áaa

2025-10-08 23:43:31 +07:00
parent 4c123eee1b
commit 70450a621d
50 changed files with 0 additions and 3673 deletions
--- a/label-studio-1.10.0.tgz
+++ b/label-studio-1.10.0.tgz
--- a/label-studio-1.11.4.tgz
+++ b/label-studio-1.11.4.tgz
--- a/label-studio/.helmignore
+++ b/label-studio/.helmignore
@@ -1,23 +0,0 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/label-studio/Chart.yaml
+++ b/label-studio/Chart.yaml
@@ -1,24 +0,0 @@
 apiVersion: v2
 name: label-studio
 description: A Helm chart for Kubernetes
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
 # to be deployed.
 #
 # Library charts provide useful utilities or functions for the chart developer. They're included as
 # a dependency of application charts to inject those utilities and functions into the rendering
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 version: 1.2
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 appVersion: "1.16.0"
--- a/label-studio/label-studio-1.1.tgz
+++ b/label-studio/label-studio-1.1.tgz
--- a/label-studio/label-studio-1.2.tgz
+++ b/label-studio/label-studio-1.2.tgz
--- a/label-studio/templates/NOTES.txt
+++ b/label-studio/templates/NOTES.txt
@@ -1,35 +0,0 @@
 1. Get the application URL by running these commands:
 {{- if .Values.httpRoute.enabled }}
 {{- if .Values.httpRoute.hostnames }}
    export APP_HOSTNAME={{ .Values.httpRoute.hostnames | first }}
 {{- else }}
    export APP_HOSTNAME=$(kubectl get --namespace {{(first .Values.httpRoute.parentRefs).namespace | default .Release.Namespace }} gateway/{{ (first .Values.httpRoute.parentRefs).name }} -o jsonpath="{.spec.listeners[0].hostname}")
  {{- end }}
 {{- if and .Values.httpRoute.rules (first .Values.httpRoute.rules).matches (first (first .Values.httpRoute.rules).matches).path.value }}
    echo "Visit http://$APP_HOSTNAME{{ (first (first .Values.httpRoute.rules).matches).path.value }} to use your application"
    NOTE: Your HTTPRoute depends on the listener configuration of your gateway and your HTTPRoute rules.
    The rules can be set for path, method, header and query parameters.
    You can check the gateway configuration with 'kubectl get --namespace {{(first .Values.httpRoute.parentRefs).namespace | default .Release.Namespace }} gateway/{{ (first .Values.httpRoute.parentRefs).name }} -o yaml'
 {{- end }}
 {{- else if .Values.ingress.enabled }}
 {{- range $host := .Values.ingress.hosts }}
  {{- range .paths }}
  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
  {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "label-studio.fullname" . }})
  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
  echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" .Values.service.type }}
     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
           You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "label-studio.fullname" . }}'
  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "label-studio.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
  echo http://$SERVICE_IP:{{ .Values.service.port }}
 {{- else if contains "ClusterIP" .Values.service.type }}
  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "label-studio.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
 {{- end }}
--- a/label-studio/templates/_helpers.tpl
+++ b/label-studio/templates/_helpers.tpl
@@ -1,62 +0,0 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "label-studio.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "label-studio.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "label-studio.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "label-studio.labels" -}}
 helm.sh/chart: {{ include "label-studio.chart" . }}
 {{ include "label-studio.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "label-studio.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "label-studio.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "label-studio.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "label-studio.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
--- a/label-studio/templates/deployment.yaml
+++ b/label-studio/templates/deployment.yaml
@@ -1,371 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "ls-app.fullname" . }}
  {{- with .Values.app.deploymentAnnotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  labels:
    {{- include "ls-app.labels" . | nindent 4 }}
    {{- if .Values.app.labels }}
    {{- toYaml .Values.app.labels | nindent 4 }}
    {{- end }}
 spec:
  {{- if ne .Values.app.replicas nil }}
  replicas: {{ .Values.app.replicas }}
  {{- end }}
  selector:
    matchLabels:
      {{- include "ls-app.selectorLabels" . | nindent 6 }}
  {{- with .Values.app.deploymentStrategy }}
  strategy:
  {{- toYaml . | trim | nindent 4 }}
  {{- end }}
  template:
    metadata:
      {{- with .Values.app.annotations }}
      annotations:
        {{- toYaml . | nindent 12 }}
      {{- end }}
      labels:
        {{- include "ls-app.selectorLabels" . | nindent 8 }}
        {{- if .Values.app.podLabels }}
        {{- toYaml .Values.app.podLabels | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "ls-app.serviceAccountName" . }}
      {{- if .Values.app.podSecurityContext.enabled }}
      securityContext: {{- omit .Values.app.podSecurityContext "enabled" | toYaml | nindent 8 }}
      {{- end }}
      automountServiceAccountToken: {{ .Values.app.automountServiceAccountToken }}
      initContainers:
        {{- if .Values.app.initContainers }}
        {{- range .Values.app.initContainers }}
        - name: {{ .name }}
          image: {{ or .image (printf "%s/%s:%s" ($.Values.global.image.registry | default "docker.io") $.Values.global.image.repository $.Values.global.image.tag) ($.Chart.AppVersion) }}
          args: {{- range .args }}
            - {{ . }}
          {{- end }}
          imagePullPolicy: {{ or .pullPolicy $.Values.global.image.pullPolicy }}
          {{- if .restartPolicy }}
          restartPolicy: {{ .restartPolicy }}
          {{- end }}
          {{- if $.Values.app.containerSecurityContext.enabled }}
          securityContext: {{- omit $.Values.app.containerSecurityContext "enabled" | toYaml | nindent 12 }}
          {{- end }}
          env:
            {{- include "ls.common.envs" $ | nindent 12 }}
            - name: INIT_CONTAINER
              value: "true"
          volumeMounts:
            - name: data
              mountPath: /label-studio/data
            - mountPath: /opt/heartex/instance-data/etc
              name: opt-heartex-init
            - mountPath: /tmp
              name: tmp-dir-init
            {{- if $.Values.global.pgConfig.ssl.pgSslSecretName }}
            - name: pg-ssl-certs
              mountPath: /opt/heartex/secrets/pg_certs
            {{- end }}
            {{- if $.Values.global.redisConfig.ssl.redisSslSecretName }}
            - name: redis-ssl-certs
              mountPath: /opt/heartex/secrets/redis_certs
            {{- end }}
            {{- if .extraVolumeMounts }}
              {{ toYaml .extraVolumeMounts | nindent 12 }}
            {{- end }}
          {{- end }}
          {{- end }}
        {{- if not .Values.migrationJob.enabled }}
        - name: db-migrations
          image: "{{ .Values.global.image.registry | default "docker.io" }}/{{ .Values.global.image.repository }}:{{ .Values.global.image.tag | default .Chart.AppVersion }}"
          args: [ "label-studio-migrate" ]
          imagePullPolicy: {{ .Values.global.image.pullPolicy }}
          {{- if .Values.app.containerSecurityContext.enabled }}
          securityContext: {{- omit .Values.app.containerSecurityContext "enabled" | toYaml | nindent 12 }}
          {{- end }}
          resources:
            {{- toYaml .Values.app.initContainer.resources | nindent 12 }}
          env:
            {{- include "ls.common.envs" . | nindent 12 }}
            - name: INIT_CONTAINER
              value: "true"
          volumeMounts:
            - name: data
              mountPath: /label-studio/data
            - mountPath: /opt/heartex/instance-data/etc
              name: opt-heartex-init
            - mountPath: /tmp
              name: tmp-dir-init
            {{- if .Values.global.pgConfig.ssl.pgSslSecretName }}
            - name: pg-ssl-certs
              mountPath: /opt/heartex/secrets/pg_certs
            {{- end }}
            {{- if .Values.global.redisConfig.ssl.redisSslSecretName }}
            - name: redis-ssl-certs
              mountPath: /opt/heartex/secrets/redis_certs
            {{- end }}
            {{- if .Values.app.extraVolumeMounts }}
              {{ toYaml .Values.app.extraVolumeMounts | nindent 12 }}
            {{- end }}
        {{- end }}
        {{- if .Values.app.postMigrationInitContainers }}
        {{- range .Values.app.postMigrationInitContainers }}
        - name: {{ .name }}
          image: {{ or .image (printf "%s/%s:%s" ($.Values.global.image.registry | default "docker.io") $.Values.global.image.repository $.Values.global.image.tag) ($.Chart.AppVersion) }}
          args: {{- range .args }}
            - {{ . }}
          {{- end }}
          imagePullPolicy: {{ or .pullPolicy $.Values.global.image.pullPolicy }}
          {{- if .restartPolicy }}
          restartPolicy: {{ .restartPolicy }}
          {{- end }}
          {{- if $.Values.app.containerSecurityContext.enabled }}
          securityContext: {{- omit $.Values.app.containerSecurityContext "enabled" | toYaml | nindent 12 }}
          {{- end }}
          env:
            {{- include "ls.common.envs" $ | nindent 12 }}
            - name: INIT_CONTAINER
              value: "true"
          volumeMounts:
            - name: data
              mountPath: /label-studio/data
            - mountPath: /opt/heartex/instance-data/etc
              name: opt-heartex-init
            - mountPath: /tmp
              name: tmp-dir-init
            {{- if $.Values.global.pgConfig.ssl.pgSslSecretName }}
            - name: pg-ssl-certs
              mountPath: /opt/heartex/secrets/pg_certs
            {{- end }}
            {{- if $.Values.global.redisConfig.ssl.redisSslSecretName }}
            - name: redis-ssl-certs
              mountPath: /opt/heartex/secrets/redis_certs
            {{- end }}
            {{- if .extraVolumeMounts }}
              {{ toYaml .extraVolumeMounts | nindent 12 }}
            {{- end }}
          {{- end }}
          {{- end }}
      terminationGracePeriodSeconds: {{ .Values.app.terminationGracePeriodSeconds }}
      containers:
        - name: app
          image: "{{ .Values.global.image.registry | default "docker.io" }}/{{ .Values.global.image.repository }}:{{ .Values.global.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.global.image.pullPolicy }}
          {{- if .Values.app.containerSecurityContext.enabled }}
          securityContext: {{- omit .Values.app.containerSecurityContext "enabled" | toYaml | nindent 12 }}
          {{- end }}
          args: {{-  range .Values.app.args }}
            - {{ . }}
          {{- end }}
          env:
            - name: SKIP_DB_MIGRATIONS
              value: "true"
            {{- include "ls.common.envs" . | nindent 12 }}
            {{- if .Values.app.extraEnvironmentVars -}}
            {{- range $key, $value := .Values.app.extraEnvironmentVars }}
            - name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
              value: {{ $value | quote }}
            {{- end }}
            {{- end }}
            {{- if .Values.app.extraEnvironmentSecrets -}}
            {{- range $key, $value := .Values.app.extraEnvironmentSecrets }}
            - name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
              valueFrom:
                secretKeyRef:
                  name: {{ $value.secretName }}
                  key: {{ $value.secretKey }}
            {{- end }}
            {{- end }}
            {{- if or $.Values.app.cmdWrapper $.Values.global.cmdWrapper }}
            - name: CMD_WRAPPER
              value: {{ coalesce $.Values.app.cmdWrapper $.Values.global.cmdWrapper }}
            {{- end }}
          {{- if .Values.app.readinessProbe.enabled }}
          readinessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.app.readinessProbe "enabled") "context" $) | nindent 12 }}
          {{- end }}
          {{- if .Values.app.livenessProbe.enabled }}
          livenessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.app.livenessProbe "enabled") "context" $) | nindent 12 }}
          {{- end }}
          lifecycle:
            preStop:
              exec:
                command: [ '/bin/sh', '-c', 'sleep {{ .Values.app.preStopDelaySeconds }}' ]
          resources:
            {{- toYaml .Values.app.resources | nindent 12 }}
          volumeMounts:
            - name: data
              mountPath: /label-studio/data
            {{- if and .Values.global.persistence.enabled (eq .Values.global.persistence.type "gcs") }}
            {{- if or .Values.global.persistence.config.gcs.applicationCredentialsJSON (and .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecret .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecretKey) }}
            - name: gcs-storage-credentials
              mountPath: /opt/heartex/secrets/gcs
              readOnly: true
            {{- end }}
            {{- end }}
            {{- if .Values.global.pgConfig.ssl.pgSslSecretName }}
            - name: pg-ssl-certs
              mountPath: /opt/heartex/secrets/pg_certs
            {{- end }}
            {{- if .Values.global.redisConfig.ssl.redisSslSecretName }}
            - name: redis-ssl-certs
              mountPath: /opt/heartex/secrets/redis_certs
            {{- end }}
            {{- if .Values.app.extraVolumeMounts }}
              {{ toYaml .Values.app.extraVolumeMounts | nindent 12 }}
            {{- end }}
            - mountPath: /opt/heartex/instance-data/etc
              name: opt-heartex-app
            - mountPath: /tmp
              name: tmp-dir-app
          {{- if .Values.metrics.enabled }}
          ports:
            - name: "djangometrics"
              containerPort: 8000
          {{- end }}
        - name: nginx
