├── .github └── workflows │ └── release.yml ├── .gitignore ├── .helmignore ├── Chart.yaml ├── README.md ├── artifacthub-repo.yml ├── index.yaml ├── templates ├── NOTES.txt ├── _helpers.tpl ├── configmap.yaml ├── deployment.yaml ├── hpa.yaml ├── ingress.yaml ├── pvc.yaml ├── service.yaml └── serviceaccount.yaml └── values.yaml /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: Release Charts 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | 8 | # 这里添加权限设置以允许GitHub Actions写入仓库和部署Pages 9 | permissions: 10 | contents: write 11 | pages: write 12 | id-token: write 13 | 14 | jobs: 15 | release: 16 | runs-on: ubuntu-latest 17 | steps: 18 | - name: Checkout 19 | uses: actions/checkout@v3 20 | with: 21 | fetch-depth: 0 22 | 23 | - name: Configure Git 24 | run: | 25 | git config user.name "$GITHUB_ACTOR" 26 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com" 27 | 28 | - name: Install Helm 29 | uses: azure/setup-helm@v3 30 | with: 31 | token: ${{ secrets.GITHUB_TOKEN }} 32 | 33 | # Update Helm dependencies (but only download those marked as embedded) 34 | # 由于已移除依赖声明,不再需要更新依赖 35 | - name: Clean Environment 36 | run: | 37 | # 删除Chart.lock文件 38 | echo "删除Chart.lock文件..." 39 | rm -f Chart.lock || true 40 | 41 | # 确保charts目录存在但为空 42 | echo "确保charts目录干净..." 43 | mkdir -p charts 44 | rm -rf charts/* || true 45 | 46 | echo "环境已准备好打包..." 47 | 48 | - name: Package Helm Chart 49 | run: | 50 | helm package . 51 | 52 | - name: Update index.yaml 53 | run: | 54 | helm repo index --url https://kevinzhao.github.io/dify_helm . 55 | 56 | - name: Confirm file existence before deployment 57 | run: | 58 | echo "检查chart包是否存在..." 59 | ls -la dify-*.tgz || echo "主Chart包不存在!" 60 | echo "检查依赖包是否存在..." 61 | ls -la charts/*.tgz || echo "依赖Chart包不存在或目录为空!" 62 | 63 | - name: Create deployment folder 64 | run: | 65 | mkdir -p deployment 66 | cp index.yaml deployment/ 67 | cp dify-*.tgz deployment/ || echo "警告: 未找到主Chart包" 68 | # 确保依赖chart目录存在并复制依赖chart包 69 | if [ -d "charts" ] && [ "$(ls -A charts)" ]; then 70 | echo "复制依赖chart包..." 71 | mkdir -p deployment/charts 72 | cp -r charts/*.tgz deployment/charts/ 73 | else 74 | echo "charts目录不存在或为空,创建空目录..." 75 | mkdir -p deployment/charts 76 | fi 77 | 78 | - name: Verify deployment directory content 79 | run: | 80 | echo "部署目录内容:" 81 | find deployment -type f | sort 82 | 83 | - name: Setup Pages 84 | uses: actions/configure-pages@v3 85 | 86 | - name: Deploy to GitHub Pages 87 | uses: JamesIves/github-pages-deploy-action@v4 88 | with: 89 | folder: deployment 90 | branch: gh-pages 91 | clean: true 92 | token: ${{ secrets.GITHUB_TOKEN }} 93 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | values_original.yaml 3 | local_enviroment/values.yaml 4 | dify-cdk/lib/dify-stack copy.ts 5 | dify-cdk/lib/dify-helm-stack_us-east-1.ts 6 | values-us-east-1.yaml 7 | dify-cdk/lib/asset.0afbe25a9ce0197a83dffd77a86c1560704da246373a4ccafde5476e7e3d0811.zip 8 | dify-cdk/lib/asset.93d96d34e0d3cd20eb082652b91012b131bdc34fcf2bc16eb4170e04772fddb1.zip 9 | dify-cdk/lib/asset.3322b7049fb0ed2b7cbb644a2ada8d1116ff80c32dca89e6ada846b5de26f961.zip 10 | dify-cdk/lib/DifyEKSStack.assets.json 11 | dify-cdk/lib/DifyEKSStack.template.json 12 | dify-cdk/lib/DifyEKSStackALBCDeploymentStack83900EE4.assets.json 13 | dify-cdk/lib/DifyEKSStackALBCDeploymentStack83900EE4.template.json 14 | dify-cdk/lib/DifyEKSStackawscdkawseksClusterResourceProvider9B208D5A.nested.template.json 15 | dify-cdk/lib/DifyEKSStackawscdkawseksKubectlProviderDEB20ACE.nested.template.json 16 | dify-cdk/lib/DifyOpenSearchStack.assets.json 17 | dify-cdk/lib/DifyOpenSearchStack.template.json 18 | dify-cdk/lib/DifyRDSStack.assets.json 19 | dify-cdk/lib/DifyRDSStack.template.json 20 | dify-cdk/lib/DifyRedisStack.assets.json 21 | dify-cdk/lib/DifyRedisStack.template.json 22 | dify-cdk/lib/DifyS3Stack.assets.json 23 | dify-cdk/lib/DifyS3Stack.template.json 24 | dify-cdk/lib/DifyStack.assets.json 25 | dify-cdk/lib/DifyStack.template.json 26 | dify-cdk/lib/DifyVPCStack.assets.json 27 | dify-cdk/lib/DifyVPCStack.template.json 28 | dify-cdk/lib/manifest.json 29 | dify-cdk/lib/read.75233.1.lock 30 | dify-cdk/lib/tree.json 31 | dify-cdk/lib/.cache/23d62c29501e1ed8a4a88fbb3456c016a701a5f4da3572b61f483bfd69c25e8a.zip 32 | dify-cdk/lib/.cache/ce2f3595a340d6c519a65888ef97e3b9b64f053f83608e32cc28162e22d7d99a.zip 33 | dify-cdk/lib/asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098/index.py 34 | dify-cdk/lib/asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098/apply/__init__.py 35 | dify-cdk/lib/asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098/get/__init__.py 36 | dify-cdk/lib/asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098/helm/__init__.py 37 | dify-cdk/lib/asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098/patch/__init__.py 38 | dify-cdk/lib/read.82832.1.lock 39 | dify-cdk/cdk-dify.zhaokm.org.json 40 | dify-cdk/bin/dify-helm-stack-dify.zhaokm.org.ts 41 | dify-cdk/cdk_oregon.json 42 | dify-cdk/bin/dify-helm-stack_oregon.ts 43 | dify-cdk/cdk_singapore.json 44 | dify-cdk/cdk_original.json 45 | dify-cdk/bin/dify-helm-stack_original.ts 46 | 47 | # 添加大尺寸的Helm包,避免推送到GitHub 48 | *.tgz 49 | -------------------------------------------------------------------------------- /.helmignore: -------------------------------------------------------------------------------- 1 | .git/ 2 | .gitignore 3 | temp_extract/ 4 | *.tgz.old 5 | -------------------------------------------------------------------------------- /Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: dify 3 | description: Dify is an LLM application development platform. This Helm chart enables easy deployment of Dify on Kubernetes. The optimized chart size ensures faster deployment. 4 | 5 | home: https://github.com/langgenius/dify 6 | 7 | maintainers: 8 | - name: douban 9 | 10 | keywords: 11 | - dify 12 | - llm 13 | - ai 14 | 15 | annotations: 16 | artifacthub.io/changes: | 17 | - Optimized chart size by removing unnecessary blank lines 18 | - Set Redis and PostgreSQL as external dependencies 19 | - Fixed "Request entity too large" error 20 | - Removed embedded dependencies to reduce chart size 21 | artifacthub.io/containsSecurityUpdates: "false" 22 | artifacthub.io/prerelease: "false" 23 | artifacthub.io/license: Apache-2.0 24 | 25 | # A chart can be either an 'application' or a 'library' chart. 26 | # 27 | # Application charts are a collection of templates that can be packaged into versioned archives 28 | # to be deployed. 29 | # 30 | # Library charts provide useful utilities or functions for the chart developer. They're included as 31 | # a dependency of application charts to inject those utilities and functions into the rendering 32 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 33 | type: application 34 | 35 | # This is the chart version. This version number should be incremented each time you make changes 36 | # to the chart and its templates, including the app version. 