From 610882c57de1698cd14c4faaa11f88d1b3942dee Mon Sep 17 00:00:00 2001
From: thaoduc <thaoduc@vegasatr.vn>
Date: Wed, 8 Oct 2025 23:29:36 +0700
Subject: [PATCH] asd

---
 label-studio/.helmignore                      |  23 +
 label-studio/Chart.yaml                       |  24 +
 label-studio/label-studio-1.1.tgz             | Bin 0 -> 8204 bytes
 label-studio/templates/NOTES.txt              |  35 +
 label-studio/templates/_helpers.tpl           |  62 ++
 label-studio/templates/deployment.yaml        |  78 ++
 label-studio/templates/hpa.yaml               |  32 +
 label-studio/templates/httproute.yaml         |  38 +
 label-studio/templates/ingress.yaml           |  43 +
 label-studio/templates/service.yaml           |  15 +
 label-studio/templates/serviceaccount.yaml    |  13 +
 .../templates/tests/test-connection.yaml      |  15 +
 label-studio/values.yaml                      | 774 ++++++++++++++++++
 13 files changed, 1152 insertions(+)
 create mode 100644 label-studio/.helmignore
 create mode 100644 label-studio/Chart.yaml
 create mode 100644 label-studio/label-studio-1.1.tgz
 create mode 100644 label-studio/templates/NOTES.txt
 create mode 100644 label-studio/templates/_helpers.tpl
 create mode 100644 label-studio/templates/deployment.yaml
 create mode 100644 label-studio/templates/hpa.yaml
 create mode 100644 label-studio/templates/httproute.yaml
 create mode 100644 label-studio/templates/ingress.yaml
 create mode 100644 label-studio/templates/service.yaml
 create mode 100644 label-studio/templates/serviceaccount.yaml
 create mode 100644 label-studio/templates/tests/test-connection.yaml
 create mode 100644 label-studio/values.yaml

diff --git a/label-studio/.helmignore b/label-studio/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/label-studio/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/label-studio/Chart.yaml b/label-studio/Chart.yaml
new file mode 100644
index 0000000..6b14e97
--- /dev/null
+++ b/label-studio/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: label-studio
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 1.1
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
diff --git a/label-studio/label-studio-1.1.tgz b/label-studio/label-studio-1.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..4ce6f9f8a04b93d7115d8631b976346b0196bcb9
GIT binary patch
literal 8204
zcmV+nAoJfJiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKBhciT48U_a|u%*uH;N!OwzU$Z*f_dKrSwtnh3TFXgKPft$@
zk&uL%1Q-C6t-9Xdz6UoFyy%j|b=o}Uhr}X)nZW><8wOyE#yIW>nMH(kk7tO>V1bhO
ztNVO<y<YENZ%_Z<>-DPt_xgv2U-kEUhyDG2Z-4Lbt6qP1|KRW|=-n$7OP)+f#J}o&
zGOlXp{vi)a$y>|?VRQiVofb;d{AWMt9|XNtghj|nD)qY~_yNZWgleL|gmL&W8)Htf
z#G*w}f(PJFsFqx$cmOC(V-g|-p*45V+x?*5Zhh|V|HnV2^*={(hQ+-LfYs}Ne|P7g
zS6Tmiy`6){_5Tph7QDn0l*JOv;Oj+wrX~f9^rQ${TW~oe0*C+vKOen1>r5C=kd!!r
z35l_)@DhhH;uz+L6Eu#o0LfsCAw@#q2ndx77A)f+agxSJViB}j)0mA>JZJ%I!D)h~
z7}6|`LEw;MsQ_dGYjQZA5+V5lP$p-XN-IkO-SQ}wm{TOl9LI}og#|)HL8Le&lLg2b
zHa!C*08v1kqXn=D2+0YZ3I&8H<ijkEM;f&lz%ReH+<QeI<RlCrV&N6$0b%xi$^?;2
