AI_POC/TERES_fastapi_backend
12
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v0.21.1-fastapi

Browse Source
This commit is contained in:
dangzerong
2025-11-04 16:06:36 +08:00
parent 3e58c3d0e9
commit d57b5d76ae
218 changed files with 19617 additions and 72339 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
helm/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "ragflow.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "ragflow.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "ragflow.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "ragflow.labels" -}}
helm.sh/chart: {{ include "ragflow.chart" . }}
{{ include "ragflow.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "ragflow.selectorLabels" -}}
app.kubernetes.io/name: {{ include "ragflow.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "ragflow.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "ragflow.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

17
helm/templates/elasticsearch-config.yaml Normal file
View File

@@ -0,0 +1,17 @@
{{- if eq .Values.env.DOC_ENGINE "elasticsearch" -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "ragflow.fullname" . }}-es-config
data:
node.name: "es01"
bootstrap.memory_lock: "false"
discovery.type: "single-node"
xpack.security.enabled: "true"
xpack.security.http.ssl.enabled: "false"
xpack.security.transport.ssl.enabled: "false"
cluster.routing.allocation.disk.watermark.low: 5gb
cluster.routing.allocation.disk.watermark.high: 3gb
cluster.routing.allocation.disk.watermark.flood_stage: 2gb
TZ: {{ .Values.env.TIMEZONE }}
{{- end -}}

131
helm/templates/elasticsearch.yaml Normal file
View File

@@ -0,0 +1,131 @@
{{- if eq .Values.env.DOC_ENGINE "elasticsearch" -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "ragflow.fullname" . }}-es-data
annotations:
"helm.sh/resource-policy": keep
labels:
{{- include "ragflow.labels" . | nindent 4 }}
app.kubernetes.io/component: elasticsearch
spec:
{{- with .Values.elasticsearch.storage.className }}
storageClassName: {{ . }}
{{- end }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.elasticsearch.storage.capacity }}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "ragflow.fullname" . }}-es
labels:
{{- include "ragflow.labels" . | nindent 4 }}
app.kubernetes.io/component: elasticsearch
spec:
replicas: 1
selector:
matchLabels:
{{- include "ragflow.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: elasticsearch
{{- with .Values.elasticsearch.deployment.strategy }}
strategy:
{{- . | toYaml | nindent 4 }}
{{- end }}
template:
metadata:
labels:
{{- include "ragflow.labels" . | nindent 8 }}
app.kubernetes.io/component: elasticsearch
annotations:
checksum/config-es: {{ include (print $.Template.BasePath "/elasticsearch-config.yaml") . | sha256sum }}
checksum/config-env: {{ include (print $.Template.BasePath "/env.yaml") . | sha256sum }}
spec:
{{- if or .Values.imagePullSecrets .Values.elasticsearch.image.pullSecrets }}
imagePullSecrets:
{{- with .Values.imagePullSecrets }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.elasticsearch.image.pullSecrets }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
initContainers:
- name: fix-data-volume-permissions
image: {{ .Values.elasticsearch.initContainers.alpine.repository }}:{{ .Values.elasticsearch.initContainers.alpine.tag }}
{{- with .Values.elasticsearch.initContainers.alpine.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
command:
- sh
- -c
- "chown -R 1000:0 /usr/share/elasticsearch/data"
volumeMounts:
- mountPath: /usr/share/elasticsearch/data
name: es-data
- name: sysctl
image: {{ .Values.elasticsearch.initContainers.busybox.repository }}:{{ .Values.elasticsearch.initContainers.busybox.tag }}
{{- with .Values.elasticsearch.initContainers.busybox.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
securityContext:
privileged: true
runAsUser: 0
command: ["sysctl", "-w", "vm.max_map_count=262144"]
containers:
- name: elasticsearch
image: {{ .Values.elasticsearch.image.repository }}:{{ .Values.elasticsearch.image.tag }}
{{- with .Values.elasticsearch.image.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
envFrom:
- secretRef:
name: {{ include "ragflow.fullname" . }}-env-config
- configMapRef:
name: {{ include "ragflow.fullname" . }}-es-config
ports:
- containerPort: 9200
name: http
- containerPort: 9300
name: transport
volumeMounts:
- mountPath: /usr/share/elasticsearch/data
name: es-data
{{- with .Values.elasticsearch.deployment.resources }}
resources:
{{- . | toYaml | nindent 10 }}
{{- end }}
securityContext:
capabilities:
add:
- "IPC_LOCK"
runAsUser: 1000
# NOTE: fsGroup doesn't seem to
# work so use init container instead
# fsGroup: 1000
allowPrivilegeEscalation: false
volumes:
- name: es-data
persistentVolumeClaim:
claimName: {{ include "ragflow.fullname" . }}-es-data
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "ragflow.fullname" . }}-es
labels:
{{- include "ragflow.labels" . | nindent 4 }}
app.kubernetes.io/component: elasticsearch
spec:
selector:
{{- include "ragflow.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: elasticsearch
ports:
- protocol: TCP
port: 9200
targetPort: http
type: {{ .Values.elasticsearch.service.type }}
{{- end -}}