37 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 38 | version: 1.0.0 39 | 40 | # This is the version number of the application being deployed. This version number should be 41 | # incremented each time you make changes to the application. Versions are not expected to 42 | # follow Semantic Versioning. They should reflect the version the application is using. 43 | # It is recommended to use it with quotes. 44 | appVersion: "1.0.0" 45 | 46 | # Dependencies definition following the official Helm dependency mechanism 47 | # 由于所有依赖都设置为外部依赖(embedded: false),完全移除依赖声明 48 | # dependencies: 49 | # - name: redis 50 | # version: "~17.11.0" 51 | # repository: "https://charts.bitnami.com/bitnami" 52 | # condition: redis.embedded 53 | # optional: true 54 | # - name: postgresql 55 | # version: "~12.5.0" 56 | # repository: "https://charts.bitnami.com/bitnami" 57 | # condition: postgresql.embedded 58 | # optional: true 59 | # - name: minio 60 | # version: "~12.6.0" 61 | # repository: "https://charts.bitnami.com/bitnami" 62 | # condition: minio.embedded 63 | # optional: true 64 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Dify Helm Chart 2 | 3 | This Helm Chart is designed for deploying [Dify](https://github.com/langgenius/dify), an open-source LLM application development platform, on Kubernetes clusters. 4 | 5 | This Helm Chart was developed based on Dify's official docker-compose configuration and is distributed under the Apache License 2.0. 6 | 7 | ## Table of Contents 8 | 9 | - [Quick Start](#quick-start) 10 | - [Installation](#installation) 11 | - [Upgrading](#upgrading) 12 | - [Configuration](#configuration) 13 | - [Global Configuration](#global-configuration) 14 | - [Component Configuration](#component-configuration) 15 | - [Dependent Services](#dependent-services) 16 | - [Production Deployment Checklist](#production-deployment-checklist) 17 | - [Sensitive Information Protection](#sensitive-information-protection) 18 | - [External PostgreSQL](#external-postgresql) 19 | - [External Redis](#external-redis) 20 | - [External Object Storage](#external-object-storage) 21 | - [Vector Database Configuration](#vector-database-configuration) 22 | - [Resource Optimization](#resource-optimization) 23 | - [High Availability Configuration](#high-availability-configuration) 24 | - [Monitoring and Logging](#monitoring-and-logging) 25 | - [Troubleshooting](#troubleshooting) 26 | 27 | ## Quick Start 28 | 29 | Create a custom values file, save it as `my-values.yaml`: 30 | 31 | ```yaml 32 | global: 33 | host: "mydify.example.com" 34 | enableTLS: false 35 | image: 36 | tag: "1.0.0" # Check latest version: https://github.com/langgenius/dify/releases 37 | extraBackendEnvs: 38 | - name: SECRET_KEY 39 | value: "please-replace-with-your-own-secret" 40 | 41 | ingress: 42 | enabled: true 43 | className: "nginx" 44 | 45 | # Embedded services for development. For production, use external services 46 | redis: 47 | embedded: true 48 | postgresql: 49 | embedded: true 50 | minio: 51 | embedded: true 52 | ``` 53 | 54 | Install the Chart: 55 | 56 | ```bash 57 | # Add repository 58 | helm repo add dify-repo 59 | helm repo update 60 | 61 | # Install 62 | helm upgrade --install dify dify-repo/dify -f my-values.yaml --namespace dify --create-namespace 63 | ``` 64 | 65 | **Important**: After installation, you must run database