zmCP{W65qsVEV?Brs4A+i4OvXW#Q;tx=S&Vc7MMz1DA9BP?Y6?1PLCO#kf}jCV?ruX
zxpNrwf}RqX8W!Vn0Q-BpJNjodKG%}Bt&y54nZUgMRt?8B<B<UlmeqbeOL8Zjc3kCl
zsq&9_v9_)dvBQu~M<Ra3BCPx8y&L(cOC=YK$z#mr$ir8vu(I$+yeOCHNpgWBA|PgF
z;%w_#g>O)j#u&IN8+5zB3|udM{g<j4Yvv#99{%rcUjrFssp342fYEpXgu>bAqy+}R
z2BWqy^EJTD`QKFC8v<Qy*>-{73y)*2sBtjzc1X1pO&s?@e@9}xs?LviQLoYhz&Dbk
z6FMiH(F9ZZ7I86v+q;IMe0ko&on9--mJkxt(5_NUmGFrMAbEz(%F+hNoW)s!VGG3W
zHlRN;j<;bN3SA@g1`a^%y1xKW7-AvHy(tevyI%L?h6qXM)X=&~ouvp?fLc<g3Q9>W
zZEF>;##wk(0XAWAgn8*z#^aNllyJRVMmSWH=EcEYuUAyTG)ftv@(qtmP1*Q&9Lgc$
zD8UlvW2qi93<ZO?w%~LE5uOl=qiqn9aWuupF%rVe#sA~K`tM3RVU$F>({5_oZg0c&
zjD$0Yh%hQCT2Pdb5K_+OL>ZxkPAf1oYN>%|N^wL+H9iN%9XguD@itIaL#Z_m5aB~q
z10}a1oG~T{oq`9mpaSy%;Mp|Y0Y>5Ir;+Lnq7mXs&Xl2j|KrKFssjHLUZ<FjBnq#d
zdsT}0;SpD!IOGpJfPU|LQkj-YMvG!-06K7iQS=ih62GP)E~-<?q@EZ4(5l61X5w*-
zNK%=Ff@M6!PW|OYdL<63L?4AA%V<>^Rf}t@rq+1X@>x@PHSje{b9LP+=#Wu~2+g(i
zr!C8A=#62@nOcgcFUwM>aK?@~j+8ltV)5_M>+=n(t&(sXHmWk=lZ8?XV1kj%IQ}k1
zQ>!7A&Q>Z1lw+z)J_KThm4&JOS+$yDh9W>wL=;FA=jJKkLhE=&?S!+$Se?!y&IF!h
zF<j3ug-oyUw`z5pO6?AG=jvzI$ZOFx%0_hw)A=b?!!y!rBeyxXw%}i>5}t~gL6}58
zag?T*!%;zH$dUxnNE_KaqmXjKxcZ@78O3EdO49(|7}{*5YXe8X7*80-rf!xxU<Ne~
zv?kozf&%jZ+7w@N9FwqvqJ&Tdu9I>$<tS;ltlTNpw^moqd||jBW<s(AMx!&}j7bQU
zT@k?L3@byQ#8?m1HHl;8J1Af@!jbBL6E1$coW(LpyUF5R$XNVNmA_NviZFxE+Ajn6
z1%7R{P?{Q#<4qc=ffkY@iKh$b7^{wB6vqoUlgF{~Kq8#RY@ud@fNLUWaPiY?7`_#N
zq(tEiN5+YnD1Sh;6Yvf6x0Sz<88pfznPLfTA+zwRy{)_vr43S!=Y(YfQWgQn2_m!r
zs(LPGSi>H^Rp27ss7+|d5<;hK-Auuzc#gRl(*TZVh)$ip$vdcY<%ODuNaD8UvIZ<M
zPY6{s>e_@(<1$&>AQTx$>IxKJZ-c|1qc;>=dSUps1s=;rmV$w2kzKGjCUj~Bp;fAW
zR8lZ{9cv@oFm?caRb5HT*K^D{$z6-@vN)#o*V<IhA*C!j^Ip^z9O6>}4nnT0b0H17
z{8@d~+o`QRM)BM&3RT<mx>K>)vuiOWdYL%wD4e7DKEp!#x^-&{PK>YOWcwB*IMF_5
z`=Hl*McVoMFwF+g-r4UZ=3Pt@;sL9I+JXYoUatVP1s2ktrjbx0j~x#joh7mx32!3Z
zCw}+E-Yeq0*C-Y3_FaYe^#J$#J9U8jy<Va^p_asrX;qAi9vNL?I=;diS>=!1eH2gp
zS4(*E@k}W|_P?*e>-TyVU`*ziVj+f{jq~PpKMFvG>4<4HT^JZT4)LP*V&A?}^Ms)I
zC61Bu!WoU!dhI#?9CN~=`g=(d%rco5?ArGeMB<F&%NfUF#^R_b5t+7Gy^_8i02Gmp
zdNY$U{l3%}BxeKY>Z$N<hEXhM_tek*5AJ4vMK`s~ZknYgJ{J=qm9o_}mRK>$P{0xh
z&6NvEQ%?W~%e``IRsHzp+mnm)lgpFQyV1$T+tcHdcR#!yT@K(X-wg<?><q*_Y$n>S
zp1+pvQpi9xdG+(?|DL@Y9*ssny}o#9Oo4JNCRvF0@jLUTRIII57iKYiqAbEA9OF<j
zZZ(az7nEK^LXfE@LdTnI#1yICCRr>=CnglzFr;!Ye?EG31_?@yVZ-rcpl7KVbh{o~
z3F}5I)Rtt3)7+%Yj8)t<NINNuI*PXLmikv%3N>I)Qk3a;yclDNf-*+L!`T2(5*_R*
zLFzYhYE-h6#caA5rD_o#Gpg(kLUX$dAfh7o0FUELNX)+@Tu2iI(ra{t`J9CKjL<7F
zfC-9)whhD#aXjQqEe174B1Iwg%26g+qP#8J-uhmb><Ux6>TTE6<hptxd?!{-tFrl`
zW>v}}Q5gEl#KA<)Fjt1D9w^4^(Qt2Aog)#s0Zve=;jxLqQ6V5r<3$60RJDaF{jgK6
z)CE6y4<}S&o^m3vnN~y2=E|}``E*kh6`=ApRI!rKWTJ%L!lUAn#n{X`7-6Zbb2Il#
z>~r`m_f}7R8P1&5>H*ggdku_GKrm#{D8*r*=bWolxKGOK(T1}L<T%5utQnLX(FC`e
zbw*udRP=?_79~C5v_#M80TIry5-2}hUJk8Q^^>v~k@C#PSPOo!?d_l%*GKY2O($sO
zk-KhFGFN=c($*^du?6Q@GR9nQb{M4tXd*G!3@%LC84|{Ez>z~>=rdYQViVG8)OiOz
zi|Pk<4QwJYg=d61bkEf|q?oG}V!a(UHvDYVkz4SJP?BVcqE6s2lVpya7PMPaIT*Xc
zq-v4~bG6b;MP-?re$J5QlVXte(3Tqx%XwvDh#pow5G>Q$rmoccr8#KkkydY>l~we^
ztda&3tRawHHNPs;?V;w@?t{&({yojD9L_&}a_wtnXmp(KOj~VwYNU*t7^VW^Q!IyN