          image: "{{ .Values.global.image.registry | default "docker.io" }}/{{ .Values.global.image.repository }}:{{ .Values.global.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.global.image.pullPolicy }}
          {{- if .Values.app.containerSecurityContext.enabled }}
          securityContext: {{- omit .Values.app.containerSecurityContext "enabled" | toYaml | nindent 12 }}
          {{- end }}
          args: {{-  range .Values.app.nginx.args }}
            - {{ . }}
          {{- end }}
          env:
            - name: APP_HOST
              value: localhost
            {{- include "ls.common.envs" . | nindent 12}}
            {{- if .Values.app.nginx.extraEnvironmentVars -}}
            {{- range $key, $value := .Values.app.nginx.extraEnvironmentVars }}
            - name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
              value: {{ $value | quote }}
            {{- end }}
            {{- end }}
            {{- if .Values.app.nginx.extraEnvironmentSecrets -}}
            {{- range $key, $value := .Values.app.nginx.extraEnvironmentSecrets }}
            - name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
              valueFrom:
                secretKeyRef:
                  name: {{ $value.secretName }}
                  key: {{ $value.secretKey }}
            {{- end }}
            {{- end }}
          ports:
            - name: {{ .Values.app.service.portName }}
              containerPort: 8085
              protocol: TCP
          lifecycle:
            preStop:
              exec:
                command: [ '/bin/sh', '-c', 'sleep {{ .Values.app.preStopDelaySeconds }}' ]
          {{- if .Values.app.nginx.readinessProbe.enabled }}
          readinessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.app.nginx.readinessProbe "enabled") "context" $) | nindent 12 }}
          {{- end }}
          {{- if .Values.app.nginx.livenessProbe.enabled }}
          livenessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.app.nginx.livenessProbe "enabled") "context" $) | nindent 12 }}
          {{- end }}
          resources:
            {{- toYaml .Values.app.nginx.resources | nindent 12 }}
          volumeMounts:
            - name: data
              mountPath: /label-studio/data
            {{- if .Values.app.extraVolumeMounts }}
              {{ toYaml .Values.app.extraVolumeMounts | nindent 12 }}
            {{- end }}
            - mountPath: /opt/heartex/instance-data/etc
              name: opt-heartex-nginx
            - mountPath: /tmp
              name: tmp-dir-nginx
        {{- if and .Values.metrics.enabled .Values.metrics.uwsgiExporter.enabled }}
        - name: uwsgi-exporter
          image: "{{ .Values.metrics.uwsgiExporter.image.repository }}:{{ .Values.metrics.uwsgiExporter.image.tag | default "latest" }}"
          imagePullPolicy: {{ .Values.metrics.uwsgiExporter.image.pullPolicy }}
          {{- if .Values.metrics.uwsgiExporter.containerSecurityContext.enabled }}
          securityContext: {{- omit .Values.metrics.uwsgiExporter.containerSecurityContext "enabled" | toYaml | nindent 12 }}
          {{- end }}
          args:
            - "--stats.uri=http://localhost:1717"
          {{- if .Values.metrics.uwsgiExporter.resources }}
          resources: {{- toYaml .Values.metrics.uwsgiExporter.resources | nindent 12 }}
          {{- end }}
          {{- if .Values.metrics.uwsgiExporter.readinessProbe.enabled }}
          readinessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.metrics.uwsgiExporter.readinessProbe "enabled") "context" $) | nindent 12 }}
          {{- end }}
          {{- if .Values.metrics.uwsgiExporter.livenessProbe.enabled }}
          livenessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.metrics.uwsgiExporter.livenessProbe "enabled") "context" $) | nindent 12 }}
          {{- end }}
          ports:
            - name: "uwsgimetrics"
              containerPort: 9117
          {{- end }}
        {{- with .Values.app.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- if .Values.app.topologySpreadConstraints }}
      topologySpreadConstraints: {{- include "tplvalues.render" (dict "value" .Values.app.topologySpreadConstraints "context" $) | nindent 8 }}
      {{- end }}
      dnsPolicy: {{ .Values.app.dnsPolicy }}
      enableServiceLinks: {{ .Values.app.enableServiceLinks }}
      shareProcessNamespace: {{ .Values.app.shareProcessNamespace }}
      {{- with .Values.app.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.app.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      volumes:
        - name: data
          {{- if and .Values.global.persistence.enabled (eq .Values.global.persistence.type "volume") }}
          persistentVolumeClaim:
            claimName: {{ include "ls-pvc.claimName" . }}
          {{- else }}
          emptyDir: {}
          {{- end }}
        {{- if and .Values.global.persistence.enabled (eq .Values.global.persistence.type "gcs") }}
        {{- if or .Values.global.persistence.config.gcs.applicationCredentialsJSON (and .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecret .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecretKey) }}
        - name: gcs-storage-credentials
          secret:
            {{- if and .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecret .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecretKey }}
            secretName: {{ .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecret }}
            {{- else }}
            secretName: {{ include "ls-secrets.fullname" . }}
            {{- end }}
        {{- end }}
        {{- end }}
        {{- if .Values.global.pgConfig.ssl.pgSslSecretName }}
        - name: pg-ssl-certs
          secret:
            secretName: {{ include "tplvalues.render" ( dict "value" .Values.global.pgConfig.ssl.pgSslSecretName "context" $) }}
            defaultMode: 0640
        {{- end }}
        {{- if .Values.global.redisConfig.ssl.redisSslSecretName }}
        - name: redis-ssl-certs
          secret:
            secretName: {{ include "tplvalues.render" ( dict "value" .Values.global.redisConfig.ssl.redisSslSecretName "context" $) }}
            defaultMode: 0640
        {{- end }}
        {{- if .Values.app.extraVolumes -}}
          {{- toYaml .Values.app.extraVolumes | nindent 8 }}
        {{- end }}
        - name: opt-heartex-app
          emptyDir: { }
        - name: opt-heartex-nginx
          emptyDir: { }
        - name: opt-heartex-init
          emptyDir: { }
        - name: tmp-dir-app
          emptyDir: { }
        - name: tmp-dir-nginx
          emptyDir: { }
        - name: tmp-dir-init
          emptyDir: { }
--- a/label-studio/templates/hpa.yaml
+++ b/label-studio/templates/hpa.yaml
@@ -1,32 +0,0 @@
 {{- if .Values.autoscaling.enabled }}
 apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
  name: {{ include "label-studio.fullname" . }}
  labels:
    {{- include "label-studio.labels" . | nindent 4 }}
 spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: {{ include "label-studio.fullname" . }}
  minReplicas: {{ .Values.autoscaling.minReplicas }}
  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
  metrics:
    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
    - type: Resource
      resource:
        name: cpu
        target:
          type: Utilization
          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
    {{- end }}
    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
    - type: Resource
      resource:
        name: memory
        target:
          type: Utilization
          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
    {{- end }}
 {{- end }}
--- a/label-studio/templates/httproute.yaml
+++ b/label-studio/templates/httproute.yaml
@@ -1,38 +0,0 @@
 {{- if .Values.httpRoute.enabled -}}
 {{- $fullName := include "label-studio.fullname" . -}}
 {{- $svcPort := .Values.service.port -}}
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
  name: {{ $fullName }}
  labels:
    {{- include "label-studio.labels" . | nindent 4 }}
  {{- with .Values.httpRoute.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
  parentRefs:
    {{- with .Values.httpRoute.parentRefs }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- with .Values.httpRoute.hostnames }}
  hostnames:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  rules:
    {{- range .Values.httpRoute.rules }}
    {{- with .matches }}
    - matches:
      {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .filters }}
      filters:
      {{- toYaml . | nindent 8 }}
    {{- end }}
      backendRefs:
        - name: {{ $fullName }}
          port: {{ $svcPort }}
          weight: 1
    {{- end }}
 {{- end }}
--- a/label-studio/templates/ingress.yaml
+++ b/label-studio/templates/ingress.yaml
@@ -1,65 +0,0 @@
 {{- if .Values.app.ingress.enabled -}}
 {{- $fullName := include "ls-app.fullname" . -}}
 {{- $svcPort := .Values.app.service.port -}}
 {{- if and .Values.app.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
  {{- if not (hasKey .Values.app.ingress.annotations "kubernetes.io/ingress.class") }}
  {{- $_ := set .Values.app.ingress.annotations "kubernetes.io/ingress.class" .Values.app.ingress.className}}
  {{- end }}
 {{- end }}
 {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1
 {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
 apiVersion: extensions/v1beta1
 {{- end }}
 kind: Ingress
 metadata:
  name: {{ $fullName }}
  labels:
    {{- include "ls-app.labels" . | nindent 4 }}
  {{- with .Values.app.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
  {{- if and .Values.app.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
  ingressClassName: {{ .Values.app.ingress.className | quote }}
  {{- end }}
  {{- if .Values.app.ingress.tls }}
  tls:
    {{- range .Values.app.ingress.tls }}
    - hosts:
        {{- range .hosts }}
        - {{ . | quote }}
        {{- end }}
      secretName: {{ .secretName }}
    {{- end }}
  {{- end }}
  rules:
    - host: {{ .Values.app.ingress.host | quote }}
      http:
        paths:
          {{- if .Values.app.ingress.extraPaths }}
          {{- toYaml .Values.app.ingress.extraPaths | nindent 10 }}
          {{- end }}
          - path: {{ default "/" .Values.app.ingress.path }}
            pathType: {{ .Values.app.ingress.pathType }}
            backend:
              service:
                name: {{ $fullName }}
                port:
                  number: {{ $svcPort }}
    {{- range .Values.app.ingress.extraHosts }}
    - host: {{ .name }}
      http:
        paths:
          - path: {{ default "/" .path }}
            pathType: {{ default "ImplementationSpecific" .pathType }}
            backend:
              service:
                name: {{ $fullName }}
                port:
                  number: {{ $svcPort }}
    {{- end }}
 {{- end }}
--- a/label-studio/templates/pvc.yaml
+++ b/label-studio/templates/pvc.yaml
@@ -1,36 +0,0 @@
 {{- if .Values.global.persistence.enabled }}
 {{- if and (eq .Values.global.persistence.type "volume") (not .Values.global.persistence.config.volume.existingClaim) }}
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: {{ include "ls-pvc.fullname" . }}
  {{- if eq .Values.global.persistence.config.volume.resourcePolicy "keep" }}
  annotations:
    helm.sh/resource-policy: keep
  {{- end }}
  namespace: {{ .Release.Namespace }}
  labels:
  {{- include "ls-pvc.labels" . | nindent 4 }}
  {{- if .Values.global.persistence.config.volume.annotations }}
  annotations:
    {{- if .Values.global.persistence.config.volume.annotations }}
    {{- include "tplvalues.render" ( dict "value" .Values.global.persistence.config.volume.annotations "context" $ ) | nindent 4 }}
    {{- end }}
  {{- end }}
 spec:
  accessModes:
  {{- range .Values.global.persistence.config.volume.accessModes }}
    - {{ . | quote }}
  {{- end }}
  resources:
    requests:
      storage: {{ .Values.global.persistence.config.volume.size | quote }}
  {{- if .Values.global.persistence.config.volume.storageClass -}}
    {{- if (eq "-" .Values.global.persistence.config.volume.storageClass) -}}
  storageClassName: ""
    {{- else }}
  storageClassName: {{ .Values.global.persistence.config.volume.storageClass }}
    {{- end -}}
  {{- end -}}
 {{- end }}
 {{- end }}
--- a/label-studio/templates/service.yaml
+++ b/label-studio/templates/service.yaml
@@ -1,36 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "ls-app.fullname" . }}
  labels:
    {{- include "ls-app.labels" . | nindent 4 }}
  {{- with .Values.app.service.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
  type: {{ .Values.app.service.type }}
  ports:
    - port: {{ .Values.app.service.port }}
      targetPort: {{ .Values.app.service.targetPort }}
      protocol: TCP
      name: {{ .Values.app.service.portName }}
    {{- if and .Values.metrics.enabled .Values.metrics.uwsgiExporter.enabled }}
    - port: 9117
      targetPort: "uwsgimetrics"
      protocol: "TCP"
      name: "uwsgimetrics"
    {{- end }}
    {{- if and .Values.metrics.enabled }}
    - port: 8000
      targetPort: "djangometrics"
      protocol: "TCP"
      name: "djangometrics"
    {{- end }}
  selector:
    {{- include "ls-app.selectorLabels" . | nindent 4 }}
  sessionAffinity: {{ .Values.app.service.sessionAffinity }}
  {{- if .Values.app.service.sessionAffinityConfig }}
  sessionAffinityConfig:
    {{- toYaml .Values.app.service.sessionAffinityConfig | nindent 4 }}
  {{- end }}
--- a/label-studio/templates/serviceaccount.yaml
+++ b/label-studio/templates/serviceaccount.yaml
@@ -1,13 +0,0 @@
 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "label-studio.serviceAccountName" . }}
  labels:
    {{- include "label-studio.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
 {{- end }}
--- a/label-studio/templates/tests/test-connection.yaml
+++ b/label-studio/templates/tests/test-connection.yaml
@@ -1,15 +0,0 @@
 apiVersion: v1
 kind: Pod
 metadata:
  name: "{{ include "label-studio.fullname" . }}-test-connection"
  labels:
    {{- include "label-studio.labels" . | nindent 4 }}
  annotations:
    "helm.sh/hook": test
 spec:
  containers:
    - name: wget
      image: busybox
      command: ['wget']
      args: ['{{ include "label-studio.fullname" . }}:{{ .Values.service.port }}']