migrations or the instance will not work properly: 66 | 67 | ```bash 68 | # Get API Pod name 69 | kubectl get pods -n dify -l app.kubernetes.io/component=api 70 | 71 | # Run migration 72 | kubectl exec -it -n dify -- flask db upgrade 73 | ``` 74 | 75 | ## Installation 76 | 77 | ### Prerequisites 78 | 79 | - Kubernetes 1.19+ 80 | - Helm 3.2.0+ 81 | - PV provisioner support (if persistence is enabled) 82 | - Ingress controller (if Ingress is enabled) 83 | 84 | ### Detailed Installation Steps 85 | 86 | 1. Add the Helm repository: 87 | 88 | ```bash 89 | helm repo add dify-repo 90 | helm repo update 91 | ``` 92 | 93 | 2. Create namespace (optional): 94 | 95 | ```bash 96 | kubectl create namespace dify 97 | ``` 98 | 99 | 3. Install the Chart: 100 | 101 | ```bash 102 | helm upgrade --install dify dify-repo/dify -f my-values.yaml --namespace dify 103 | ``` 104 | 105 | 4. Run database migrations: 106 | 107 | ```bash 108 | kubectl exec -it $(kubectl get pods -n dify -l app.kubernetes.io/component=api -o jsonpath='{.items[0].metadata.name}') -n dify -- flask db upgrade 109 | ``` 110 | 111 | 5. Access Dify: 112 | 113 | If Ingress is enabled, access Dify through the configured hostname. 114 | If Ingress is not enabled, use port-forwarding: 115 | 116 | ```bash 117 | kubectl port-forward svc/dify-frontend 3000:80 -n dify 118 | ``` 119 | 120 | Then visit http://localhost:3000 in your browser. 121 | 122 | ## Upgrading 123 | 124 | To upgrade the application, modify `global.image.tag` to the desired version: 125 | 126 | ```yaml 127 | global: 128 | image: 129 | tag: "1.0.0" 130 | ``` 131 | 132 | Then upgrade using the Helm command: 133 | 134 | ```bash 135 | helm upgrade dify dify-repo/dify -f my-values.yaml --namespace dify 136 | ``` 137 | 138 | **Important**: After upgrading, you must run database migrations: 139 | 140 | ```bash 141 | kubectl exec -it $(kubectl get pods -n dify -l app.kubernetes.io/component=api -o jsonpath='{.items[0].metadata.name}') -n dify -- flask db upgrade 142 | ``` 143 | 144 | ## Configuration 145 | 146 | ### Global Configuration 147 | 148 | | Parameter | Description | Default | 149 | |------|------|--------| 150 | | `global.host` | Application hostname | `"chart-example.local"` | 151 | | `global.port` | Set for non-standard ports (not 80/443) | `""` | 152 | | `global.enableTLS` | Enable TLS | `false` | 153 | | `global.image.tag` | Global image tag | Chart's appVersion | 154 | | `global.edition` | Dify version | `"SELF_HOSTED"` | 155 | | `global.storageType` | Storage type | `"s3"` | 156 | | `global.extraEnvs` | Environment variables for all components | `[]` | 157 | | `global.extraBackendEnvs` | Environment variables for backend components | See values.yaml | 158 | | `global.labels` | Labels added to all deployments | `{}` | 159 | 160 | ### Component Configuration 161 | 162 | Dify includes these main components, each configurable individually: 163 | 164 | - `frontend`: Web frontend 165 | - `api`: API service 166 | - `worker`: Background worker process 167 | - `plugin_daemon`: Plugin daemon 168 | - `sandbox`: Code sandbox environment 169 | 170 | Each component supports these common configurations: 171 | 172 | - `replicaCount`: Number of replicas 173 | - `image`: Image configuration 174 | - `resources`: Resource requests and limits 175 | - `nodeSelector`: Node selector 176 | - `tolerations`: Tolerations 177 | - `affinity`: Affinity settings 178 | - `autoscaling`: Autoscaling configuration 179 | 180 | ### Dependent Services 181 | 182 | The chart includes these optional dependent services: 183 | 184 | - `redis`: Cache and message queue 185 | - `postgresql`: Main database 186 | - `minio`: Object storage 187 | 188 | Each dependency can use either embedded or external services. When `embedded` is set to `true`, the chart will use the official Helm dependencies from Bitnami charts: 189 | 190 | ```yaml 191 | dependencies: 192 | - redis: ~17.11.0 (from https://charts.bitnami.com/bitnami) 193 | - postgresql: ~12.5.0 (from https://charts.bitnami.com/bitnami) 194 | - minio: ~12.6.0 (from https://charts.bitnami.com/bitnami) 195 | ``` 196 | 197 | After changing dependency configuration, run `helm dependency update` to fetch the required charts. 198 | 199 | ## Chart Dependencies Management 200 | 201 | This chart uses Helm's dependency management to handle Redis, PostgreSQL, and MinIO services. The Chart.yaml file defines these dependencies with specific version requirements. There are two ways to work with these dependencies: 202 | 203 | ### For Users 204 | 205 | When installing from the repository, dependencies are automatically managed through the CI/CD process. You don't need to take any additional actions. 206 | 207 | ### For Developers 208 | 209 | If you're working with this chart locally: 210 | 211 | ```bash 212 | # Update dependencies (downloads dependency charts to charts/ directory) 213 | helm dependency update 214 | 215 | # List all dependencies and their status 216 | helm dependency list 217 | ``` 218 | 219 | If you modify any dependency version in Chart.yaml, make sure to run `helm dependency update` to refresh the charts. 220 | 221 | Note: The `charts/` directory is not committed to the repository; dependencies are dynamically downloaded during the CI build process. 222 | 223 | ## Production Deployment Checklist 224 | 225 | The minimal configuration above is suitable for experimentation but **has no persistence**. If PostgreSQL or MinIO Pods restart, all data will be lost! 226 | 227 | Before deploying to production, you **must** complete these additional steps: 228 | 229 | ### Sensitive Information Protection 230 | 231 | Several security-sensitive environment variables are required for Dify to function properly. The default values.yaml has these values set to empty - you must provide your own secure values: 232 | 233 | ```yaml 234 | # Required security keys - MUST be configured with secure values: 235 | - name: SECRET_KEY # Main application secret key 236 | - name: PLUGIN_DAEMON_KEY # Plugin daemon authentication key 237 | - name: PLUGIN_DIFY_INNER_API_KEY # Internal API authentication key 238 | ``` 239 | 240 | You can generate secure random strings using commands like: 241 | ```bash 242 | # For SECRET_KEY 243 | openssl rand -base64 42 244 | 245 | # For other authentication keys 246 | openssl rand -base64 32 247 | ``` 248 | 249 | Environment variables like these can be harmful if leaked. For production use, use Secrets or CSI volumes for protection. 