53
helm/templates/env.yaml Normal file
View File

@@ -0,0 +1,53 @@
{{- /*
TODO: Split env vars into separate secrets so that each pod
only gets passed the secrets it really needs.
*/}}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "ragflow.fullname" . }}-env-config
type: Opaque
stringData:
{{- range $key, $val := .Values.env }}
{{- if $val }}
{{ $key }}: {{ quote $val }}
{{- end }}
{{- end }}
{{- /*
Use host names derived from internal cluster DNS
*/}}
REDIS_HOST: {{ printf "%s-redis.%s.svc" (include "ragflow.fullname" .) .Release.Namespace }}
MYSQL_HOST: {{ printf "%s-mysql.%s.svc" (include "ragflow.fullname" .) .Release.Namespace }}
MINIO_HOST: {{ printf "%s-minio.%s.svc" (include "ragflow.fullname" .) .Release.Namespace }}
{{- /*
Fail if passwords are not provided in release values
*/}}
REDIS_PASSWORD: {{ .Values.env.REDIS_PASSWORD | required "REDIS_PASSWORD is required" }}
{{- /*
NOTE: MySQL uses MYSQL_ROOT_PASSWORD env var but Ragflow container expects
MYSQL_PASSWORD so we need to define both as the same value here.
*/}}
{{- with .Values.env.MYSQL_PASSWORD | required "MYSQL_PASSWORD is required" }}
MYSQL_PASSWORD: {{ . }}
MYSQL_ROOT_PASSWORD: {{ . }}
{{- end }}
{{- with .Values.env.MINIO_PASSWORD | required "MINIO_PASSWORD is required" }}
MINIO_PASSWORD: {{ . }}
MINIO_ROOT_PASSWORD: {{ . }}
{{- end }}
{{- /*
Only provide env vars for enabled doc engine
*/}}
{{- if eq .Values.env.DOC_ENGINE "elasticsearch" }}
ES_HOST: {{ printf "%s-es.%s.svc" (include "ragflow.fullname" .) .Release.Namespace }}
ELASTIC_PASSWORD: {{ .Values.env.ELASTIC_PASSWORD | required "ELASTIC_PASSWORD is required" }}
{{- else if eq .Values.env.DOC_ENGINE "infinity" }}
INFINITY_HOST: {{ printf "%s-infinity.%s.svc" (include "ragflow.fullname" .) .Release.Namespace }}
{{- else if eq .Values.env.DOC_ENGINE "opensearch" }}
OS_HOST: {{ printf "%s-opensearch.%s.svc" (include "ragflow.fullname" .) .Release.Namespace }}
OS_PORT: "9201"
OPENSEARCH_PASSWORD: {{ .Values.env.OPENSEARCH_PASSWORD | required "OPENSEARCH_PASSWORD is required" }}
OPENSEARCH_INITIAL_ADMIN_PASSWORD: {{ .Values.env.OPENSEARCH_PASSWORD | required "OPENSEARCH_PASSWORD is required" }}
{{- else }}
{{ fail "env.DOC_ENGINE must be either 'elasticsearch', 'opensearch' or 'infinity'" }}
{{- end }}

