thaoduc/file
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

asd

Browse Source
This commit is contained in:
thaoduc
2025-10-08 23:29:36 +07:00
parent f239e35eb3
commit 610882c57d
13 changed files with 1152 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

774
label-studio/values.yaml Normal file
View File

@@ -0,0 +1,774 @@
# Default values for Label Studio.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
# Image pull secret to use for registry authentication.
# Alternatively, you can specify the value as an array of strings.
imagePullSecrets: []
image:
registry: docker.io
repository: heartexlabs/label-studio
pullPolicy: IfNotPresent
tag: ""
pgConfig:
host: "127.0.0.1"
port: 5432
dbName: "label"
userName: "label"
password:
secretName: "label-studio-pg-password"
secretKey: "label-studio-pg-password"
ssl:
pgSslMode: ""
pgSslSecretName: ""
pgSslRootCertSecretKey: ""
pgSslCertSecretKey: ""
pgSslKeySecretKey: ""
# Redis location, for example redis://[:password]@localhost:6379/1
# Supported only in LSE
redisConfig:
host: "127.0.0.1"
password:
secretName: "label-studio-redis-password"
secretKey: "label-studio-redis-password"
ssl:
redisSslCertReqs: ""
redisSslSecretName: ""
redisSslCaCertsSecretKey: ""
redisSslCertFileSecretKey: ""
redisSslKeyFileSecretKey: ""
extraEnvironmentVars: {}
extraEnvironmentSecrets: { }
persistence:
enabled: true
type: volume # s3, azure, gcs
config:
s3:
accessKey: ""
secretKey: ""
accessKeyExistingSecret: ""
accessKeyExistingSecretKey: ""
secretKeyExistingSecret: ""
secretKeyExistingSecretKey: ""
region: ""
bucket: ""
folder: ""
urlExpirationSecs: "86400"
endpointUrl: ""
objectParameters: {}
volume:
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
size: 10Gi
accessModes:
- ReadWriteOnce
annotations: {}
existingClaim: ""
resourcePolicy: ""
azure:
storageAccountName: ""
storageAccountKey: ""
storageAccountNameExistingSecret: ""
storageAccountNameExistingSecretKey: ""
storageAccountKeyExistingSecret: ""
storageAccountKeyExistingSecretKey: ""
containerName: ""
folder: ""
urlExpirationSecs: "86400"
gcs:
projectID: ""
applicationCredentialsJSON: ""
applicationCredentialsJSONExistingSecret: ""
applicationCredentialsJSONExistingSecretKey: ""
bucket: ""
folder: ""
urlExpirationSecs: "86400"
featureFlags: { }
# File name of a shell script to load additional template environment variables from.
# This is useful when using Vault.
# "- /vault/secrets/config"
envInjectSources: []
## @param app.cmdWrapper Additional commands to run prior to starting App. Useful to run wrappers before startup command
## e.g:
## cmdWrapper: "newrelic-admin run-program"
##
cmdWrapper: ""
# File names of a custom SSL root certs. These filename will be appended to existing root certs.
# "- /tmp/my_cool_root_cert"
customCaCerts: [ ]
app:
# Update strategy - only really applicable for deployments with RWO PVs attached
# If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
# PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
# terminate the single previous pod, so that the new, incoming pod can attach to the PV
deploymentStrategy:
type: RollingUpdate
deploymentAnnotations: { }
replicas: 1
NameOverride: ""
FullnameOverride: ""
labels: { }
podLabels: { }
## @param app.args Override default container args (useful when using custom images)
##
args:
- "label-studio-uwsgi"
resources:
requests: {}
## Example:
# memory: "600Mi"
# cpu: "250m"
limits: {}
## Example:
# memory: "4000Mi"
# cpu: "4"
initContainer:
resources:
requests: {}
## Example:
# memory: 384Mi
# cpu: 250m
limits: {}
## Example:
# memory: 512Mi
# cpu: 500m
nginx:
args:
- "nginx"
extraEnvironmentVars: {}
extraEnvironmentSecrets: {}
resources:
requests: {}
## Example
## memory: 384Mi
## cpu: 250m
limits: {}
## Example:
## memory: 1G
## cpu: 1000m
livenessProbe:
enabled: true
tcpSocket:
port: 8085
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 3
successThreshold: 1
readinessProbe:
enabled: true
httpGet:
path: /nginx_health
port: 8085
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 1
successThreshold: 1
# extraEnvironmentVars is a list of extra environment variables to set in the
# app deployment.
extraEnvironmentVars: { }
# KUBERNETES_SERVICE_HOST: kubernetes.default.svc
# extraEnvironmentSecrets is a list of extra environment variables to set in the
# app deployment.
extraEnvironmentSecrets: { }
# MYSQL_PASSWORD:
# secretName: mysql_secret
# secretKey: password
# nodeSelector labels for pod assignment, formatted as a multi-line string or YAML map.
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
# Example:
# nodeSelector:
# beta.kubernetes.io/arch: amd64
nodeSelector: { }
topologySpreadConstraints: [ ]
dnsPolicy: "ClusterFirst"
enableServiceLinks: false
shareProcessNamespace: false
automountServiceAccountToken: true
# Extra k8s annotations to attach to the app pods
# This can either be YAML or a YAML-formatted multi-line templated string map
# of the annotations to apply to the app pods
annotations: { }
# Extra k8s labels to attach to Label Studio Enterprise.
# Provide a YAML map of k8s labels.
extraLabels: { }
affinity: { }
# Toleration Settings for app pods
# Provide either a multi-line string or YAML matching the Toleration array
# in a PodSpec.
tolerations: []
# Used to define custom readinessProbe settings
readinessProbe:
enabled: true
httpGet:
path: /health
port: 8000
scheme: HTTP
# When a probe fails, Kubernetes will try failureThreshold times before giving up
failureThreshold: 1
# Number of seconds after the container has started before probe initiates
initialDelaySeconds: 60
# How often (in seconds) to perform the probe
periodSeconds: 5
# Minimum consecutive successes for the probe to be considered successful after having failed
successThreshold: 1
# Number of seconds after which the probe times out.
timeoutSeconds: 1
# Used to enable a livenessProbe for the pods
livenessProbe:
enabled: true
tcpSocket:
port: 8000
# When a probe fails, Kubernetes will try failureThreshold times before giving up
failureThreshold: 3
# Number of seconds after the container has started before probe initiates
initialDelaySeconds: 10
# How often (in seconds) to perform the probe
periodSeconds: 10
# Minimum consecutive successes for the probe to be considered successful after having failed
successThreshold: 1
# Number of seconds after which the probe times out.
timeoutSeconds: 5
service:
type: ClusterIP
port: 80
targetPort: 8085
portName: service
annotations: { }
sessionAffinity: "None"
sessionAffinityConfig: { }
ingress:
enabled: false
# For Kubernetes >= 1.18 you should specify the ingress-controller using the field ingressClassName
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
className: ""
annotations: { }
## Examples:
## kubernetes.io/tls-acme: "true"
host: ""
# You may need to set this to '/*' in order to use this with ALB ingress controllers.
path: /
## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
extraPaths: []
pathType: ImplementationSpecific
## Examples:
## - path: /*
## backend:
## serviceName: ssl-redirect
## servicePort: use-annotation
tls: [ ]
## Examples:
## - secretName: chart-example-tls
## hosts:
## - app.heartex.local
## @param api.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
## e.g:
## extraHosts:
## - name: app.humansignal.local
## path: /
##
extraHosts: [ ]
# Definition of the serviceAccount used to run Label Studio Enterprise
serviceAccount:
# Specifies whether to create a service account
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# Extra k8s annotations for the serviceAccount definition. This can either be
# YAML or a YAML-formatted multi-line templated string map of the
# k8s annotations to apply to the serviceAccount.
annotations: {}
# Array to add extra volumes
extraVolumes: [ ]
# Array to add extra mounts (normally used with extraVolumes)
extraVolumeMounts: [ ]
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param app.podSecurityContext.enabled Enable pod Security Context
##
podSecurityContext:
enabled: true
fsGroup: 1001
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enable container Security Context
## @param containerSecurityContext.runAsNonRoot Avoid running as root User
## @param containerSecurityContext.allowPrivilegeEscalation Controls whether a process can gain more privileges than its parent process
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
## RBAC configuration
##
rbac:
## @param rbac.create Specifies whether RBAC resources should be created
##
create: false
## @param app.rbac.rules Custom RBAC rules to set
## e.g:
## rules:
## - apiGroups:
## - ""
## resources:
## - pods
## verbs:
## - get
## - list
##
rules: []
contextPath: /
## @param app.cmdWrapper Additional commands to run prior to starting App. Useful to run wrappers before startup command
## e.g:
## cmdWrapper: "newrelic-admin run-program"
##
cmdWrapper: ""
## Minimal number of seconds preStop hook waits before LS is stopped to finish processing requests
## Note: must be set to lower value than terminationGracePeriodSeconds so that preStop hook finishes
## before grace period expires
preStopDelaySeconds: 15
# Seconds LS pod needs to terminate gracefully
terminationGracePeriodSeconds: 30
## Add additional init containers to the App Deployment pod
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
initContainers: [ ]
## Add additional init containers to the App Deployment pod after sql migration
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## postMigrationInitContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
postMigrationInitContainers: [ ]
## Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
## @param app.pdb.create Enable/disable a Pod Disruption Budget creation
## @param app.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
## @param app.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `app.pdb.minAvailable` and `app.pdb.maxUnavailable` are empty.
