thaoduc/file
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

áaa

Browse Source
This commit is contained in:
thaoduc
2025-10-08 23:43:31 +07:00
parent 4c123eee1b
commit 70450a621d
50 changed files with 0 additions and 3673 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
label-studio-1.10.0.tgz
View File

Binary file not shown.

BIN
label-studio-1.11.4.tgz Normal file
View File

Binary file not shown.

23
label-studio/.helmignore
View File

@@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

24
label-studio/Chart.yaml
View File

@@ -1,24 +0,0 @@
apiVersion: v2
name: label-studio
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 1.2
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

BIN
label-studio/label-studio-1.1.tgz
View File

Binary file not shown.

BIN
label-studio/label-studio-1.2.tgz
View File

Binary file not shown.

35
label-studio/templates/NOTES.txt
View File

@@ -1,35 +0,0 @@
1. Get the application URL by running these commands:
{{- if .Values.httpRoute.enabled }}
{{- if .Values.httpRoute.hostnames }}
export APP_HOSTNAME={{ .Values.httpRoute.hostnames | first }}
{{- else }}
export APP_HOSTNAME=$(kubectl get --namespace {{(first .Values.httpRoute.parentRefs).namespace | default .Release.Namespace }} gateway/{{ (first .Values.httpRoute.parentRefs).name }} -o jsonpath="{.spec.listeners[0].hostname}")
{{- end }}
{{- if and .Values.httpRoute.rules (first .Values.httpRoute.rules).matches (first (first .Values.httpRoute.rules).matches).path.value }}
echo "Visit http://$APP_HOSTNAME{{ (first (first .Values.httpRoute.rules).matches).path.value }} to use your application"
NOTE: Your HTTPRoute depends on the listener configuration of your gateway and your HTTPRoute rules.
The rules can be set for path, method, header and query parameters.
You can check the gateway configuration with 'kubectl get --namespace {{(first .Values.httpRoute.parentRefs).namespace | default .Release.Namespace }} gateway/{{ (first .Values.httpRoute.parentRefs).name }} -o yaml'
{{- end }}
{{- else if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "label-studio.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "label-studio.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "label-studio.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "label-studio.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
{{- end }}

62
label-studio/templates/_helpers.tpl
View File

@@ -1,62 +0,0 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "label-studio.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "label-studio.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "label-studio.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "label-studio.labels" -}}
helm.sh/chart: {{ include "label-studio.chart" . }}
{{ include "label-studio.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "label-studio.selectorLabels" -}}
app.kubernetes.io/name: {{ include "label-studio.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "label-studio.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "label-studio.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

371
label-studio/templates/deployment.yaml
View File

@@ -1,371 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "ls-app.fullname" . }}
{{- with .Values.app.deploymentAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "ls-app.labels" . | nindent 4 }}
{{- if .Values.app.labels }}
{{- toYaml .Values.app.labels | nindent 4 }}
{{- end }}
spec:
{{- if ne .Values.app.replicas nil }}
replicas: {{ .Values.app.replicas }}
{{- end }}
selector:
matchLabels:
{{- include "ls-app.selectorLabels" . | nindent 6 }}
{{- with .Values.app.deploymentStrategy }}
strategy:
{{- toYaml . | trim | nindent 4 }}
{{- end }}
template:
metadata:
{{- with .Values.app.annotations }}
annotations:
{{- toYaml . | nindent 12 }}
{{- end }}
labels:
{{- include "ls-app.selectorLabels" . | nindent 8 }}
{{- if .Values.app.podLabels }}
{{- toYaml .Values.app.podLabels | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "ls-app.serviceAccountName" . }}
{{- if .Values.app.podSecurityContext.enabled }}
securityContext: {{- omit .Values.app.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
automountServiceAccountToken: {{ .Values.app.automountServiceAccountToken }}
initContainers:
{{- if .Values.app.initContainers }}
{{- range .Values.app.initContainers }}
- name: {{ .name }}
image: {{ or .image (printf "%s/%s:%s" ($.Values.global.image.registry | default "docker.io") $.Values.global.image.repository $.Values.global.image.tag) ($.Chart.AppVersion) }}
args: {{- range .args }}
- {{ . }}
{{- end }}
imagePullPolicy: {{ or .pullPolicy $.Values.global.image.pullPolicy }}
{{- if .restartPolicy }}
restartPolicy: {{ .restartPolicy }}
{{- end }}
{{- if $.Values.app.containerSecurityContext.enabled }}
securityContext: {{- omit $.Values.app.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
env:
{{- include "ls.common.envs" $ | nindent 12 }}
- name: INIT_CONTAINER
value: "true"
volumeMounts:
- name: data
mountPath: /label-studio/data
- mountPath: /opt/heartex/instance-data/etc
name: opt-heartex-init
- mountPath: /tmp
name: tmp-dir-init
{{- if $.Values.global.pgConfig.ssl.pgSslSecretName }}
- name: pg-ssl-certs
mountPath: /opt/heartex/secrets/pg_certs
{{- end }}
{{- if $.Values.global.redisConfig.ssl.redisSslSecretName }}
- name: redis-ssl-certs
mountPath: /opt/heartex/secrets/redis_certs
{{- end }}
{{- if .extraVolumeMounts }}
{{ toYaml .extraVolumeMounts | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}
{{- if not .Values.migrationJob.enabled }}
- name: db-migrations
image: "{{ .Values.global.image.registry | default "docker.io" }}/{{ .Values.global.image.repository }}:{{ .Values.global.image.tag | default .Chart.AppVersion }}"
args: [ "label-studio-migrate" ]
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
{{- if .Values.app.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.app.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.app.initContainer.resources | nindent 12 }}
env:
{{- include "ls.common.envs" . | nindent 12 }}
- name: INIT_CONTAINER
value: "true"
volumeMounts:
- name: data
mountPath: /label-studio/data
- mountPath: /opt/heartex/instance-data/etc
name: opt-heartex-init
- mountPath: /tmp
name: tmp-dir-init
{{- if .Values.global.pgConfig.ssl.pgSslSecretName }}
- name: pg-ssl-certs
mountPath: /opt/heartex/secrets/pg_certs
{{- end }}
{{- if .Values.global.redisConfig.ssl.redisSslSecretName }}
- name: redis-ssl-certs
mountPath: /opt/heartex/secrets/redis_certs
{{- end }}
{{- if .Values.app.extraVolumeMounts }}
{{ toYaml .Values.app.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.app.postMigrationInitContainers }}
{{- range .Values.app.postMigrationInitContainers }}
- name: {{ .name }}
image: {{ or .image (printf "%s/%s:%s" ($.Values.global.image.registry | default "docker.io") $.Values.global.image.repository $.Values.global.image.tag) ($.Chart.AppVersion) }}
args: {{- range .args }}
- {{ . }}
{{- end }}
imagePullPolicy: {{ or .pullPolicy $.Values.global.image.pullPolicy }}
{{- if .restartPolicy }}
restartPolicy: {{ .restartPolicy }}
{{- end }}
{{- if $.Values.app.containerSecurityContext.enabled }}
securityContext: {{- omit $.Values.app.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
env:
{{- include "ls.common.envs" $ | nindent 12 }}
- name: INIT_CONTAINER
value: "true"
volumeMounts:
- name: data
mountPath: /label-studio/data
- mountPath: /opt/heartex/instance-data/etc
name: opt-heartex-init
- mountPath: /tmp
name: tmp-dir-init
{{- if $.Values.global.pgConfig.ssl.pgSslSecretName }}
- name: pg-ssl-certs
mountPath: /opt/heartex/secrets/pg_certs
{{- end }}
{{- if $.Values.global.redisConfig.ssl.redisSslSecretName }}
- name: redis-ssl-certs
mountPath: /opt/heartex/secrets/redis_certs
{{- end }}
{{- if .extraVolumeMounts }}
{{ toYaml .extraVolumeMounts | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.app.terminationGracePeriodSeconds }}
containers:
- name: app
image: "{{ .Values.global.image.registry | default "docker.io" }}/{{ .Values.global.image.repository }}:{{ .Values.global.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
{{- if .Values.app.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.app.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
args: {{- range .Values.app.args }}
- {{ . }}
{{- end }}
env:
- name: SKIP_DB_MIGRATIONS
value: "true"
{{- include "ls.common.envs" . | nindent 12 }}
{{- if .Values.app.extraEnvironmentVars -}}
{{- range $key, $value := .Values.app.extraEnvironmentVars }}
- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .Values.app.extraEnvironmentSecrets -}}
{{- range $key, $value := .Values.app.extraEnvironmentSecrets }}
- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
valueFrom:
secretKeyRef:
name: {{ $value.secretName }}
key: {{ $value.secretKey }}
{{- end }}
{{- end }}
{{- if or $.Values.app.cmdWrapper $.Values.global.cmdWrapper }}
- name: CMD_WRAPPER
value: {{ coalesce $.Values.app.cmdWrapper $.Values.global.cmdWrapper }}
{{- end }}
{{- if .Values.app.readinessProbe.enabled }}
readinessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.app.readinessProbe "enabled") "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.app.livenessProbe.enabled }}
livenessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.app.livenessProbe "enabled") "context" $) | nindent 12 }}
{{- end }}
lifecycle:
preStop:
exec:
command: [ '/bin/sh', '-c', 'sleep {{ .Values.app.preStopDelaySeconds }}' ]
resources:
{{- toYaml .Values.app.resources | nindent 12 }}
volumeMounts:
- name: data
mountPath: /label-studio/data
{{- if and .Values.global.persistence.enabled (eq .Values.global.persistence.type "gcs") }}
{{- if or .Values.global.persistence.config.gcs.applicationCredentialsJSON (and .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecret .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecretKey) }}
- name: gcs-storage-credentials
mountPath: /opt/heartex/secrets/gcs
readOnly: true
{{- end }}
{{- end }}
{{- if .Values.global.pgConfig.ssl.pgSslSecretName }}
- name: pg-ssl-certs
mountPath: /opt/heartex/secrets/pg_certs
{{- end }}
{{- if .Values.global.redisConfig.ssl.redisSslSecretName }}
- name: redis-ssl-certs
mountPath: /opt/heartex/secrets/redis_certs
{{- end }}
{{- if .Values.app.extraVolumeMounts }}
{{ toYaml .Values.app.extraVolumeMounts | nindent 12 }}
{{- end }}
- mountPath: /opt/heartex/instance-data/etc
name: opt-heartex-app
- mountPath: /tmp
name: tmp-dir-app
{{- if .Values.metrics.enabled }}
ports:
- name: "djangometrics"
containerPort: 8000
{{- end }}
- name: nginx
image: "{{ .Values.global.image.registry | default "docker.io" }}/{{ .Values.global.image.repository }}:{{ .Values.global.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
{{- if .Values.app.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.app.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
args: {{- range .Values.app.nginx.args }}
- {{ . }}
{{- end }}
env:
- name: APP_HOST
value: localhost
{{- include "ls.common.envs" . | nindent 12}}
{{- if .Values.app.nginx.extraEnvironmentVars -}}
{{- range $key, $value := .Values.app.nginx.extraEnvironmentVars }}
- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .Values.app.nginx.extraEnvironmentSecrets -}}
{{- range $key, $value := .Values.app.nginx.extraEnvironmentSecrets }}
- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
valueFrom:
secretKeyRef:
name: {{ $value.secretName }}
key: {{ $value.secretKey }}
{{- end }}
{{- end }}
ports:
- name: {{ .Values.app.service.portName }}
containerPort: 8085
protocol: TCP
lifecycle:
preStop:
exec:
command: [ '/bin/sh', '-c', 'sleep {{ .Values.app.preStopDelaySeconds }}' ]
{{- if .Values.app.nginx.readinessProbe.enabled }}
readinessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.app.nginx.readinessProbe "enabled") "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.app.nginx.livenessProbe.enabled }}
livenessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.app.nginx.livenessProbe "enabled") "context" $) | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.app.nginx.resources | nindent 12 }}
volumeMounts:
- name: data
mountPath: /label-studio/data
{{- if .Values.app.extraVolumeMounts }}
{{ toYaml .Values.app.extraVolumeMounts | nindent 12 }}
{{- end }}
- mountPath: /opt/heartex/instance-data/etc
name: opt-heartex-nginx
- mountPath: /tmp
name: tmp-dir-nginx
{{- if and .Values.metrics.enabled .Values.metrics.uwsgiExporter.enabled }}
- name: uwsgi-exporter
image: "{{ .Values.metrics.uwsgiExporter.image.repository }}:{{ .Values.metrics.uwsgiExporter.image.tag | default "latest" }}"
imagePullPolicy: {{ .Values.metrics.uwsgiExporter.image.pullPolicy }}
{{- if .Values.metrics.uwsgiExporter.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.metrics.uwsgiExporter.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
args:
- "--stats.uri=http://localhost:1717"
{{- if .Values.metrics.uwsgiExporter.resources }}
resources: {{- toYaml .Values.metrics.uwsgiExporter.resources | nindent 12 }}
{{- end }}
{{- if .Values.metrics.uwsgiExporter.readinessProbe.enabled }}
readinessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.metrics.uwsgiExporter.readinessProbe "enabled") "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.metrics.uwsgiExporter.livenessProbe.enabled }}
livenessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.metrics.uwsgiExporter.livenessProbe "enabled") "context" $) | nindent 12 }}
{{- end }}
ports:
- name: "uwsgimetrics"
containerPort: 9117
{{- end }}
{{- with .Values.app.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.app.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "tplvalues.render" (dict "value" .Values.app.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.app.dnsPolicy }}
enableServiceLinks: {{ .Values.app.enableServiceLinks }}
shareProcessNamespace: {{ .Values.app.shareProcessNamespace }}
{{- with .Values.app.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.app.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: data
{{- if and .Values.global.persistence.enabled (eq .Values.global.persistence.type "volume") }}
persistentVolumeClaim:
claimName: {{ include "ls-pvc.claimName" . }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if and .Values.global.persistence.enabled (eq .Values.global.persistence.type "gcs") }}
{{- if or .Values.global.persistence.config.gcs.applicationCredentialsJSON (and .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecret .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecretKey) }}
- name: gcs-storage-credentials
secret:
{{- if and .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecret .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecretKey }}
secretName: {{ .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecret }}
{{- else }}
secretName: {{ include "ls-secrets.fullname" . }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.global.pgConfig.ssl.pgSslSecretName }}
- name: pg-ssl-certs
secret:
secretName: {{ include "tplvalues.render" ( dict "value" .Values.global.pgConfig.ssl.pgSslSecretName "context" $) }}
defaultMode: 0640
{{- end }}
{{- if .Values.global.redisConfig.ssl.redisSslSecretName }}
- name: redis-ssl-certs
secret:
secretName: {{ include "tplvalues.render" ( dict "value" .Values.global.redisConfig.ssl.redisSslSecretName "context" $) }}
defaultMode: 0640
{{- end }}
{{- if .Values.app.extraVolumes -}}
{{- toYaml .Values.app.extraVolumes | nindent 8 }}
{{- end }}
- name: opt-heartex-app
emptyDir: { }
- name: opt-heartex-nginx
emptyDir: { }
- name: opt-heartex-init
emptyDir: { }
- name: tmp-dir-app
emptyDir: { }
- name: tmp-dir-nginx
emptyDir: { }
- name: tmp-dir-init
emptyDir: { }

32
label-studio/templates/hpa.yaml
View File

@@ -1,32 +0,0 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "label-studio.fullname" . }}
labels:
{{- include "label-studio.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "label-studio.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

38
label-studio/templates/httproute.yaml
View File

@@ -1,38 +0,0 @@
{{- if .Values.httpRoute.enabled -}}
{{- $fullName := include "label-studio.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: {{ $fullName }}
labels:
{{- include "label-studio.labels" . | nindent 4 }}
{{- with .Values.httpRoute.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
parentRefs:
{{- with .Values.httpRoute.parentRefs }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.httpRoute.hostnames }}
hostnames:
{{- toYaml . | nindent 4 }}
{{- end }}
rules:
{{- range .Values.httpRoute.rules }}
{{- with .matches }}
- matches:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .filters }}
filters:
{{- toYaml . | nindent 8 }}
{{- end }}
backendRefs:
- name: {{ $fullName }}
port: {{ $svcPort }}
weight: 1
{{- end }}
{{- end }}

65
label-studio/templates/ingress.yaml
View File

@@ -1,65 +0,0 @@
{{- if .Values.app.ingress.enabled -}}
{{- $fullName := include "ls-app.fullname" . -}}
{{- $svcPort := .Values.app.service.port -}}
{{- if and .Values.app.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.app.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.app.ingress.annotations "kubernetes.io/ingress.class" .Values.app.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "ls-app.labels" . | nindent 4 }}
{{- with .Values.app.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.app.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.app.ingress.className | quote }}
{{- end }}
{{- if .Values.app.ingress.tls }}
tls:
{{- range .Values.app.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
- host: {{ .Values.app.ingress.host | quote }}
http:
paths:
{{- if .Values.app.ingress.extraPaths }}
{{- toYaml .Values.app.ingress.extraPaths | nindent 10 }}
{{- end }}
- path: {{ default "/" .Values.app.ingress.path }}
pathType: {{ .Values.app.ingress.pathType }}
backend:
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- range .Values.app.ingress.extraHosts }}
- host: {{ .name }}
http:
paths:
- path: {{ default "/" .path }}
pathType: {{ default "ImplementationSpecific" .pathType }}
backend:
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}

