diff --git a/README.md b/README.md index 273c1d8..3301ec4 100644 --- a/README.md +++ b/README.md @@ -26,9 +26,9 @@ The following table lists the useful configurable parameters of the Langfuse cha | Parameter | Description | Default | | --- | --- | --- | | `langfuse.nextauth.url` | When deploying to production, set the `nextauth.url` value to the canonical URL of your site. | `http://localhost:3000` | -| `langfuse.nextauth.secret` | Used to encrypt the NextAuth.js JWT, and to hash email verification tokens. | `changeme` | +| `langfuse.nextauth.secret` | Used to encrypt the NextAuth.js JWT, and to hash email verification tokens. In case the value is set to `null`, then the default `NEXTAUTH_SECRET` environment variable will not be set. | `changeme` | | `langfuse.port` | Port to run Langfuse on | `3000` | -| `langfuse.salt` | Salt for API key hashing | `changeme` | +| `langfuse.salt` | Salt for API key hashing. In case the value is set to `null`, then the default `SALT` environment variable will not be set. | `changeme` | | `langfuse.telemetryEnabled` | Weither or not to enable telemetry (reports basic usage statistics of self-hosted instances to a centralized server). | `true` | | `langfuse.extraContainers` | Dict that allow addition of additional containers | `[]` | | `langfuse.extraInitContainers` | Dict that allow addition of init containers | `[]` | @@ -115,6 +115,47 @@ postgresql: [...] ``` +##### With an external Postgres server with client certificates using own secrets and additionalEnv for mappings +```yaml +langfuse: + salt: null + nextauth: + secret: null + extraVolumes: + - name: db-keystore # referencing an existing secret to mount server/client certs for postgres + secret: + secretName: langfuse-postgres # contain the following files (server-ca.pem, sslidentity.pk12) + extraVolumeMounts: + - name: db-keystore + mountPath: /secrets/db-keystore # mounting the db-keystore store certs in the pod under the given path + readOnly: true + additionalEnv: + - name: DATABASE_URL # Using the certs in the url eg. postgresql://the-db-user:the-password@postgres-host:5432/langfuse?ssl=true&sslmode=require&sslcert=/secrets/db-keystore/server-ca.pem&sslidentity=/secrets/db-keystore/sslidentity.pk12&sslpassword=the-ssl-identity-pw + valueFrom: + secretKeyRef: + name: langfuse-postgres # referencing an existing secret + key: database-url + - name: NEXTAUTH_SECRET + valueFrom: + secretKeyRef: + name: langfuse-general # referencing an existing secret + key: nextauth-secret + - name: SALT + valueFrom: + secretKeyRef: + name: langfuse-general + key: salt +service: + [...] +ingress: + [...] +postgresql: + deploy: false + auth: + password: null + username: null +``` + ## Repository Structure - `examples` directory contains example `yaml` configurations - `charts/langfuse` directory contains Helm chart for deploying Langfuse with an associated database diff --git a/charts/langfuse/Chart.yaml b/charts/langfuse/Chart.yaml index fa5474f..657b114 100644 --- a/charts/langfuse/Chart.yaml +++ b/charts/langfuse/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: langfuse -version: 0.5.0 +version: 0.6.0 description: Open source LLM engineering platform - LLM observability, metrics, evaluations, prompt management. type: application keywords: diff --git a/charts/langfuse/templates/deployment.yaml b/charts/langfuse/templates/deployment.yaml index 85a8502..3169f64 100644 --- a/charts/langfuse/templates/deployment.yaml +++ b/charts/langfuse/templates/deployment.yaml @@ -51,17 +51,25 @@ spec: value: "0.0.0.0" - name: PORT value: {{ .Values.langfuse.port | quote }} + {{- if .Values.postgresql.auth.username }} - name: DATABASE_USERNAME value: {{ .Values.postgresql.auth.username | quote }} + {{- end }} + {{- if .Values.postgresql.auth.password }} - name: DATABASE_PASSWORD valueFrom: secretKeyRef: name: {{ include "langfuse.postgresql.fullname" . }} key: postgres-password + {{- end }} + {{- if .Values.postgresql.host }} - name: DATABASE_HOST value: {{ .Values.postgresql.deploy | ternary (include "langfuse.postgresql.fullname" . | quote) (.Values.postgresql.host | quote) }} + {{- end }} + {{- if .Values.postgresql.database }} - name: DATABASE_NAME value: {{ .Values.postgresql.auth.database | quote }} + {{- end }} {{- if not .Values.postgresql.deploy }} {{- if .Values.postgresql.directUrl }} - name: DIRECT_URL @@ -80,13 +88,17 @@ spec: {{- end }} - name: NEXTAUTH_URL value: {{ .Values.langfuse.nextauth.url | quote }} + {{- if .Values.langfuse.nextauth.secret }} - name: NEXTAUTH_SECRET valueFrom: secretKeyRef: name: {{ include "langfuse.nextauthSecretName" . }} key: nextauth-secret + {{- end }} + {{- if .Values.langfuse.salt }} - name: SALT value: {{ .Values.langfuse.salt | quote }} + {{- end }} - name: TELEMETRY_ENABLED value: {{ .Values.langfuse.telemetryEnabled | quote }} - name: NEXT_PUBLIC_SIGN_UP_DISABLED diff --git a/charts/langfuse/templates/nextauth-secret.yaml b/charts/langfuse/templates/nextauth-secret.yaml index fa2953b..94f73ed 100644 --- a/charts/langfuse/templates/nextauth-secret.yaml +++ b/charts/langfuse/templates/nextauth-secret.yaml @@ -1,3 +1,4 @@ +{{- if .Values.langfuse.nextauth.secret }} apiVersion: v1 kind: Secret metadata: @@ -6,4 +7,5 @@ metadata: {{- include "langfuse.labels" . | nindent 4 }} type: Opaque data: - nextauth-secret: {{ .Values.langfuse.nextauth.secret | toString | b64enc }} \ No newline at end of file + nextauth-secret: {{ .Values.langfuse.nextauth.secret | toString | b64enc }} +{{- end }} \ No newline at end of file diff --git a/charts/langfuse/templates/postgresql-secret.yaml b/charts/langfuse/templates/postgresql-secret.yaml index 3494bc1..4c21b34 100644 --- a/charts/langfuse/templates/postgresql-secret.yaml +++ b/charts/langfuse/templates/postgresql-secret.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.postgresql.deploy }} +{{- if and (not .Values.postgresql.deploy) (.Values.postgresql.auth.password) -}} apiVersion: v1 kind: Secret metadata: