doc: update readme.md for what needs to be updated

Author: cdxker

argocd-app.yaml

@@ -10,7 +10,7 @@ spec:
     namespace: trieve
   source:
     repoURL: https://devflowinc.github.io/trieve-helm
-    targetRevision: 0.2.32
+    targetRevision: 0.2.33
     chart: trieve
     helm:
       releaseName: trieve-local
@@ -187,7 +187,7 @@ spec:
             enabled: false
           metrics:
             serviceMonitor:
-              enabled: false
+              enabled: true
           podDisruptionBudget:
             enabled: false
             maxUnavailable: 1
@@ -423,7 +423,7 @@ spec:
             registry: ghcr.io/huggingface
             repository: text-embeddings-inference
             useGpu: true
-            serviceMonitor: false
+            serviceMonitor: true
             tolerations:
               - key: "gpu-node"
                 operator: "Exists"
@@ -437,7 +437,7 @@ spec:
             revision: main
             useGpu: true
             args: ["--pooling", "splade"]
-            serviceMonitor: false
+            serviceMonitor: true
             tolerations:
               - key: "gpu-node"
                 operator: "Exists"
@@ -450,7 +450,7 @@ spec:
             revision: main
             useGpu: true
             args: ["--pooling", "splade"]
-            serviceMonitor: false
+            serviceMonitor: true
             tolerations:
               - key: "gpu-node"
                 operator: "Exists"
@@ -463,7 +463,7 @@ spec:
             revision: main
             useGpu: true
             args: []
-            serviceMonitor: false
+            serviceMonitor: true
             tolerations:
               - key: "gpu-node"
                 operator: "Exists"
@@ -476,7 +476,7 @@ spec:
             revision: refs/pr/4
             useGpu: true
             args: []
-            serviceMonitor: false
+            serviceMonitor: true
             tolerations:
               - key: "gpu-node"
                 operator: "Exists"

charts/trieve/README.md

@@ -36,15 +36,17 @@ Before proceeding, you need to modify these specific sections in your `values.ya
 1. **config.vite** - Domains that the frontends use URLs (apiHost, searchUiUrl, chatUiUrl, dashboardUrl)
 2. **config.trieve.baseServerUrl** - Domain that the server uses
 3. **config.trieve** security keys:
-   - `salt` - Generate with: `openssl rand -hex 16`
-   - `secretKey` - Generate with: `openssl rand -hex 32`
-   - `adminApiKey` - Generate with: `openssl rand -hex 24`
+   - `adminApiKey` - Generate with: `openssl rand -hex 24` (**config.trieve.adminApiKeyRef** to configure as a secret)
 4. **config.s3** - Your S3 bucket credentials (endpoint, accessKey, secretKey, bucket, region)
-5. **config.llm.apiKey** - Your OpenRouter API key
-6. **config.openai.apiKey** - Your OpenAI API key
+  - **config.s3.accessKeyRef** To configure as a secret using the `config.s3.accessKeyRef` option
+  - **config.s3.secretKey** To configure as a secret using the `config.s3.secretKeyRef` option
+5. **config.llm.apiKey** - Your OpenRouter API key (**config.llm.apiKeyRef** to configure as a secret)
+6. **config.openai.apiKey** - Your OpenAI API key (**config.openai.apiKeyRef** to configure as a secret)
 7. **config.oidc** - Your OIDC provider settings (clientSecret, clientId, issuerUrl, authRedirectUrl)
-8. **pdf2md.config.s3** - S3 credentials for PDF processing (if using PDF2MD)
+  - `config.oidc.clientSecretRef` can be used to configure as a secret
+8. **pdf2md.s3** - S3 credentials for PDF processing (if using PDF2MD (`pdf2md.enabled`)
 9. **pdf2md.config.llm.apiKey** - LLM API key for PDF processing (if using PDF2MD)
+  - `pdf2md.config.llm.apiKeyRef` can be used to configure as a secret
 