122
helm/templates/infinity.yaml Normal file
View File

@@ -0,0 +1,122 @@
{{- if eq .Values.env.DOC_ENGINE "infinity" -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "ragflow.fullname" . }}-infinity
annotations:
"helm.sh/resource-policy": keep
labels:
{{- include "ragflow.labels" . | nindent 4 }}
app.kubernetes.io/component: infinity
spec:
{{- with .Values.infinity.storage.className }}
storageClassName: {{ . }}
{{- end }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.infinity.storage.capacity }}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "ragflow.fullname" . }}-infinity
labels:
{{- include "ragflow.labels" . | nindent 4 }}
app.kubernetes.io/component: infinity
spec:
replicas: 1
selector:
matchLabels:
{{- include "ragflow.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: infinity
{{- with .Values.infinity.deployment.strategy }}
strategy:
{{- . | toYaml | nindent 4 }}
{{- end }}
template:
metadata:
labels:
{{- include "ragflow.labels" . | nindent 8 }}
app.kubernetes.io/component: infinity
annotations:
checksum/config: {{ include (print $.Template.BasePath "/env.yaml") . | sha256sum }}
spec:
{{- if or .Values.imagePullSecrets .Values.infinity.image.pullSecrets }}
imagePullSecrets:
{{- with .Values.imagePullSecrets }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.infinity.image.pullSecrets }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: infinity
image: {{ .Values.infinity.image.repository }}:{{ .Values.infinity.image.tag }}
{{- with .Values.infinity.image.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
envFrom:
- secretRef:
name: {{ include "ragflow.fullname" . }}-env-config
ports:
- containerPort: 23817
name: thrift
- containerPort: 23820
name: http
- containerPort: 5432
name: psql
volumeMounts:
- mountPath: /var/infinity
name: infinity-data
{{- with .Values.infinity.deployment.resources }}
resources:
{{- . | toYaml | nindent 10 }}
{{- end }}
securityContext:
capabilities:
add:
- "NET_BIND_SERVICE"
seccompProfile:
type: RuntimeDefault
livenessProbe:
httpGet:
path: /admin/node/current
port: 23820
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 10
failureThreshold: 120
volumes:
- name: infinity-data
persistentVolumeClaim:
claimName: {{ include "ragflow.fullname" . }}-infinity
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "ragflow.fullname" . }}-infinity
labels:
{{- include "ragflow.labels" . | nindent 4 }}
app.kubernetes.io/component: infinity
spec:
selector:
{{- include "ragflow.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: infinity
ports:
- protocol: TCP
port: 23817
targetPort: thrift
name: thrift
- protocol: TCP
port: 23820
targetPort: http
name: http
- protocol: TCP
port: 5432
targetPort: psql
name: psql
type: {{ .Values.infinity.service.type }}
{{- end -}}

43
helm/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,43 @@
{{- if .Values.ingress.enabled -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "ragflow.fullname" . }}
labels:
{{- include "ragflow.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with .Values.ingress.className }}
ingressClassName: {{ . }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- with .pathType }}
pathType: {{ . }}
{{- end }}
backend:
service:
name: {{ $.Release.Name }}
port:
name: http
{{- end }}
{{- end }}
{{- end }}