36
label-studio/templates/pvc.yaml
View File

@@ -1,36 +0,0 @@
{{- if .Values.global.persistence.enabled }}
{{- if and (eq .Values.global.persistence.type "volume") (not .Values.global.persistence.config.volume.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ include "ls-pvc.fullname" . }}
{{- if eq .Values.global.persistence.config.volume.resourcePolicy "keep" }}
annotations:
helm.sh/resource-policy: keep
{{- end }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "ls-pvc.labels" . | nindent 4 }}
{{- if .Values.global.persistence.config.volume.annotations }}
annotations:
{{- if .Values.global.persistence.config.volume.annotations }}
{{- include "tplvalues.render" ( dict "value" .Values.global.persistence.config.volume.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
accessModes:
{{- range .Values.global.persistence.config.volume.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.global.persistence.config.volume.size | quote }}
{{- if .Values.global.persistence.config.volume.storageClass -}}
{{- if (eq "-" .Values.global.persistence.config.volume.storageClass) -}}
storageClassName: ""
{{- else }}
storageClassName: {{ .Values.global.persistence.config.volume.storageClass }}
{{- end -}}
{{- end -}}
{{- end }}
{{- end }}

36
label-studio/templates/service.yaml
View File

@@ -1,36 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "ls-app.fullname" . }}
labels:
{{- include "ls-app.labels" . | nindent 4 }}
{{- with .Values.app.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.app.service.type }}
ports:
- port: {{ .Values.app.service.port }}
targetPort: {{ .Values.app.service.targetPort }}
protocol: TCP
name: {{ .Values.app.service.portName }}
{{- if and .Values.metrics.enabled .Values.metrics.uwsgiExporter.enabled }}
- port: 9117
targetPort: "uwsgimetrics"
protocol: "TCP"
name: "uwsgimetrics"
{{- end }}
{{- if and .Values.metrics.enabled }}
- port: 8000
targetPort: "djangometrics"
protocol: "TCP"
name: "djangometrics"
{{- end }}
selector:
{{- include "ls-app.selectorLabels" . | nindent 4 }}
sessionAffinity: {{ .Values.app.service.sessionAffinity }}
{{- if .Values.app.service.sessionAffinityConfig }}
sessionAffinityConfig:
{{- toYaml .Values.app.service.sessionAffinityConfig | nindent 4 }}
{{- end }}

13
label-studio/templates/serviceaccount.yaml
View File

@@ -1,13 +0,0 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "label-studio.serviceAccountName" . }}
labels:
{{- include "label-studio.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
{{- end }}

15
label-studio/templates/tests/test-connection.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "label-studio.fullname" . }}-test-connection"
labels:
{{- include "label-studio.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "label-studio.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

