# Default values for Label Studio. # This is a YAML-formatted file. # Declare variables to be passed into your templates. global: # Image pull secret to use for registry authentication. # Alternatively, you can specify the value as an array of strings. imagePullSecrets: [] image: registry: docker.io repository: heartexlabs/label-studio pullPolicy: IfNotPresent tag: "" pgConfig: host: "127.0.0.1" port: 5432 dbName: "label" userName: "label" password: secretName: "label-studio-pg-password" secretKey: "label-studio-pg-password" ssl: pgSslMode: "" pgSslSecretName: "" pgSslRootCertSecretKey: "" pgSslCertSecretKey: "" pgSslKeySecretKey: "" # Redis location, for example redis://[:password]@localhost:6379/1 # Supported only in LSE redisConfig: host: "127.0.0.1" password: secretName: "label-studio-redis-password" secretKey: "label-studio-redis-password" ssl: redisSslCertReqs: "" redisSslSecretName: "" redisSslCaCertsSecretKey: "" redisSslCertFileSecretKey: "" redisSslKeyFileSecretKey: "" extraEnvironmentVars: {} extraEnvironmentSecrets: { } persistence: enabled: true type: volume # s3, azure, gcs config: s3: accessKey: "" secretKey: "" accessKeyExistingSecret: "" accessKeyExistingSecretKey: "" secretKeyExistingSecret: "" secretKeyExistingSecretKey: "" region: "" bucket: "" folder: "" urlExpirationSecs: "86400" endpointUrl: "" objectParameters: {} volume: ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## storageClass: "" size: 10Gi accessModes: - ReadWriteOnce annotations: {} existingClaim: "" resourcePolicy: "" azure: storageAccountName: "" storageAccountKey: "" storageAccountNameExistingSecret: "" storageAccountNameExistingSecretKey: "" storageAccountKeyExistingSecret: "" storageAccountKeyExistingSecretKey: "" containerName: "" folder: "" urlExpirationSecs: "86400" gcs: projectID: "" applicationCredentialsJSON: "" applicationCredentialsJSONExistingSecret: "" applicationCredentialsJSONExistingSecretKey: "" bucket: "" folder: "" urlExpirationSecs: "86400" featureFlags: { } # File name of a shell script to load additional template environment variables from. # This is useful when using Vault. # "- /vault/secrets/config" envInjectSources: [] ## @param app.cmdWrapper Additional commands to run prior to starting App. Useful to run wrappers before startup command ## e.g: ## cmdWrapper: "newrelic-admin run-program" ## cmdWrapper: "" # File names of a custom SSL root certs. These filename will be appended to existing root certs. # "- /tmp/my_cool_root_cert" customCaCerts: [ ] app: # Update strategy - only really applicable for deployments with RWO PVs attached # If replicas = 1, an update can get "stuck", as the previous pod remains attached to the # PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will # terminate the single previous pod, so that the new, incoming pod can attach to the PV deploymentStrategy: type: RollingUpdate deploymentAnnotations: { } replicas: 1 NameOverride: "" FullnameOverride: "" labels: { } podLabels: { } ## @param app.args Override default container args (useful when using custom images) ## args: - "label-studio-uwsgi" resources: requests: {} ## Example: # memory: "600Mi" # cpu: "250m" limits: {} ## Example: # memory: "4000Mi" # cpu: "4" initContainer: resources: requests: {} ## Example: # memory: 384Mi # cpu: 250m limits: {} ## Example: # memory: 512Mi # cpu: 500m nginx: args: - "nginx" extraEnvironmentVars: {} extraEnvironmentSecrets: {} resources: requests: {} ## Example ## memory: 384Mi ## cpu: 250m limits: {} ## Example: ## memory: 1G ## cpu: 1000m livenessProbe: enabled: true tcpSocket: port: 8085 initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 3 successThreshold: 1 readinessProbe: enabled: true httpGet: path: /nginx_health port: 8085 initialDelaySeconds: 10 periodSeconds: 5 timeoutSeconds: 3 failureThreshold: 1 successThreshold: 1 # extraEnvironmentVars is a list of extra environment variables to set in the # app deployment. extraEnvironmentVars: { } # KUBERNETES_SERVICE_HOST: kubernetes.default.svc # extraEnvironmentSecrets is a list of extra environment variables to set in the # app deployment. extraEnvironmentSecrets: { } # MYSQL_PASSWORD: # secretName: mysql_secret # secretKey: password # nodeSelector labels for pod assignment, formatted as a multi-line string or YAML map. # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector # Example: # nodeSelector: # beta.kubernetes.io/arch: amd64 nodeSelector: { } topologySpreadConstraints: [ ] dnsPolicy: "ClusterFirst" enableServiceLinks: false shareProcessNamespace: false automountServiceAccountToken: true # Extra k8s annotations to attach to the app pods # This can either be YAML or a YAML-formatted multi-line templated string map # of the annotations to apply to the app pods annotations: { } # Extra k8s labels to attach to Label Studio Enterprise. # Provide a YAML map of k8s labels. extraLabels: { } affinity: { } # Toleration Settings for app pods # Provide either a multi-line string or YAML matching the Toleration array # in a PodSpec. tolerations: [] # Used to define custom readinessProbe settings readinessProbe: enabled: true httpGet: path: /health port: 8000 scheme: HTTP # When a probe fails, Kubernetes will try failureThreshold times before giving up failureThreshold: 1 # Number of seconds after the container has started before probe initiates initialDelaySeconds: 60 # How often (in seconds) to perform the probe periodSeconds: 5 # Minimum consecutive successes for the probe to be considered successful after having failed successThreshold: 1 # Number of seconds after which the probe times out. timeoutSeconds: 1 # Used to enable a livenessProbe for the pods livenessProbe: enabled: true tcpSocket: port: 8000 # When a probe fails, Kubernetes will try failureThreshold times before giving up failureThreshold: 3 # Number of seconds after the container has started before probe initiates initialDelaySeconds: 10 # How often (in seconds) to perform the probe periodSeconds: 10 # Minimum consecutive successes for the probe to be considered successful after having failed successThreshold: 1 # Number of seconds after which the probe times out. timeoutSeconds: 5 service: type: ClusterIP port: 80 targetPort: 8085 portName: service annotations: { } sessionAffinity: "None" sessionAffinityConfig: { } ingress: enabled: false # For Kubernetes >= 1.18 you should specify the ingress-controller using the field ingressClassName # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress className: "" annotations: { } ## Examples: ## kubernetes.io/tls-acme: "true" host: "" # You may need to set this to '/*' in order to use this with ALB ingress controllers. path: / ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services. extraPaths: [] pathType: ImplementationSpecific ## Examples: ## - path: /* ## backend: ## serviceName: ssl-redirect ## servicePort: use-annotation tls: [ ] ## Examples: ## - secretName: chart-example-tls ## hosts: ## - app.heartex.local ## @param api.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record ## e.g: ## extraHosts: ## - name: app.humansignal.local ## path: / ## extraHosts: [ ] # Definition of the serviceAccount used to run Label Studio Enterprise serviceAccount: # Specifies whether to create a service account create: true # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" # Extra k8s annotations for the serviceAccount definition. This can either be # YAML or a YAML-formatted multi-line templated string map of the # k8s annotations to apply to the serviceAccount. annotations: {} # Array to add extra volumes extraVolumes: [ ] # Array to add extra mounts (normally used with extraVolumes) extraVolumeMounts: [ ] ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param app.podSecurityContext.enabled Enable pod Security Context ## podSecurityContext: enabled: true fsGroup: 1001 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param containerSecurityContext.enabled Enable container Security Context ## @param containerSecurityContext.runAsNonRoot Avoid running as root User ## @param containerSecurityContext.allowPrivilegeEscalation Controls whether a process can gain more privileges than its parent process ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true allowPrivilegeEscalation: false ## RBAC configuration ## rbac: ## @param rbac.create Specifies whether RBAC resources should be created ## create: false ## @param app.rbac.rules Custom RBAC rules to set ## e.g: ## rules: ## - apiGroups: ## - "" ## resources: ## - pods ## verbs: ## - get ## - list ## rules: [] contextPath: / ## @param app.cmdWrapper Additional commands to run prior to starting App. Useful to run wrappers before startup command ## e.g: ## cmdWrapper: "newrelic-admin run-program" ## cmdWrapper: "" ## Minimal number of seconds preStop hook waits before LS is stopped to finish processing requests ## Note: must be set to lower value than