  restartPolicy: Never
--- a/label-studio/values.yaml
+++ b/label-studio/values.yaml
@@ -1,774 +0,0 @@
 # Default values for Label Studio.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 global:
  # Image pull secret to use for registry authentication.
  # Alternatively, you can specify the value as an array of strings.
  imagePullSecrets: []
  image:
    registry: docker.io
    repository: heartexlabs/label-studio
    pullPolicy: IfNotPresent
    tag: ""
  pgConfig:
    host: "127.0.0.1"
    port: 5432
    dbName: "label"
    userName: "label"
    password:
      secretName: "label-studio-pg-password"
      secretKey: "label-studio-pg-password"
    ssl:
      pgSslMode: ""
      pgSslSecretName: ""
      pgSslRootCertSecretKey: ""
      pgSslCertSecretKey: ""
      pgSslKeySecretKey: ""
  # Redis location, for example redis://[:password]@localhost:6379/1
  # Supported only in LSE
  redisConfig:
    host: "127.0.0.1"
    password:
      secretName: "label-studio-redis-password"
      secretKey: "label-studio-redis-password"
    ssl:
      redisSslCertReqs: ""
      redisSslSecretName: ""
      redisSslCaCertsSecretKey: ""
      redisSslCertFileSecretKey: ""
      redisSslKeyFileSecretKey: ""
  extraEnvironmentVars: {}
  extraEnvironmentSecrets: { }
  persistence:
    enabled: true
    type: volume # s3, azure, gcs
    config:
      s3:
        accessKey: ""
        secretKey: ""
        accessKeyExistingSecret: ""
        accessKeyExistingSecretKey: ""
        secretKeyExistingSecret: ""
        secretKeyExistingSecretKey: ""
        region: ""
        bucket: ""
        folder: ""
        urlExpirationSecs: "86400"
        endpointUrl: ""
        objectParameters: {}
      volume:
        ## If defined, storageClassName: <storageClass>
        ## If set to "-", storageClassName: "", which disables dynamic provisioning
        ## If undefined (the default) or set to null, no storageClassName spec is
        ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
        ##   GKE, AWS & OpenStack)
        ##
        storageClass: ""
        size: 10Gi
        accessModes:
          - ReadWriteOnce
        annotations: {}
        existingClaim: ""
        resourcePolicy: ""
      azure:
        storageAccountName: ""
        storageAccountKey: ""
        storageAccountNameExistingSecret: ""
        storageAccountNameExistingSecretKey: ""
        storageAccountKeyExistingSecret: ""
        storageAccountKeyExistingSecretKey: ""
        containerName: ""
        folder: ""
        urlExpirationSecs: "86400"
      gcs:
        projectID: ""
        applicationCredentialsJSON: ""
        applicationCredentialsJSONExistingSecret: ""
        applicationCredentialsJSONExistingSecretKey: ""
        bucket: ""
        folder: ""
        urlExpirationSecs: "86400"
  featureFlags: { }
  # File name of a shell script to load additional template environment variables from.
  # This is useful when using Vault.
  # "- /vault/secrets/config"
  envInjectSources: []
  ## @param app.cmdWrapper Additional commands to run prior to starting App. Useful to run wrappers before startup command
  ## e.g:
  ## cmdWrapper: "newrelic-admin run-program"
  ##
  cmdWrapper: ""
  # File names of a custom SSL root certs. These filename will be appended to existing root certs.
  # "- /tmp/my_cool_root_cert"
  customCaCerts: [ ]
 app:
  # Update strategy - only really applicable for deployments with RWO PVs attached
  # If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
  # PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
  # terminate the single previous pod, so that the new, incoming pod can attach to the PV
  deploymentStrategy:
    type: RollingUpdate
  deploymentAnnotations: { }
  replicas: 1
  NameOverride: ""
  FullnameOverride: ""
  labels: { }
  podLabels: { }
  ## @param app.args Override default container args (useful when using custom images)
  ##
  args:
    - "label-studio-uwsgi"
  resources:
    requests: {}
      ## Example:
      # memory: "600Mi"
      # cpu: "250m"
    limits: {}
    ## Example:
    #  memory: "4000Mi"
    #  cpu: "4"
  initContainer:
    resources:
      requests: {}
        ## Example:
        # memory: 384Mi
        # cpu: 250m
      limits: {}
        ## Example:
        # memory: 512Mi
        # cpu: 500m
  nginx:
    args:
      - "nginx"
    extraEnvironmentVars: {}
    extraEnvironmentSecrets: {}
    resources:
      requests: {}
        ## Example
        ## memory: 384Mi
        ## cpu: 250m
      limits: {}
        ## Example:
        ## memory: 1G
        ## cpu: 1000m
    livenessProbe:
      enabled: true
      tcpSocket:
        port: 8085
      initialDelaySeconds: 10
      periodSeconds: 10
      timeoutSeconds: 3
      failureThreshold: 3
      successThreshold: 1
    readinessProbe:
      enabled: true
      httpGet:
        path: /nginx_health
        port: 8085
      initialDelaySeconds: 10
      periodSeconds: 5
      timeoutSeconds: 3
      failureThreshold: 1
      successThreshold: 1
  # extraEnvironmentVars is a list of extra environment variables to set in the
  # app deployment.
  extraEnvironmentVars: { }
  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
  # extraEnvironmentSecrets is a list of extra environment variables to set in the
  # app deployment.
  extraEnvironmentSecrets: { }
  # MYSQL_PASSWORD:
  #   secretName: mysql_secret
  #   secretKey: password
  # nodeSelector labels for pod assignment, formatted as a multi-line string or YAML map.
  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
  # Example:
  # nodeSelector:
  #   beta.kubernetes.io/arch: amd64
  nodeSelector: { }
  topologySpreadConstraints: [ ]
  dnsPolicy: "ClusterFirst"
  enableServiceLinks: false
  shareProcessNamespace: false
  automountServiceAccountToken: true
  # Extra k8s annotations to attach to the app pods
  # This can either be YAML or a YAML-formatted multi-line templated string map
  # of the annotations to apply to the app pods
  annotations: { }
  # Extra k8s labels to attach to Label Studio Enterprise.
  # Provide a YAML map of k8s labels.
  extraLabels: { }
  affinity: { }
  # Toleration Settings for app pods
  # Provide either a multi-line string or YAML matching the Toleration array
  # in a PodSpec.
  tolerations: []
  # Used to define custom readinessProbe settings
  readinessProbe:
    enabled: true
    httpGet:
      path: /health
      port: 8000
      scheme: HTTP
    # When a probe fails, Kubernetes will try failureThreshold times before giving up
    failureThreshold: 1
    # Number of seconds after the container has started before probe initiates
    initialDelaySeconds: 60
    # How often (in seconds) to perform the probe
    periodSeconds: 5
    # Minimum consecutive successes for the probe to be considered successful after having failed
    successThreshold: 1
    # Number of seconds after which the probe times out.
    timeoutSeconds: 1
  # Used to enable a livenessProbe for the pods
  livenessProbe:
    enabled: true
    tcpSocket:
      port: 8000
    # When a probe fails, Kubernetes will try failureThreshold times before giving up
    failureThreshold: 3
    # Number of seconds after the container has started before probe initiates
    initialDelaySeconds: 10
    # How often (in seconds) to perform the probe
    periodSeconds: 10
    # Minimum consecutive successes for the probe to be considered successful after having failed
    successThreshold: 1
    # Number of seconds after which the probe times out.
    timeoutSeconds: 5
  service:
    type: ClusterIP
    port: 80
    targetPort: 8085
    portName: service
    annotations: { }
    sessionAffinity: "None"
    sessionAffinityConfig: { }
  ingress:
    enabled: false
    # For Kubernetes >= 1.18 you should specify the ingress-controller using the field ingressClassName
    # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
    className: ""
    annotations: { }
    ## Examples:
    ## kubernetes.io/tls-acme: "true"
    host: ""
    # You may need to set this to '/*' in order to use this with ALB ingress controllers.
    path: /
    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
    extraPaths: []
    pathType: ImplementationSpecific
    ## Examples:
    ## - path: /*
    ##   backend:
    ##     serviceName: ssl-redirect
    ##     servicePort: use-annotation
    tls: [ ]
    ## Examples:
    ##  - secretName: chart-example-tls
    ##    hosts:
    ##      - app.heartex.local
    ## @param api.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
    ## e.g:
    ## extraHosts:
    ##   - name: app.humansignal.local
    ##     path: /
    ##
    extraHosts: [ ]
  # Definition of the serviceAccount used to run Label Studio Enterprise
  serviceAccount:
    # Specifies whether to create a service account
    create: true
    # The name of the service account to use.
    # If not set and create is true, a name is generated using the fullname template
    name: ""
    # Extra k8s annotations for the serviceAccount definition. This can either be
    # YAML or a YAML-formatted multi-line templated string map of the
    # k8s annotations to apply to the serviceAccount.
    annotations: {}
  # Array to add extra volumes
  extraVolumes: [ ]
  # Array to add extra mounts (normally used with extraVolumes)
  extraVolumeMounts: [ ]
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  ## @param app.podSecurityContext.enabled Enable pod Security Context
  ##
  podSecurityContext:
    enabled: true
    fsGroup: 1001
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  ## @param containerSecurityContext.enabled Enable container Security Context
  ## @param containerSecurityContext.runAsNonRoot Avoid running as root User
  ## @param containerSecurityContext.allowPrivilegeEscalation Controls whether a process can gain more privileges than its parent process
  ##
  containerSecurityContext:
    enabled: true
    runAsUser: 1001
    runAsNonRoot: true
    allowPrivilegeEscalation: false
  ## RBAC configuration
  ##
  rbac:
    ## @param rbac.create Specifies whether RBAC resources should be created
    ##
    create: false
    ## @param app.rbac.rules Custom RBAC rules to set
    ## e.g:
    ## rules:
    ##   - apiGroups:
    ##       - ""
    ##     resources:
    ##       - pods
    ##     verbs:
    ##       - get
    ##       - list
    ##
    rules: []
  contextPath: /
  ## @param app.cmdWrapper Additional commands to run prior to starting App. Useful to run wrappers before startup command
  ## e.g:
  ## cmdWrapper: "newrelic-admin run-program"
  ##
  cmdWrapper: ""
  ## Minimal number of seconds preStop hook waits before LS is stopped to finish processing requests
  ## Note: must be set to lower value than terminationGracePeriodSeconds so that preStop hook finishes
  ## before grace period expires
  preStopDelaySeconds: 15
  # Seconds LS pod needs to terminate gracefully
  terminationGracePeriodSeconds: 30
  ## Add additional init containers to the App Deployment pod
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
  ## e.g:
  ## initContainers:
  ##  - name: your-image-name
  ##    image: your-image
  ##    imagePullPolicy: Always
  ##    command: ['sh', '-c', 'echo "hello world"']
  ##
  initContainers: [ ]
  ## Add additional init containers to the App Deployment pod after sql migration
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
  ## e.g:
  ## postMigrationInitContainers:
  ##  - name: your-image-name
  ##    image: your-image
  ##    imagePullPolicy: Always
  ##    command: ['sh', '-c', 'echo "hello world"']
  ##
  postMigrationInitContainers: [ ]
  ## Pod Disruption Budget configuration
  ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
  ## @param app.pdb.create Enable/disable a Pod Disruption Budget creation
  ## @param app.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
  ## @param app.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `app.pdb.minAvailable` and `app.pdb.maxUnavailable` are empty.
  ##
  pdb:
    create: false
    minAvailable: ""
    maxUnavailable: ""
 migrationJob:
  enabled: false
  # For Helm hooks, you can use:
  #  "helm.sh/hook": pre-install,pre-upgrade
  #  "helm.sh/hook-weight": "0"
  #  "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
  # For ArgoCD, you can also use:
  #  "argocd.argoproj.io/hook": PreSync
  #  "argocd.argoproj.io/hook-delete-policy": BeforeHookCreation
  annotations: {}
 rqworker:
  enabled: true
  NameOverride: ""
  FullnameOverride: ""
  labels: {}
  podLabels: {}
  deploymentStrategy:
    type: Recreate
  deploymentAnnotations: { }
  autoscaling:
    enabled: false
    scalingType: deployment
  queues:
    high:
      replicas: 1
      args: '"high"'
      resources:
        requests: {}
        limits: {}
      scaledOptions:
        minReplicaCount: 0
        maxReplicaCount: 5
        pollingInterval: 5
        cooldownPeriod: 60
        listLength: 10
    low:
      replicas: 1
      args: '"low"'
      resources:
        requests: {}
        limits: {}
      scaledOptions:
        minReplicaCount: 0
        maxReplicaCount: 5
        pollingInterval: 5
        cooldownPeriod: 60
        listLength: 10
    default:
      replicas: 4
      args: '"default"'
      resources:
        requests: {}
        limits: {}
      scaledOptions:
        minReplicaCount: 0
        maxReplicaCount: 5
        pollingInterval: 5
        cooldownPeriod: 60
        listLength: 10
    critical:
      replicas: 1
      args: '"critical"'
      resources:
        requests: {}
        limits: {}
      scaledOptions:
        minReplicaCount: 0
        maxReplicaCount: 5
        pollingInterval: 5
        cooldownPeriod: 60
        listLength: 10
  # Default fallback in the case if queue-specific resources are not set
  resources:
    requests: {}
      ## memory: "256Mi"
      ## cpu: "250m"
    limits: {}
      ## Example:
      ## memory: "1500Mi"
      ## cpu: "1"
  pdb:
    create: false
    minAvailable: ""
    maxUnavailable: ""
  # extraEnvironmentVars is a list of extra environment variables to set in the
  # rqworker deployment.
  extraEnvironmentVars: { }
  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
  # extraEnvironmentSecrets is a list of extra environment variables to set in the
  # rqworker deployment.
  extraEnvironmentSecrets: { }
  # MYSQL_PASSWORD:
  #   secretName: mysql_secret
  #   secretKey: password
  # nodeSelector labels for pod assignment, formatted as a multi-line string or YAML map.
  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
  # Example:
  # nodeSelector:
  #   beta.kubernetes.io/arch: amd64
  nodeSelector: { }
  topologySpreadConstraints: [ ]
  dnsPolicy: "ClusterFirst"
  enableServiceLinks: false
  shareProcessNamespace: false
  automountServiceAccountToken: true
  # Extra k8s annotations to attach to the rqworker pods
  # This can either be YAML or a YAML-formatted multi-line templated string map
  # of the annotations to apply to the rqworker pods
  annotations: { }
  # Extra k8s labels to attach to the rqworker
  # This should be a YAML map of the labels to apply to the rqworker
  extraLabels: { }
  affinity: { }
  # Toleration Settings for rqworker pods
  # Provide either a multi-line string or YAML matching the Toleration array
  # in a PodSpec.
  tolerations: []
  # Used to define custom readinessProbe settings
  readinessProbe:
    enabled: false
    path: /version
    # When a probe fails, Kubernetes will try failureThreshold times before giving up
    failureThreshold: 2
    # Number of seconds after the container has started before probe initiates
    initialDelaySeconds: 60
    # How often (in seconds) to perform the probe
    periodSeconds: 5
    # Minimum consecutive successes for the probe to be considered successful after having failed
    successThreshold: 1
    # Number of seconds after which the probe times out.
    timeoutSeconds: 3
  # Used to enable a livenessProbe for the pods
  livenessProbe:
    enabled: false
    path: "/health"
    # When a probe fails, Kubernetes will try failureThreshold times before giving up
    failureThreshold: 2
    # Number of seconds after the container has started before probe initiates
    initialDelaySeconds: 60
    # How often (in seconds) to perform the probe
    periodSeconds: 5
    # Minimum consecutive successes for the probe to be considered successful after having failed
    successThreshold: 1
    # Number of seconds after which the probe times out.
    timeoutSeconds: 3
  # Definition of the serviceAccount used to run rqworker for Label Studio Enterprise
  serviceAccount:
    # Specifies whether to create a service account
    create: true
    # The name of the service account to use.
    # If not set and create is true, a name is generated using the fullname template
    name: ""
    # Extra k8s annotations for the serviceAccount definition. This can either be
    # YAML or a YAML-formatted multi-line templated string map of the
    # k8s annotations to apply to the serviceAccount.
    annotations: { }
  # Array to add extra volumes
  extraVolumes: [ ]
  # Array to add extra mounts (normally used with extraVolumes)
  extraVolumeMounts: [ ]
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  ## @param rqworker.podSecurityContext.enabled Enable pod Security Context
  ##
  podSecurityContext:
    enabled: true
    fsGroup: 1001
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  ## @param containerSecurityContext.enabled Enable container Security Context
  ## @param containerSecurityContext.runAsNonRoot Avoid running as root User
  ## @param containerSecurityContext.allowPrivilegeEscalation Controls whether a process can gain more privileges than its parent process
  ##
  containerSecurityContext:
    enabled: true
    runAsUser: 1001
    runAsNonRoot: true
    allowPrivilegeEscalation: false
  ## RBAC configuration
  ##
  rbac:
    ## @param rbac.create Specifies whether RBAC resources should be created
    ##
    create: false
    ## @param rqworker.rbac.rules Custom RBAC rules to set
    ## e.g:
    ## rules:
    ##   - apiGroups:
    ##       - ""
    ##     resources:
    ##       - pods
    ##     verbs:
    ##       - get
    ##       - list
    ##
    rules: []
  ## @param app.cmdWrapper Additional commands to run prior to starting App. Useful to run wrappers before startup command
  ## e.g:
  ## cmdWrapper: "newrelic-admin run-program"
  ##
  cmdWrapper: ""
  # Seconds rqworker pod needs to terminate gracefully
  terminationGracePeriodSeconds: 30
 #  [Enterprise Only]
 enterprise:
  enabled: false
  # This value refers to a Kubernetes secret that you have
  # created that contains your enterprise license.
  enterpriseLicense:
    # The name of the Kubernetes secret that holds the enterprise license. The
    # secret must be in the same namespace that Label Studio Enterprise is installed into.
    secretName: ""
    # The key within the Kubernetes secret that holds the enterprise license.
    secretKey: "license"
 postgresql:
  enabled: true
  clusterDomain: cluster.local
  architecture: standalone
  image:
    repository: bitnamilegacy/postgresql
    tag: 13.18.0
  auth:
    username: "labelstudio"
    password: "labelstudio"
    database: "labelstudio"
  volumePermissions:
    image:
      repository: bitnamilegacy/os-shell
  metrics:
    image:
      repository: bitnamilegacy/postgres-exporter
  global:
    security:
      allowInsecureImages: true
 redis:
  enabled: false
  clusterDomain: cluster.local
  architecture: standalone
  master:
    enableServiceLinks: false
  auth:
    enabled: false
  image:
    repository: bitnamilegacy/redis
  sentinel:
    image:
      repository: bitnamilegacy/redis-sentinel
  kubectl:
    image:
      repository: bitnamilegacy/kubectl
  sysctl:
    image:
      repository: bitnamilegacy/os-shell
  metrics:
    image:
      repository: bitnamilegacy/redis-exporter
  volumePermissions:
    image:
      repository: bitnamilegacy/os-shell
  global:
    security:
      allowInsecureImages: true
 ci: false
 clusterDomain: cluster.local
 checkConfig:
  skipEnvValues: false
 cronjob:
  enabled: false
  jobs: {}
  annotations: {}
  NameOverride: ""
  FullnameOverride: ""
 metrics:
  enabled: false
  serviceMonitor:
    enabled: false
    annotations: {}
    labels: {}
    jobLabel: ""
    honorLabels: false
    interval: ""
    scrapeTimeout: ""
    metricRelabelings: []
    relabelings: []
    selector: {}
  uwsgiExporter:
    enabled: false
    image:
      registry: "docker.io"
      repository: "timonwong/uwsgi-exporter"
      tag: "v1.3.0"
      pullPolicy: "Always"
      pullSecrets: [ ]
    containerSecurityContext:
      enabled: true
      allowPrivilegeEscalation: false
      readOnlyRootFilesystem: false
      runAsUser: 1001
    resources:
      requests: { }
      ## Example:
      #        cpu: "200m"
      #        memory: "64Mi"
      limits: { }
      #        cpu: "20m"
      #        memory: "128Mi"
    livenessProbe:
      enabled: false
      httpGet:
        path: "/-/healthy"
        port: "uwsgimetrics"
      initialDelaySeconds: 2
      periodSeconds: 10
      timeoutSeconds: 5
      failureThreshold: 3
      successThreshold: 1
    readinessProbe:
      enabled: false
      httpGet:
        path: "/metrics"
        port: "uwsgimetrics"
      initialDelaySeconds: 2
      periodSeconds: 10
      timeoutSeconds: 5
      failureThreshold: 3
      successThreshold: 1
--- a/lbl-01/.helmignore
+++ b/lbl-01/.helmignore
@@ -1,23 +0,0 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/lbl-01/Chart.yaml
+++ b/lbl-01/Chart.yaml
@@ -1,45 +0,0 @@
 apiVersion: v2
 name: label-studio
 description: A Helm chart for Label Studio - Open source data labeling tool for Machine Learning
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
 # to be deployed.
 #
 # Library charts provide useful utilities or functions for the chart developer. They're included as
 # a dependency of application charts to inject those utilities and functions into the rendering
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 version: 1.0.3
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 appVersion: "develop"
 # Keywords for the chart
 keywords:
  - label-studio
  - machine-learning
  - data-labeling
  - annotation
  - ai
 # Home page URL
 home: https://labelstud.io/
 # Source code URLs
 sources:
  - https://github.com/heartexlabs/label-studio
 # Maintainers
 maintainers:
  - name: HeartexLabs
    email: hello@heartex.com
    url: https://heartex.com/
--- a/lbl-01/DEPLOYMENT.md
+++ b/lbl-01/DEPLOYMENT.md
@@ -1,411 +0,0 @@
 # Label Studio Helm Chart Deployment Guide
 This guide provides step-by-step instructions for deploying Label Studio using the Helm chart.