774
label-studio/values.yaml
View File

@@ -1,774 +0,0 @@
# Default values for Label Studio.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
# Image pull secret to use for registry authentication.
# Alternatively, you can specify the value as an array of strings.
imagePullSecrets: []
image:
registry: docker.io
repository: heartexlabs/label-studio
pullPolicy: IfNotPresent
tag: ""
pgConfig:
host: "127.0.0.1"
port: 5432
dbName: "label"
userName: "label"
password:
secretName: "label-studio-pg-password"
secretKey: "label-studio-pg-password"
ssl:
pgSslMode: ""
pgSslSecretName: ""
pgSslRootCertSecretKey: ""
pgSslCertSecretKey: ""
pgSslKeySecretKey: ""
# Redis location, for example redis://[:password]@localhost:6379/1
# Supported only in LSE
redisConfig:
host: "127.0.0.1"
password:
secretName: "label-studio-redis-password"
secretKey: "label-studio-redis-password"
ssl:
redisSslCertReqs: ""
redisSslSecretName: ""
redisSslCaCertsSecretKey: ""
redisSslCertFileSecretKey: ""
redisSslKeyFileSecretKey: ""
extraEnvironmentVars: {}
extraEnvironmentSecrets: { }
persistence:
enabled: true
type: volume # s3, azure, gcs
config:
s3:
accessKey: ""
secretKey: ""
accessKeyExistingSecret: ""
accessKeyExistingSecretKey: ""
secretKeyExistingSecret: ""
secretKeyExistingSecretKey: ""
region: ""
bucket: ""
folder: ""
urlExpirationSecs: "86400"
endpointUrl: ""
objectParameters: {}
volume:
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
size: 10Gi
accessModes:
- ReadWriteOnce
annotations: {}
existingClaim: ""
resourcePolicy: ""
azure:
storageAccountName: ""
storageAccountKey: ""
storageAccountNameExistingSecret: ""
storageAccountNameExistingSecretKey: ""
storageAccountKeyExistingSecret: ""
storageAccountKeyExistingSecretKey: ""
containerName: ""
folder: ""
urlExpirationSecs: "86400"
gcs:
projectID: ""
applicationCredentialsJSON: ""
applicationCredentialsJSONExistingSecret: ""
applicationCredentialsJSONExistingSecretKey: ""
bucket: ""
folder: ""
urlExpirationSecs: "86400"
featureFlags: { }
# File name of a shell script to load additional template environment variables from.
# This is useful when using Vault.
# "- /vault/secrets/config"
envInjectSources: []
## @param app.cmdWrapper Additional commands to run prior to starting App. Useful to run wrappers before startup command
## e.g:
## cmdWrapper: "newrelic-admin run-program"
##
cmdWrapper: ""
# File names of a custom SSL root certs. These filename will be appended to existing root certs.
# "- /tmp/my_cool_root_cert"
customCaCerts: [ ]
app:
# Update strategy - only really applicable for deployments with RWO PVs attached
# If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
# PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
# terminate the single previous pod, so that the new, incoming pod can attach to the PV
deploymentStrategy:
type: RollingUpdate
deploymentAnnotations: { }
replicas: 1
NameOverride: ""
FullnameOverride: ""
labels: { }
podLabels: { }
## @param app.args Override default container args (useful when using custom images)
##
args:
- "label-studio-uwsgi"
resources:
requests: {}
## Example:
# memory: "600Mi"
# cpu: "250m"
limits: {}
## Example:
# memory: "4000Mi"
# cpu: "4"
initContainer:
resources:
requests: {}
## Example:
# memory: 384Mi
# cpu: 250m
limits: {}
## Example:
# memory: 512Mi
# cpu: 500m
nginx:
args:
- "nginx"
extraEnvironmentVars: {}
extraEnvironmentSecrets: {}
resources:
requests: {}
## Example
## memory: 384Mi
## cpu: 250m
limits: {}
## Example:
## memory: 1G
## cpu: 1000m
livenessProbe:
enabled: true
tcpSocket:
port: 8085
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 3
successThreshold: 1
readinessProbe:
enabled: true
httpGet:
path: /nginx_health
port: 8085
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 1
successThreshold: 1
# extraEnvironmentVars is a list of extra environment variables to set in the
# app deployment.
extraEnvironmentVars: { }
# KUBERNETES_SERVICE_HOST: kubernetes.default.svc
# extraEnvironmentSecrets is a list of extra environment variables to set in the
# app deployment.
extraEnvironmentSecrets: { }
# MYSQL_PASSWORD:
# secretName: mysql_secret
# secretKey: password
# nodeSelector labels for pod assignment, formatted as a multi-line string or YAML map.
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
# Example:
# nodeSelector:
# beta.kubernetes.io/arch: amd64
nodeSelector: { }
topologySpreadConstraints: [ ]
dnsPolicy: "ClusterFirst"
enableServiceLinks: false
shareProcessNamespace: false
automountServiceAccountToken: true
# Extra k8s annotations to attach to the app pods
# This can either be YAML or a YAML-formatted multi-line templated string map
# of the annotations to apply to the app pods
annotations: { }
# Extra k8s labels to attach to Label Studio Enterprise.
# Provide a YAML map of k8s labels.
extraLabels: { }
affinity: { }
# Toleration Settings for app pods
# Provide either a multi-line string or YAML matching the Toleration array
# in a PodSpec.
tolerations: []
# Used to define custom readinessProbe settings
readinessProbe:
enabled: true
httpGet:
path: /health
port: 8000
scheme: HTTP
# When a probe fails, Kubernetes will try failureThreshold times before giving up
failureThreshold: 1
# Number of seconds after the container has started before probe initiates
initialDelaySeconds: 60
# How often (in seconds) to perform the probe
periodSeconds: 5
# Minimum consecutive successes for the probe to be considered successful after having failed
successThreshold: 1
# Number of seconds after which the probe times out.
timeoutSeconds: 1
# Used to enable a livenessProbe for the pods
livenessProbe:
enabled: true
tcpSocket:
port: 8000
# When a probe fails, Kubernetes will try failureThreshold times before giving up
failureThreshold: 3
# Number of seconds after the container has started before probe initiates
initialDelaySeconds: 10
# How often (in seconds) to perform the probe
periodSeconds: 10
# Minimum consecutive successes for the probe to be considered successful after having failed
successThreshold: 1
# Number of seconds after which the probe times out.
timeoutSeconds: 5
service:
type: ClusterIP
port: 80
targetPort: 8085
portName: service
annotations: { }
sessionAffinity: "None"
sessionAffinityConfig: { }
ingress:
enabled: false
# For Kubernetes >= 1.18 you should specify the ingress-controller using the field ingressClassName
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
className: ""
annotations: { }
## Examples:
## kubernetes.io/tls-acme: "true"
host: ""
# You may need to set this to '/*' in order to use this with ALB ingress controllers.
path: /
## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
extraPaths: []
pathType: ImplementationSpecific
## Examples:
## - path: /*
## backend:
## serviceName: ssl-redirect
## servicePort: use-annotation
tls: [ ]
## Examples:
## - secretName: chart-example-tls
## hosts:
## - app.heartex.local
## @param api.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
## e.g:
## extraHosts:
## - name: app.humansignal.local
## path: /
##
extraHosts: [ ]
# Definition of the serviceAccount used to run Label Studio Enterprise
serviceAccount:
# Specifies whether to create a service account
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# Extra k8s annotations for the serviceAccount definition. This can either be
# YAML or a YAML-formatted multi-line templated string map of the
# k8s annotations to apply to the serviceAccount.
annotations: {}
# Array to add extra volumes
extraVolumes: [ ]
# Array to add extra mounts (normally used with extraVolumes)
extraVolumeMounts: [ ]
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param app.podSecurityContext.enabled Enable pod Security Context
##
podSecurityContext:
enabled: true
fsGroup: 1001
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enable container Security Context
## @param containerSecurityContext.runAsNonRoot Avoid running as root User
## @param containerSecurityContext.allowPrivilegeEscalation Controls whether a process can gain more privileges than its parent process
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
## RBAC configuration
##
rbac:
## @param rbac.create Specifies whether RBAC resources should be created
##
create: false
## @param app.rbac.rules Custom RBAC rules to set
## e.g:
## rules:
## - apiGroups:
## - ""
## resources:
## - pods
## verbs:
## - get
## - list
##
rules: []
contextPath: /
## @param app.cmdWrapper Additional commands to run prior to starting App. Useful to run wrappers before startup command
## e.g:
## cmdWrapper: "newrelic-admin run-program"
##
cmdWrapper: ""
## Minimal number of seconds preStop hook waits before LS is stopped to finish processing requests
## Note: must be set to lower value than terminationGracePeriodSeconds so that preStop hook finishes
## before grace period expires
preStopDelaySeconds: 15
# Seconds LS pod needs to terminate gracefully
terminationGracePeriodSeconds: 30
## Add additional init containers to the App Deployment pod
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
initContainers: [ ]
## Add additional init containers to the App Deployment pod after sql migration
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## postMigrationInitContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
postMigrationInitContainers: [ ]
## Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
## @param app.pdb.create Enable/disable a Pod Disruption Budget creation
## @param app.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
## @param app.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `app.pdb.minAvailable` and `app.pdb.maxUnavailable` are empty.
##
pdb:
create: false
minAvailable: ""
maxUnavailable: ""
migrationJob:
enabled: false
# For Helm hooks, you can use:
# "helm.sh/hook": pre-install,pre-upgrade
# "helm.sh/hook-weight": "0"
# "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
# For ArgoCD, you can also use:
# "argocd.argoproj.io/hook": PreSync
# "argocd.argoproj.io/hook-delete-policy": BeforeHookCreation
annotations: {}
rqworker:
enabled: true
NameOverride: ""
FullnameOverride: ""
labels: {}
podLabels: {}
deploymentStrategy:
type: Recreate
deploymentAnnotations: { }
autoscaling:
enabled: false
scalingType: deployment
queues:
high:
replicas: 1
args: '"high"'
resources:
requests: {}
limits: {}
scaledOptions:
minReplicaCount: 0
maxReplicaCount: 5
pollingInterval: 5
cooldownPeriod: 60
listLength: 10
low:
replicas: 1
args: '"low"'
resources:
requests: {}
limits: {}
scaledOptions:
minReplicaCount: 0
maxReplicaCount: 5
pollingInterval: 5
cooldownPeriod: 60
listLength: 10
default:
replicas: 4
args: '"default"'
resources:
requests: {}
limits: {}
scaledOptions:
minReplicaCount: 0
maxReplicaCount: 5
pollingInterval: 5
cooldownPeriod: 60
listLength: 10
critical:
replicas: 1
args: '"critical"'
resources:
requests: {}
limits: {}
scaledOptions:
minReplicaCount: 0
maxReplicaCount: 5
pollingInterval: 5
cooldownPeriod: 60
listLength: 10
# Default fallback in the case if queue-specific resources are not set
resources:
requests: {}
## memory: "256Mi"
## cpu: "250m"
limits: {}
## Example:
## memory: "1500Mi"
## cpu: "1"
pdb:
create: false
minAvailable: ""
maxUnavailable: ""
# extraEnvironmentVars is a list of extra environment variables to set in the
# rqworker deployment.
extraEnvironmentVars: { }
# KUBERNETES_SERVICE_HOST: kubernetes.default.svc
# extraEnvironmentSecrets is a list of extra environment variables to set in the
# rqworker deployment.
extraEnvironmentSecrets: { }
# MYSQL_PASSWORD:
# secretName: mysql_secret
# secretKey: password
# nodeSelector labels for pod assignment, formatted as a multi-line string or YAML map.
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
# Example:
# nodeSelector:
# beta.kubernetes.io/arch: amd64
nodeSelector: { }
topologySpreadConstraints: [ ]
dnsPolicy: "ClusterFirst"
enableServiceLinks: false
shareProcessNamespace: false
automountServiceAccountToken: true
# Extra k8s annotations to attach to the rqworker pods
# This can either be YAML or a YAML-formatted multi-line templated string map
# of the annotations to apply to the rqworker pods
annotations: { }
# Extra k8s labels to attach to the rqworker
# This should be a YAML map of the labels to apply to the rqworker
extraLabels: { }
affinity: { }
# Toleration Settings for rqworker pods
# Provide either a multi-line string or YAML matching the Toleration array
# in a PodSpec.
tolerations: []
# Used to define custom readinessProbe settings
readinessProbe:
enabled: false
path: /version
# When a probe fails, Kubernetes will try failureThreshold times before giving up
failureThreshold: 2
# Number of seconds after the container has started before probe initiates
initialDelaySeconds: 60
# How often (in seconds) to perform the probe
periodSeconds: 5
# Minimum consecutive successes for the probe to be considered successful after having failed
successThreshold: 1
# Number of seconds after which the probe times out.
timeoutSeconds: 3
# Used to enable a livenessProbe for the pods
livenessProbe:
enabled: false
path: "/health"
# When a probe fails, Kubernetes will try failureThreshold times before giving up
failureThreshold: 2
# Number of seconds after the container has started before probe initiates
initialDelaySeconds: 60
# How often (in seconds) to perform the probe
periodSeconds: 5
# Minimum consecutive successes for the probe to be considered successful after having failed
successThreshold: 1
# Number of seconds after which the probe times out.
timeoutSeconds: 3
# Definition of the serviceAccount used to run rqworker for Label Studio Enterprise
serviceAccount:
# Specifies whether to create a service account
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# Extra k8s annotations for the serviceAccount definition. This can either be
# YAML or a YAML-formatted multi-line templated string map of the
# k8s annotations to apply to the serviceAccount.
annotations: { }
# Array to add extra volumes
extraVolumes: [ ]
# Array to add extra mounts (normally used with extraVolumes)
extraVolumeMounts: [ ]
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param rqworker.podSecurityContext.enabled Enable pod Security Context
##
podSecurityContext:
enabled: true
fsGroup: 1001
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enable container Security Context
## @param containerSecurityContext.runAsNonRoot Avoid running as root User
## @param containerSecurityContext.allowPrivilegeEscalation Controls whether a process can gain more privileges than its parent process
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
## RBAC configuration
##
rbac:
## @param rbac.create Specifies whether RBAC resources should be created
##
create: false
## @param rqworker.rbac.rules Custom RBAC rules to set
## e.g:
## rules:
## - apiGroups:
## - ""
## resources:
## - pods
## verbs:
## - get
## - list
##
rules: []
## @param app.cmdWrapper Additional commands to run prior to starting App. Useful to run wrappers before startup command
## e.g:
## cmdWrapper: "newrelic-admin run-program"
##
cmdWrapper: ""
# Seconds rqworker pod needs to terminate gracefully
terminationGracePeriodSeconds: 30
# [Enterprise Only]
enterprise:
enabled: false
# This value refers to a Kubernetes secret that you have
# created that contains your enterprise license.
enterpriseLicense:
# The name of the Kubernetes secret that holds the enterprise license. The
# secret must be in the same namespace that Label Studio Enterprise is installed into.
secretName: ""
# The key within the Kubernetes secret that holds the enterprise license.
secretKey: "license"
postgresql:
enabled: true
clusterDomain: cluster.local
architecture: standalone
image:
repository: bitnamilegacy/postgresql
tag: 13.18.0
auth:
username: "labelstudio"
password: "labelstudio"
database: "labelstudio"
volumePermissions:
image:
repository: bitnamilegacy/os-shell
metrics:
image:
repository: bitnamilegacy/postgres-exporter
global:
security:
allowInsecureImages: true
redis:
enabled: false
clusterDomain: cluster.local
architecture: standalone
master:
enableServiceLinks: false
auth:
enabled: false
image:
repository: bitnamilegacy/redis
sentinel:
image:
repository: bitnamilegacy/redis-sentinel
kubectl:
image:
repository: bitnamilegacy/kubectl
sysctl:
image:
repository: bitnamilegacy/os-shell
metrics:
image:
repository: bitnamilegacy/redis-exporter
volumePermissions:
image:
repository: bitnamilegacy/os-shell
global:
security:
allowInsecureImages: true
ci: false
clusterDomain: cluster.local
checkConfig:
skipEnvValues: false
cronjob:
enabled: false
jobs: {}
annotations: {}
NameOverride: ""
FullnameOverride: ""
metrics:
enabled: false
serviceMonitor:
enabled: false
annotations: {}
labels: {}
jobLabel: ""
honorLabels: false
interval: ""
scrapeTimeout: ""
metricRelabelings: []
relabelings: []
selector: {}
uwsgiExporter:
enabled: false
image:
registry: "docker.io"
repository: "timonwong/uwsgi-exporter"
tag: "v1.3.0"
pullPolicy: "Always"
pullSecrets: [ ]
containerSecurityContext:
enabled: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
runAsUser: 1001
resources:
requests: { }
## Example:
# cpu: "200m"
# memory: "64Mi"
limits: { }
# cpu: "20m"
# memory: "128Mi"
livenessProbe:
enabled: false
httpGet:
path: "/-/healthy"
port: "uwsgimetrics"
initialDelaySeconds: 2
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
readinessProbe:
enabled: false
httpGet:
path: "/metrics"
port: "uwsgimetrics"
initialDelaySeconds: 2
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1