 **For production**: Also change database passwords for clickhouse, qdrant, and redis.
 

charts/trieve/secrets/example_secrets.yaml

@@ -1,102 +1,33 @@
-# This file provides examples of how to structure your Kubernetes Secrets
-# if you choose to use secretKeyRef for sensitive values in your values.yaml.
-
-# Example for OIDC Client Secret
-# apiVersion: v1
-# kind: Secret
-# metadata:
-#   name: my-oidc-client-secret
-#   namespace: <your-namespace> # Replace with the namespace where Trieve is deployed
-# type: Opaque
-# data:
-#   oidcClientSecretKey: "<your-base64-encoded-oidc-client-secret>" # echo -n "yourActualClientSecret" | base64
-
-# Example for SMTP Password
-# apiVersion: v1
-# kind: Secret
-# metadata:
-#   name: my-smtp-credentials
-#   namespace: <your-namespace>
-# type: Opaque
-# data:
-#   smtpPasswordKey: "<your-base64-encoded-smtp-password>"
-
-# Example for Main LLM API Key (config.llm.apiKey)
-# apiVersion: v1
-# kind: Secret
-# metadata:
-#   name: my-main-llm-apikey
-#   namespace: <your-namespace>
-# type: Opaque
-# data:
-#   llmApiKey: "<your-base64-encoded-llm-api-key>"
-
-# Example for OpenAI API Key (config.openai.apiKey)
-# apiVersion: v1
-# kind: Secret
-# metadata:
-#   name: my-openai-apikey
-#   namespace: <your-namespace>
-# type: Opaque
-# data:
-#   openaiApiKey: "<your-base64-encoded-openai-api-key>"
-
-# Example for S3 Access Key
-# apiVersion: v1
-# kind: Secret
-# metadata:
-#   name: my-s3-access-key
-#   namespace: <your-namespace>
-# type: Opaque
-# data:
-#   s3AccessKey: "<your-base64-encoded-s3-access-key>"
-
-# Example for S3 Secret Key
-# apiVersion: v1
-# kind: Secret
-# metadata:
-#   name: my-s3-secret-key
-#   namespace: <your-namespace>
-# type: Opaque
-# data:
-#   s3SecretKey: "<your-base64-encoded-s3-secret-key>"
-
-# Example for PDF2MD Service API Key (pdf2md.config.pdf2md.apiKey)
-# apiVersion: v1
-# kind: Secret
-# metadata:
-#   name: my-pdf2md-apikey
-#   namespace: <your-namespace>
-# type: Opaque
-# data:
-#   pdf2mdApiKey: "<your-base64-encoded-pdf2md-api-key>"
-
-# Example for Trieve Admin API Key (config.trieve.adminApiKey)
-# apiVersion: v1
-# kind: Secret
-# metadata:
-#   name: my-trieve-admin-apikey
-#   namespace: <your-namespace>
-# type: Opaque
-# data:
-#   adminApiKey: "<your-base64-encoded-trieve-admin-api-key>"
-
-# --- Instructions ---
-# 1. Replace <your-namespace> with the actual namespace.
-# 2. Replace <your-base64-encoded-value> with the base64 encoded version of your secret.
-#    You can generate this using: echo -n "yourActualSecretValue" | base64
-# 3. Uncomment the sections you need and save this file (or a similar one) with your actual secrets.
-# 4. Apply this secret manifest to your Kubernetes cluster: kubectl apply -f your_secrets_file.yaml
-# 5. Update your Trieve Helm chart's values.yaml to reference these secrets, for example:
-#    config:
-#      oidc:
-#        clientSecretRef:
-#          enabled: true
-#          secretName: "my-oidc-client-secret"
-#          secretKey: "oidcClientSecretKey"
-#      llm:
-#        apiKeyRef:
-#          enabled: true
-#          secretName: "my-main-llm-apikey"
-#          secretKey: "llmApiKey"
-#    # ... and so on for other secrets
+apiVersion: v1
+kind: Secret
+metadata:
+  name: trieve-unified-secret
+  namespace: trieve # Ensure this is the correct namespace
+stringData:
+  # LLM API Keys
+  # openrouter.ai api key (optional)
+  llmApiKey: 
+  # OpenAI api key
+  openaiApiKey: 
+  
+  # S3 Credentials (ensure you also update s3.endpoint, s3.region, s3.bucket in values.yaml)
+  s3AccessKey: 
+  s3SecretKey: 
+  
+  # Other API Keys
+  adminApiKey: 
+  # jina code api key (optional for jina-code embedding model)
+  jinaCodeApiKey: jina_************************************************************
+  
+  # OIDC and Database
+  oidcClientSecret: 
+
+  clickhousePassword: clickhouse
+
+  # SMTP
+  smtpPassword: ""
+
+  redisPassword: "moreComplexPassword"
+  redisUrl: "redis://:moreComplexPassword@trieve-local-redis-master:6379"
+
+  pdf2mdInternalAuth: "pdf2mdPassword"

charts/trieve/values.yaml

@@ -353,7 +353,7 @@ config:
     rerankerServerOrigin: http://embedding-reranker.default.svc.cluster.local
     salt: "tbbqfnygvfirellhzzl" # Should be a unique random string
     secretKey: "lkjadsf2349asdlfkj2334209ualkfsdlfkj1023u19312l3kj12l3kjsaf0d9u90823l1kj3209u34h" # Should be a unique random string
-    adminApiKey: "" # Example: "ad91lkjad190adfal"
+    adminApiKey: "adminApiKey" # Example: "ad91lkjad190adfal"
     adminApiKeyRef:
       enabled: false
       secretName: "my-admin-api-key-secret"