 ## Prerequisites
 Before deploying Label Studio, ensure you have:
 1. **Kubernetes cluster** (v1.19+)
 2. **Helm** (v3.0+)
 3. **kubectl** configured to access your cluster
 4. **PostgreSQL database** (can be deployed separately or use managed service)
 5. **Redis instance** (can be deployed separately or use managed service)
 6. **Storage class** available in your cluster
 ## Quick Start
 ### 1. Clone or Download the Chart
 ```bash
 # If you have the chart locally
 cd /path/to/helm-chart/lbl-01
 # Or download from repository
 helm repo add label-studio https://your-repo-url
 helm repo update
 ```
 ### 2. Create Namespace
 ```bash
 kubectl create namespace label-studio
 ```
 ### 3. Deploy Dependencies
 #### PostgreSQL (using Bitnami chart)
 ```bash
 helm repo add bitnami https://charts.bitnami.com/bitnami
 helm repo update
 helm install postgresql bitnami/postgresql \
  --namespace label-studio \
  --set auth.postgresPassword=labelstudio123 \
  --set auth.username=labelstudio \
  --set auth.password=labelstudio123 \
  --set auth.database=labelstudio \
  --set primary.persistence.enabled=true \
  --set primary.persistence.size=20Gi
 ```
 #### Redis (using Bitnami chart)
 ```bash
 helm install redis bitnami/redis \
  --namespace label-studio \
  --set auth.password=redis123 \
  --set master.persistence.enabled=true \
  --set master.persistence.size=8Gi
 ```
 ### 4. Create Secrets
 ```bash
 # PostgreSQL secret
 kubectl create secret generic postgresql-secret \
  --from-literal=password=labelstudio123 \
  --namespace label-studio
 # Redis secret
 kubectl create secret generic redis-secret \
  --from-literal=password=redis123 \
  --namespace label-studio
 ```
 ### 5. Customize Values
 Copy the example values file and customize it:
 ```bash
 cp values-example.yaml my-values.yaml
 ```
 Edit `my-values.yaml` to match your environment:
 ```yaml
 # Update these values according to your setup
 global:
  pgConfig:
    host: "postgresql.label-studio.svc.cluster.local"
    password:
      secretName: "postgresql-secret"
      secretKey: "password"
  redisConfig:
    host: "redis://redis-master.label-studio.svc.cluster.local:6379/1"
    password:
      secretName: "redis-secret"
      secretKey: "password"
 ingress:
  enabled: true
  hosts:
    - host: label-studio.yourdomain.com  # Change this
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls:
    - secretName: label-studio-tls
      hosts:
        - label-studio.yourdomain.com  # Change this
 env:
  LABEL_STUDIO_HOST: "https://label-studio.yourdomain.com"  # Change this
  LABEL_STUDIO_USERNAME: "admin@yourdomain.com"  # Change this
  LABEL_STUDIO_PASSWORD: "your-secure-password"  # Change this
 ```
 ### 6. Deploy Label Studio
 ```bash
 helm install label-studio . \
  --namespace label-studio \
  --values my-values.yaml
 ```
 ### 7. Verify Deployment
 ```bash
 # Check pods
 kubectl get pods -n label-studio
 # Check services
 kubectl get svc -n label-studio
 # Check ingress
 kubectl get ingress -n label-studio
 # View logs
 kubectl logs -f deployment/label-studio -n label-studio
 ```
 ## Advanced Deployment Scenarios
 ### Production Deployment with External Database
 For production environments, use managed database services:
 ```yaml
 global:
  pgConfig:
    host: "your-rds-endpoint.amazonaws.com"
    port: 5432
    dbName: "labelstudio"
    userName: "labelstudio"
    password:
      secretName: "external-db-secret"
      secretKey: "password"
  redisConfig:
    host: "redis://your-elasticache-endpoint:6379/1"
    password:
      secretName: "external-redis-secret"
      secretKey: "password"
 resources:
  limits:
    cpu: 4000m
    memory: 8Gi
  requests:
    cpu: 2000m
    memory: 4Gi
 autoscaling:
  enabled: true
  minReplicas: 3
  maxReplicas: 20
  targetCPUUtilizationPercentage: 70
 ```
 ### High Availability Setup
 ```yaml
 replicaCount: 3
 affinity:
  podAntiAffinity:
    preferredDuringSchedulingIgnoredDuringExecution:
    - weight: 100
      podAffinityTerm:
        labelSelector:
          matchExpressions:
          - key: app.kubernetes.io/name
            operator: In
            values:
            - label-studio
        topologyKey: kubernetes.io/hostname
 resources:
  limits:
    cpu: 2000m
    memory: 4Gi
  requests:
    cpu: 1000m
    memory: 2Gi
 ```
 ### Storage Configuration
 #### S3 Storage
 ```yaml
 global:
  persistence:
    enabled: true
    type: s3
    config:
      s3:
        bucket: "your-s3-bucket"
        region: "us-west-2"
        accessKey:
          secretName: "s3-credentials"
          secretKey: "access-key"
        secretKey:
          secretName: "s3-credentials"
          secretKey: "secret-key"
 env:
  USE_S3: "true"
  S3_BUCKET: "your-s3-bucket"
  S3_REGION: "us-west-2"
 ```
 #### Azure Blob Storage
 ```yaml
 global:
  persistence:
    enabled: true
    type: azure
    config:
      azure:
        accountName: "yourstorageaccount"
        containerName: "labelstudio"
        accountKey:
          secretName: "azure-storage-secret"
          secretKey: "account-key"
 env:
  USE_AZURE: "true"
  AZURE_ACCOUNT_NAME: "yourstorageaccount"
  AZURE_CONTAINER: "labelstudio"
 ```
 ## Monitoring and Observability
 ### Enable Prometheus Metrics
 ```yaml
 env:
  PROMETHEUS_METRICS_ENABLED: "true"
  PROMETHEUS_METRICS_PORT: "9090"
 service:
  annotations:
    prometheus.io/scrape: "true"
    prometheus.io/port: "9090"
    prometheus.io/path: "/metrics"
 ```
 ### Logging Configuration
 ```yaml
 env:
  LOG_LEVEL: "INFO"
  LOG_FORMAT: "json"
  PYTHONUNBUFFERED: "1"
 ```
 ## Troubleshooting
 ### Common Issues
 1. **Pod not starting**
   ```bash
   kubectl describe pod <pod-name> -n label-studio
   kubectl logs <pod-name> -n label-studio
   ```
 2. **Database connection issues**
   ```bash
   # Test database connectivity
   kubectl run -it --rm debug --image=postgres:13 --restart=Never -- psql -h postgresql.label-studio.svc.cluster.local -U labelstudio -d labelstudio
   ```
 3. **Redis connection issues**
   ```bash
   # Test Redis connectivity
   kubectl run -it --rm debug --image=redis:6 --restart=Never -- redis-cli -h redis-master.label-studio.svc.cluster.local -a redis123
   ```
 4. **Ingress not working**
   ```bash
   kubectl describe ingress label-studio -n label-studio
   kubectl get events -n label-studio
   ```
 ### Health Checks
 ```bash
 # Check application health
 kubectl exec -it deployment/label-studio -n label-studio -- curl http://localhost:8080/health
 # Run Helm tests
 helm test label-studio -n label-studio
 ```
 ## Upgrading
 ### Upgrade the Chart
 ```bash
 # Update values if needed
 helm upgrade label-studio . \
  --namespace label-studio \
  --values my-values.yaml
 # Check upgrade status
 helm status label-studio -n label-studio
 ```
 ### Rollback
 ```bash
 # List releases
 helm history label-studio -n label-studio
 # Rollback to previous version
 helm rollback label-studio 1 -n label-studio
 ```
 ## Uninstalling
 ```bash
 # Uninstall Label Studio
 helm uninstall label-studio -n label-studio
 # Uninstall dependencies (if installed via Helm)
 helm uninstall postgresql -n label-studio
 helm uninstall redis -n label-studio
 # Delete namespace
 kubectl delete namespace label-studio
 ```
 ## Security Considerations
 1. **Use strong passwords** for database and Redis
 2. **Enable TLS** for ingress
 3. **Use secrets** for sensitive data
 4. **Configure RBAC** appropriately
 5. **Enable pod security policies**
 6. **Use non-root containers**
 7. **Scan images** for vulnerabilities
 ## Performance Tuning
 ### Resource Optimization
 ```yaml
 resources:
  limits:
    cpu: 2000m
    memory: 4Gi
  requests:
    cpu: 1000m
    memory: 2Gi
 # For high-traffic environments
 autoscaling:
  enabled: true
  minReplicas: 5
  maxReplicas: 50
  targetCPUUtilizationPercentage: 60
  targetMemoryUtilizationPercentage: 70
 ```
 ### Database Optimization
 ```yaml
 env:
  DJANGO_DB_CONN_MAX_AGE: "600"
  DJANGO_DB_OPTIONS: '{"MAX_CONNS": 20}'
 ```
 ## Support
 For issues and questions:
 - Check the [Label Studio documentation](https://labelstud.io/guide/)
 - Review the [GitHub issues](https://github.com/heartexlabs/label-studio)
 - Join the [Label Studio community](https://slack.labelstud.io/)
 ## Contributing
 To contribute to this Helm chart:
 1. Fork the repository
 2. Create a feature branch
 3. Make your changes
 4. Test thoroughly
 5. Submit a pull request
--- a/lbl-01/README.md
+++ b/lbl-01/README.md
@@ -1,291 +0,0 @@
 # Label Studio Helm Chart
 Helm chart để triển khai Label Studio - công cụ gán nhãn dữ liệu mã nguồn mở cho Machine Learning trên Kubernetes.
 ## Giới thiệu
 Label Studio là một công cụ gán nhãn dữ liệu mã nguồn mở được thiết kế để giúp bạn chuẩn bị dữ liệu huấn luyện cho các mô hình machine learning. Helm chart này giúp bạn triển khai Label Studio một cách dễ dàng trên Kubernetes cluster.