105
helm/templates/minio.yaml Normal file
View File

@@ -0,0 +1,105 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "ragflow.fullname" . }}-minio
annotations:
"helm.sh/resource-policy": keep
labels:
{{- include "ragflow.labels" . | nindent 4 }}
app.kubernetes.io/component: minio
spec:
{{- with .Values.minio.storage.className }}
storageClassName: {{ . }}
{{- end }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.minio.storage.capacity }}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "ragflow.fullname" . }}-minio
labels:
{{- include "ragflow.labels" . | nindent 4 }}
app.kubernetes.io/component: minio
annotations:
checksum/config: {{ include (print $.Template.BasePath "/env.yaml") . | sha256sum }}
spec:
replicas: 1
selector:
matchLabels:
{{- include "ragflow.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: minio
{{- with .Values.minio.deployment.strategy }}
strategy:
{{- . | toYaml | nindent 4 }}
{{- end }}
template:
metadata:
labels:
{{- include "ragflow.labels" . | nindent 8 }}
app.kubernetes.io/component: minio
spec:
{{- if or .Values.imagePullSecrets .Values.minio.image.pullSecrets }}
imagePullSecrets:
{{- with .Values.imagePullSecrets }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.minio.image.pullSecrets }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: minio
image: {{ .Values.minio.image.repository }}:{{ .Values.minio.image.tag }}
{{- with .Values.minio.image.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
envFrom:
- secretRef:
name: {{ include "ragflow.fullname" . }}-env-config
args:
- server
- "--console-address=:9001"
- "/data"
ports:
- containerPort: 9000
name: s3
- containerPort: 9001
name: console
{{- with .Values.minio.deployment.resources }}
resources:
{{- . | toYaml | nindent 10 }}
{{- end }}
volumeMounts:
- mountPath: /data
name: minio-data
volumes:
- name: minio-data
persistentVolumeClaim:
claimName: {{ include "ragflow.fullname" . }}-minio
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "ragflow.fullname" . }}-minio
labels:
{{- include "ragflow.labels" . | nindent 4 }}
app.kubernetes.io/component: minio
spec:
selector:
{{- include "ragflow.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: minio
ports:
- name: s3
protocol: TCP
port: 9000
targetPort: s3
- name: console
protocol: TCP
port: 9001
targetPort: console
type: {{ .Values.minio.service.type }}

9
helm/templates/mysql-config.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mysql-init-script
data:
init.sql: |-
CREATE DATABASE IF NOT EXISTS rag_flow;
USE rag_flow;

110
helm/templates/mysql.yaml Normal file
View File

@@ -0,0 +1,110 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "ragflow.fullname" . }}-mysql
annotations:
"helm.sh/resource-policy": keep
labels:
{{- include "ragflow.labels" . | nindent 4 }}
app.kubernetes.io/component: mysql
spec:
{{- with .Values.mysql.storage.className }}
storageClassName: {{ . }}
{{- end }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.mysql.storage.capacity }}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "ragflow.fullname" . }}-mysql
labels:
{{- include "ragflow.labels" . | nindent 4 }}
app.kubernetes.io/component: mysql
spec:
replicas: 1
selector:
matchLabels:
{{- include "ragflow.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: mysql
{{- with .Values.mysql.deployment.strategy }}
strategy:
{{- . | toYaml | nindent 4 }}
{{- end }}
template:
metadata:
labels:
{{- include "ragflow.labels" . | nindent 8 }}
app.kubernetes.io/component: mysql
annotations:
checksum/config-mysql: {{ include (print $.Template.BasePath "/mysql-config.yaml") . | sha256sum }}
checksum/config-env: {{ include (print $.Template.BasePath "/env.yaml") . | sha256sum }}
spec:
{{- if or .Values.imagePullSecrets .Values.mysql.image.pullSecrets }}
imagePullSecrets:
{{- with .Values.imagePullSecrets }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.mysql.image.pullSecrets }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: mysql
image: {{ .Values.mysql.image.repository }}:{{ .Values.mysql.image.tag }}
{{- with .Values.mysql.image.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
envFrom:
- secretRef:
name: {{ include "ragflow.fullname" . }}-env-config
args:
- --max_connections=1000
- --character-set-server=utf8mb4
- --collation-server=utf8mb4_general_ci
- --default-authentication-plugin=mysql_native_password
- --tls_version=TLSv1.2,TLSv1.3
- --init-file=/data/application/init.sql
- --disable-log-bin
ports:
- containerPort: 3306
name: mysql
{{- with .Values.mysql.deployment.resources }}
resources:
{{- . | toYaml | nindent 10 }}
{{- end }}
volumeMounts:
- mountPath: /var/lib/mysql
name: mysql-data
- mountPath: /data/application/init.sql
subPath: init.sql
readOnly: true
name: init-script-volume
volumes:
- name: mysql-data
persistentVolumeClaim:
claimName: {{ include "ragflow.fullname" . }}-mysql
- name: init-script-volume
configMap:
name: mysql-init-script
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "ragflow.fullname" . }}-mysql
labels:
{{- include "ragflow.labels" . | nindent 4 }}
app.kubernetes.io/component: mysql
spec:
selector:
{{- include "ragflow.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: mysql
ports:
- protocol: TCP
port: 3306
targetPort: mysql
type: {{ .Values.mysql.service.type }}

