diff --git a/README.md b/README.md index b24d2d34..7d48be4f 100644 --- a/README.md +++ b/README.md @@ -9,40 +9,6 @@ This is a community-maintained repository that contains resources for deploying We provide a Helm chart that helps you deploy Langfuse on Kubernetes. Note that the Helm installation must be named `langfuse` for the chart to work correctly with the default values.yaml. -The following environment variables must be provided via `langfuse.additionalEnv` to configure Redis/Valkey, S3, and ClickHouse. -See the values.yaml file for more information and an example. -Replace `langfuse` in the values with your installation name in case you changed it. - -```yaml -# REDIS -- name: "REDIS_CONNECTION_STRING" - value: "redis://default:changeme@langfuse-valkey-primary:6379/0" -# CLICKHOUSE -- name: "CLICKHOUSE_MIGRATION_URL" - value: "clickhouse://langfuse-clickhouse:9000" -- name: "CLICKHOUSE_URL" - value: "http://langfuse-clickhouse:8123" -- name: "CLICKHOUSE_USER" - value: "default" -- name: "CLICKHOUSE_PASSWORD" - value: "changeme" -# S3 / MinIO -- name: "LANGFUSE_S3_EVENT_UPLOAD_ENABLED" - value: "true" -- name: "LANGFUSE_S3_EVENT_UPLOAD_BUCKET" - value: "langfuse" -- name: "LANGFUSE_S3_EVENT_UPLOAD_REGION" - value: "auto" -- name: "LANGFUSE_S3_EVENT_UPLOAD_ACCESS_KEY_ID" - value: "minio" -- name: "LANGFUSE_S3_EVENT_UPLOAD_SECRET_ACCESS_KEY" - value: "miniosecret" -- name: "LANGFUSE_S3_EVENT_UPLOAD_ENDPOINT" - value: "http://langfuse-minio:9000" -- name: "LANGFUSE_S3_EVENT_UPLOAD_FORCE_PATH_STYLE" - value: "true" -``` - ### Installation ```bash @@ -97,7 +63,7 @@ The following table lists the useful configurable parameters of the Langfuse cha | `langfuse.web.vpa.maxAllowed` | Maximum resource limits allowed by VPA for the web component. | `{}` | | `langfuse.web.vpa.minAllowed` | Minimum resource limits allowed by VPA for the web component. | `{}` | | `langfuse.web.vpa.updatePolicy.updateMode` | Update mode for VPA (e.g., `Auto`). | `Auto` | -| `langfuse.web.hostAliases` | Adding records to /etc/hosts in the pod's network. | `[]` | +| `langfuse.web.hostAliases` | Adding records to /etc/hosts in the pod's network. | `[]` | | `langfuse.worker.replicas` | Number of replicas to start for the worker container. Defaults to global `replicaCount`. | `replicaCount` | | `langfuse.worker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe. | `20` | | `langfuse.worker.livenessProbe.periodSeconds` | Period seconds for livenessProbe. | `10` | @@ -128,23 +94,27 @@ The following table lists the useful configurable parameters of the Langfuse cha | `postgresql.auth.username` | Username to use to connect to the postgres database deployed with Langfuse. In case `postgresql.deploy` is set to `true`, the user will be created automatically. | `postgres` | | `postgresql.auth.password` | Password to use to connect to the postgres database deployed with Langfuse. In case `postgresql.deploy` is set to `true`, the password will be set automatically. | `postgres` | | `postgresql.auth.database` | Database name to use for Langfuse. | `langfuse` | -| `postgresql.host` | If `postgresql.deploy` is set to false, hostname of the external postgres server to use (mandatory) | `nil` | +| `postgresql.host` | If `postgresql.deploy` is set to false, hostname of the external postgres server to use (mandatory) | `langfuse-postgresql` | | `postgresql.directUrl` | If `postgresql.deploy` is set to false, Connection string of your Postgres database used for database migrations. Use this if you want to use a different user for migrations or use connection pooling on DATABASE_URL. For large deployments, configure the database user with long timeouts as migrations might need a while to complete. | `nil` | | `postgresql.shadowDatabaseUrl` | If your database user lacks the CREATE DATABASE permission, you must create a shadow database and configure the "SHADOW_DATABASE_URL". This is often the case if you use a Cloud database. Refer to the Prisma docs for detailed instructions. | `nil` | | `postgresql.primary.persistence.size` | Disk request for the postgres database deployed with Langfuse. Effective only if `postgresql.deploy` is set to true | `8Gi` | | `postgresql.primary.persistence.storageClass` | Disk PVC Storage Class for the postgres database deployed with Langfuse. Effective only if `postgresql.deploy` is set to true | `` | | `clickhouse.deploy` | Enable ClickHouse deployment (via Bitnami Helm Chart). If you want to use an external Clickhouse server (or a managed one), set this to false | `true` | +| `clickhouse.host` | If `clickhouse.deploy` is set to false, hostname of the external clickhouse server to use (mandatory) | `langfuse-clickhouse` | | `clickhouse.shards` | Number of shards to use for the ClickHouse cluster. Must be set to 1. | `1` | | `clickhouse.replicaCount` | Number of replicas to use for the ClickHouse cluster. 1 corresponds to a single, non-HA deployment. Set CLICKHOUSE_CLUSTER_ENABLED=false if you go for a non-replicated setup. | `3` | -| `clickhouse.resourcesPreset` | Resource preset for Bitnami Helm chart. | `2xlarge` | +| `clickhouse.resourcesPreset` | Resource preset for Bitnami Helm chart. | `2xlarge` | | `clickhouse.auth.username` | Username for the ClickHouse user. | `default` | | `clickhouse.auth.password` | Password for the ClickHouse user. | `changeme` | | `valkey.deploy` | Enable valkey deployment (via Bitnami Helm Chart). If you want to use a Redis or Valkey server already deployed, set to false. | `true` | +| `valkey.host` | If `valkey.deploy` is set to false, hostname of the external valkey server to use (mandatory) | `langfuse-valkey-primary` | +| `valkey.database` | If `valkey.deploy` is set to false, valkey database id to use (mandatory) | `0` | | `valkey.architecture` | Architecture for the valkey deployment. Should be `standalone`. | `standalone` | | `valkey.primary.extraFlags` | Extra flags for the valkey deployment. Must include `--maxmemory-policy noeviction`. | `--maxmemory-policy noeviction` | | `valkey.auth.password` | Password for the valkey cluster. | `changeme` | | `minio.deploy` | Enable MinIO deployment (via Bitnami Helm Chart). If you want to use a custom BlobStorage, e.g. S3, set to false. | `true` | -| `minio.defaultBuckets` | Default buckets to create with the MinIO deployment. | `langfuse` | +| `minio.host` | If `minio.deploy` is set to false, hostname of the external MinIO server to use (mandatory) | `langfuse-minio` | +| `minio.defaultBuckets` | Default buckets to create with the MinIO deployment. If `minio.deploy` is set to false, custom BlobStorage bucket to use | `langfuse` | | `minio.auth.rootUser` | Name of the MinIO