250 | 251 | Example using Secrets: 252 | 253 | ```yaml 254 | global: 255 | extraBackendEnvs: 256 | - name: SECRET_KEY 257 | valueFrom: 258 | secretKeyRef: 259 | name: dify 260 | key: SECRET_KEY 261 | ``` 262 | 263 | Create the Secret: 264 | 265 | ```bash 266 | kubectl create secret generic dify \ 267 | --from-literal=SECRET_KEY=your-secret-key \ 268 | --namespace dify 269 | ``` 270 | 271 | For more information: [Kubernetes Secrets Best Practices](https://kubernetes.io/docs/concepts/security/secrets-good-practices/) 272 | 273 | ### External PostgreSQL 274 | 275 | 1. Set `postgresql.embedded` to `false` 276 | 2. Inject connection information via `global.extraBackendEnvs`: 277 | 278 | ```yaml 279 | global: 280 | extraBackendEnvs: 281 | - name: DB_USERNAME 282 | value: "postgres" 283 | # Using Secret for sensitive information is recommended 284 | - name: DB_PASSWORD 285 | valueFrom: 286 | secretKeyRef: 287 | name: dify-db 288 | key: DB_PASSWORD 289 | - name: DB_HOST 290 | value: "postgres.database.svc.cluster.local" 291 | - name: DB_PORT 292 | value: "5432" 293 | - name: DB_DATABASE 294 | value: "dify" 295 | ``` 296 | 297 | ### External Redis 298 | 299 | 1. Set `redis.embedded` to `false` 300 | 2. Inject connection information via `global.extraBackendEnvs`: 301 | 302 | ```yaml 303 | global: 304 | extraBackendEnvs: 305 | - name: REDIS_HOST 306 | value: "redis.cache.svc.cluster.local" 307 | - name: REDIS_PORT 308 | value: "6379" 309 | - name: REDIS_DB 310 | value: "0" 311 | # Using Secret for sensitive information is recommended 312 | - name: REDIS_PASSWORD 313 | valueFrom: 314 | secretKeyRef: 315 | name: dify-redis 316 | key: REDIS_PASSWORD 317 | - name: CELERY_BROKER_URL 318 | valueFrom: 319 | secretKeyRef: 320 | name: dify-redis 321 | key: CELERY_BROKER_URL 322 | ``` 323 | 324 | ### External Object Storage 325 | 326 | #### Amazon S3 327 | 328 | 1. Set `minio.embedded` to `false` 329 | 2. Inject connection information via `global.extraBackendEnvs`: 330 | 331 | ```yaml 332 | global: 333 | storageType: "s3" 334 | extraBackendEnvs: 335 | - name: S3_ENDPOINT 336 | value: "https://s3.amazonaws.com" 337 | - name: S3_BUCKET_NAME 338 | value: "dify-storage" 339 | - name: S3_REGION 340 | value: "us-east-1" 341 | # Using Secret for sensitive information is recommended 342 | - name: S3_ACCESS_KEY 343 | valueFrom: 344 | secretKeyRef: 345 | name: dify-s3 346 | key: S3_ACCESS_KEY 347 | - name: S3_SECRET_KEY 348 | valueFrom: 349 | secretKeyRef: 350 | name: dify-s3 351 | key: S3_SECRET_KEY 352 | ``` 353 | 354 | #### Google Cloud Storage 355 | 356 | 1. Set `minio.embedded` to `false` 357 | 2. Inject connection information via `global.extraBackendEnvs`: 358 | 359 | ```yaml 360 | global: 361 | storageType: "google-storage" 362 | extraBackendEnvs: 363 | - name: GOOGLE_STORAGE_BUCKET_NAME 364 | value: "dify-storage" 365 | - name: GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64 366 | valueFrom: 367 | secretKeyRef: 368 | name: dify-gcs 369 | key: GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64 370 | ``` 371 | 372 | ### Vector Database Configuration 373 | 374 | Due to the complexity of vector databases, this component is not included in the Chart. You need to use an external vector database and inject environment variables: 375 | 376 | ```yaml 377 | global: 378 | extraBackendEnvs: 379 | - name: VECTOR_STORE 380 | value: "milvus" 381 | - name: MILVUS_HOST 382 | value: "milvus.vector.svc.cluster.local" 383 | - name: MILVUS_PORT 384 | value: "19530" 385 | - name: MILVUS_COLLECTION_NAME_PREFIX 386 | value: "dify" 387 | ``` 388 | 389 | This is not a complete vector database configuration. Please refer to [Dify documentation](https://docs.dify.ai/getting-started/install-self-hosted/environments) for more information. 