23
lbl-01/.helmignore
View File

@@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

45
lbl-01/Chart.yaml
View File

@@ -1,45 +0,0 @@
apiVersion: v2
name: label-studio
description: A Helm chart for Label Studio - Open source data labeling tool for Machine Learning
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 1.0.3
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "develop"
# Keywords for the chart
keywords:
- label-studio
- machine-learning
- data-labeling
- annotation
- ai
# Home page URL
home: https://labelstud.io/
# Source code URLs
sources:
- https://github.com/heartexlabs/label-studio
# Maintainers
maintainers:
- name: HeartexLabs
email: hello@heartex.com
url: https://heartex.com/

411
lbl-01/DEPLOYMENT.md
View File

@@ -1,411 +0,0 @@
# Label Studio Helm Chart Deployment Guide
This guide provides step-by-step instructions for deploying Label Studio using the Helm chart.
## Prerequisites
Before deploying Label Studio, ensure you have:
1. **Kubernetes cluster** (v1.19+)
2. **Helm** (v3.0+)
3. **kubectl** configured to access your cluster
4. **PostgreSQL database** (can be deployed separately or use managed service)
5. **Redis instance** (can be deployed separately or use managed service)
6. **Storage class** available in your cluster
## Quick Start
### 1. Clone or Download the Chart
```bash
# If you have the chart locally
cd /path/to/helm-chart/lbl-01
# Or download from repository
helm repo add label-studio https://your-repo-url
helm repo update
```
### 2. Create Namespace
```bash
kubectl create namespace label-studio
```
### 3. Deploy Dependencies
#### PostgreSQL (using Bitnami chart)
```bash
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
helm install postgresql bitnami/postgresql \
--namespace label-studio \
--set auth.postgresPassword=labelstudio123 \
--set auth.username=labelstudio \
--set auth.password=labelstudio123 \
--set auth.database=labelstudio \
--set primary.persistence.enabled=true \
--set primary.persistence.size=20Gi
```
#### Redis (using Bitnami chart)
```bash
helm install redis bitnami/redis \
--namespace label-studio \
--set auth.password=redis123 \
--set master.persistence.enabled=true \
--set master.persistence.size=8Gi
```
### 4. Create Secrets
```bash
# PostgreSQL secret
kubectl create secret generic postgresql-secret \
--from-literal=password=labelstudio123 \
--namespace label-studio
# Redis secret
kubectl create secret generic redis-secret \
--from-literal=password=redis123 \
--namespace label-studio
```
### 5. Customize Values
Copy the example values file and customize it:
```bash
cp values-example.yaml my-values.yaml
```
Edit `my-values.yaml` to match your environment:
```yaml
# Update these values according to your setup
global:
pgConfig:
host: "postgresql.label-studio.svc.cluster.local"
password:
secretName: "postgresql-secret"
secretKey: "password"
redisConfig:
host: "redis://redis-master.label-studio.svc.cluster.local:6379/1"
password:
secretName: "redis-secret"
secretKey: "password"
ingress:
enabled: true
hosts:
- host: label-studio.yourdomain.com # Change this
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: label-studio-tls
hosts:
- label-studio.yourdomain.com # Change this
env:
LABEL_STUDIO_HOST: "https://label-studio.yourdomain.com" # Change this
LABEL_STUDIO_USERNAME: "admin@yourdomain.com" # Change this
LABEL_STUDIO_PASSWORD: "your-secure-password" # Change this
```
### 6. Deploy Label Studio
```bash
helm install label-studio . \
--namespace label-studio \
--values my-values.yaml
```
### 7. Verify Deployment
```bash
# Check pods
kubectl get pods -n label-studio
# Check services
kubectl get svc -n label-studio
# Check ingress
kubectl get ingress -n label-studio
# View logs
kubectl logs -f deployment/label-studio -n label-studio
```
## Advanced Deployment Scenarios
### Production Deployment with External Database
For production environments, use managed database services:
```yaml
global:
pgConfig:
host: "your-rds-endpoint.amazonaws.com"
port: 5432
dbName: "labelstudio"
userName: "labelstudio"
password:
secretName: "external-db-secret"
secretKey: "password"
redisConfig:
host: "redis://your-elasticache-endpoint:6379/1"
password:
secretName: "external-redis-secret"
secretKey: "password"
resources:
limits:
cpu: 4000m
memory: 8Gi
requests:
cpu: 2000m
memory: 4Gi
autoscaling:
enabled: true
minReplicas: 3
maxReplicas: 20
targetCPUUtilizationPercentage: 70
```
### High Availability Setup
```yaml
replicaCount: 3
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- label-studio
topologyKey: kubernetes.io/hostname
resources:
limits:
cpu: 2000m
memory: 4Gi
requests:
cpu: 1000m
memory: 2Gi
```
### Storage Configuration
#### S3 Storage
```yaml
global:
persistence:
enabled: true
type: s3
config:
s3:
bucket: "your-s3-bucket"
region: "us-west-2"
accessKey:
secretName: "s3-credentials"
secretKey: "access-key"
secretKey:
secretName: "s3-credentials"
secretKey: "secret-key"
env:
USE_S3: "true"
S3_BUCKET: "your-s3-bucket"
S3_REGION: "us-west-2"
```
#### Azure Blob Storage
```yaml
global:
persistence:
enabled: true
type: azure
config:
azure:
accountName: "yourstorageaccount"
containerName: "labelstudio"
accountKey:
secretName: "azure-storage-secret"
secretKey: "account-key"
env:
USE_AZURE: "true"
AZURE_ACCOUNT_NAME: "yourstorageaccount"
AZURE_CONTAINER: "labelstudio"
```
## Monitoring and Observability
### Enable Prometheus Metrics
```yaml
env:
PROMETHEUS_METRICS_ENABLED: "true"
PROMETHEUS_METRICS_PORT: "9090"
service:
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9090"
prometheus.io/path: "/metrics"
```
### Logging Configuration
```yaml
env:
LOG_LEVEL: "INFO"
LOG_FORMAT: "json"
PYTHONUNBUFFERED: "1"
```
## Troubleshooting
### Common Issues
1. **Pod not starting**
```bash
kubectl describe pod <pod-name> -n label-studio
kubectl logs <pod-name> -n label-studio
```
2. **Database connection issues**
```bash
# Test database connectivity
kubectl run -it --rm debug --image=postgres:13 --restart=Never -- psql -h postgresql.label-studio.svc.cluster.local -U labelstudio -d labelstudio
```
3. **Redis connection issues**
```bash
# Test Redis connectivity
kubectl run -it --rm debug --image=redis:6 --restart=Never -- redis-cli -h redis-master.label-studio.svc.cluster.local -a redis123
```
4. **Ingress not working**
```bash
kubectl describe ingress label-studio -n label-studio
kubectl get events -n label-studio
```
### Health Checks
```bash
# Check application health
kubectl exec -it deployment/label-studio -n label-studio -- curl http://localhost:8080/health
# Run Helm tests
helm test label-studio -n label-studio
```
## Upgrading
### Upgrade the Chart
```bash
# Update values if needed
helm upgrade label-studio . \
--namespace label-studio \
--values my-values.yaml
# Check upgrade status
helm status label-studio -n label-studio
```
### Rollback
```bash
# List releases
helm history label-studio -n label-studio
# Rollback to previous version
helm rollback label-studio 1 -n label-studio
```
## Uninstalling
```bash
# Uninstall Label Studio
helm uninstall label-studio -n label-studio
# Uninstall dependencies (if installed via Helm)
helm uninstall postgresql -n label-studio
helm uninstall redis -n label-studio
# Delete namespace
kubectl delete namespace label-studio
```
## Security Considerations
1. **Use strong passwords** for database and Redis
2. **Enable TLS** for ingress
3. **Use secrets** for sensitive data
4. **Configure RBAC** appropriately
5. **Enable pod security policies**
6. **Use non-root containers**
7. **Scan images** for vulnerabilities
## Performance Tuning
### Resource Optimization
```yaml
resources:
limits:
cpu: 2000m
memory: 4Gi
requests:
cpu: 1000m
memory: 2Gi
# For high-traffic environments
autoscaling:
enabled: true
minReplicas: 5
maxReplicas: 50
targetCPUUtilizationPercentage: 60
targetMemoryUtilizationPercentage: 70
```
### Database Optimization
```yaml
env:
DJANGO_DB_CONN_MAX_AGE: "600"
DJANGO_DB_OPTIONS: '{"MAX_CONNS": 20}'
```
## Support
For issues and questions:
- Check the [Label Studio documentation](https://labelstud.io/guide/)
- Review the [GitHub issues](https://github.com/heartexlabs/label-studio)
- Join the [Label Studio community](https://slack.labelstud.io/)
## Contributing
To contribute to this Helm chart:
1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Test thoroughly
5. Submit a pull request