 ## Yêu cầu
 - Kubernetes 1.19+
 - Helm 3.2.0+
 - PV provisioner hỗ trợ trong underlying infrastructure (nếu sử dụng persistence)
 ## Cài đặt Chart
 ### Cài đặt cơ bản
 ```bash
 helm install my-label-studio ./lbl-01
 ```
 ### Cài đặt với custom values
 ```bash
 helm install my-label-studio ./lbl-01 -f my-values.yaml
 ```
 ## Gỡ cài đặt Chart
 ```bash
 helm uninstall my-label-studio
 ```
 ## Cấu hình
 ### Cấu hình cơ bản
 Dưới đây là một số cấu hình cơ bản trong `values.yaml`:
 ```yaml
 # Cấu hình image
 global:
  image:
    repository: heartexlabs/label-studio
    tag: "develop"
    pullPolicy: IfNotPresent
 # Cấu hình service
 service:
  type: ClusterIP
  port: 8080
  targetPort: 8080
 # Cấu hình ingress
 ingress:
  enabled: true
  className: "nginx"
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: "200m"
  hosts:
    - host: label-studio.local
      paths:
        - path: /
          pathType: ImplementationSpecific
 ```
 ### Cấu hình Database (PostgreSQL)
 ```yaml
 global:
  pgConfig:
    host: "postgresql.default.svc.cluster.local"
    port: 5432
    dbName: "labelstudio"
    userName: "labelstudio"
    password:
      secretName: "postgresql-secret"
      secretKey: "password"
 ```
 ### Cấu hình Redis
 ```yaml
 global:
  redisConfig:
    host: "redis://redis.default.svc.cluster.local:6379/1"
    password:
      secretName: "redis-secret"
      secretKey: "password"
 ```
 ### Cấu hình Storage
 #### Local Volume Storage
 ```yaml
 global:
  persistence:
    enabled: true
    type: volume
    config:
      volume:
        storageClass: "standard"
        size: 20Gi
        accessModes:
          - ReadWriteOnce
 ```
 #### AWS S3 Storage
 ```yaml
 global:
  persistence:
    enabled: true
    type: s3
    config:
      s3:
        accessKey: "your-access-key"
        secretKey: "your-secret-key"
        region: "us-west-2"
        bucket: "label-studio-data"
        folder: "media"
 ```
 ### Cấu hình Environment Variables
 ```yaml
 env:
  LABEL_STUDIO_HOST: "https://label-studio.yourdomain.com"
  LABEL_STUDIO_USERNAME: "admin@example.com"
  LABEL_STUDIO_PASSWORD: "your-secure-password"
  ENABLE_LOCAL_FILES_ACCESS: "true"
  LOCAL_FILES_SERVING_ENABLED: "true"
  SSRF_PROTECTION_ENABLED: "true"
 global:
  extraEnvironmentVars:
    PYTHONUNBUFFERED: "1"
    DEBUG: "false"
 ```
 ## Ví dụ triển khai hoàn chỉnh
 ### 1. Tạo namespace
 ```bash
 kubectl create namespace label-studio
 ```
 ### 2. Tạo secrets cho database
 ```bash
 kubectl create secret generic postgresql-secret \
  --from-literal=password=your-db-password \
  -n label-studio
 ```
 ### 3. Tạo values file
 ```yaml
 # my-values.yaml
 global:
  image:
    tag: "latest"
  pgConfig:
    host: "postgresql.label-studio.svc.cluster.local"
    port: 5432
    dbName: "labelstudio"
    userName: "labelstudio"
    password:
      secretName: "postgresql-secret"
      secretKey: "password"
  persistence:
    enabled: true
    type: volume
    config:
      volume:
        storageClass: "gp2"
        size: 50Gi
 ingress:
  enabled: true
  className: "nginx"
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    nginx.ingress.kubernetes.io/proxy-body-size: "200m"
  hosts:
    - host: label-studio.yourdomain.com
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls:
    - secretName: label-studio-tls
      hosts:
        - label-studio.yourdomain.com
 resources:
  limits:
    cpu: 2000m
    memory: 4Gi
  requests:
    cpu: 1000m
    memory: 2Gi
 env:
  LABEL_STUDIO_HOST: "https://label-studio.yourdomain.com"
  LABEL_STUDIO_USERNAME: "admin@yourdomain.com"
  LABEL_STUDIO_PASSWORD: "your-secure-password"
 ```
 ### 4. Cài đặt chart
 ```bash
 helm install label-studio ./lbl-01 \
  -f my-values.yaml \
  -n label-studio
 ```
 ## Monitoring và Logging
 ### Health Checks
 Chart đã được cấu hình với health checks:
 ```yaml
 livenessProbe:
  httpGet:
    path: /health
    port: http
  initialDelaySeconds: 60
  periodSeconds: 30
 readinessProbe:
  httpGet:
    path: /health
    port: http
  initialDelaySeconds: 30
  periodSeconds: 10
 ```
 ### Autoscaling
 ```yaml
 autoscaling:
  enabled: true
  minReplicas: 2
  maxReplicas: 10
  targetCPUUtilizationPercentage: 80
  targetMemoryUtilizationPercentage: 80
 ```
 ## Troubleshooting
 ### Kiểm tra pods
 ```bash
 kubectl get pods -n label-studio
 kubectl logs -f deployment/label-studio -n label-studio
 ```
 ### Kiểm tra services
 ```bash
 kubectl get svc -n label-studio
 kubectl describe svc label-studio -n label-studio
 ```
 ### Kiểm tra ingress
 ```bash
 kubectl get ingress -n label-studio
 kubectl describe ingress label-studio -n label-studio
 ```
 ## Tham khảo
 - [Label Studio Documentation](https://labelstud.io/guide/)
 - [Label Studio Helm Values](https://labelstud.io/guide/helm_values)
 - [Kubernetes Documentation](https://kubernetes.io/docs/)
 - [Helm Documentation](https://helm.sh/docs/)
 ## Đóng góp
 Nếu bạn muốn đóng góp cho chart này, vui lòng tạo pull request hoặc issue trên repository.
 ## License
 Chart này được phân phối dưới giấy phép MIT. Xem file LICENSE để biết thêm chi tiết.
--- a/lbl-01/label-studio-1.0.0.tgz
+++ b/lbl-01/label-studio-1.0.0.tgz
--- a/lbl-01/label-studio-1.0.1.tgz
+++ b/lbl-01/label-studio-1.0.1.tgz
--- a/lbl-01/label-studio-1.0.2.tgz
+++ b/lbl-01/label-studio-1.0.2.tgz
--- a/lbl-01/label-studio-1.0.3.tgz
+++ b/lbl-01/label-studio-1.0.3.tgz
--- a/lbl-01/templates/NOTES.txt
+++ b/lbl-01/templates/NOTES.txt
@@ -1,35 +0,0 @@
 1. Get the application URL by running these commands:
 {{- if .Values.httpRoute.enabled }}
 {{- if .Values.httpRoute.hostnames }}
    export APP_HOSTNAME={{ .Values.httpRoute.hostnames | first }}
 {{- else }}
    export APP_HOSTNAME=$(kubectl get --namespace {{(first .Values.httpRoute.parentRefs).namespace | default .Release.Namespace }} gateway/{{ (first .Values.httpRoute.parentRefs).name }} -o jsonpath="{.spec.listeners[0].hostname}")
  {{- end }}
 {{- if and .Values.httpRoute.rules (first .Values.httpRoute.rules).matches (first (first .Values.httpRoute.rules).matches).path.value }}
    echo "Visit http://$APP_HOSTNAME{{ (first (first .Values.httpRoute.rules).matches).path.value }} to use your application"
    NOTE: Your HTTPRoute depends on the listener configuration of your gateway and your HTTPRoute rules.
    The rules can be set for path, method, header and query parameters.
    You can check the gateway configuration with 'kubectl get --namespace {{(first .Values.httpRoute.parentRefs).namespace | default .Release.Namespace }} gateway/{{ (first .Values.httpRoute.parentRefs).name }} -o yaml'
 {{- end }}
 {{- else if .Values.ingress.enabled }}
 {{- range $host := .Values.ingress.hosts }}
  {{- range .paths }}
  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
  {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "label-studio.fullname" . }})
  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
  echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" .Values.service.type }}
     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
           You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "label-studio.fullname" . }}'
  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "label-studio.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
  echo http://$SERVICE_IP:{{ .Values.service.port }}
 {{- else if contains "ClusterIP" .Values.service.type }}
  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "label-studio.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
 {{- end }}
--- a/lbl-01/templates/_helpers.tpl
+++ b/lbl-01/templates/_helpers.tpl
@@ -1,62 +0,0 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "label-studio.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "label-studio.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "label-studio.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "label-studio.labels" -}}
 helm.sh/chart: {{ include "label-studio.chart" . }}
 {{ include "label-studio.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "label-studio.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "label-studio.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "label-studio.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "label-studio.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
--- a/lbl-01/templates/deployment.yaml
+++ b/lbl-01/templates/deployment.yaml
@@ -1,122 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "label-studio.fullname" . }}
  labels:
    {{- include "label-studio.labels" . | nindent 4 }}
 spec:
  {{- if not .Values.autoscaling.enabled }}
  replicas: {{ .Values.replicaCount }}
  {{- end }}
  selector:
    matchLabels:
      {{- include "label-studio.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      {{- with .Values.podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "label-studio.labels" . | nindent 8 }}
        {{- with .Values.podLabels }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "label-studio.serviceAccountName" . }}
      {{- with .Values.podSecurityContext }}
      securityContext:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      containers:
        - name: {{ .Chart.Name }}
          {{- with .Values.securityContext }}
          securityContext:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          ports:
            - name: http
              containerPort: {{ .Values.service.targetPort | default 8080 }}
              protocol: TCP
          env:
            {{- range $key, $value := .Values.env }}
            - name: {{ $key }}
              value: {{ $value | quote }}
            {{- end }}
            {{- if .Values.global.pgConfig.host }}
            - name: POSTGRE_HOST
              value: {{ .Values.global.pgConfig.host | quote }}
            - name: POSTGRE_PORT
              value: {{ .Values.global.pgConfig.port | quote }}
            - name: POSTGRE_NAME
              value: {{ .Values.global.pgConfig.dbName | quote }}
            - name: POSTGRE_USER
              value: {{ .Values.global.pgConfig.userName | quote }}
            {{- if .Values.global.pgConfig.password.secretName }}
            - name: POSTGRE_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.global.pgConfig.password.secretName }}
                  key: {{ .Values.global.pgConfig.password.secretKey }}
            {{- end }}
            {{- end }}
            {{- if .Values.global.redisConfig.host }}
            - name: REDIS_LOCATION
              value: {{ .Values.global.redisConfig.host | quote }}
            {{- if .Values.global.redisConfig.password.secretName }}
            - name: REDIS_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.global.redisConfig.password.secretName }}
                  key: {{ .Values.global.redisConfig.password.secretKey }}
            {{- end }}
            {{- end }}
            {{- range $key, $value := .Values.global.extraEnvironmentVars }}
            - name: {{ $key }}
              value: {{ $value | quote }}
            {{- end }}
            {{- range $key, $value := .Values.global.extraEnvironmentSecrets }}
            - name: {{ $key }}
              valueFrom:
                secretKeyRef:
                  name: {{ $value.secretName }}
                  key: {{ $value.secretKey }}
            {{- end }}
          {{- with .Values.livenessProbe }}
          livenessProbe:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- with .Values.readinessProbe }}
          readinessProbe:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- with .Values.resources }}
          resources:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- with .Values.volumeMounts }}
          volumeMounts:
            {{- toYaml . | nindent 12 }}
          {{- end }}
      {{- with .Values.volumes }}
      volumes:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
--- a/lbl-01/templates/hpa.yaml
+++ b/lbl-01/templates/hpa.yaml
@@ -1,32 +0,0 @@
 {{- if .Values.autoscaling.enabled }}
 apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
  name: {{ include "label-studio.fullname" . }}
  labels:
    {{- include "label-studio.labels" . | nindent 4 }}
 spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: {{ include "label-studio.fullname" . }}
  minReplicas: {{ .Values.autoscaling.minReplicas }}
  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
  metrics:
    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
    - type: Resource
      resource:
        name: cpu
        target:
          type: Utilization
          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
    {{- end }}
    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
    - type: Resource
      resource:
        name: memory
        target:
          type: Utilization
          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
    {{- end }}
 {{- end }}
--- a/lbl-01/templates/httproute.yaml
+++ b/lbl-01/templates/httproute.yaml