18
helm/templates/opensearch-config.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if eq .Values.env.DOC_ENGINE "opensearch" -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "ragflow.fullname" . }}-opensearch-config
data:
node.name: opensearch01
bootstrap.memory_lock: "false"
discovery.type: single-node
plugins.security.disabled: "false"
plugins.security.ssl.http.enabled: "false"
plugins.security.ssl.transport.enabled: "true"
cluster.routing.allocation.disk.watermark.low: 5gb
cluster.routing.allocation.disk.watermark.high: 3gb
cluster.routing.allocation.disk.watermark.flood_stage: 2gb
TZ: {{ .Values.env.TIMEZONE }}
http.port: "9201"
{{- end -}}

135
helm/templates/opensearch.yaml Normal file
View File

@@ -0,0 +1,135 @@
{{- if eq .Values.env.DOC_ENGINE "opensearch" -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "ragflow.fullname" . }}-opensearch-data
annotations:
"helm.sh/resource-policy": keep
labels:
{{- include "ragflow.labels" . | nindent 4 }}
app.kubernetes.io/component: opensearch
spec:
{{- with .Values.opensearch.storage.className }}
storageClassName: {{ . }}
{{- end }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.opensearch.storage.capacity }}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "ragflow.fullname" . }}-opensearch
labels:
{{- include "ragflow.labels" . | nindent 4 }}
app.kubernetes.io/component: opensearch
spec:
replicas: 1
selector:
matchLabels:
{{- include "ragflow.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: opensearch
{{- with .Values.opensearch.deployment.strategy }}
strategy:
{{- . | toYaml | nindent 4 }}
{{- end }}
template:
metadata:
labels:
{{- include "ragflow.labels" . | nindent 8 }}
app.kubernetes.io/component: opensearch
annotations:
checksum/config-opensearch: {{ include (print $.Template.BasePath "/opensearch-config.yaml") . | sha256sum }}
checksum/config-env: {{ include (print $.Template.BasePath "/env.yaml") . | sha256sum }}
spec:
{{- if or .Values.imagePullSecrets .Values.opensearch.image.pullSecrets }}
imagePullSecrets:
{{- with .Values.imagePullSecrets }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.opensearch.image.pullSecrets }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
initContainers:
- name: fix-data-volume-permissions
image: {{ .Values.opensearch.initContainers.alpine.repository }}:{{ .Values.opensearch.initContainers.alpine.tag }}
{{- with .Values.opensearch.initContainers.alpine.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
command:
- sh
- -c
- "chown -R 1000:0 /usr/share/opensearch/data"
volumeMounts:
- mountPath: /usr/share/opensearch/data
name: opensearch-data
- name: sysctl
image: {{ .Values.opensearch.initContainers.busybox.repository }}:{{ .Values.opensearch.initContainers.busybox.tag }}
{{- with .Values.opensearch.initContainers.busybox.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
securityContext:
privileged: true
runAsUser: 0
command: ["sysctl", "-w", "vm.max_map_count=262144"]
containers:
- name: opensearch
image: {{ .Values.opensearch.image.repository }}:{{ .Values.opensearch.image.tag }}
{{- with .Values.opensearch.image.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
envFrom:
- secretRef:
name: {{ include "ragflow.fullname" . }}-env-config
- configMapRef:
name: {{ include "ragflow.fullname" . }}-opensearch-config
ports:
- containerPort: 9201
name: http
volumeMounts:
- mountPath: /usr/share/opensearch/data
name: opensearch-data
{{- with .Values.opensearch.deployment.resources }}
resources:
{{- . | toYaml | nindent 10 }}
{{- end }}
securityContext:
capabilities:
add:
- "IPC_LOCK"
runAsUser: 1000
allowPrivilegeEscalation: false
livenessProbe:
exec:
command:
- sh
- -c
- curl -u admin:$OPENSEARCH_PASSWORD localhost:9201
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
volumes:
- name: opensearch-data
persistentVolumeClaim:
claimName: {{ include "ragflow.fullname" . }}-opensearch-data
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "ragflow.fullname" . }}-opensearch
labels:
{{- include "ragflow.labels" . | nindent 4 }}
app.kubernetes.io/component: opensearch
spec:
selector:
{{- include "ragflow.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: opensearch
ports:
- protocol: TCP
port: 9201
targetPort: http
type: {{ .Values.opensearch.service.type }}
{{- end -}}