terminationGracePeriodSeconds so that preStop hook finishes ## before grace period expires preStopDelaySeconds: 15 # Seconds LS pod needs to terminate gracefully terminationGracePeriodSeconds: 30 ## Add additional init containers to the App Deployment pod ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [ ] ## Add additional init containers to the App Deployment pod after sql migration ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## postMigrationInitContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## postMigrationInitContainers: [ ] ## Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb ## @param app.pdb.create Enable/disable a Pod Disruption Budget creation ## @param app.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled ## @param app.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `app.pdb.minAvailable` and `app.pdb.maxUnavailable` are empty. ## pdb: create: false minAvailable: "" maxUnavailable: "" migrationJob: enabled: false # For Helm hooks, you can use: # "helm.sh/hook": pre-install,pre-upgrade # "helm.sh/hook-weight": "0" # "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded # For ArgoCD, you can also use: # "argocd.argoproj.io/hook": PreSync # "argocd.argoproj.io/hook-delete-policy": BeforeHookCreation annotations: {} rqworker: enabled: true NameOverride: "" FullnameOverride: "" labels: {} podLabels: {} deploymentStrategy: type: Recreate deploymentAnnotations: { } autoscaling: enabled: false scalingType: deployment queues: high: replicas: 1 args: '"high"' resources: requests: {} limits: {} scaledOptions: minReplicaCount: 0 maxReplicaCount: 5 pollingInterval: 5 cooldownPeriod: 60 listLength: 10 low: replicas: 1 args: '"low"' resources: requests: {} limits: {} scaledOptions: minReplicaCount: 0 maxReplicaCount: 5 pollingInterval: 5 cooldownPeriod: 60 listLength: 10 default: replicas: 4 args: '"default"' resources: requests: {} limits: {} scaledOptions: minReplicaCount: 0 maxReplicaCount: 5 pollingInterval: 5 cooldownPeriod: 60 listLength: 10 critical: replicas: 1 args: '"critical"' resources: requests: {} limits: {} scaledOptions: minReplicaCount: 0 maxReplicaCount: 5 pollingInterval: 5 cooldownPeriod: 60 listLength: 10 # Default fallback in the case if queue-specific resources are not set resources: requests: {} ## memory: "256Mi" ## cpu: "250m" limits: {} ## Example: ## memory: "1500Mi" ## cpu: "1" pdb: create: false minAvailable: "" maxUnavailable: "" # extraEnvironmentVars is a list of extra environment variables to set in the # rqworker deployment. extraEnvironmentVars: { } # KUBERNETES_SERVICE_HOST: kubernetes.default.svc # extraEnvironmentSecrets is a list of extra environment variables to set in the # rqworker deployment. extraEnvironmentSecrets: { } # MYSQL_PASSWORD: # secretName: mysql_secret # secretKey: password # nodeSelector labels for pod assignment, formatted as a multi-line string or YAML map. # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector # Example: # nodeSelector: # beta.kubernetes.io/arch: amd64 nodeSelector: { } topologySpreadConstraints: [ ] dnsPolicy: "ClusterFirst" enableServiceLinks: false shareProcessNamespace: false automountServiceAccountToken: true # Extra k8s annotations to attach to the rqworker pods # This can either be YAML or a YAML-formatted multi-line templated string map # of the annotations to apply to the rqworker pods annotations: { } # Extra k8s labels to attach to the rqworker # This should be a YAML map of the labels to apply to the rqworker extraLabels: { } affinity: { } # Toleration Settings for rqworker pods # Provide either a multi-line string or YAML matching the Toleration array # in a PodSpec. tolerations: [] # Used to define custom readinessProbe settings readinessProbe: enabled: false path: /version # When a probe fails, Kubernetes will try failureThreshold times before giving up failureThreshold: 2 # Number of seconds after the container has started before probe initiates initialDelaySeconds: 60 # How often (in seconds) to perform the probe periodSeconds: 5 # Minimum consecutive successes for the probe to be considered successful after having failed successThreshold: 1 # Number of seconds after which the probe times out. timeoutSeconds: 3 # Used to enable a livenessProbe for the pods livenessProbe: enabled: false path: "/health" # When a probe fails, Kubernetes will try failureThreshold times before giving up failureThreshold: 2 # Number of seconds after