z16I{AwvGj6oT9qlt*{9}7(L3xfBT$K+-@qfJ77*h5IW^ph{}96I@@sNyHffH{P#D|
z5Be|k4z8H7ERIT>xE5YVO)k#j7<21-tHKGvapbDxA$f~ugz*wfY8<m^cc-`0>-P4#
zy`3&eQqJaB$9X!Eb>s|p9A1=?4xya_Ku1yA-Lf<iI@Q%fg}lQi9YkGIO-AT%O)Tek
z;mTRgZEZoBW*LhP3N;)h91JYG<LI3CpIHV8S^&jH4(YuMWynYdPrF|~RhpFX2y?f~
zt_yWw>*(xT$44kwEzE?pYOkPF*&*tshMaPoV(Ow+nkFb&r$J-b^qTQ2HI5p6!4w!H
zB}MHFwFGF>WT+5oh3{y()XU&hu}zJg2@vaXA>mTCc3gM9c5eX2D7?Zn8WeBx1!otG
zi1mIe$DwSfWENT`aHr^qS%<MTgqKkRostux6RbLRi@GCY;UQCu6(tg(qk~sA0U^-4
z*RDJdZjr!_YoNLKgMtD_E+fKlzlbp_Born1nUS<w7|yjM)HS^o2^@#YA+q>v2-*Cd
zBl5`YfJqe76lV#d%40!snd<s%E5_ddbZ&)CV9^SMQD<F?k{_VPBXVKzCDw5vSZyO0
zAG6a)DbN|#Hmqb|f~bI88$hO!S?RjaQ{BpmC^jKH`dl-+3IkjFbOMw~y=W1Q95S_f
zd4{(E8Bj#P6jNpY;>eeTHVT@1AQ~w31<x`^$Z5a|_oAG=L4!BsB+f_rM3y5KN|S5m
zdq!o-f(9{aeUl?Sr&aSPvM~j-`7E4&^Va-yi?Xqa_9+ECqpCM?yf70<&wn4r^D@j=
zx>Yeh*ZcAkiL1hq$J%?(ZK$rYRXC9g{R-d6?v}t(>zZnbVtWUv=C!zXstqDt``A<t
ztWJg#W2B}m0#^lW9T&&0w_awZPQ>?|WvPxZ_CHVe^QI*x<Zsuop|D*WnXwie&*+gj
zXY_(G2}g5AA|-aHn(j!L?W;FpQ`%4*v+E%za}whzJ`o{`jcz<Pnz;~4+U^gv(nb`f
zh)_t3wQU;<kTXPqNC7G0m`c|m-@sc!#Iljr9aUYiW1YXVo%gCP>xLJ?+1i4OZ;y`4
z_JSjgk5M?N=ri>$u%fXpqcyBN9Pi9YrNnfL$k!=OUVEl#Y3XQ8Jd3e_V-rj;(6b^Y
z*`)h)c}eY|l<37#(cRF=1+#fm*+%f{S%)!yH^+QjuQkQ8`YI+u`h7OU*_er4KEqty
zenETC*6Twt(3%gHay*hOg&AX4aE;W`uymb`lzJ7CrKzzTlm-+tw`BB2wB6b<NY0s>
zK}jYgnCOy8F1W_rCZFoX=eAl2qu+BB;-T-T=DVyVvJ7Hu(KsJnHMVXp;G2|iUBNc2
zc+vYNchMp_8)-qW90NUc#qO^Ls;q}a3szG)fZd*D?om`qpHOx}AxMN%+ec{%FY_=x
z<oapj7`Ji}Vum8oRV$#Y&=g``bgT2Gv|TCe%iQi<u#9)~Ms0^0C($evlkMvjmrI6T
z0`F0LjTRy=x6^k3zdRMQr`zzf6RLl4IAhSB;W%c>$%&)((_h_Gt&r#$3m?l;8&VMO
zV@Sx<6QF+?n^Pv_D~Iaz@6Yp9^m+p@WD&e1f@k{33w)bJQ!E=4(}s495>#GZlyB!m
z<GP&|jh$9A21(bZFPg}A6Je@$PE!R`Lg>*Pkyt};@h>9@yD8?Oa+assEm0$G<d0RB
zCK*Ksv7^j{xEkQ2n>Q2{7|_io7!tHlVlqJyhOB5FxT6SqmjBlO4afw>OwQo9rvCh<
zy`$fnN%;*B$AFVmE`oggqw!#g#`odoeo`5tQ7Nr_ZT*{RXtl_eiEHUoQc8l0;z&X!
z?5>-hph+NRT~(t!P?EbtsE{a*x7FWSI^`(B4V63Bm`rD~J%F}O`m2>kIL1=h&}!AR
z2UcZtbeWqf+xnLdSK`R#E-9jq_>>*LEC@!iU_RA|PgxiR>c5n;-_=C79T;*vTF`KH
zy&7%bYTABa?CQ9f#5I48zgKd}<eikw(2vUls-^+mwbo}V*|e!OiAr`WQrWkJPM1bL
zZMg|r72s6!_ZiNd-8UoCS&>LmWIvfVI)w$EwpFe6)4W<G0cA-FN-c*(k%Xhysp(8!
zFCp~8U_RC{5$F{~=%!q>@1;xV+^$n9F`uK@FA5opBX&)VJ(2Gp8JdJV!*r^QP#dz3
z+4Xt`#O(S@?Y~W-sPka2!UJ3JOXWkzi6kM4*G~pl^ULH!aaM1F;&_b0E1L`hAre?=
zOD#V-!iK&*4_IkK8&uph=P*wU+}S_yQViGT7&ay>df@u|rIbYnuWydO-Gh$)D>9^<
z68cA`No`2{W3JR=uGEL-O661Qb0$nxiTIeTDIZSJk0NkbPMA`)Jt$4Ye0m~Powxt+
zY^p+*+pRr&8HC;ad6)#29gFQTIqJdlS9b3?IjTCJ+BPAt{WziiQzq1hCjjJ9wR+LT
zV>ZASmkj`q=>YX~0Ji`ha{?Z70v>Y$K0GHNUq4@bV!#)a2as=o`%cw;Y=dtB{8AVW
z@S4VpUt2hTv1E%#Yfh6H!12WH>muJcb+=&6kktDzGc-3%?QAtAc7Y0WxmJM|ViIC%
zjELgxnRz)_Vuvijt}HimSiJ$h0%F10HZBRmMka+qKwTihKwM&VDI>=2g4sL6j7}Hz
z+ldVESJ>pOT2voHzlXrytYiw>tyao}oN_GQ$Mu~jfY3x`Ua|xcI&eSpBv!=38Id@Y
z8OH;Ap-aptuHGtE+#WV2lA=UOLliE$1#)BfqUiwoyFvd&&@(|CyET*v%&B*UlsR5r
zxp1nXEJ6~Ek!WaV45Oi%`8vJdiV=_MRdh4a(RXaL01_-Y2|uj4>vjj<=&QDrPAsm8
z(<7zzkb|VP$f@>TIM#Q_2^YjN*LpQAzmFff1gV<7_G^m5`QuYVzR~Dw+O-oxC80R}
zARe0Qz+BT7=xB2&KMaU%qi9%&4{iL3lfZPqn*sMWB|ma1g~W~D%Bj-|XE?knE`k$R
zBt4<?xB6bi+^z{ZqrWf79r&G%-9AeFnx##*x?3L4YZ$E0^omhp!`O}Sl%`9bN*m~!