119
helm/templates/ragflow.yaml Normal file
View File

@@ -0,0 +1,119 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "ragflow.fullname" . }}
labels:
{{- include "ragflow.labels" . | nindent 4 }}
app.kubernetes.io/component: ragflow
spec:
replicas: 1
selector:
matchLabels:
{{- include "ragflow.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: ragflow
{{- with .Values.ragflow.deployment.strategy }}
strategy:
{{- . | toYaml | nindent 4 }}
{{- end }}
template:
metadata:
labels:
{{- include "ragflow.labels" . | nindent 8 }}
app.kubernetes.io/component: ragflow
annotations:
checksum/config-env: {{ include (print $.Template.BasePath "/env.yaml") . | sha256sum }}
checksum/config-ragflow: {{ include (print $.Template.BasePath "/ragflow_config.yaml") . | sha256sum }}
spec:
{{- if or .Values.imagePullSecrets .Values.ragflow.image.pullSecrets }}
imagePullSecrets:
{{- with .Values.imagePullSecrets }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ragflow.image.pullSecrets }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: ragflow
image: {{ .Values.ragflow.image.repository }}:{{ .Values.ragflow.image.tag }}
{{- with .Values.ragflow.image.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
ports:
- containerPort: 80
name: http
- containerPort: 9380
name: http-api
volumeMounts:
- mountPath: /etc/nginx/conf.d/ragflow.conf
subPath: ragflow.conf
name: nginx-config-volume
- mountPath: /etc/nginx/proxy.conf
subPath: proxy.conf
name: nginx-config-volume
- mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
name: nginx-config-volume
{{- with .Values.ragflow.service_conf }}
- mountPath: /ragflow/conf/local.service_conf.yaml
subPath: local.service_conf.yaml
name: service-conf-volume
{{- end }}
{{- with .Values.ragflow.llm_factories }}
- mountPath: /ragflow/conf/llm_factories.json
subPath: llm_factories.json
name: service-conf-volume
{{- end }}
envFrom:
- secretRef:
name: {{ include "ragflow.fullname" . }}-env-config
{{- with .Values.ragflow.deployment.resources }}
resources:
{{- . | toYaml | nindent 10 }}
{{- end }}
volumes:
- name: nginx-config-volume
configMap:
name: nginx-config
- name: service-conf-volume
configMap:
name: ragflow-service-config
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "ragflow.fullname" . }}
labels:
{{- include "ragflow.labels" . | nindent 4 }}
app.kubernetes.io/component: ragflow
spec:
selector:
{{- include "ragflow.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: ragflow
ports:
- protocol: TCP
port: 80
targetPort: http
name: http
type: {{ .Values.ragflow.service.type }}
---
{{- if .Values.ragflow.api.service.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ .Release.Name }}-api
labels:
{{- include "ragflow.labels" . | nindent 4 }}
app.kubernetes.io/component: ragflow
spec:
selector:
{{- include "ragflow.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: ragflow
ports:
- protocol: TCP
port: 80
targetPort: http-api
name: http-api
type: {{ .Values.ragflow.api.service.type }}
{{- end }}