the container has started before probe initiates initialDelaySeconds: 60 # How often (in seconds) to perform the probe periodSeconds: 5 # Minimum consecutive successes for the probe to be considered successful after having failed successThreshold: 1 # Number of seconds after which the probe times out. timeoutSeconds: 3 # Definition of the serviceAccount used to run rqworker for Label Studio Enterprise serviceAccount: # Specifies whether to create a service account create: true # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" # Extra k8s annotations for the serviceAccount definition. This can either be # YAML or a YAML-formatted multi-line templated string map of the # k8s annotations to apply to the serviceAccount. annotations: { } # Array to add extra volumes extraVolumes: [ ] # Array to add extra mounts (normally used with extraVolumes) extraVolumeMounts: [ ] ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param rqworker.podSecurityContext.enabled Enable pod Security Context ## podSecurityContext: enabled: true fsGroup: 1001 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param containerSecurityContext.enabled Enable container Security Context ## @param containerSecurityContext.runAsNonRoot Avoid running as root User ## @param containerSecurityContext.allowPrivilegeEscalation Controls whether a process can gain more privileges than its parent process ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true allowPrivilegeEscalation: false ## RBAC configuration ## rbac: ## @param rbac.create Specifies whether RBAC resources should be created ## create: false ## @param rqworker.rbac.rules Custom RBAC rules to set ## e.g: ## rules: ## - apiGroups: ## - "" ## resources: ## - pods ## verbs: ## - get ## - list ## rules: [] ## @param app.cmdWrapper Additional commands to run prior to starting App. Useful to run wrappers before startup command ## e.g: ## cmdWrapper: "newrelic-admin run-program" ## cmdWrapper: "" # Seconds rqworker pod needs to terminate gracefully terminationGracePeriodSeconds: 30 # [Enterprise Only] enterprise: enabled: false # This value refers to a Kubernetes secret that you have # created that contains your enterprise license. enterpriseLicense: # The name of the Kubernetes secret that holds the enterprise license. The # secret must be in the same namespace that Label Studio Enterprise is installed into. secretName: "" # The key within the Kubernetes secret that holds the enterprise license. secretKey: "license" postgresql: enabled: true clusterDomain: cluster.local architecture: standalone image: repository: bitnamilegacy/postgresql tag: 13.18.0 auth: username: "labelstudio" password: "labelstudio" database: "labelstudio" volumePermissions: image: repository: bitnamilegacy/os-shell metrics: image: repository: bitnamilegacy/postgres-exporter global: security: allowInsecureImages: true redis: enabled: false clusterDomain: cluster.local architecture: standalone master: enableServiceLinks: false auth: enabled: false image: repository: bitnamilegacy/redis sentinel: image: repository: bitnamilegacy/redis-sentinel kubectl: image: repository: bitnamilegacy/kubectl sysctl: image: repository: bitnamilegacy/os-shell metrics: image: repository: bitnamilegacy/redis-exporter volumePermissions: image: repository: bitnamilegacy/os-shell global: security: allowInsecureImages: true ci: false clusterDomain: cluster.local checkConfig: skipEnvValues: false cronjob: enabled: false jobs: {} annotations: {} NameOverride: "" FullnameOverride: "" metrics: enabled: false serviceMonitor: enabled: false annotations: {} labels: {} jobLabel: "" honorLabels: false interval: "" scrapeTimeout: "" metricRelabelings: [] relabelings: [] selector: {} uwsgiExporter: enabled: false image: registry: "docker.io" repository: "timonwong/uwsgi-exporter" tag: "v1.3.0" pullPolicy: "Always" pullSecrets: [ ] containerSecurityContext: enabled: true allowPrivilegeEscalation: false readOnlyRootFilesystem: false runAsUser: 1001 resources: requests: { } ## Example: # cpu: "200m" # memory: "64Mi" limits: { } # cpu: "20m" # memory: "128Mi" livenessProbe: enabled: false httpGet: path: "/-/healthy" port: "uwsgimetrics" initialDelaySeconds: 2 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 successThreshold: 1 readinessProbe: enabled: false httpGet: path: "/metrics" port: "uwsgimetrics" initialDelaySeconds: 2 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 successThreshold: 1