291
lbl-01/README.md
View File

@@ -1,291 +0,0 @@
# Label Studio Helm Chart
Helm chart để triển khai Label Studio - công cụ gán nhãn dữ liệu mã nguồn mở cho Machine Learning trên Kubernetes.
## Giới thiệu
Label Studio là một công cụ gán nhãn dữ liệu mã nguồn mở được thiết kế để giúp bạn chuẩn bị dữ liệu huấn luyện cho các mô hình machine learning. Helm chart này giúp bạn triển khai Label Studio một cách dễ dàng trên Kubernetes cluster.
## Yêu cầu
- Kubernetes 1.19+
- Helm 3.2.0+
- PV provisioner hỗ trợ trong underlying infrastructure (nếu sử dụng persistence)
## Cài đặt Chart
### Cài đặt cơ bản
```bash
helm install my-label-studio ./lbl-01
```
### Cài đặt với custom values
```bash
helm install my-label-studio ./lbl-01 -f my-values.yaml
```
## Gỡ cài đặt Chart
```bash
helm uninstall my-label-studio
```
## Cấu hình
### Cấu hình cơ bản
Dưới đây là một số cấu hình cơ bản trong `values.yaml`:
```yaml
# Cấu hình image
global:
image:
repository: heartexlabs/label-studio
tag: "develop"
pullPolicy: IfNotPresent
# Cấu hình service
service:
type: ClusterIP
port: 8080
targetPort: 8080
# Cấu hình ingress
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "200m"
hosts:
- host: label-studio.local
paths:
- path: /
pathType: ImplementationSpecific
```
### Cấu hình Database (PostgreSQL)
```yaml
global:
pgConfig:
host: "postgresql.default.svc.cluster.local"
port: 5432
dbName: "labelstudio"
userName: "labelstudio"
password:
secretName: "postgresql-secret"
secretKey: "password"
```
### Cấu hình Redis
```yaml
global:
redisConfig:
host: "redis://redis.default.svc.cluster.local:6379/1"
password:
secretName: "redis-secret"
secretKey: "password"
```
### Cấu hình Storage
#### Local Volume Storage
```yaml
global:
persistence:
enabled: true
type: volume
config:
volume:
storageClass: "standard"
size: 20Gi
accessModes:
- ReadWriteOnce
```
#### AWS S3 Storage
```yaml
global:
persistence:
enabled: true
type: s3
config:
s3:
accessKey: "your-access-key"
secretKey: "your-secret-key"
region: "us-west-2"
bucket: "label-studio-data"
folder: "media"
```
### Cấu hình Environment Variables
```yaml
env:
LABEL_STUDIO_HOST: "https://label-studio.yourdomain.com"
LABEL_STUDIO_USERNAME: "admin@example.com"
LABEL_STUDIO_PASSWORD: "your-secure-password"
ENABLE_LOCAL_FILES_ACCESS: "true"
LOCAL_FILES_SERVING_ENABLED: "true"
SSRF_PROTECTION_ENABLED: "true"
global:
extraEnvironmentVars:
PYTHONUNBUFFERED: "1"
DEBUG: "false"
```
## Ví dụ triển khai hoàn chỉnh
### 1. Tạo namespace
```bash
kubectl create namespace label-studio
```
### 2. Tạo secrets cho database
```bash
kubectl create secret generic postgresql-secret \
--from-literal=password=your-db-password \
-n label-studio
```
### 3. Tạo values file
```yaml
# my-values.yaml
global:
image:
tag: "latest"
pgConfig:
host: "postgresql.label-studio.svc.cluster.local"
port: 5432
dbName: "labelstudio"
userName: "labelstudio"
password:
secretName: "postgresql-secret"
secretKey: "password"
persistence:
enabled: true
type: volume
config:
volume:
storageClass: "gp2"
size: 50Gi
ingress:
enabled: true
className: "nginx"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/proxy-body-size: "200m"
hosts:
- host: label-studio.yourdomain.com
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: label-studio-tls
hosts:
- label-studio.yourdomain.com
resources:
limits:
cpu: 2000m
memory: 4Gi
requests:
cpu: 1000m
memory: 2Gi
env:
LABEL_STUDIO_HOST: "https://label-studio.yourdomain.com"
LABEL_STUDIO_USERNAME: "admin@yourdomain.com"
LABEL_STUDIO_PASSWORD: "your-secure-password"
```
### 4. Cài đặt chart
```bash
helm install label-studio ./lbl-01 \
-f my-values.yaml \
-n label-studio
```
## Monitoring và Logging
### Health Checks
Chart đã được cấu hình với health checks:
```yaml
livenessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 60
periodSeconds: 30
readinessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 30
periodSeconds: 10
```
### Autoscaling
```yaml
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 10
targetCPUUtilizationPercentage: 80
targetMemoryUtilizationPercentage: 80
```
## Troubleshooting
### Kiểm tra pods
```bash
kubectl get pods -n label-studio
kubectl logs -f deployment/label-studio -n label-studio
```
### Kiểm tra services
```bash
kubectl get svc -n label-studio
kubectl describe svc label-studio -n label-studio
```
### Kiểm tra ingress
```bash
kubectl get ingress -n label-studio
kubectl describe ingress label-studio -n label-studio
```
## Tham khảo
- [Label Studio Documentation](https://labelstud.io/guide/)
- [Label Studio Helm Values](https://labelstud.io/guide/helm_values)
- [Kubernetes Documentation](https://kubernetes.io/docs/)
- [Helm Documentation](https://helm.sh/docs/)
## Đóng góp
Nếu bạn muốn đóng góp cho chart này, vui lòng tạo pull request hoặc issue trên repository.
## License
Chart này được phân phối dưới giấy phép MIT. Xem file LICENSE để biết thêm chi tiết.

BIN
lbl-01/label-studio-1.0.0.tgz
View File

Binary file not shown.

BIN
lbl-01/label-studio-1.0.1.tgz
View File

Binary file not shown.

BIN
lbl-01/label-studio-1.0.2.tgz
View File

Binary file not shown.

BIN
lbl-01/label-studio-1.0.3.tgz
View File

Binary file not shown.

35
lbl-01/templates/NOTES.txt
View File

@@ -1,35 +0,0 @@
1. Get the application URL by running these commands:
{{- if .Values.httpRoute.enabled }}
{{- if .Values.httpRoute.hostnames }}
export APP_HOSTNAME={{ .Values.httpRoute.hostnames | first }}
{{- else }}
export APP_HOSTNAME=$(kubectl get --namespace {{(first .Values.httpRoute.parentRefs).namespace | default .Release.Namespace }} gateway/{{ (first .Values.httpRoute.parentRefs).name }} -o jsonpath="{.spec.listeners[0].hostname}")
{{- end }}
{{- if and .Values.httpRoute.rules (first .Values.httpRoute.rules).matches (first (first .Values.httpRoute.rules).matches).path.value }}
echo "Visit http://$APP_HOSTNAME{{ (first (first .Values.httpRoute.rules).matches).path.value }} to use your application"
NOTE: Your HTTPRoute depends on the listener configuration of your gateway and your HTTPRoute rules.
The rules can be set for path, method, header and query parameters.
You can check the gateway configuration with 'kubectl get --namespace {{(first .Values.httpRoute.parentRefs).namespace | default .Release.Namespace }} gateway/{{ (first .Values.httpRoute.parentRefs).name }} -o yaml'
{{- end }}
{{- else if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "label-studio.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "label-studio.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "label-studio.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "label-studio.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
{{- end }}

62
lbl-01/templates/_helpers.tpl
View File

@@ -1,62 +0,0 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "label-studio.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "label-studio.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "label-studio.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "label-studio.labels" -}}
helm.sh/chart: {{ include "label-studio.chart" . }}
{{ include "label-studio.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "label-studio.selectorLabels" -}}
app.kubernetes.io/name: {{ include "label-studio.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "label-studio.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "label-studio.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