zRxQVKnLJ~ZaTo0@K#_dY%hnSiM=8EEu6(hPqlv!28VjM*;(!NlcqfXGx_0sObs8sj
z#w_hsWx}`{9ozYpj_roY)RrV+^qSFWS7XU1rmJi&Z=Cmo-5|e*$-nKfZ8DeqqT-%O
z;}ov5w43iRSZ6}JzMx21CCdK(j>K3jgv3duPQ`9-HCUUaZ9-UeH;H}hHet_g6M99(
z?InA~PGG)`SOBkrS^=rQ^Wv4cP-Wen7JkQ<Tm#YWc5EndQCvS|&egT`B(O`&6*fle
zcHDq(c<qJT6aKJkFIuqv-iwWTT<Ox^wZEVHzT7YEDc%2^-_F}Te|>o}3gnHv4;*Xm
zf8XERIjG$KyuWj}`*{EJLp=QezQ@wtJK?fa;mySvj2C&BO6n`xoUcD<-QIS9Odv3}
zO`wFz1<NGPBWHJa%j>wKg+kTRf=X*tI2sOhe#H6FtCMeTZ&$Yb6DEWU>G0rK;8oC`
zJhKL^zJ#sQDIC(<+h+z+9h-@XUEqm$9uy7!%x?t?E^v&Iz(Kyx4tIAjMG{}5Mfdg=
zHioR)br}3E7**o<oAzxWQXB@czTFmc@k{U5yz_VM=Pdx;Yw9x^(Wn8HiAF7@L>E5~
z^loucZ^P=(14V6M;uwzmIsyAF5kzWTGw61o_(M^!<>QdJ6U#c_;mug9`jy-oz|X4i
zhs(>M1_+Tpmn?vpIDzA8Ij{(9Vu0EK)cjnO0cpxi%;0inf9l|>J@lc|S&*D<D|2?n
zqHUOA6k)Dmz0WXTK$>5SYvBBBb8WTnpviOi%hc&@hNu68S-e0={Ipe>pL&6M(jY&I
zT$UFc(J6)}`sn!Jn_6vs^4ZL^qIO^opzF7axZ7KW=t;G$j8z?Rduz!WbXDgxDh(Iz
z?v%_?zzPh059*!Cqi^kV7U{F!?VM!mXa#bS+O=Wj()sI`C+~)@FD_RKr6t4CBqS76
zEg+~R;;x;anpcnr4dX1r<qHS{w=>v=0PgOdSLiz(R;bgdQ6EJkkvP%h35jGT0u)7D
zZ!oKO_J<K^T68#>VaXUg$@#T}^=Ax4-=Y}N5c5^+&xOOOIe;M16$S(od<_Yqne=wN
zeUNZEw0qyhIfdLr_SWyUl2&>v#q`tHo-3B^5*~_q2%YOqNAGDddM?kfHh>!9Ca5>W
z37t-US#JCGwtahRm*X=+BYXpHxMPo(ZY@IZxn6C7UUFt(weK1xLD8FmXAiis)g4~C
zB=bvAHdvFx*Dv2S*a`Z?%4TyuhBivmN-Cgg_{~y&7QEc9H`Q@)8tUdHl!{eLmso-&
zijYJ>VJFxg9=|@nJUTr;xo8qSDT_Ai<`c)LMnO~@6;rh2Vkv)ZWK%xKWg{W~Si;~%
z??rF9me0ePn^CN&=u8;DMm+M!S2zYw%1rU4{O7jHAMRP=|Gk^xI8{c9Oh5foKx_QJ
z-M#(l_kRxh`;XuMdXVS#w)=JK<R*1@OZyvw`VyL;^>x<@S(^mfB*r>L6=PMJPswSC
z<;1TasfIs6@{ERXu&e(h$tasl$PKhR?TW?K(j*?cBrAtO@6p2h48>$ZaHOvtR2YKR
zPuRfL^`*j~IwD|<L!^X?U`c7SP<L71AZ5-;=s={qeVYh)Ha0g<y*wYOx=N!fdG|bM
z=?lNL)G<JE?PI==W-_y6exte07t%@Xig-)yYVH<Fw^MhiCzbHOW8Bj6O_**yY4!IL
z-GRY3n~!QiW6lZ#q^iRVou!u_NL<PZl@n<Hm+1VLXjfnvq?^yN=08g_&l^&;R&46B
z8csc|c8-`@dI;AIt*%;(YqdW<tIgl`!+h|kJ^-Z@T>F2uq5ZD?;fskS38QvLXAPOA
zlA+U`G}WXJmYa&UYk@(&q>|giIkN}?KWJone3XBUP?goKr2J!oO8?iI{0Z+fCUJ!W
zbtnm<Xo{oGcrhp$5_WI5k%N_kENggJ?P{ly4zrKHfxXz!*4c}LnklquPFDqfb0+HA
z&iQGW=gWjuC0o;`X;sw5v$d|r^JM_3-&apgIMDea$&CQiWWndw(|^^o#QyV6ihcUm
zAlKM`d;5F)Rr~L-_h|n;$m4(i6{V@@&ikz^LZg9qy-3UXm4lW`9^WuZP@KEhF%vBk
z8k@zr68IA+p%JDM_7nhRX$@>Nj+j(<w|>2|_I@1EKOgKx4Y+qUw-(^@G73yK0+QkE
z%%gl2?R7;~^x?ojcMEIaavgGZI?y`4>u60`<XtY1$FE9h8F>&&wU+E>l*A>>FN$WR
zjsld&<ip3sgWOEJVMMjoY8q=)x`A&*QvG6Q0jKsY&rjh~UA3*4`AvE-C<CuDs*>#C
zBW}zB`KV5WrCWK-(<zp*Z)kd>(Lk_RM(s+9S5V#GsbegW4#gEgZEq>-S3!}a19x|W
zTCqe^f0v`dplnyM_}2~9;1wx7W%_iStK413-I<hWslXcyb5rb!sAjoc%9&&#iwAId
zJX|$M<->F(IE`sBpFTh}5-O)dOO=~5RsIqpT%vykf9*bqdq+L@&i$0D`X%>6z!Kyh
zUi;#cL`V%w=`4R<t$ITK{_wd|)1E4H=cw-$k9P*TsO2Aw{y1!(+sIq-EV2J*DZ0PU
zz^}3Y`-l6r{GZ)k@6rB$h^OMEFR`ghUP4i&JKwR+!Vip-Ka_5Zhb%g>H8B4>cn+G9
zOZ^>$3p_F4n!FzMzUKJ=d^p|39YJLe#OJM7$2Q7u4_eWvsAC)X+4U<%(tHKtc=+ax
zBr*9z%d%l{IiD3-o&2^lqa#~om08F>!;mn|@;3&7uhI-C51&_t=9r@?_6nDFc{9o@
zf_*I~Ug@mi`(%d6Lw+cJY(W2}QLJV1U&@s0ET4PO0&C@eZ?_u%+222Sl>ZO$tj*+f
zq1-1*&Yjy0q4kn5ZzkrU@^$=lu9B<Msi+s5c@|JC?UzA<s~0BP?;=xqLSD0aDJZ=U
zHPT=u7ED6bC`~Owv&2r^tA(JPx+=2j3II#67gftv=W=`%QMm$kB}q5``GLIx|G2Z4
zv$rHq)g#i-<q}hKscc^iR(JQs3e8{uPe?2=_ZVkid?euf(=o-sK{?J+nU(HIT^t}^
zD5YX^-K)De<uBNpSR(&j*5tkT0Bhv`PQQOx%l|msd6fST@l@o0H7~a+omWWZQ~R~6
z&uH>DMT%{Q{sKw86j%POFVnR8Su$hXHHgY3V<BBEUB*iVX|1l3J>G|+Dy_UkYA2{P
zP2QHd->MQ6FOK7@M#b-?I%YFv(2(WrdSNi>H0>IRI)N}JS0{rHDj~CaqIl77bN;QI
z`dw~q#@KyltXiY^{#Y@p<@U9RVdXnx#Z&sWpZ{#Uj-J#*$5zMG-h#cR-DscnVdw@`
z`k%8+{>45^^uL=15262i`-k=X&x8J>{(p$aSMIqgx0z3Whv=QmMeEWees2e^Q`pn1
z1)Bd|RBxNEX`8LImsd^`__&;ay}y&7T)qBnBG@O2fpzQupl1Ic?(aRu{~zSpC`+&E
z1yluvt^OhMVnw#Z{W}4bUfrWFu=+afx){nyaP2;~{j_BLODv@Mw-Yi-aj0+n{75md
ze*N#1*Z)rM@Nn;O{XfLhxU7dPYFNwd4V8bVGHu%Tv8HQFwE7Jtg*3MssyR<C4tMRY
zK+N-s#+g`**-f4+m48)CRek!a%Qn#87y0Gsh8$RNT2X`KSl@W)a*fXM9P`g)5tP<{
zpm<8AlyQ8YIM&+#yVd;P-NVQD-@`mxFho*fZthn$V{g98KF&xS5juqwg;!{bMbL6z
zMaWWZbA!HDP2Z}Pe{W!0-`AzD64&vR;yt2KYYQlznhOn{r5sPljk`hle>@NL<(a^!