@@ -1,38 +0,0 @@
 {{- if .Values.httpRoute.enabled -}}
 {{- $fullName := include "label-studio.fullname" . -}}
 {{- $svcPort := .Values.service.port -}}
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
  name: {{ $fullName }}
  labels:
    {{- include "label-studio.labels" . | nindent 4 }}
  {{- with .Values.httpRoute.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
  parentRefs:
    {{- with .Values.httpRoute.parentRefs }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- with .Values.httpRoute.hostnames }}
  hostnames:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  rules:
    {{- range .Values.httpRoute.rules }}
    {{- with .matches }}
    - matches:
      {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .filters }}
      filters:
      {{- toYaml . | nindent 8 }}
    {{- end }}
      backendRefs:
        - name: {{ $fullName }}
          port: {{ $svcPort }}
          weight: 1
    {{- end }}
 {{- end }}
--- a/lbl-01/templates/ingress.yaml
+++ b/lbl-01/templates/ingress.yaml
@@ -1,43 +0,0 @@
 {{- if .Values.ingress.enabled -}}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: {{ include "label-studio.fullname" . }}
  labels:
    {{- include "label-studio.labels" . | nindent 4 }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
  {{- with .Values.ingress.className }}
  ingressClassName: {{ . }}
  {{- end }}
  {{- if .Values.ingress.tls }}
  tls:
    {{- range .Values.ingress.tls }}
    - hosts:
        {{- range .hosts }}
        - {{ . | quote }}
        {{- end }}
      secretName: {{ .secretName }}
    {{- end }}
  {{- end }}
  rules:
    {{- range .Values.ingress.hosts }}
    - host: {{ .host | quote }}
      http:
        paths:
          {{- range .paths }}
          - path: {{ .path }}
            {{- with .pathType }}
            pathType: {{ . }}
            {{- end }}
            backend:
              service:
                name: {{ include "label-studio.fullname" $ }}
                port:
                  number: {{ $.Values.service.port }}
          {{- end }}
    {{- end }}
 {{- end }}
--- a/lbl-01/templates/service.yaml
+++ b/lbl-01/templates/service.yaml
@@ -1,15 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "label-studio.fullname" . }}
  labels:
    {{- include "label-studio.labels" . | nindent 4 }}
 spec:
  type: {{ .Values.service.type }}
  ports:
    - port: {{ .Values.service.port }}
      targetPort: http
      protocol: TCP
      name: http
  selector:
    {{- include "label-studio.selectorLabels" . | nindent 4 }}
--- a/lbl-01/templates/serviceaccount.yaml
+++ b/lbl-01/templates/serviceaccount.yaml
@@ -1,13 +0,0 @@
 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "label-studio.serviceAccountName" . }}
  labels:
    {{- include "label-studio.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
 {{- end }}
--- a/lbl-01/templates/tests/test-connection.yaml
+++ b/lbl-01/templates/tests/test-connection.yaml
@@ -1,15 +0,0 @@
 apiVersion: v1
 kind: Pod
 metadata:
  name: "{{ include "label-studio.fullname" . }}-test-connection"
  labels:
    {{- include "label-studio.labels" . | nindent 4 }}
  annotations:
    "helm.sh/hook": test
 spec:
  containers:
    - name: wget
      image: busybox
      command: ['wget']
      args: ['{{ include "label-studio.fullname" . }}:{{ .Values.service.port }}']
  restartPolicy: Never
--- a/lbl-01/values-example.yaml
+++ b/lbl-01/values-example.yaml
@@ -1,206 +0,0 @@
 # Example values for Label Studio Helm Chart
 # Copy this file to my-values.yaml and customize as needed
 # Global configuration
 global:
  image:
    repository: heartexlabs/label-studio
    pullPolicy: IfNotPresent
    tag: "latest"  # Use specific version in production
  # PostgreSQL Database Configuration
  pgConfig:
    host: "postgresql.default.svc.cluster.local"
    port: 5432
    dbName: "labelstudio"
    userName: "labelstudio"
    password:
      secretName: "postgresql-secret"
      secretKey: "password"
  # Redis Configuration
  redisConfig:
    host: "redis://redis.default.svc.cluster.local:6379/1"
    password:
      secretName: "redis-secret"
      secretKey: "password"
  # Extra Environment Variables
  extraEnvironmentVars:
    PYTHONUNBUFFERED: "1"
    DEBUG: "false"
    LOG_LEVEL: "INFO"
  # Persistence Configuration
  persistence:
    enabled: true
    type: volume
    config:
      volume:
        storageClass: "gp2"  # Change to your storage class
        size: 50Gi
        accessModes:
          - ReadWriteOnce
 # Deployment Configuration
 replicaCount: 2
 # Service Configuration
 service:
  type: ClusterIP
  port: 8080
  targetPort: 8080
 # Ingress Configuration
 ingress:
  enabled: true
  className: "nginx"
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: "200m"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
  hosts:
    - host: label-studio.yourdomain.com
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls:
    - secretName: label-studio-tls
      hosts:
        - label-studio.yourdomain.com
 # Resource Configuration
 resources:
  limits:
    cpu: 2000m
    memory: 4Gi
  requests:
    cpu: 1000m
    memory: 2Gi
 # Health Checks
 livenessProbe:
  httpGet:
    path: /health
    port: http
  initialDelaySeconds: 120
  periodSeconds: 30
  timeoutSeconds: 10
  failureThreshold: 3
 readinessProbe:
  httpGet:
    path: /health
    port: http
  initialDelaySeconds: 60
  periodSeconds: 10
  timeoutSeconds: 5
  failureThreshold: 3
 # Autoscaling
 autoscaling:
  enabled: true
  minReplicas: 2
  maxReplicas: 10
  targetCPUUtilizationPercentage: 70
  targetMemoryUtilizationPercentage: 80
 # Environment Variables
 env:
  # Database settings (will be overridden by global.pgConfig if set)
  DJANGO_DB: "default"
  POSTGRE_NAME: "labelstudio"
  POSTGRE_USER: "labelstudio"
  POSTGRE_PORT: "5432"
  POSTGRE_HOST: "postgresql.default.svc.cluster.local"
  # Redis settings (will be overridden by global.redisConfig if set)
  REDIS_LOCATION: "redis://redis.default.svc.cluster.local:6379/1"
  # Label Studio specific settings
  LABEL_STUDIO_HOST: "https://label-studio.yourdomain.com"
  LABEL_STUDIO_USERNAME: "admin@yourdomain.com"
  LABEL_STUDIO_PASSWORD: "change-this-password"
  # Storage settings
  ENABLE_LOCAL_FILES_ACCESS: "true"
  LOCAL_FILES_SERVING_ENABLED: "true"
  # Security settings
  SSRF_PROTECTION_ENABLED: "true"
  # Feature flags
  FEATURE_FLAGS_DEFAULT_VALUE: "false"
 # Node Selection
 nodeSelector: {}
  # kubernetes.io/arch: amd64
 # Tolerations
 tolerations: []
  # - key: "key1"
  #   operator: "Equal"
  #   value: "value1"
  #   effect: "NoSchedule"
 # Affinity
 affinity: {}
  # podAntiAffinity:
  #   preferredDuringSchedulingIgnoredDuringExecution:
  #   - weight: 100
  #     podAffinityTerm:
  #       labelSelector:
  #         matchExpressions:
  #         - key: app.kubernetes.io/name
  #           operator: In
  #           values:
  #           - label-studio
  #       topologyKey: kubernetes.io/hostname
 # Additional volumes
 volumes: []
  # - name: custom-config
  #   configMap:
  #     name: label-studio-config
 # Additional volume mounts
 volumeMounts: []
  # - name: custom-config
  #   mountPath: /app/config
  #   readOnly: true
 # Service Account
 serviceAccount:
  create: true
  automount: true
  annotations: {}
  name: ""
 # Pod Security Context
 podSecurityContext:
  fsGroup: 1001
 # Security Context
 securityContext:
  runAsNonRoot: true
  runAsUser: 1001
  capabilities:
    drop:
    - ALL
  readOnlyRootFilesystem: false
 # ConfigMap for additional configuration
 configMap:
  create: true
  data:
    # Add any additional configuration files here
    # custom.conf: |
    #   # Custom configuration
 # Secrets for sensitive data
 secrets:
  create: true
  data:
    # Add any additional secrets here
    # api-key: "your-api-key"
--- a/lbl-01/values.yaml
+++ b/lbl-01/values.yaml
@@ -1,259 +0,0 @@
 # Default values for Label Studio Helm Chart
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 # Global parameters for the Helm chart
 global:
  # Global Docker registry secret names as an array
  imagePullSecrets: []
  # Image configuration
  image:
    repository: heartexlabs/label-studio
    pullPolicy: IfNotPresent
    tag: "develop"
  # PostgreSQL configuration
  pgConfig:
    host: ""
    port: 5432
    dbName: ""
    userName: ""
    password:
      secretName: ""
      secretKey: ""
    ssl:
      pgSslMode: ""
      pgSslSecretName: ""
      pgSslRootCertSecretKey: ""
      pgSslCertSecretKey: ""
      pgSslKeySecretKey: ""
  # Redis configuration
  redisConfig:
    host: ""
    password:
      secretName: ""
      secretKey: ""
    ssl:
      redisSslCertReqs: ""
      redisSslSecretName: ""
      redisSslCaCertsSecretKey: ""
      redisSslCertFileSecretKey: ""
      redisSslKeyFileSecretKey: ""
  # Extra environment variables
  extraEnvironmentVars: {}
    # PYTHONUNBUFFERED: "1"
    # DEBUG: "false"
  # Extra environment secrets
  extraEnvironmentSecrets: {}
  # Persistence configuration
  persistence:
    enabled: true
    type: volume
    config:
      # S3 configuration
      s3:
        accessKey: ""
        secretKey: ""
        accessKeyExistingSecret: ""
        accessKeyExistingSecretKey: ""
        secretKeyExistingSecret: ""
        secretKeyExistingSecretKey: ""
        region: ""
        bucket: ""
        folder: ""
        urlExpirationSecs: 86400
        endpointUrl: ""
      # Volume configuration
      volume:
        storageClass: ""
        size: 10Gi
        accessModes:
          - ReadWriteOnce
        annotations: {}
        existingClaim: ""
        resourcePolicy: ""
      # Azure configuration
      azure:
        storageAccountName: ""
        storageAccountKey: ""
        storageAccountNameExistingSecret: ""
 # Replica count
 replicaCount: 1
 # Image configuration (can override global settings)
 image:
  repository: heartexlabs/label-studio
  pullPolicy: IfNotPresent
  tag: ""
 # Image pull secrets
 imagePullSecrets: []
 # Name overrides
 nameOverride: ""
 fullnameOverride: ""
 # Service account configuration
 serviceAccount:
  create: true
  automount: true
  annotations: {}
  name: ""
 # Pod annotations and labels
 podAnnotations: {}
 podLabels: {}
 # Security contexts
 podSecurityContext: {}
  # fsGroup: 2000
 securityContext: {}
  # capabilities:
  #   drop:
  #   - ALL
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000
 # Service configuration
 service:
  type: ClusterIP
  annotations: {}
  port: 8080
  targetPort: 8080
 # Ingress configuration
 ingress:
  enabled: false
  className: ""
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
    # nginx.ingress.kubernetes.io/proxy-body-size: "200m"
  hosts:
    - host: label-studio.local
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls: []
  #  - secretName: label-studio-tls
  #    hosts:
  #      - label-studio.local
 # Gateway API HTTPRoute configuration
 httpRoute:
  enabled: false
  annotations: {}
  parentRefs:
    - name: gateway
      sectionName: http
  hostnames:
    - label-studio.local
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /
 # Resource limits and requests
 resources:
  limits:
    cpu: 1000m
    memory: 2Gi
  requests:
    cpu: 500m
    memory: 1Gi
 # Health checks
 livenessProbe:
  httpGet:
    path: /health
    port: http
  initialDelaySeconds: 60
  periodSeconds: 30
  timeoutSeconds: 10
  failureThreshold: 3
 readinessProbe:
  httpGet:
    path: /health
    port: http
  initialDelaySeconds: 30
  periodSeconds: 10
  timeoutSeconds: 5
  failureThreshold: 3
 # Autoscaling configuration
 autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 10
  targetCPUUtilizationPercentage: 80
  targetMemoryUtilizationPercentage: 80
 # Additional volumes
 volumes: []
 # - name: data
 #   persistentVolumeClaim:
 #     claimName: label-studio-data
 # Additional volume mounts
 volumeMounts: []
 # - name: data
 #   mountPath: /label-studio/data
 # Node selector
 nodeSelector: {}
 # Tolerations
 tolerations: []
 # Affinity
 affinity: {}
 # Environment variables specific to Label Studio
 env:
  # Database settings
  DJANGO_DB: "default"
  POSTGRE_NAME: ""
  POSTGRE_USER: ""
  POSTGRE_PASSWORD: ""
  POSTGRE_PORT: "5432"
  POSTGRE_HOST: ""
  # Redis settings
  REDIS_LOCATION: ""
  # Label Studio specific settings
  LABEL_STUDIO_HOST: ""
  LABEL_STUDIO_USERNAME: "admin@example.com"
  LABEL_STUDIO_PASSWORD: "password"
  # Storage settings
  ENABLE_LOCAL_FILES_ACCESS: "true"
  LOCAL_FILES_SERVING_ENABLED: "true"
  # Security settings
  SSRF_PROTECTION_ENABLED: "true"
  # Feature flags
  FEATURE_FLAGS_DEFAULT_VALUE: "false"
 # ConfigMap for additional configuration
 configMap:
  create: true
  data: {}
 # Secrets for sensitive data
 secrets:
  create: true
  data: {}
--- a/lbl-02/.helmignore
+++ b/lbl-02/.helmignore
@@ -1,23 +0,0 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/lbl-02/Chart.yaml