122
lbl-01/templates/deployment.yaml
View File

@@ -1,122 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "label-studio.fullname" . }}
labels:
{{- include "label-studio.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "label-studio.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "label-studio.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "label-studio.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.service.targetPort | default 8080 }}
protocol: TCP
env:
{{- range $key, $value := .Values.env }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- if .Values.global.pgConfig.host }}
- name: POSTGRE_HOST
value: {{ .Values.global.pgConfig.host | quote }}
- name: POSTGRE_PORT
value: {{ .Values.global.pgConfig.port | quote }}
- name: POSTGRE_NAME
value: {{ .Values.global.pgConfig.dbName | quote }}
- name: POSTGRE_USER
value: {{ .Values.global.pgConfig.userName | quote }}
{{- if .Values.global.pgConfig.password.secretName }}
- name: POSTGRE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.global.pgConfig.password.secretName }}
key: {{ .Values.global.pgConfig.password.secretKey }}
{{- end }}
{{- end }}
{{- if .Values.global.redisConfig.host }}
- name: REDIS_LOCATION
value: {{ .Values.global.redisConfig.host | quote }}
{{- if .Values.global.redisConfig.password.secretName }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.global.redisConfig.password.secretName }}
key: {{ .Values.global.redisConfig.password.secretKey }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.global.extraEnvironmentVars }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- range $key, $value := .Values.global.extraEnvironmentSecrets }}
- name: {{ $key }}
valueFrom:
secretKeyRef:
name: {{ $value.secretName }}
key: {{ $value.secretKey }}
{{- end }}
{{- with .Values.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

32
lbl-01/templates/hpa.yaml
View File

@@ -1,32 +0,0 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "label-studio.fullname" . }}
labels:
{{- include "label-studio.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "label-studio.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

38
lbl-01/templates/httproute.yaml
View File

@@ -1,38 +0,0 @@
{{- if .Values.httpRoute.enabled -}}
{{- $fullName := include "label-studio.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: {{ $fullName }}
labels:
{{- include "label-studio.labels" . | nindent 4 }}
{{- with .Values.httpRoute.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
parentRefs:
{{- with .Values.httpRoute.parentRefs }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.httpRoute.hostnames }}
hostnames:
{{- toYaml . | nindent 4 }}
{{- end }}
rules:
{{- range .Values.httpRoute.rules }}
{{- with .matches }}
- matches:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .filters }}
filters:
{{- toYaml . | nindent 8 }}
{{- end }}
backendRefs:
- name: {{ $fullName }}
port: {{ $svcPort }}
weight: 1
{{- end }}
{{- end }}

43
lbl-01/templates/ingress.yaml
View File

@@ -1,43 +0,0 @@
{{- if .Values.ingress.enabled -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "label-studio.fullname" . }}
labels:
{{- include "label-studio.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with .Values.ingress.className }}
ingressClassName: {{ . }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- with .pathType }}
pathType: {{ . }}
{{- end }}
backend:
service:
name: {{ include "label-studio.fullname" $ }}
port:
number: {{ $.Values.service.port }}
{{- end }}
{{- end }}
{{- end }}

15
lbl-01/templates/service.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "label-studio.fullname" . }}
labels:
{{- include "label-studio.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "label-studio.selectorLabels" . | nindent 4 }}

13
lbl-01/templates/serviceaccount.yaml
View File

@@ -1,13 +0,0 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "label-studio.serviceAccountName" . }}
labels:
{{- include "label-studio.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
{{- end }}

15
lbl-01/templates/tests/test-connection.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "label-studio.fullname" . }}-test-connection"
labels:
{{- include "label-studio.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "label-studio.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

206
lbl-01/values-example.yaml
View File

@@ -1,206 +0,0 @@
# Example values for Label Studio Helm Chart
# Copy this file to my-values.yaml and customize as needed
# Global configuration
global:
image:
repository: heartexlabs/label-studio
pullPolicy: IfNotPresent
tag: "latest" # Use specific version in production
# PostgreSQL Database Configuration
pgConfig:
host: "postgresql.default.svc.cluster.local"
port: 5432
dbName: "labelstudio"
userName: "labelstudio"
password:
secretName: "postgresql-secret"
secretKey: "password"
# Redis Configuration
redisConfig:
host: "redis://redis.default.svc.cluster.local:6379/1"
password:
secretName: "redis-secret"
secretKey: "password"
# Extra Environment Variables
extraEnvironmentVars:
PYTHONUNBUFFERED: "1"
DEBUG: "false"
LOG_LEVEL: "INFO"
# Persistence Configuration
persistence:
enabled: true
type: volume
config:
volume:
storageClass: "gp2" # Change to your storage class
size: 50Gi
accessModes:
- ReadWriteOnce
# Deployment Configuration
replicaCount: 2
# Service Configuration
service:
type: ClusterIP
port: 8080
targetPort: 8080
# Ingress Configuration
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "200m"
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
hosts:
- host: label-studio.yourdomain.com
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: label-studio-tls
hosts:
- label-studio.yourdomain.com
# Resource Configuration
resources:
limits:
cpu: 2000m
memory: 4Gi
requests:
cpu: 1000m
memory: 2Gi
# Health Checks
livenessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 120
periodSeconds: 30
timeoutSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
# Autoscaling
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 10
targetCPUUtilizationPercentage: 70
targetMemoryUtilizationPercentage: 80
# Environment Variables
env:
# Database settings (will be overridden by global.pgConfig if set)
DJANGO_DB: "default"
POSTGRE_NAME: "labelstudio"
POSTGRE_USER: "labelstudio"
POSTGRE_PORT: "5432"
POSTGRE_HOST: "postgresql.default.svc.cluster.local"
# Redis settings (will be overridden by global.redisConfig if set)
REDIS_LOCATION: "redis://redis.default.svc.cluster.local:6379/1"
# Label Studio specific settings
LABEL_STUDIO_HOST: "https://label-studio.yourdomain.com"
LABEL_STUDIO_USERNAME: "admin@yourdomain.com"
LABEL_STUDIO_PASSWORD: "change-this-password"
# Storage settings
ENABLE_LOCAL_FILES_ACCESS: "true"
LOCAL_FILES_SERVING_ENABLED: "true"
# Security settings
SSRF_PROTECTION_ENABLED: "true"
# Feature flags
FEATURE_FLAGS_DEFAULT_VALUE: "false"
# Node Selection
nodeSelector: {}
# kubernetes.io/arch: amd64
# Tolerations
tolerations: []
# - key: "key1"
# operator: "Equal"
# value: "value1"
# effect: "NoSchedule"
# Affinity
affinity: {}
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - weight: 100
# podAffinityTerm:
# labelSelector:
# matchExpressions:
# - key: app.kubernetes.io/name
# operator: In
# values:
# - label-studio
# topologyKey: kubernetes.io/hostname
# Additional volumes
volumes: []
# - name: custom-config
# configMap:
# name: label-studio-config
# Additional volume mounts
volumeMounts: []
# - name: custom-config
# mountPath: /app/config
# readOnly: true
# Service Account
serviceAccount:
create: true
automount: true
annotations: {}
name: ""
# Pod Security Context
podSecurityContext:
fsGroup: 1001
# Security Context
securityContext:
runAsNonRoot: true
runAsUser: 1001
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
# ConfigMap for additional configuration
configMap:
create: true
data:
# Add any additional configuration files here
# custom.conf: |
# # Custom configuration
# Secrets for sensitive data
secrets:
create: true
data:
# Add any additional secrets here
# api-key: "your-api-key"