zZmCFu6my6P#X&20IeIsejN{f8*wZU-k4F#@E?U8q$gcj^klzZ%fAFsU*S(lcyXqhJ
zQ_N|%05nG7RhGhp#8|Yx4#aiZ`Z^e+tJc?nOw`|ulWFVg|JT}rw}=y#2{?UuB3ePp
y+3z@%t$;)rbxn27es2YH5wZw(|29Vc<Ma4DK95hs^Zx??0RR7HkSg#1ssI40hWudw

literal 0
HcmV?d00001

diff --git a/label-studio/templates/NOTES.txt b/label-studio/templates/NOTES.txt
new file mode 100644
index 0000000..9aa2973
--- /dev/null
+++ b/label-studio/templates/NOTES.txt
@@ -0,0 +1,35 @@
+1. Get the application URL by running these commands:
+{{- if .Values.httpRoute.enabled }}
+{{- if .Values.httpRoute.hostnames }}
+    export APP_HOSTNAME={{ .Values.httpRoute.hostnames | first }}
+{{- else }}
+    export APP_HOSTNAME=$(kubectl get --namespace {{(first .Values.httpRoute.parentRefs).namespace | default .Release.Namespace }} gateway/{{ (first .Values.httpRoute.parentRefs).name }} -o jsonpath="{.spec.listeners[0].hostname}")
+  {{- end }}
+{{- if and .Values.httpRoute.rules (first .Values.httpRoute.rules).matches (first (first .Values.httpRoute.rules).matches).path.value }}
+    echo "Visit http://$APP_HOSTNAME{{ (first (first .Values.httpRoute.rules).matches).path.value }} to use your application"
+
+    NOTE: Your HTTPRoute depends on the listener configuration of your gateway and your HTTPRoute rules.
+    The rules can be set for path, method, header and query parameters.
+    You can check the gateway configuration with 'kubectl get --namespace {{(first .Values.httpRoute.parentRefs).namespace | default .Release.Namespace }} gateway/{{ (first .Values.httpRoute.parentRefs).name }} -o yaml'
+{{- end }}
+{{- else if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "label-studio.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "label-studio.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "label-studio.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "label-studio.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}
diff --git a/label-studio/templates/_helpers.tpl b/label-studio/templates/_helpers.tpl
new file mode 100644
index 0000000..711c378
--- /dev/null
+++ b/label-studio/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "label-studio.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "label-studio.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "label-studio.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "label-studio.labels" -}}
+helm.sh/chart: {{ include "label-studio.chart" . }}
+{{ include "label-studio.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "label-studio.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "label-studio.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "label-studio.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "label-studio.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/label-studio/templates/deployment.yaml b/label-studio/templates/deployment.yaml
new file mode 100644
index 0000000..6fee6c1
--- /dev/null
+++ b/label-studio/templates/deployment.yaml
@@ -0,0 +1,78 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "label-studio.fullname" . }}
+  labels:
+    {{- include "label-studio.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "label-studio.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "label-studio.labels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "label-studio.serviceAccountName" . }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          {{- with .Values.securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.port }}
+              protocol: TCP
+          {{- with .Values.livenessProbe }}
+          livenessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.readinessProbe }}
+          readinessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.volumeMounts }}
+          volumeMounts:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      {{- with .Values.volumes }}
+      volumes:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/label-studio/templates/hpa.yaml b/label-studio/templates/hpa.yaml
new file mode 100644
index 0000000..8c1dca2
--- /dev/null
+++ b/label-studio/templates/hpa.yaml
@@ -0,0 +1,32 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "label-studio.fullname" . }}
+  labels:
+    {{- include "label-studio.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "label-studio.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}
diff --git a/label-studio/templates/httproute.yaml b/label-studio/templates/httproute.yaml
new file mode 100644
index 0000000..bee4070
--- /dev/null
+++ b/label-studio/templates/httproute.yaml
@@ -0,0 +1,38 @@
+{{- if .Values.httpRoute.enabled -}}
+{{- $fullName := include "label-studio.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "label-studio.labels" . | nindent 4 }}
+  {{- with .Values.httpRoute.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  parentRefs:
+    {{- with .Values.httpRoute.parentRefs }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.httpRoute.hostnames }}
+  hostnames:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  rules:
+    {{- range .Values.httpRoute.rules }}
+    {{- with .matches }}
+    - matches:
+      {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .filters }}
+      filters:
+      {{- toYaml . | nindent 8 }}
+    {{- end }}
+      backendRefs:
+        - name: {{ $fullName }}
+          port: {{ $svcPort }}
+          weight: 1
+    {{- end }}
+{{- end }}
diff --git a/label-studio/templates/ingress.yaml b/label-studio/templates/ingress.yaml
new file mode 100644
index 0000000..13ecac3
--- /dev/null
+++ b/label-studio/templates/ingress.yaml
@@ -0,0 +1,43 @@
+{{- if .Values.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "label-studio.fullname" . }}
+  labels:
+    {{- include "label-studio.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- with .Values.ingress.className }}
+  ingressClassName: {{ . }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- with .pathType }}
+            pathType: {{ . }}
+            {{- end }}
+            backend:
+              service:
+                name: {{ include "label-studio.fullname" $ }}
+                port:
+                  number: {{ $.Values.service.port }}
+          {{- end }}
+    {{- end }}
+{{- end }}
diff --git a/label-studio/templates/service.yaml b/label-studio/templates/service.yaml
new file mode 100644
index 0000000..50d6127
--- /dev/null
+++ b/label-studio/templates/service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "label-studio.fullname" . }}
+  labels:
+    {{- include "label-studio.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "label-studio.selectorLabels" . | nindent 4 }}
diff --git a/label-studio/templates/serviceaccount.yaml b/label-studio/templates/serviceaccount.yaml
new file mode 100644
index 0000000..039b3c7
--- /dev/null
+++ b/label-studio/templates/serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "label-studio.serviceAccountName" . }}
+  labels:
+    {{- include "label-studio.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/label-studio/templates/tests/test-connection.yaml b/label-studio/templates/tests/test-connection.yaml
new file mode 100644
index 0000000..a1b2e9e
--- /dev/null
+++ b/label-studio/templates/tests/test-connection.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "label-studio.fullname" . }}-test-connection"
+  labels:
+    {{- include "label-studio.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "label-studio.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never
diff --git a/label-studio/values.yaml b/label-studio/values.yaml
new file mode 100644
index 0000000..591e33d
--- /dev/null
+++ b/label-studio/values.yaml
@@ -0,0 +1,774 @@
+# Default values for Label Studio.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+global:
+  # Image pull secret to use for registry authentication.