+++ b/lbl-02/Chart.yaml
@@ -1,24 +0,0 @@
 apiVersion: v2
 name: lbl-02
 description: A Helm chart for Kubernetes
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
 # to be deployed.
 #
 # Library charts provide useful utilities or functions for the chart developer. They're included as
 # a dependency of application charts to inject those utilities and functions into the rendering
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 version: 0.1.1
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 appVersion: "1.16.0"
--- a/lbl-02/lbl-02-0.1.0.tgz
+++ b/lbl-02/lbl-02-0.1.0.tgz
--- a/lbl-02/lbl-02-0.1.1.tgz
+++ b/lbl-02/lbl-02-0.1.1.tgz
--- a/lbl-02/templates/NOTES.txt
+++ b/lbl-02/templates/NOTES.txt
@@ -1,35 +0,0 @@
 1. Get the application URL by running these commands:
 {{- if .Values.httpRoute.enabled }}
 {{- if .Values.httpRoute.hostnames }}
    export APP_HOSTNAME={{ .Values.httpRoute.hostnames | first }}
 {{- else }}
    export APP_HOSTNAME=$(kubectl get --namespace {{(first .Values.httpRoute.parentRefs).namespace | default .Release.Namespace }} gateway/{{ (first .Values.httpRoute.parentRefs).name }} -o jsonpath="{.spec.listeners[0].hostname}")
  {{- end }}
 {{- if and .Values.httpRoute.rules (first .Values.httpRoute.rules).matches (first (first .Values.httpRoute.rules).matches).path.value }}
    echo "Visit http://$APP_HOSTNAME{{ (first (first .Values.httpRoute.rules).matches).path.value }} to use your application"
    NOTE: Your HTTPRoute depends on the listener configuration of your gateway and your HTTPRoute rules.
    The rules can be set for path, method, header and query parameters.
    You can check the gateway configuration with 'kubectl get --namespace {{(first .Values.httpRoute.parentRefs).namespace | default .Release.Namespace }} gateway/{{ (first .Values.httpRoute.parentRefs).name }} -o yaml'
 {{- end }}
 {{- else if .Values.ingress.enabled }}
 {{- range $host := .Values.ingress.hosts }}
  {{- range .paths }}
  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
  {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "lbl-02.fullname" . }})
  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
  echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" .Values.service.type }}
     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
           You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "lbl-02.fullname" . }}'
  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "lbl-02.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
  echo http://$SERVICE_IP:{{ .Values.service.port }}
 {{- else if contains "ClusterIP" .Values.service.type }}
  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "lbl-02.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
 {{- end }}
--- a/lbl-02/templates/_helpers.tpl
+++ b/lbl-02/templates/_helpers.tpl
@@ -1,62 +0,0 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "lbl-02.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "lbl-02.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "lbl-02.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "lbl-02.labels" -}}
 helm.sh/chart: {{ include "lbl-02.chart" . }}
 {{ include "lbl-02.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "lbl-02.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "lbl-02.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "lbl-02.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "lbl-02.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
--- a/lbl-02/templates/deployment.yaml
+++ b/lbl-02/templates/deployment.yaml
@@ -1,78 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "lbl-02.fullname" . }}
  labels:
    {{- include "lbl-02.labels" . | nindent 4 }}
 spec:
  {{- if not .Values.autoscaling.enabled }}
  replicas: {{ .Values.replicaCount }}
  {{- end }}
  selector:
    matchLabels:
      {{- include "lbl-02.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      {{- with .Values.podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "lbl-02.labels" . | nindent 8 }}
        {{- with .Values.podLabels }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "lbl-02.serviceAccountName" . }}
      {{- with .Values.podSecurityContext }}
      securityContext:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      containers:
        - name: {{ .Chart.Name }}
          {{- with .Values.securityContext }}
          securityContext:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          ports:
            - name: http
              containerPort: {{ .Values.service.port }}
              protocol: TCP
          {{- with .Values.livenessProbe }}
          livenessProbe:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- with .Values.readinessProbe }}
          readinessProbe:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- with .Values.resources }}
          resources:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- with .Values.volumeMounts }}
          volumeMounts:
            {{- toYaml . | nindent 12 }}
          {{- end }}
      {{- with .Values.volumes }}
      volumes:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
--- a/lbl-02/templates/hpa.yaml
+++ b/lbl-02/templates/hpa.yaml
@@ -1,32 +0,0 @@
 {{- if .Values.autoscaling.enabled }}
 apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
  name: {{ include "lbl-02.fullname" . }}
  labels:
    {{- include "lbl-02.labels" . | nindent 4 }}
 spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: {{ include "lbl-02.fullname" . }}
  minReplicas: {{ .Values.autoscaling.minReplicas }}
  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
  metrics:
    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
    - type: Resource
      resource:
        name: cpu
        target:
          type: Utilization
          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
    {{- end }}
    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
    - type: Resource
      resource:
        name: memory
        target:
          type: Utilization
          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
    {{- end }}
 {{- end }}
--- a/lbl-02/templates/httproute.yaml
+++ b/lbl-02/templates/httproute.yaml
@@ -1,38 +0,0 @@
 {{- if .Values.httpRoute.enabled -}}
 {{- $fullName := include "lbl-02.fullname" . -}}
 {{- $svcPort := .Values.service.port -}}
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
  name: {{ $fullName }}
  labels:
    {{- include "lbl-02.labels" . | nindent 4 }}
  {{- with .Values.httpRoute.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
  parentRefs:
    {{- with .Values.httpRoute.parentRefs }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- with .Values.httpRoute.hostnames }}
  hostnames:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  rules:
    {{- range .Values.httpRoute.rules }}
    {{- with .matches }}
    - matches:
      {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .filters }}
      filters:
      {{- toYaml . | nindent 8 }}
    {{- end }}
      backendRefs:
        - name: {{ $fullName }}
          port: {{ $svcPort }}
          weight: 1
    {{- end }}
 {{- end }}
--- a/lbl-02/templates/ingress.yaml
+++ b/lbl-02/templates/ingress.yaml
@@ -1,43 +0,0 @@
 {{- if .Values.ingress.enabled -}}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: {{ include "lbl-02.fullname" . }}
  labels:
    {{- include "lbl-02.labels" . | nindent 4 }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
  {{- with .Values.ingress.className }}
  ingressClassName: {{ . }}
  {{- end }}
  {{- if .Values.ingress.tls }}
  tls:
    {{- range .Values.ingress.tls }}
    - hosts:
        {{- range .hosts }}
        - {{ . | quote }}
        {{- end }}
      secretName: {{ .secretName }}
    {{- end }}
  {{- end }}
  rules:
    {{- range .Values.ingress.hosts }}
    - host: {{ .host | quote }}
      http:
        paths:
          {{- range .paths }}
          - path: {{ .path }}
            {{- with .pathType }}
            pathType: {{ . }}
            {{- end }}
            backend:
              service:
                name: {{ include "lbl-02.fullname" $ }}
                port:
                  number: {{ $.Values.service.port }}
          {{- end }}
    {{- end }}
 {{- end }}
--- a/lbl-02/templates/service.yaml
+++ b/lbl-02/templates/service.yaml
@@ -1,15 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "lbl-02.fullname" . }}
  labels:
    {{- include "lbl-02.labels" . | nindent 4 }}
 spec:
  type: {{ .Values.service.type }}
  ports:
    - port: {{ .Values.service.port }}
      targetPort: http
      protocol: TCP
      name: http
  selector:
    {{- include "lbl-02.selectorLabels" . | nindent 4 }}
--- a/lbl-02/templates/serviceaccount.yaml
+++ b/lbl-02/templates/serviceaccount.yaml
@@ -1,13 +0,0 @@
 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "lbl-02.serviceAccountName" . }}
  labels:
    {{- include "lbl-02.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
 {{- end }}
--- a/lbl-02/templates/tests/test-connection.yaml
+++ b/lbl-02/templates/tests/test-connection.yaml
@@ -1,15 +0,0 @@
 apiVersion: v1
 kind: Pod
 metadata:
  name: "{{ include "lbl-02.fullname" . }}-test-connection"
  labels:
    {{- include "lbl-02.labels" . | nindent 4 }}
  annotations:
    "helm.sh/hook": test
 spec:
  containers:
    - name: wget
      image: busybox
      command: ['wget']
      args: ['{{ include "lbl-02.fullname" . }}:{{ .Values.service.port }}']
  restartPolicy: Never
--- a/lbl-02/values.yaml
+++ b/lbl-02/values.yaml
@@ -1,161 +0,0 @@
 # Default values for lbl-02.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 # This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
 replicaCount: 1
 # This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
 image:
  repository: heartexlabs/label-studio
  # This sets the pull policy for images.
  pullPolicy: IfNotPresent
  # Overrides the image tag whose default is the chart appVersion.
  tag: "latest"
 # This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
 imagePullSecrets: []
 # This is to override the chart name.
 nameOverride: ""
 fullnameOverride: ""
 # This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
 serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Automatically mount a ServiceAccount's API credentials?
  automount: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
 # This is for setting Kubernetes Annotations to a Pod.
 # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
 podAnnotations: {}
 # This is for setting Kubernetes Labels to a Pod.
 # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
 podLabels: {}
 podSecurityContext: {}
  # fsGroup: 2000
 securityContext: {}
  # capabilities:
  #   drop:
  #   - ALL
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000
 # This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
 service:
  # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
  type: ClusterIP
  # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
  port: 80
 # This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
 ingress:
  enabled: false
  className: ""
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  hosts:
    - host: lbl-studio.local
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls: []
  #  - secretName: lbl-studio-tls
  #    hosts:
  #      - lbl-studio.local
 # -- Expose the service via gateway-api HTTPRoute
 # Requires Gateway API resources and suitable controller installed within the cluster
 # (see: https://gateway-api.sigs.k8s.io/guides/)
 httpRoute:
  # HTTPRoute enabled.
  enabled: false
  # HTTPRoute annotations.
  annotations: {}
  # Which Gateways this Route is attached to.
  parentRefs:
  - name: gateway
    sectionName: http
    # namespace: default
  # Hostnames matching HTTP header.
  hostnames:
  - lbl-studio.local
  # List of rules and filters applied.
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /headers
  #   filters:
  #   - type: RequestHeaderModifier
  #     requestHeaderModifier:
  #       set:
  #       - name: My-Overwrite-Header
  #         value: this-is-the-only-value
  #       remove:
  #       - User-Agent
  # - matches:
  #   - path:
  #       type: PathPrefix
  #       value: /echo
  #     headers:
  #     - name: version
  #       value: v2
 resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi
 # This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
 livenessProbe:
  httpGet:
    path: /
    port: http
 readinessProbe:
  httpGet:
    path: /
    port: http
 # This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/
 autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 100
  targetCPUUtilizationPercentage: 80
  # targetMemoryUtilizationPercentage: 80
 # Additional volumes on the output Deployment definition.
 volumes: []
 # - name: foo
 #   secret:
 #     secretName: mysecret
 #     optional: false
 # Additional volumeMounts on the output Deployment definition.
 volumeMounts: []
 # - name: foo
 #   mountPath: "/etc/foo"
 #   readOnly: true
 nodeSelector: {}
 tolerations: []
 affinity: {}