscaling.maxReplicas }} + metrics: + {{- if .Values.api.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.api.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.api.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.api.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} + + +{{- if .Values.frontend.autoscaling.enabled }} +--- +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "dify.fullname" . }}-frontend + labels: + {{- include "dify.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "dify.fullname" . }}-frontend + minReplicas: {{ .Values.frontend.autoscaling.minReplicas }} + maxReplicas: {{ .Values.frontend.autoscaling.maxReplicas }} + metrics: + {{- if .Values.frontend.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.frontend.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.frontend.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.frontend.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} + +{{- if .Values.worker.autoscaling.enabled }} +--- +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "dify.fullname" . }}-worker + labels: + {{- include "dify.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "dify.fullname" . }}-worker + minReplicas: {{ .Values.worker.autoscaling.minReplicas }} + maxReplicas: {{ .Values.worker.autoscaling.maxReplicas }} + metrics: + {{- if .Values.worker.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.worker.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.worker.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.worker.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/charts/dify/templates/ingress.yaml b/charts/dify/templates/ingress.yaml new file mode 100644 index 0000000..972f57d --- /dev/null +++ b/charts/dify/templates/ingress.yaml @@ -0,0 +1,98 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "dify.fullname" . -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "dify.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.global.enableTLS }} + tls: + - hosts: + - {{ .Values.global.host }} + secretName: {{ .Values.ingress.tlsSecretName }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + http: + paths: + - path: /console/api + pathType: Prefix + backend: + {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }}-api-svc + port: + number: {{ .Values.api.service.port }} + {{- else }} + serviceName: {{ $fullName }}-api-svc + servicePort: {{ .Values.api.service.port }} + {{- end }} + - path: /api + pathType: Prefix + backend: + {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }}-api-svc + port: + number: {{ .Values.api.service.port }} + {{- else }} + serviceName: {{ $fullName }}-api-svc + servicePort: {{ .Values.api.service.port }} + {{- end }} + - path: /v1 + pathType: Prefix + backend: + {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }}-api-svc + port: + number: {{ .Values.api.service.port }} + {{- else }} + serviceName: {{ $fullName }}-api-svc + servicePort: {{ .Values.api.service.port }} + {{- end }} + - path: /files + pathType: Prefix + backend: + {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }}-api-svc + port: + number: {{ .Values.api.service.port }} + {{- else }} + serviceName: {{ $fullName }}-api-svc + servicePort: {{ .Values.api.service.port }} + {{- end }} + - path: / + pathType: Prefix + backend: + {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }}-frontend + port: + number: {{ .Values.frontend.service.port }} + {{- else }} + serviceName: {{ $fullName }}-frontend + servicePort: {{ .Values.frontend.service.port }} + {{- end }} +{{- end }} diff --git a/charts/dify/templates/service.yaml b/charts/dify/templates/service.yaml new file mode 100644 index 0000000..105613b --- /dev/null +++ b/charts/dify/templates/service.yaml @@ -0,0 +1,39 @@ +--- +apiVersion: v1 +kind: Service +metadata: + # dify-api would confict with dify-api program + # use another name + name: {{ include "dify.fullname" . }}-api-svc + labels: + {{- include "dify.labels" . | nindent 4 }} + app.kubernetes.io/component: api +spec: + type: {{ .Values.api.service.type }} + ports: + - port: {{ .Values.api.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "dify.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: api + +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "dify.fullname" . }}-frontend + labels: + {{- include "dify.labels" . | nindent 4 }} + app.kubernetes.io/component: frontend +spec: + type: {{ .Values.frontend.service.type }} + ports: + - port: {{ .Values.frontend.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "dify.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: frontend diff --git a/charts/dify/templates/serviceaccount.yaml b/charts/dify/templates/serviceaccount.yaml new file mode 100644 index 0000000..f6b791f --- /dev/null +++ b/charts/dify/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "dify.serviceAccountName" . }} + labels: + {{- include "dify.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/dify/templates/tests/test-connection.yaml b/charts/dify/templates/tests/test-connection.yaml new file mode 100644 index 0000000..d431521 --- /dev/null +++ b/charts/dify/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "dify.fullname" . }}-test-connection" + labels: + {{- include "dify.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "dify.fullname" . }}-api:{{ .Values.api.service.port }}'] + restartPolicy: Never diff --git a/charts/dify/values.yaml b/charts/dify/values.yaml new file mode 100644 index 0000000..638c564 --- /dev/null +++ b/charts/dify/values.yaml @@ -0,0 +1,271 @@ +# Default values for dify. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + + +# volume and volumeMounts would be injected to api and worker +volumes: [] + +volumeMounts: [] + +nameOverride: "" +fullnameOverride: "" + +global: + host: "chart-example.local" + enableTLS: false + edition: "SELF_HOSTED" + # the following extra configs would be injected into: + # * frontend + # * api + # * worker + extraEnvs: [] + + # the following extra configs would be injected into: + # * api + # * worker + extraBackendEnvs: [] + # - name: SECRET_KEY + # value: xxx + +ingress: + enabled: false + className: "" + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + tlsSecretName: "dify-tls" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +frontend: + replicaCount: 1 + + image: + repository: langgenius/dify-web + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + + envs: [] + imagePullSecrets: [] + + podAnnotations: {} + + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + service: + type: ClusterIP + port: 80 + + containerPort: 3000 + + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + +api: + replicaCount: 1 + + image: + repository: langgenius/dify-api + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + + imagePullSecrets: [] + + podAnnotations: {} + + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + service: + type: ClusterIP + port: 80 + + containerPort: 5001 + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + +worker: + replicaCount: 1 + + image: + repository: langgenius/dify-api + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + + imagePullSecrets: [] + + podAnnotations: {} + + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + +##### dependencies ##### + +redis: + # using embedded redis + # connection info would be set automatically + # best to use external redis if you have one + embedded: true + # embedded: false + # url: "redis://127.0.0.1:6379/0" + # urlSecret: "" + # urlSecretKey: "CACHE_URL" + # please consult to chart manual if you want to change it. + # https://artifacthub.io/packages/helm/bitnami/redis + architecture: standalone + auth: + password: "REDIS_PASSWORD" + master: + persistence: + enabled: false + size: 8Gi + +postgresql: + # using embedded postgresql + # connection info would be set automatically + # best to use external pg if you have one + # setting embedded to false and set pg url in envrionment variable + embedded: true + # embedded: false + # goto extraBackendEnvs to set pg url + architecture: standalone + auth: + postgresPassword: "testpassword" + database: "dify" + primary: + persistence: + enabled: false + +minio: + embedded: false + # externalHost: "minio.example.com" + # externalPort: "443" + # embedded minio is not supported + # dify needs a external available minio + # please use external minio + # pr are welcomed + # embedded: false + # externalMinio: +# If using external storage. Comment above and uncomment below +# host: s3.amazonaws.com or storage.googleapis.com if using GCS +# bucket: +# region: +# verify_ssl: true +# port: 443 +# access_key_id: # or if using GCS +# secret_access_key: # or if using GCS +# iam_auth: # set to true in AWS to attempt to authenticate via Instance role + auth: + rootUser: minioadmin + rootPassword: minioadmin + defaultBuckets: "dify" + persistence: + enabled: false