+  # Alternatively, you can specify the value as an array of strings.
+  imagePullSecrets: []
+
+  image:
+    registry: docker.io
+    repository: heartexlabs/label-studio
+    pullPolicy: IfNotPresent
+    tag: ""
+
+  pgConfig:
+    host: "127.0.0.1"
+    port: 5432
+    dbName: "label"
+    userName: "label"
+    password:
+      secretName: "label-studio-pg-password"
+      secretKey: "label-studio-pg-password"
+    ssl:
+      pgSslMode: ""
+      pgSslSecretName: ""
+      pgSslRootCertSecretKey: ""
+      pgSslCertSecretKey: ""
+      pgSslKeySecretKey: ""
+
+  # Redis location, for example redis://[:password]@localhost:6379/1
+  # Supported only in LSE
+  redisConfig:
+    host: "127.0.0.1"
+    password:
+      secretName: "label-studio-redis-password"
+      secretKey: "label-studio-redis-password"
+    ssl:
+      redisSslCertReqs: ""
+      redisSslSecretName: ""
+      redisSslCaCertsSecretKey: ""
+      redisSslCertFileSecretKey: ""
+      redisSslKeyFileSecretKey: ""
+
+  extraEnvironmentVars: {}
+  extraEnvironmentSecrets: { }
+
+  persistence:
+    enabled: true
+    type: volume # s3, azure, gcs
+    config:
+      s3:
+        accessKey: ""
+        secretKey: ""
+        accessKeyExistingSecret: ""
+        accessKeyExistingSecretKey: ""
+        secretKeyExistingSecret: ""
+        secretKeyExistingSecretKey: ""
+        region: ""
+        bucket: ""
+        folder: ""
+        urlExpirationSecs: "86400"
+        endpointUrl: ""
+        objectParameters: {}
+      volume:
+        ## If defined, storageClassName: <storageClass>
+        ## If set to "-", storageClassName: "", which disables dynamic provisioning
+        ## If undefined (the default) or set to null, no storageClassName spec is
+        ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+        ##   GKE, AWS & OpenStack)
+        ##
+        storageClass: ""
+        size: 10Gi
+        accessModes:
+          - ReadWriteOnce
+        annotations: {}
+        existingClaim: ""
+        resourcePolicy: ""
+      azure:
+        storageAccountName: ""
+        storageAccountKey: ""
+        storageAccountNameExistingSecret: ""
+        storageAccountNameExistingSecretKey: ""
+        storageAccountKeyExistingSecret: ""
+        storageAccountKeyExistingSecretKey: ""
+        containerName: ""
+        folder: ""
+        urlExpirationSecs: "86400"
+      gcs:
+        projectID: ""
+        applicationCredentialsJSON: ""
+        applicationCredentialsJSONExistingSecret: ""
+        applicationCredentialsJSONExistingSecretKey: ""
+        bucket: ""
+        folder: ""
+        urlExpirationSecs: "86400"
+
+  featureFlags: { }
+  # File name of a shell script to load additional template environment variables from.
+  # This is useful when using Vault.
+  # "- /vault/secrets/config"
+  envInjectSources: []
+
+  ## @param app.cmdWrapper Additional commands to run prior to starting App. Useful to run wrappers before startup command
+  ## e.g:
+  ## cmdWrapper: "newrelic-admin run-program"
+  ##
+  cmdWrapper: ""
+
+  # File names of a custom SSL root certs. These filename will be appended to existing root certs.
+  # "- /tmp/my_cool_root_cert"
+  customCaCerts: [ ]
+
+app:
+  # Update strategy - only really applicable for deployments with RWO PVs attached
+  # If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
+  # PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
+  # terminate the single previous pod, so that the new, incoming pod can attach to the PV
+  deploymentStrategy:
+    type: RollingUpdate
+
+  deploymentAnnotations: { }
+  
+  replicas: 1
+
+  NameOverride: ""
+  FullnameOverride: ""
+  labels: { }
+  podLabels: { }
+
+  ## @param app.args Override default container args (useful when using custom images)
+  ##
+  args:
+    - "label-studio-uwsgi"
+
+  resources:
+    requests: {}
+      ## Example:
+      # memory: "600Mi"
+      # cpu: "250m"
+    limits: {}
+    ## Example:
+    #  memory: "4000Mi"
+    #  cpu: "4"
+
+  initContainer:
+    resources:
+      requests: {}
+        ## Example:
+        # memory: 384Mi
+        # cpu: 250m
+      limits: {}
+        ## Example:
+        # memory: 512Mi
+        # cpu: 500m
+
+  nginx:
+    args:
+      - "nginx"
+    extraEnvironmentVars: {}
+    extraEnvironmentSecrets: {}
+    resources:
+      requests: {}
+        ## Example
+        ## memory: 384Mi
+        ## cpu: 250m
+      limits: {}
+        ## Example:
+        ## memory: 1G
+        ## cpu: 1000m
+    livenessProbe:
+      enabled: true
+      tcpSocket:
+        port: 8085
+      initialDelaySeconds: 10
+      periodSeconds: 10
+      timeoutSeconds: 3
+      failureThreshold: 3
+      successThreshold: 1
+    readinessProbe:
+      enabled: true
+      httpGet:
+        path: /nginx_health
+        port: 8085
+      initialDelaySeconds: 10
+      periodSeconds: 5
+      timeoutSeconds: 3
+      failureThreshold: 1
+      successThreshold: 1
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # app deployment.
+  extraEnvironmentVars: { }
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # extraEnvironmentSecrets is a list of extra environment variables to set in the
+  # app deployment.