259
lbl-01/values.yaml
View File

@@ -1,259 +0,0 @@
# Default values for Label Studio Helm Chart
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# Global parameters for the Helm chart
global:
# Global Docker registry secret names as an array
imagePullSecrets: []
# Image configuration
image:
repository: heartexlabs/label-studio
pullPolicy: IfNotPresent
tag: "develop"
# PostgreSQL configuration
pgConfig:
host: ""
port: 5432
dbName: ""
userName: ""
password:
secretName: ""
secretKey: ""
ssl:
pgSslMode: ""
pgSslSecretName: ""
pgSslRootCertSecretKey: ""
pgSslCertSecretKey: ""
pgSslKeySecretKey: ""
# Redis configuration
redisConfig:
host: ""
password:
secretName: ""
secretKey: ""
ssl:
redisSslCertReqs: ""
redisSslSecretName: ""
redisSslCaCertsSecretKey: ""
redisSslCertFileSecretKey: ""
redisSslKeyFileSecretKey: ""
# Extra environment variables
extraEnvironmentVars: {}
# PYTHONUNBUFFERED: "1"
# DEBUG: "false"
# Extra environment secrets
extraEnvironmentSecrets: {}
# Persistence configuration
persistence:
enabled: true
type: volume
config:
# S3 configuration
s3:
accessKey: ""
secretKey: ""
accessKeyExistingSecret: ""
accessKeyExistingSecretKey: ""
secretKeyExistingSecret: ""
secretKeyExistingSecretKey: ""
region: ""
bucket: ""
folder: ""
urlExpirationSecs: 86400
endpointUrl: ""
# Volume configuration
volume:
storageClass: ""
size: 10Gi
accessModes:
- ReadWriteOnce
annotations: {}
existingClaim: ""
resourcePolicy: ""
# Azure configuration
azure:
storageAccountName: ""
storageAccountKey: ""
storageAccountNameExistingSecret: ""
# Replica count
replicaCount: 1
# Image configuration (can override global settings)
image:
repository: heartexlabs/label-studio
pullPolicy: IfNotPresent
tag: ""
# Image pull secrets
imagePullSecrets: []
# Name overrides
nameOverride: ""
fullnameOverride: ""
# Service account configuration
serviceAccount:
create: true
automount: true
annotations: {}
name: ""
# Pod annotations and labels
podAnnotations: {}
podLabels: {}
# Security contexts
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
# Service configuration
service:
type: ClusterIP
annotations: {}
port: 8080
targetPort: 8080
# Ingress configuration
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# nginx.ingress.kubernetes.io/proxy-body-size: "200m"
hosts:
- host: label-studio.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: label-studio-tls
# hosts:
# - label-studio.local
# Gateway API HTTPRoute configuration
httpRoute:
enabled: false
annotations: {}
parentRefs:
- name: gateway
sectionName: http
hostnames:
- label-studio.local
rules:
- matches:
- path:
type: PathPrefix
value: /
# Resource limits and requests
resources:
limits:
cpu: 1000m
memory: 2Gi
requests:
cpu: 500m
memory: 1Gi
# Health checks
livenessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
# Autoscaling configuration
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 10
targetCPUUtilizationPercentage: 80
targetMemoryUtilizationPercentage: 80
# Additional volumes
volumes: []
# - name: data
# persistentVolumeClaim:
# claimName: label-studio-data
# Additional volume mounts
volumeMounts: []
# - name: data
# mountPath: /label-studio/data
# Node selector
nodeSelector: {}
# Tolerations
tolerations: []
# Affinity
affinity: {}
# Environment variables specific to Label Studio
env:
# Database settings
DJANGO_DB: "default"
POSTGRE_NAME: ""
POSTGRE_USER: ""
POSTGRE_PASSWORD: ""
POSTGRE_PORT: "5432"
POSTGRE_HOST: ""
# Redis settings
REDIS_LOCATION: ""
# Label Studio specific settings
LABEL_STUDIO_HOST: ""
LABEL_STUDIO_USERNAME: "admin@example.com"
LABEL_STUDIO_PASSWORD: "password"
# Storage settings
ENABLE_LOCAL_FILES_ACCESS: "true"
LOCAL_FILES_SERVING_ENABLED: "true"
# Security settings
SSRF_PROTECTION_ENABLED: "true"
# Feature flags
FEATURE_FLAGS_DEFAULT_VALUE: "false"
# ConfigMap for additional configuration
configMap:
create: true
data: {}
# Secrets for sensitive data
secrets:
create: true
data: {}

23
lbl-02/.helmignore
View File

@@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

24
lbl-02/Chart.yaml
View File

@@ -1,24 +0,0 @@
apiVersion: v2
name: lbl-02
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.1
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

BIN
lbl-02/lbl-02-0.1.0.tgz
View File

Binary file not shown.

BIN
lbl-02/lbl-02-0.1.1.tgz
View File

Binary file not shown.

35
lbl-02/templates/NOTES.txt
View File

@@ -1,35 +0,0 @@
1. Get the application URL by running these commands:
{{- if .Values.httpRoute.enabled }}
{{- if .Values.httpRoute.hostnames }}
export APP_HOSTNAME={{ .Values.httpRoute.hostnames | first }}
{{- else }}
export APP_HOSTNAME=$(kubectl get --namespace {{(first .Values.httpRoute.parentRefs).namespace | default .Release.Namespace }} gateway/{{ (first .Values.httpRoute.parentRefs).name }} -o jsonpath="{.spec.listeners[0].hostname}")
{{- end }}
{{- if and .Values.httpRoute.rules (first .Values.httpRoute.rules).matches (first (first .Values.httpRoute.rules).matches).path.value }}
echo "Visit http://$APP_HOSTNAME{{ (first (first .Values.httpRoute.rules).matches).path.value }} to use your application"
NOTE: Your HTTPRoute depends on the listener configuration of your gateway and your HTTPRoute rules.
The rules can be set for path, method, header and query parameters.
You can check the gateway configuration with 'kubectl get --namespace {{(first .Values.httpRoute.parentRefs).namespace | default .Release.Namespace }} gateway/{{ (first .Values.httpRoute.parentRefs).name }} -o yaml'
{{- end }}
{{- else if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "lbl-02.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "lbl-02.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "lbl-02.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "lbl-02.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
{{- end }}

62
lbl-02/templates/_helpers.tpl
View File

@@ -1,62 +0,0 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "lbl-02.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "lbl-02.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "lbl-02.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "lbl-02.labels" -}}
helm.sh/chart: {{ include "lbl-02.chart" . }}
{{ include "lbl-02.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "lbl-02.selectorLabels" -}}
app.kubernetes.io/name: {{ include "lbl-02.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "lbl-02.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "lbl-02.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

78
lbl-02/templates/deployment.yaml
View File

@@ -1,78 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "lbl-02.fullname" . }}
labels:
{{- include "lbl-02.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "lbl-02.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "lbl-02.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "lbl-02.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.service.port }}
protocol: TCP
{{- with .Values.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

32
lbl-02/templates/hpa.yaml
View File

@@ -1,32 +0,0 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "lbl-02.fullname" . }}
labels:
{{- include "lbl-02.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "lbl-02.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

38
lbl-02/templates/httproute.yaml
View File

@@ -1,38 +0,0 @@
{{- if .Values.httpRoute.enabled -}}
{{- $fullName := include "lbl-02.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: {{ $fullName }}
labels:
{{- include "lbl-02.labels" . | nindent 4 }}
{{- with .Values.httpRoute.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
parentRefs:
{{- with .Values.httpRoute.parentRefs }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.httpRoute.hostnames }}
hostnames:
{{- toYaml . | nindent 4 }}
{{- end }}
rules:
{{- range .Values.httpRoute.rules }}
{{- with .matches }}
- matches:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .filters }}
filters:
{{- toYaml . | nindent 8 }}
{{- end }}
backendRefs:
- name: {{ $fullName }}
port: {{ $svcPort }}
weight: 1
{{- end }}
{{- end }}

43
lbl-02/templates/ingress.yaml
View File

@@ -1,43 +0,0 @@
{{- if .Values.ingress.enabled -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "lbl-02.fullname" . }}
labels:
{{- include "lbl-02.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with .Values.ingress.className }}
ingressClassName: {{ . }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- with .pathType }}
pathType: {{ . }}
{{- end }}
backend:
service:
name: {{ include "lbl-02.fullname" $ }}
port:
number: {{ $.Values.service.port }}
{{- end }}
{{- end }}
{{- end }}

15
lbl-02/templates/service.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "lbl-02.fullname" . }}
labels:
{{- include "lbl-02.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "lbl-02.selectorLabels" . | nindent 4 }}

13
lbl-02/templates/serviceaccount.yaml
View File

@@ -1,13 +0,0 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "lbl-02.serviceAccountName" . }}
labels:
{{- include "lbl-02.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
{{- end }}

15
lbl-02/templates/tests/test-connection.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "lbl-02.fullname" . }}-test-connection"
labels:
{{- include "lbl-02.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "lbl-02.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

161
lbl-02/values.yaml
View File

@@ -1,161 +0,0 @@
# Default values for lbl-02.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
replicaCount: 1
# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
image:
repository: heartexlabs/label-studio
# This sets the pull policy for images.
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: "latest"
# This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imagePullSecrets: []
# This is to override the chart name.
nameOverride: ""
fullnameOverride: ""
# This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
serviceAccount:
# Specifies whether a service account should be created
create: true
# Automatically mount a ServiceAccount's API credentials?
automount: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# This is for setting Kubernetes Annotations to a Pod.
# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
podAnnotations: {}
# This is for setting Kubernetes Labels to a Pod.
# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
podLabels: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
# This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
service:
# This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
type: ClusterIP
# This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
port: 80
# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: lbl-studio.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: lbl-studio-tls
# hosts:
# - lbl-studio.local
# -- Expose the service via gateway-api HTTPRoute
# Requires Gateway API resources and suitable controller installed within the cluster
# (see: https://gateway-api.sigs.k8s.io/guides/)
httpRoute:
# HTTPRoute enabled.
enabled: false
# HTTPRoute annotations.
annotations: {}
# Which Gateways this Route is attached to.
parentRefs:
- name: gateway
sectionName: http
# namespace: default
# Hostnames matching HTTP header.
hostnames:
- lbl-studio.local
# List of rules and filters applied.
rules:
- matches:
- path:
type: PathPrefix
value: /headers
# filters:
# - type: RequestHeaderModifier
# requestHeaderModifier:
# set:
# - name: My-Overwrite-Header
# value: this-is-the-only-value
# remove:
# - User-Agent
# - matches:
# - path:
# type: PathPrefix
# value: /echo
# headers:
# - name: version
# value: v2
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
# This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
# Additional volumes on the output Deployment definition.
volumes: []
# - name: foo
# secret:
# secretName: mysecret
# optional: false
# Additional volumeMounts on the output Deployment definition.
volumeMounts: []
# - name: foo
# mountPath: "/etc/foo"
# readOnly: true
nodeSelector: {}
tolerations: []
affinity: {}