89
helm/templates/ragflow_config.yaml Normal file
View File

@@ -0,0 +1,89 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ragflow-service-config
data:
{{- with .Values.ragflow.service_conf }}
local.service_conf.yaml: |
{{- . | toYaml | nindent 4 }}
{{- end }}
{{- with .Values.ragflow.llm_factories }}
llm_factories.json: |
{{- . | toPrettyJson | nindent 4 }}
{{- end }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
data:
ragflow.conf: |
server {
listen 80;
server_name _;
root /ragflow/web/dist;
gzip on;
gzip_min_length 1k;
gzip_comp_level 9;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
location ~ ^/(v1|api) {
proxy_pass http://localhost:9380;
include proxy.conf;
}
location / {
index index.html;
try_files $uri $uri/ /index.html;
}
# Cache-Control: max-age~@~AExpires
location ~ ^/static/(css|js|media)/ {
expires 10y;
access_log off;
}
}
proxy.conf: |
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
nginx.conf: |
user root;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
client_max_body_size 128M;
include /etc/nginx/conf.d/ragflow.conf;
}

133
helm/templates/redis.yaml Normal file
View File

@@ -0,0 +1,133 @@
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "ragflow.fullname" . }}-redis
annotations:
"helm.sh/resource-policy": keep
labels:
{{- include "ragflow.labels" . | nindent 4 }}
app.kubernetes.io/component: redis
spec:
ports:
- port: 6379
name: redis
protocol: TCP
clusterIP: None # Headless service for StatefulSet
selector:
{{- include "ragflow.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: redis
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "ragflow.fullname" . }}-redis
labels:
{{- include "ragflow.labels" . | nindent 4 }}
app.kubernetes.io/component: redis
spec:
serviceName: {{ include "ragflow.fullname" . }}-redis
replicas: 1
selector:
matchLabels:
{{- include "ragflow.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: redis
template:
metadata:
labels:
{{- include "ragflow.labels" . | nindent 8 }}
app.kubernetes.io/component: redis
annotations:
checksum/config-env: {{ include (print $.Template.BasePath "/env.yaml") . | sha256sum }}
spec:
{{- if or .Values.imagePullSecrets .Values.redis.image.pullSecrets }}
imagePullSecrets:
{{- with .Values.imagePullSecrets }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.redis.image.pullSecrets }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
terminationGracePeriodSeconds: 60
containers:
- name: redis
image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}
{{- with .Values.redis.image.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
command:
- "sh"
- "-c"
- "exec redis-server --requirepass ${REDIS_PASSWORD} --maxmemory 128mb --maxmemory-policy allkeys-lru"
envFrom:
- secretRef:
name: {{ include "ragflow.fullname" . }}-env-config
ports:
- containerPort: 6379
name: redis
{{- if .Values.redis.persistence.enabled }}
volumeMounts:
- name: redis-data
mountPath: /data
{{- end }}
{{- with .Values.redis.deployment.resources }}
resources:
{{- . | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.redis.persistence.enabled }}
{{- with .Values.redis.persistence.retentionPolicy }}
persistentVolumeClaimRetentionPolicy:
{{- with .whenDeleted }}
whenDeleted: {{ . }}
{{- end }}
{{- with .whenScaled }}
whenScaled: {{ . }}
{{- end }}
{{- end }}
volumeClaimTemplates:
- metadata:
name: redis-data
labels:
{{- include "ragflow.selectorLabels" . | nindent 10 }}
app.kubernetes.io/component: redis
spec:
accessModes:
- ReadWriteOnce
{{- with .Values.redis.storage.className }}
storageClassName: {{ . }}
{{- end }}
resources:
requests:
storage: {{ .Values.redis.storage.capacity }}
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "ragflow.fullname" . }}-redis-svc
labels:
{{- include "ragflow.labels" . | nindent 4 }}
app.kubernetes.io/component: redis
spec:
ports:
- port: 6379
targetPort: redis
protocol: TCP
selector:
{{- include "ragflow.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: redis
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "ragflow.fullname" . }}-redis-pdb
labels:
{{- include "ragflow.labels" . | nindent 4 }}
app.kubernetes.io/component: redis
spec:
minAvailable: 1
selector:
matchLabels:
{{- include "ragflow.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: redis

17
helm/templates/tests/test-connection.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "ragflow.fullname" . }}-test-connection"
labels:
{{- include "ragflow.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command:
- 'wget'
args:
- {{ printf "%s.%s.svc" (include "ragflow.fullname" .) .Release.Namespace }}
restartPolicy: Never