+  extraEnvironmentSecrets: { }
+  # MYSQL_PASSWORD:
+  #   secretName: mysql_secret
+  #   secretKey: password
+
+  # nodeSelector labels for pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: { }
+
+  topologySpreadConstraints: [ ]
+
+  dnsPolicy: "ClusterFirst"
+
+  enableServiceLinks: false
+
+  shareProcessNamespace: false
+
+  automountServiceAccountToken: true
+
+  # Extra k8s annotations to attach to the app pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the app pods
+  annotations: { }
+
+  # Extra k8s labels to attach to Label Studio Enterprise.
+  # Provide a YAML map of k8s labels.
+  extraLabels: { }
+
+  affinity: { }
+
+  # Toleration Settings for app pods
+  # Provide either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    httpGet:
+      path: /health
+      port: 8000
+      scheme: HTTP
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 1
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 1
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: true
+    tcpSocket:
+      port: 8000
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 3
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 10
+    # How often (in seconds) to perform the probe
+    periodSeconds: 10
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 5
+
+  service:
+    type: ClusterIP
+    port: 80
+    targetPort: 8085
+    portName: service
+    annotations: { }
+    sessionAffinity: "None"
+    sessionAffinityConfig: { }
+
+  ingress:
+    enabled: false
+    # For Kubernetes >= 1.18 you should specify the ingress-controller using the field ingressClassName
+    # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
+    className: ""
+    annotations: { }
+    ## Examples:
+    ## kubernetes.io/tls-acme: "true"
+    host: ""
+    # You may need to set this to '/*' in order to use this with ALB ingress controllers.
+    path: /
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    pathType: ImplementationSpecific
+    ## Examples:
+    ## - path: /*
+    ##   backend:
+    ##     serviceName: ssl-redirect
+    ##     servicePort: use-annotation
+    tls: [ ]
+    ## Examples:
+    ##  - secretName: chart-example-tls
+    ##    hosts:
+    ##      - app.heartex.local
+    ## @param api.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
+    ## e.g:
+    ## extraHosts:
+    ##   - name: app.humansignal.local
+    ##     path: /
+    ##
+    extraHosts: [ ]
+
+  # Definition of the serviceAccount used to run Label Studio Enterprise
+  serviceAccount:
+    # Specifies whether to create a service account
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra k8s annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # k8s annotations to apply to the serviceAccount.
+    annotations: {}
+
+  # Array to add extra volumes
+  extraVolumes: [ ]
+  # Array to add extra mounts (normally used with extraVolumes)
+  extraVolumeMounts: [ ]
+
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+  ## @param app.podSecurityContext.enabled Enable pod Security Context
+  ##
+  podSecurityContext:
+    enabled: true
+    fsGroup: 1001
+
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+  ## @param containerSecurityContext.enabled Enable container Security Context
+  ## @param containerSecurityContext.runAsNonRoot Avoid running as root User
+  ## @param containerSecurityContext.allowPrivilegeEscalation Controls whether a process can gain more privileges than its parent process
+  ##
+  containerSecurityContext:
+    enabled: true
+    runAsUser: 1001
+    runAsNonRoot: true
+    allowPrivilegeEscalation: false
+
+  ## RBAC configuration
+  ##
+  rbac:
+    ## @param rbac.create Specifies whether RBAC resources should be created
+    ##
+    create: false
+    ## @param app.rbac.rules Custom RBAC rules to set
+    ## e.g:
+    ## rules:
+    ##   - apiGroups:
+    ##       - ""
+    ##     resources:
+    ##       - pods
+    ##     verbs:
+    ##       - get
+    ##       - list
+    ##
+    rules: []
+
+  contextPath: /
+  ## @param app.cmdWrapper Additional commands to run prior to starting App. Useful to run wrappers before startup command
+  ## e.g:
+  ## cmdWrapper: "newrelic-admin run-program"
+  ##
+  cmdWrapper: ""
+
+  ## Minimal number of seconds preStop hook waits before LS is stopped to finish processing requests
+  ## Note: must be set to lower value than terminationGracePeriodSeconds so that preStop hook finishes
+  ## before grace period expires
+  preStopDelaySeconds: 15
+  # Seconds LS pod needs to terminate gracefully
+  terminationGracePeriodSeconds: 30
+
+  ## Add additional init containers to the App Deployment pod
+  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+  ## e.g:
+  ## initContainers:
+  ##  - name: your-image-name
+  ##    image: your-image
+  ##    imagePullPolicy: Always
+  ##    command: ['sh', '-c', 'echo "hello world"']
+  ##
+  initContainers: [ ]
+
+  ## Add additional init containers to the App Deployment pod after sql migration
+  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+  ## e.g:
+  ## postMigrationInitContainers:
+  ##  - name: your-image-name
+  ##    image: your-image
+  ##    imagePullPolicy: Always
+  ##    command: ['sh', '-c', 'echo "hello world"']
+  ##
+  postMigrationInitContainers: [ ]
+
+  ## Pod Disruption Budget configuration
+  ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
+  ## @param app.pdb.create Enable/disable a Pod Disruption Budget creation
+  ## @param app.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
+  ## @param app.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `app.pdb.minAvailable` and `app.pdb.maxUnavailable` are empty.
+  ##
+  pdb:
+    create: false
+    minAvailable: ""
+    maxUnavailable: ""
+
+
+migrationJob:
+  enabled: false
+  # For Helm hooks, you can use:
+  #  "helm.sh/hook": pre-install,pre-upgrade
+  #  "helm.sh/hook-weight": "0"
+  #  "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  # For ArgoCD, you can also use:
+  #  "argocd.argoproj.io/hook": PreSync
+  #  "argocd.argoproj.io/hook-delete-policy": BeforeHookCreation
+  annotations: {}
+
+rqworker:
+  enabled: true
+
+  NameOverride: ""
+  FullnameOverride: ""
+  labels: {}
+  podLabels: {}
+
+  deploymentStrategy:
+    type: Recreate
+
+  deploymentAnnotations: { }
+
+  autoscaling:
+    enabled: false
+    scalingType: deployment
+
+  queues:
+    high:
+      replicas: 1
+      args: '"high"'
+      resources:
+        requests: {}
+        limits: {}
+      scaledOptions:
+        minReplicaCount: 0
+        maxReplicaCount: 5
+        pollingInterval: 5
+        cooldownPeriod: 60
+        listLength: 10
+    low:
+      replicas: 1
+      args: '"low"'
+      resources:
+        requests: {}
+        limits: {}
+      scaledOptions:
+        minReplicaCount: 0
+        maxReplicaCount: 5
+        pollingInterval: 5
+        cooldownPeriod: 60
+        listLength: 10
+    default:
+      replicas: 4
+      args: '"default"'
+      resources:
+        requests: {}
+        limits: {}
+      scaledOptions:
+        minReplicaCount: 0
+        maxReplicaCount: 5
+        pollingInterval: 5
+        cooldownPeriod: 60
+        listLength: 10
+    critical:
+      replicas: 1
+      args: '"critical"'
+      resources:
+        requests: {}
+        limits: {}
+      scaledOptions:
+        minReplicaCount: 0
+        maxReplicaCount: 5
+        pollingInterval: 5
+        cooldownPeriod: 60
+        listLength: 10
+  # Default fallback in the case if queue-specific resources are not set
+  resources:
+    requests: {}
+      ## memory: "256Mi"
+      ## cpu: "250m"
+    limits: {}
+      ## Example:
+      ## memory: "1500Mi"
+      ## cpu: "1"
+
+  pdb:
+    create: false
+    minAvailable: ""
+    maxUnavailable: ""
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # rqworker deployment.