##
pdb:
create: false
minAvailable: ""
maxUnavailable: ""
migrationJob:
enabled: false
# For Helm hooks, you can use:
# "helm.sh/hook": pre-install,pre-upgrade
# "helm.sh/hook-weight": "0"
# "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
# For ArgoCD, you can also use:
# "argocd.argoproj.io/hook": PreSync
# "argocd.argoproj.io/hook-delete-policy": BeforeHookCreation
annotations: {}
rqworker:
enabled: true
NameOverride: ""
FullnameOverride: ""
labels: {}
podLabels: {}
deploymentStrategy:
type: Recreate
deploymentAnnotations: { }
autoscaling:
enabled: false
scalingType: deployment
queues:
high:
replicas: 1
args: '"high"'
resources:
requests: {}
limits: {}
scaledOptions:
minReplicaCount: 0
maxReplicaCount: 5
pollingInterval: 5
cooldownPeriod: 60
listLength: 10
low:
replicas: 1
args: '"low"'
resources:
requests: {}
limits: {}
scaledOptions:
minReplicaCount: 0
maxReplicaCount: 5
pollingInterval: 5
cooldownPeriod: 60
listLength: 10
default:
replicas: 4
args: '"default"'
resources:
requests: {}
limits: {}
scaledOptions:
minReplicaCount: 0
maxReplicaCount: 5
pollingInterval: 5
cooldownPeriod: 60
listLength: 10
critical:
replicas: 1
args: '"critical"'
resources:
requests: {}
limits: {}
scaledOptions:
minReplicaCount: 0
maxReplicaCount: 5
pollingInterval: 5
cooldownPeriod: 60
listLength: 10
# Default fallback in the case if queue-specific resources are not set
resources:
requests: {}
## memory: "256Mi"
## cpu: "250m"
limits: {}
## Example:
## memory: "1500Mi"
## cpu: "1"
pdb:
create: false
minAvailable: ""
maxUnavailable: ""
# extraEnvironmentVars is a list of extra environment variables to set in the
# rqworker deployment.
extraEnvironmentVars: { }
# KUBERNETES_SERVICE_HOST: kubernetes.default.svc
# extraEnvironmentSecrets is a list of extra environment variables to set in the
# rqworker deployment.
extraEnvironmentSecrets: { }
# MYSQL_PASSWORD:
# secretName: mysql_secret
# secretKey: password
# nodeSelector labels for pod assignment, formatted as a multi-line string or YAML map.
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
# Example:
# nodeSelector:
# beta.kubernetes.io/arch: amd64
nodeSelector: { }
topologySpreadConstraints: [ ]
dnsPolicy: "ClusterFirst"
enableServiceLinks: false
shareProcessNamespace: false
automountServiceAccountToken: true
# Extra k8s annotations to attach to the rqworker pods
# This can either be YAML or a YAML-formatted multi-line templated string map
# of the annotations to apply to the rqworker pods
annotations: { }
# Extra k8s labels to attach to the rqworker
# This should be a YAML map of the labels to apply to the rqworker
extraLabels: { }
affinity: { }
# Toleration Settings for rqworker pods
# Provide either a multi-line string or YAML matching the Toleration array
# in a PodSpec.
tolerations: []
# Used to define custom readinessProbe settings
readinessProbe:
enabled: false
path: /version
# When a probe fails, Kubernetes will try failureThreshold times before giving up
failureThreshold: 2
# Number of seconds after the container has started before probe initiates
initialDelaySeconds: 60
# How often (in seconds) to perform the probe
periodSeconds: 5
# Minimum consecutive successes for the probe to be considered successful after having failed
successThreshold: 1
# Number of seconds after which the probe times out.
timeoutSeconds: 3
# Used to enable a livenessProbe for the pods
livenessProbe:
enabled: false
path: "/health"
# When a probe fails, Kubernetes will try failureThreshold times before giving up
failureThreshold: 2
# Number of seconds after the container has started before probe initiates
initialDelaySeconds: 60
# How often (in seconds) to perform the probe
periodSeconds: 5
# Minimum consecutive successes for the probe to be considered successful after having failed
successThreshold: 1
# Number of seconds after which the probe times out.
timeoutSeconds: 3
# Definition of the serviceAccount used to run rqworker for Label Studio Enterprise
serviceAccount:
# Specifies whether to create a service account
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# Extra k8s annotations for the serviceAccount definition. This can either be
# YAML or a YAML-formatted multi-line templated string map of the
# k8s annotations to apply to the serviceAccount.
annotations: { }
# Array to add extra volumes
extraVolumes: [ ]
# Array to add extra mounts (normally used with extraVolumes)
extraVolumeMounts: [ ]
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param rqworker.podSecurityContext.enabled Enable pod Security Context
##
podSecurityContext:
enabled: true
fsGroup: 1001
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enable container Security Context
## @param containerSecurityContext.runAsNonRoot Avoid running as root User
## @param containerSecurityContext.allowPrivilegeEscalation Controls whether a process can gain more privileges than its parent process
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
## RBAC configuration
##
rbac:
## @param rbac.create Specifies whether RBAC resources should be created
##
create: false
## @param rqworker.rbac.rules Custom RBAC rules to set
## e.g:
## rules:
## - apiGroups:
## - ""
## resources:
## - pods
## verbs:
## - get
## - list
##
rules: []
## @param app.cmdWrapper Additional commands to run prior to starting App. Useful to run wrappers before startup command
## e.g:
## cmdWrapper: "newrelic-admin run-program"
##
cmdWrapper: ""
# Seconds rqworker pod needs to terminate gracefully
terminationGracePeriodSeconds: 30
# [Enterprise Only]
enterprise:
enabled: false
# This value refers to a Kubernetes secret that you have
# created that contains your enterprise license.
enterpriseLicense:
# The name of the Kubernetes secret that holds the enterprise license. The
# secret must be in the same namespace that Label Studio Enterprise is installed into.
secretName: ""
# The key within the Kubernetes secret that holds the enterprise license.
secretKey: "license"
postgresql:
enabled: true
clusterDomain: cluster.local
architecture: standalone
image:
repository: bitnamilegacy/postgresql
tag: 13.18.0
auth:
username: "labelstudio"
password: "labelstudio"
database: "labelstudio"
volumePermissions:
image:
repository: bitnamilegacy/os-shell
metrics:
image:
repository: bitnamilegacy/postgres-exporter
global:
security:
allowInsecureImages: true
redis:
enabled: false
clusterDomain: cluster.local
architecture: standalone
master:
enableServiceLinks: false
auth:
enabled: false
image:
repository: bitnamilegacy/redis
sentinel:
image:
repository: bitnamilegacy/redis-sentinel
kubectl:
image:
repository: bitnamilegacy/kubectl
sysctl:
image:
repository: bitnamilegacy/os-shell
metrics:
image:
repository: bitnamilegacy/redis-exporter
volumePermissions:
image:
repository: bitnamilegacy/os-shell
global:
security:
allowInsecureImages: true
ci: false
clusterDomain: cluster.local
checkConfig:
skipEnvValues: false
cronjob:
enabled: false
jobs: {}
annotations: {}
NameOverride: ""
FullnameOverride: ""
metrics:
enabled: false
serviceMonitor:
enabled: false
annotations: {}
labels: {}
jobLabel: ""
honorLabels: false
interval: ""
scrapeTimeout: ""
metricRelabelings: []
relabelings: []
selector: {}
uwsgiExporter:
enabled: false
image:
registry: "docker.io"
repository: "timonwong/uwsgi-exporter"
tag: "v1.3.0"
pullPolicy: "Always"
pullSecrets: [ ]
containerSecurityContext:
enabled: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
runAsUser: 1001
resources:
requests: { }
## Example:
# cpu: "200m"
# memory: "64Mi"
limits: { }
# cpu: "20m"
# memory: "128Mi"
livenessProbe:
enabled: false
httpGet:
path: "/-/healthy"
port: "uwsgimetrics"
initialDelaySeconds: 2
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
readinessProbe:
enabled: false
httpGet:
path: "/metrics"
port: "uwsgimetrics"
initialDelaySeconds: 2
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1