Skip to content

Commit

Permalink
feat: make existing secret references optional, docs (#35)
Browse files Browse the repository at this point in the history
  • Loading branch information
schnaker85 authored Oct 31, 2024
1 parent 88354a6 commit 7d23f73
Show file tree
Hide file tree
Showing 5 changed files with 60 additions and 5 deletions.
45 changes: 43 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,9 @@ The following table lists the useful configurable parameters of the Langfuse cha
| Parameter | Description | Default |
| --- | --- | --- |
| `langfuse.nextauth.url` | When deploying to production, set the `nextauth.url` value to the canonical URL of your site. | `http://localhost:3000` |
| `langfuse.nextauth.secret` | Used to encrypt the NextAuth.js JWT, and to hash email verification tokens. | `changeme` |
| `langfuse.nextauth.secret` | Used to encrypt the NextAuth.js JWT, and to hash email verification tokens. In case the value is set to `null`, then the default `NEXTAUTH_SECRET` environment variable will not be set. | `changeme` |
| `langfuse.port` | Port to run Langfuse on | `3000` |
| `langfuse.salt` | Salt for API key hashing | `changeme` |
| `langfuse.salt` | Salt for API key hashing. In case the value is set to `null`, then the default `SALT` environment variable will not be set. | `changeme` |
| `langfuse.telemetryEnabled` | Weither or not to enable telemetry (reports basic usage statistics of self-hosted instances to a centralized server). | `true` |
| `langfuse.extraContainers` | Dict that allow addition of additional containers | `[]` |
| `langfuse.extraInitContainers` | Dict that allow addition of init containers | `[]` |
Expand Down Expand Up @@ -115,6 +115,47 @@ postgresql:
[...]
```
##### With an external Postgres server with client certificates using own secrets and additionalEnv for mappings
```yaml
langfuse:
salt: null
nextauth:
secret: null
extraVolumes:
- name: db-keystore # referencing an existing secret to mount server/client certs for postgres
secret:
secretName: langfuse-postgres # contain the following files (server-ca.pem, sslidentity.pk12)
extraVolumeMounts:
- name: db-keystore
mountPath: /secrets/db-keystore # mounting the db-keystore store certs in the pod under the given path
readOnly: true
additionalEnv:
- name: DATABASE_URL # Using the certs in the url eg. postgresql://the-db-user:the-password@postgres-host:5432/langfuse?ssl=true&sslmode=require&sslcert=/secrets/db-keystore/server-ca.pem&sslidentity=/secrets/db-keystore/sslidentity.pk12&sslpassword=the-ssl-identity-pw
valueFrom:
secretKeyRef:
name: langfuse-postgres # referencing an existing secret
key: database-url
- name: NEXTAUTH_SECRET
valueFrom:
secretKeyRef:
name: langfuse-general # referencing an existing secret
key: nextauth-secret
- name: SALT
valueFrom:
secretKeyRef:
name: langfuse-general
key: salt
service:
[...]
ingress:
[...]
postgresql:
deploy: false
auth:
password: null
username: null
```
## Repository Structure
- `examples` directory contains example `yaml` configurations
- `charts/langfuse` directory contains Helm chart for deploying Langfuse with an associated database
Expand Down
2 changes: 1 addition & 1 deletion charts/langfuse/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v2
name: langfuse
version: 0.5.0
version: 0.6.0
description: Open source LLM engineering platform - LLM observability, metrics, evaluations, prompt management.
type: application
keywords:
Expand Down
12 changes: 12 additions & 0 deletions charts/langfuse/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -51,17 +51,25 @@ spec:
value: "0.0.0.0"
- name: PORT
value: {{ .Values.langfuse.port | quote }}
{{- if .Values.postgresql.auth.username }}
- name: DATABASE_USERNAME
value: {{ .Values.postgresql.auth.username | quote }}
{{- end }}
{{- if .Values.postgresql.auth.password }}
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "langfuse.postgresql.fullname" . }}
key: postgres-password
{{- end }}
{{- if .Values.postgresql.host }}
- name: DATABASE_HOST
value: {{ .Values.postgresql.deploy | ternary (include "langfuse.postgresql.fullname" . | quote) (.Values.postgresql.host | quote) }}
{{- end }}
{{- if .Values.postgresql.database }}
- name: DATABASE_NAME
value: {{ .Values.postgresql.auth.database | quote }}
{{- end }}
{{- if not .Values.postgresql.deploy }}
{{- if .Values.postgresql.directUrl }}
- name: DIRECT_URL
Expand All @@ -80,13 +88,17 @@ spec:
{{- end }}
- name: NEXTAUTH_URL
value: {{ .Values.langfuse.nextauth.url | quote }}
{{- if .Values.langfuse.nextauth.secret }}
- name: NEXTAUTH_SECRET
valueFrom:
secretKeyRef:
name: {{ include "langfuse.nextauthSecretName" . }}
key: nextauth-secret
{{- end }}
{{- if .Values.langfuse.salt }}
- name: SALT
value: {{ .Values.langfuse.salt | quote }}
{{- end }}
- name: TELEMETRY_ENABLED
value: {{ .Values.langfuse.telemetryEnabled | quote }}
- name: NEXT_PUBLIC_SIGN_UP_DISABLED
Expand Down
4 changes: 3 additions & 1 deletion charts/langfuse/templates/nextauth-secret.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if .Values.langfuse.nextauth.secret }}
apiVersion: v1
kind: Secret
metadata:
Expand All @@ -6,4 +7,5 @@ metadata:
{{- include "langfuse.labels" . | nindent 4 }}
type: Opaque
data:
nextauth-secret: {{ .Values.langfuse.nextauth.secret | toString | b64enc }}
nextauth-secret: {{ .Values.langfuse.nextauth.secret | toString | b64enc }}
{{- end }}
2 changes: 1 addition & 1 deletion charts/langfuse/templates/postgresql-secret.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if not .Values.postgresql.deploy }}
{{- if and (not .Values.postgresql.deploy) (.Values.postgresql.auth.password) -}}
apiVersion: v1
kind: Secret
metadata:
Expand Down

0 comments on commit 7d23f73

Please sign in to comment.