+  extraEnvironmentVars: { }
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # extraEnvironmentSecrets is a list of extra environment variables to set in the
+  # rqworker deployment.
+  extraEnvironmentSecrets: { }
+  # MYSQL_PASSWORD:
+  #   secretName: mysql_secret
+  #   secretKey: password
+
+  # nodeSelector labels for pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: { }
+
+  topologySpreadConstraints: [ ]
+
+  dnsPolicy: "ClusterFirst"
+
+  enableServiceLinks: false
+
+  shareProcessNamespace: false
+
+  automountServiceAccountToken: true
+
+  # Extra k8s annotations to attach to the rqworker pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the rqworker pods
+  annotations: { }
+
+  # Extra k8s labels to attach to the rqworker
+  # This should be a YAML map of the labels to apply to the rqworker
+  extraLabels: { }
+
+  affinity: { }
+
+  # Toleration Settings for rqworker pods
+  # Provide either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: false
+    path: /version
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/health"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+
+  # Definition of the serviceAccount used to run rqworker for Label Studio Enterprise
+  serviceAccount:
+    # Specifies whether to create a service account
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra k8s annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # k8s annotations to apply to the serviceAccount.
+    annotations: { }
+
+  # Array to add extra volumes
+  extraVolumes: [ ]
+  # Array to add extra mounts (normally used with extraVolumes)
+  extraVolumeMounts: [ ]
+
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+  ## @param rqworker.podSecurityContext.enabled Enable pod Security Context
+  ##
+  podSecurityContext:
+    enabled: true
+    fsGroup: 1001
+
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+  ## @param containerSecurityContext.enabled Enable container Security Context
+  ## @param containerSecurityContext.runAsNonRoot Avoid running as root User
+  ## @param containerSecurityContext.allowPrivilegeEscalation Controls whether a process can gain more privileges than its parent process
+  ##
+  containerSecurityContext:
+    enabled: true
+    runAsUser: 1001
+    runAsNonRoot: true
+    allowPrivilegeEscalation: false
+
+  ## RBAC configuration
+  ##
+  rbac:
+    ## @param rbac.create Specifies whether RBAC resources should be created
+    ##
+    create: false
+    ## @param rqworker.rbac.rules Custom RBAC rules to set
+    ## e.g:
+    ## rules:
+    ##   - apiGroups:
+    ##       - ""
+    ##     resources:
+    ##       - pods
+    ##     verbs:
+    ##       - get
+    ##       - list
+    ##
+    rules: []
+
+  ## @param app.cmdWrapper Additional commands to run prior to starting App. Useful to run wrappers before startup command
+  ## e.g:
+  ## cmdWrapper: "newrelic-admin run-program"
+  ##
+  cmdWrapper: ""
+
+  # Seconds rqworker pod needs to terminate gracefully
+  terminationGracePeriodSeconds: 30
+
+#  [Enterprise Only]
+enterprise:
+  enabled: false
+  # This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Label Studio Enterprise is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+
+postgresql:
+  enabled: true
+  clusterDomain: cluster.local
+  architecture: standalone
+  image:
+    repository: bitnamilegacy/postgresql
+    tag: 13.18.0
+  auth:
+    username: "labelstudio"
+    password: "labelstudio"
+    database: "labelstudio"
+  volumePermissions:
+    image:
+      repository: bitnamilegacy/os-shell
+  metrics:
+    image:
+      repository: bitnamilegacy/postgres-exporter
+  global:
+    security:
+      allowInsecureImages: true
+
+redis:
+  enabled: false
+  clusterDomain: cluster.local
+  architecture: standalone
+  master:
+    enableServiceLinks: false
+  auth:
+    enabled: false
+  image:
+    repository: bitnamilegacy/redis
+  sentinel:
+    image:
+      repository: bitnamilegacy/redis-sentinel
+  kubectl:
+    image:
+      repository: bitnamilegacy/kubectl
+  sysctl:
+    image:
+      repository: bitnamilegacy/os-shell
+  metrics:
+    image:
+      repository: bitnamilegacy/redis-exporter
+  volumePermissions:
+    image:
+      repository: bitnamilegacy/os-shell
+  global:
+    security:
+      allowInsecureImages: true
+
+ci: false
+clusterDomain: cluster.local
+
+checkConfig:
+  skipEnvValues: false
+
+cronjob:
+  enabled: false
+  jobs: {}
+  annotations: {}
+  NameOverride: ""
+  FullnameOverride: ""
+
+metrics:
+  enabled: false
+  serviceMonitor:
+    enabled: false
+    annotations: {}
+    labels: {}
+    jobLabel: ""
+    honorLabels: false
+    interval: ""
+    scrapeTimeout: ""
+    metricRelabelings: []
+    relabelings: []
+    selector: {}
+
+  uwsgiExporter:
+    enabled: false
+    image:
+      registry: "docker.io"
+      repository: "timonwong/uwsgi-exporter"
+      tag: "v1.3.0"
+      pullPolicy: "Always"
+      pullSecrets: [ ]
+
+    containerSecurityContext:
+      enabled: true
+      allowPrivilegeEscalation: false
+      readOnlyRootFilesystem: false
+      runAsUser: 1001
+
+    resources:
+      requests: { }
+      ## Example:
+      #        cpu: "200m"
+      #        memory: "64Mi"
+      limits: { }
+      #        cpu: "20m"
+      #        memory: "128Mi"
+
+    livenessProbe:
+      enabled: false
+      httpGet:
+        path: "/-/healthy"
+        port: "uwsgimetrics"
+      initialDelaySeconds: 2
+      periodSeconds: 10
+      timeoutSeconds: 5
+      failureThreshold: 3
+      successThreshold: 1
+
+    readinessProbe:
+      enabled: false
+      httpGet:
+        path: "/metrics"
+        port: "uwsgimetrics"
+      initialDelaySeconds: 2
+      periodSeconds: 10
+      timeoutSeconds: 5
+      failureThreshold: 3
+      successThreshold: 1