root user. | `minio` | | `minio.auth.rootPassword` | Password for the MinIO root user. | `miniosecret` | | `extraManifests` | Dict that allow addition of additional k8s resources | `[]` | diff --git a/charts/langfuse/Chart.yaml b/charts/langfuse/Chart.yaml index 61a72a09..e6f6cce9 100644 --- a/charts/langfuse/Chart.yaml +++ b/charts/langfuse/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: langfuse -version: 0.12.1 +version: 0.13.0 description: Open source LLM engineering platform - LLM observability, metrics, evaluations, prompt management. type: application keywords: diff --git a/charts/langfuse/templates/_helpers.tpl b/charts/langfuse/templates/_helpers.tpl index 6a9a8e5c..9b5e80ed 100644 --- a/charts/langfuse/templates/_helpers.tpl +++ b/charts/langfuse/templates/_helpers.tpl @@ -84,4 +84,84 @@ Return PostgreSQL fullname {{- else }} {{- printf "%s-postgresql" (include "langfuse.fullname" .) -}} {{- end }} +{{- end }} + +{{/* +Create the name of the secret for clickhouse if we use an external database +*/}} +{{- define "langfuse.clickhouseSecretName" -}} +{{- printf "%s-clickhouse" (include "langfuse.fullname" .) -}} +{{- end }} + +{{/* +Return clickhouse fullname +*/}} +{{- define "langfuse.clickhouse.fullname" -}} +{{- if .Values.clickhouse.deploy }} +{{- include "common.names.dependency.fullname" (dict "chartName" "clickhouse" "chartValues" .Values.clickhouse "context" $) -}} +{{- else }} +{{- printf "%s-clickhouse" (include "langfuse.fullname" .) -}} +{{- end }} +{{- end }} + +{{/* +Clickhouse host +*/}} +{{- define "langfuse.clickhouse.host" -}} +{{- if .Values.clickhouse.deploy }} +{{- (include "langfuse.clickhouse.fullname" .) -}} +{{- else }} +{{- .Values.clickhouse.host -}} +{{- end }} +{{- end }} + +{{/* +Return Valkey fullname +*/}} +{{- define "langfuse.valkey.fullname" -}} +{{- if .Values.valkey.deploy }} +{{- include "common.names.dependency.fullname" (dict "chartName" "valkey" "chartValues" .Values.valkey "context" $) -}} +{{- else }} +{{- printf "%s-valkey" (include "langfuse.fullname" .) -}} +{{- end }} +{{- end }} + +{{/* +Valkey host +*/}} +{{- define "langfuse.valkey.host" -}} +{{- if .Values.valkey.deploy }} +{{- printf "%s-primary" (include "langfuse.valkey.fullname" .) -}} +{{- else }} +{{- .Values.valkey.host -}} +{{- end }} +{{- end }} + +{{/* +Create the name of the secret for minio if we use an external deployment +*/}} +{{- define "langfuse.minioSecretName" -}} +{{- printf "%s-minio" (include "langfuse.fullname" .) -}} +{{- end }} + +{{/* +Return minio fullname +*/}} +{{- define "langfuse.minio.fullname" -}} +{{- if .Values.minio.deploy }} +{{- include "common.names.dependency.fullname" (dict "chartName" "minio" "chartValues" .Values.minio "context" $) -}} +{{- else }} +{{- printf "%s-minio" (include "langfuse.fullname" .) -}} +{{- end }} +{{- end }} + +{{/* +Minio host +*/}} +{{- define "langfuse.minio.host" -}} +{{- if .Values.minio.deploy }} +{{- (include "langfuse.minio.fullname" .) -}} +{{- else }} +{{- .Values.minio.host -}} +{{- end }} {{- end }} \ No newline at end of file diff --git a/charts/langfuse/templates/clickhouse-secret.yaml b/charts/langfuse/templates/clickhouse-secret.yaml new file mode 100644 index 00000000..445f21bc --- /dev/null +++ b/charts/langfuse/templates/clickhouse-secret.yaml @@ -0,0 +1,11 @@ +{{- if and (not .Values.clickhouse.deploy) (.Values.clickhouse.auth.password) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "langfuse.clickhouseSecretName" . }} + labels: + {{- include "langfuse.labels" . | nindent 4 }} +type: Opaque +data: + admin-password: {{ .Values.clickhouse.auth.password | toString | b64enc | quote }} +{{- end }} \ No newline at end of file diff --git a/charts/langfuse/templates/deployment-web.yaml b/charts/langfuse/templates/deployment-web.yaml index aa44ed1b..ea895955 100644 --- a/charts/langfuse/templates/deployment-web.yaml +++ b/charts/langfuse/templates/deployment-web.yaml @@ -59,6 +59,29 @@ spec: value: "0.0.0.0" - name: PORT value: {{ .Values.langfuse.port | quote }} + - name: NEXTAUTH_URL + value: {{ .Values.langfuse.nextauth.url | quote }} + {{- if .Values.langfuse.nextauth.secret }} + - name: NEXTAUTH_SECRET + valueFrom: + secretKeyRef: + name: {{ include "langfuse.nextauthSecretName" . }} + key: nextauth-secret + {{- end }} + {{- if .Values.langfuse.salt }} + - name: SALT + value: {{ .Values.langfuse.salt | quote }} + {{- end }} + - name: TELEMETRY_ENABLED + value: {{ .Values.langfuse.telemetryEnabled | quote }} + - name: NEXT_PUBLIC_SIGN_UP_DISABLED + value: {{ .Values.langfuse.nextPublicSignUpDisabled | quote }} + - name: ENABLE_EXPERIMENTAL_FEATURES + value: {{ .Values.langfuse.enableExperimentalFeatures | quote }} + {{- if .Values.langfuse.additionalEnv }} + {{- toYaml .Values.langfuse.additionalEnv | nindent 12 }} + {{- end }} + # Postgres {{- if .Values.postgresql.auth.username }} - name: DATABASE_USERNAME value: {{ .Values.postgresql.auth.username | quote }} @@ -94,28 +117,39 @@ spec: key: postgres-shadow-database-url {{- end }} {{- end }} - - name: NEXTAUTH_URL - value: {{ .Values.langfuse.nextauth.url | quote }} - {{- if .Values.langfuse.nextauth.secret }} - - name: NEXTAUTH_SECRET + # Redis + - name: REDIS_CONNECTION_STRING + value: "redis://default:{{ .Values.valkey.auth.password }}@{{ (include "langfuse.valkey.host" .) }}:{{ .Values.valkey.primary.service.ports.valkey }}/{{ .Values.valkey.database }}" + # Clickhouse + - name: CLICKHOUSE_MIGRATION_URL + value: "clickhouse://{{ (include "langfuse.clickhouse.host" .) }}:{{ .Values.clickhouse.service.ports.tcp }}" + - name: CLICKHOUSE_URL + value: "http://{{ (include "langfuse.clickhouse.host" .) }}:{{ .Values.clickhouse.service.ports.http }}" + - name: CLICKHOUSE_USER + value: {{ .Values.clickhouse.auth.username }} + - name: CLICKHOUSE_PASSWORD valueFrom: secretKeyRef: - name: {{ include "langfuse.nextauthSecretName" . }} - key: nextauth-secret - {{- end }} - {{- if .Values.langfuse.salt }} - - name: SALT - value: {{ .Values.langfuse.salt | quote }} - {{- end }} - - name: TELEMETRY_ENABLED - value: {{ .Values.langfuse.telemetryEnabled | quote }} - - name: NEXT_PUBLIC_SIGN_UP_DISABLED - value: {{ .Values.langfuse.nextPublicSignUpDisabled | quote }} - - name: ENABLE_EXPERIMENTAL_FEATURES - value: {{ .Values.langfuse.enableExperimentalFeatures | quote }} - {{- if .Values.langfuse.additionalEnv }} - {{- toYaml .Values.langfuse.additionalEnv | nindent 12 }} - {{- end }} + name: {{ include "langfuse.clickhouse.fullname" . }} + key: admin-password + # S3 / MinIO + - name: LANGFUSE_S3_EVENT_UPLOAD_ENABLED + value: "true" + - name: LANGFUSE_S3_EVENT_UPLOAD_BUCKET + value: {{ .Values.minio.defaultBuckets }} + - name: LANGFUSE_S3_EVENT_UPLOAD_REGION + value: auto + - name: LANGFUSE_S3_EVENT_UPLOAD_ACCESS_KEY_ID + value: {{ .Values.minio.auth.rootUser }} + - name: LANGFUSE_S3_EVENT_UPLOAD_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ include "langfuse.minio.fullname" . }} + key: root-password + - name: LANGFUSE_S3_EVENT_UPLOAD_ENDPOINT + value: "http://{{ (include "langfuse.minio.host" .) }}:{{ .Values.minio.service.ports.api }}" + - name: LANGFUSE_S3_EVENT_UPLOAD_FORCE_PATH_STYLE + value: "true" ports: - name: http containerPort: {{ .Values.langfuse.port }} diff --git a/charts/langfuse/templates/deployment-worker.yaml b/charts/langfuse/templates/deployment-worker.yaml index 275790c7..830e5bce 100644 --- a/charts/langfuse/templates/deployment-worker.yaml +++ b/charts/langfuse/templates/deployment-worker.yaml @@ -55,6 +55,26 @@ spec: value: "0.0.0.0" - name: PORT value: {{ .Values.langfuse.port | quote }} + - name: NEXTAUTH_URL + value: {{ .Values.langfuse.nextauth.url | quote }} + {{- if .Values.langfuse.nextauth.secret }} + - name: NEXTAUTH_SECRET + valueFrom: + secretKeyRef: + name: {{ include "langfuse.nextauthSecretName" . }} + key: nextauth-secret + {{- end }} + {{- if .Values.langfuse.salt }} + - name: SALT + value: {{ .Values.langfuse.salt | quote }} + {{- end }} + - name: TELEMETRY_ENABLED + value: {{ .Values.langfuse.telemetryEnabled | quote }} + - name: NEXT_PUBLIC_SIGN_UP_DISABLED + value: {{ .Values.langfuse.nextPublicSignUpDisabled | quote }} + - name: ENABLE_EXPERIMENTAL_FEATURES + value: {{ .Values.langfuse.enableExperimentalFeatures | quote }} + # Postgres - name: DATABASE_USERNAME value: {{ .Values.postgresql.auth.username | quote }} - name: DATABASE_PASSWORD @@ -82,28 +102,42 @@ spec: key: postgres-shadow-database-url {{- end }} {{- end }} - - name: NEXTAUTH_URL - value: {{ .Values.langfuse.nextauth.url | quote }} - {{- if .Values.langfuse.nextauth.secret }} - - name: NEXTAUTH_SECRET - valueFrom: - secretKeyRef: - name: {{ include "langfuse.nextauthSecretName" . }} - key: nextauth-secret - {{- end }} - {{- if .Values.langfuse.salt }} - - name: SALT - value: {{ .Values.langfuse.salt | quote }} - {{- end }} - - name: TELEMETRY_ENABLED - value: {{ .Values.langfuse.telemetryEnabled | quote }} - - name: NEXT_PUBLIC_SIGN_UP_DISABLED - value: {{ .Values.langfuse.nextPublicSignUpDisabled | quote }} - - name: ENABLE_EXPERIMENTAL_FEATURES - value: {{ .Values.langfuse.enableExperimentalFeatures | quote }} {{- if .Values.langfuse.additionalEnv }} {{- toYaml .Values.langfuse.additionalEnv | nindent 12 }} {{- end }} + # Redis + - name: REDIS_CONNECTION_STRING + value: "redis://default:{{ .Values.valkey.auth.password }}@{{ (include "langfuse.valkey.host" .) }}:{{ .Values.valkey.primary.service.ports.valkey }}/{{ .Values.valkey.database }}" + # Clickhouse + - name: CLICKHOUSE_MIGRATION_URL + value: "clickhouse://{{ (include "langfuse.clickhouse.host" .) }}:{{ .Values.clickhouse.service.ports.tcp }}" + - name: CLICKHOUSE_URL + value: "http://{{ (include "langfuse.clickhouse.host" .) }}:{{ .Values.clickhouse.service.ports.http }}" + - name: CLICKHOUSE_USER + value: {{ .Values.clickhouse.auth.username }} + - name: CLICKHOUSE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "langfuse.clickhouse.fullname" . }} + key: admin-password + # S3 / MinIO + - name: LANGFUSE_S3_EVENT_UPLOAD_ENABLED + value: "true" + - name: LANGFUSE_S3_EVENT_UPLOAD_BUCKET + value: {{ .Values.minio.defaultBuckets }} + - name: LANGFUSE_S3_EVENT_UPLOAD_REGION + value: auto + - name: LANGFUSE_S3_EVENT_UPLOAD_ACCESS_KEY_ID + value: {{ .Values.minio.auth.rootUser }} + - name: LANGFUSE_S3_EVENT_UPLOAD_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ include "langfuse.minio.fullname" . }} + key: root-password + - name: LANGFUSE_S3_EVENT_UPLOAD_ENDPOINT + value: "http://{{ (include "langfuse.minio.host" .) }}:{{ .Values.minio.service.ports.api }}" + - name: LANGFUSE_S3_EVENT_UPLOAD_FORCE_PATH_STYLE + value: "true" ports: - name: http containerPort: {{ .Values.langfuse.port }} diff --git a/charts/langfuse/templates/minio-secret.yaml b/charts/langfuse/templates/minio-secret.yaml new file mode 100644 index 00000000..120dcb82 --- /dev/null +++ b/charts/langfuse/templates/minio-secret.yaml @@ -0,0 +1,11 @@ +{{- if and (not .Values.minio.deploy) (.Values.minio.auth.rootPassword) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "langfuse.minioSecretName" . }} + labels: + {{- include "langfuse.labels" . | nindent 4 }} +type: Opaque +data: + root-password: {{ .Values.minio.auth.rootPassword | toString | b64enc | quote }} +{{- end }} \ No newline at end of file diff --git a/charts/langfuse/values.yaml b/charts/langfuse/values.yaml index bace1d9b..ad629ce2 100644 --- a/charts/langfuse/values.yaml +++ b/charts/langfuse/values.yaml @@ -57,33 +57,6 @@ langfuse: updateMode: Auto additionalEnv: - # REDIS - - name: "REDIS_CONNECTION_STRING" - value: "redis://default:changeme@langfuse-valkey-primary:6379/0" - # CLICKHOUSE - - name: "CLICKHOUSE_MIGRATION_URL" - value: "clickhouse://langfuse-clickhouse:9000" - - name: "CLICKHOUSE_URL" - value: "http://langfuse-clickhouse:8123" - - name: "CLICKHOUSE_USER" - value: "default" - - name: "CLICKHOUSE_PASSWORD" - value: "changeme" - # S3 / MinIO - - name: "LANGFUSE_S3_EVENT_UPLOAD_ENABLED" - value: "true" - - name: "LANGFUSE_S3_EVENT_UPLOAD_BUCKET" - value: "langfuse" - - name: "LANGFUSE_S3_EVENT_UPLOAD_REGION" - value: "auto" - - name: "LANGFUSE_S3_EVENT_UPLOAD_ACCESS_KEY_ID" - value: "minio" - - name: "LANGFUSE_S3_EVENT_UPLOAD_SECRET_ACCESS_KEY" - value: "miniosecret" - - name: "LANGFUSE_S3_EVENT_UPLOAD_ENDPOINT" - value: "http://langfuse-minio:9000" - - name: "LANGFUSE_S3_EVENT_UPLOAD_FORCE_PATH_STYLE" - value: "true" serviceAccount: create: true @@ -113,12 +86,12 @@ tolerations: [] affinity: {} postgresql: + deploy: true host: langfuse-postgresql auth: username: postgres password: postgres database: postgres_langfuse - deploy: true architecture: standalone primary: service: @@ -127,17 +100,27 @@ postgresql: clickhouse: deploy: true + host: langfuse-clickhouse shards: 1 # Fixed. Langfuse does not support multi-shard clusters. replicaCount: 3 resourcesPreset: 2xlarge + service: + ports: + http: 8123 + tcp: 9000 auth: username: default password: changeme valkey: deploy: true + host: langfuse-valkey-primary + database: 0 architecture: standalone primary: + service: + ports: + valkey: 6379 extraFlags: - "--maxmemory-policy noeviction" auth: @@ -145,7 +128,11 @@ valkey: minio: deploy: true + host: langfuse-minio defaultBuckets: 'langfuse' + service: + ports: + api: 9000 auth: rootUser: 'minio' rootPassword: 'miniosecret'