390 | 391 | ## Resource Optimization 392 | 393 | To ensure Dify runs stably in Kubernetes, we recommend configuring appropriate resource requests and limits: 394 | 395 | ### API Service 396 | 397 | ```yaml 398 | api: 399 | resources: 400 | requests: 401 | cpu: 500m 402 | memory: 1Gi 403 | limits: 404 | cpu: 1000m 405 | memory: 2Gi 406 | ``` 407 | 408 | ### Worker 409 | 410 | ```yaml 411 | worker: 412 | resources: 413 | requests: 414 | cpu: 500m 415 | memory: 1Gi 416 | limits: 417 | cpu: 2000m 418 | memory: 4Gi 419 | ``` 420 | 421 | ### Frontend 422 | 423 | ```yaml 424 | frontend: 425 | resources: 426 | requests: 427 | cpu: 100m 428 | memory: 256Mi 429 | limits: 430 | cpu: 500m 431 | memory: 512Mi 432 | ``` 433 | 434 | ### Plugin Daemon 435 | 436 | ```yaml 437 | plugin_daemon: 438 | resources: 439 | requests: 440 | cpu: 200m 441 | memory: 512Mi 442 | limits: 443 | cpu: 500m 444 | memory: 1Gi 445 | persistence: 446 | size: 10Gi # Adjust based on plugin quantity and size 447 | ``` 448 | 449 | ### Sandbox 450 | 451 | ```yaml 452 | sandbox: 453 | resources: 454 | requests: 455 | cpu: 200m 456 | memory: 512Mi 457 | limits: 458 | cpu: 1000m 459 | memory: 1Gi 460 | ``` 461 | 462 | ## High Availability Configuration 463 | 464 | To improve system availability and resilience, we recommend these configurations: 465 | 466 | ### Increase Replicas 467 | 468 | ```yaml 469 | api: 470 | replicaCount: 2 471 | worker: 472 | replicaCount: 2 473 | frontend: 474 | replicaCount: 2 475 | ``` 476 | 477 | ### Enable Autoscaling 478 | 479 | ```yaml 480 | api: 481 | autoscaling: 482 | enabled: true 483 | minReplicas: 2 484 | maxReplicas: 5 485 | targetCPUUtilizationPercentage: 80 486 | targetMemoryUtilizationPercentage: 80 487 | ``` 488 | 489 | ### Configure Pod Anti-Affinity 490 | 491 | ```yaml 492 | api: 493 | affinity: 494 | podAntiAffinity: 495 | preferredDuringSchedulingIgnoredDuringExecution: 496 | - weight: 100 497 | podAffinityTerm: 498 | labelSelector: 499 | matchExpressions: 500 | - key: app.kubernetes.io/component 501 | operator: In 502 | values: 503 | - api 504 | topologyKey: "kubernetes.io/hostname" 505 | ``` 506 | 507 | ## Monitoring and Logging 508 | 509 | ### Prometheus Monitoring 510 | 511 | Add Prometheus annotations to enable monitoring: 512 | 513 | ```yaml 514 | api: 515 | podAnnotations: 516 | prometheus.io/scrape: "true" 517 | prometheus.io/path: "/metrics" 518 | prometheus.io/port: "5001" 519 | ``` 520 | 521 | ### Log Collection 522 | 523 | Configure log collection, for example using Fluentd: 524 | 525 | ```yaml 526 | global: 527 | extraEnvs: 528 | - name: LOG_LEVEL 529 | value: "INFO" 530 | 531 | api: 532 | podAnnotations: 533 | fluentd.io/collect: "true" 534 | ``` 535 | 536 | ## Troubleshooting 537 | 538 | ### Common Issues 539 | 540 | 1. **Database Migration Failure** 541 | - Check PostgreSQL connection configuration 542 | - Ensure database user has sufficient permissions 543 | 544 | 2. **Cannot Connect to Redis** 545 | - Verify Redis connection information 546 | - Check Redis password correctness 547 | 548 | 3. **File Upload Failure** 549 | - Check object storage configuration 550 | - Verify bucket permissions 551 | 552 | 4. **Plugin Loading Failure** 553 | - Check plugin_daemon storage configuration 554 | - Verify plugin permission settings 555 | 556 | ### Getting Help 557 | 558 | If you encounter difficulties during deployment, refer to: 559 | - [Dify Official Documentation](https://docs.dify.ai/) 560 | - [Dify GitHub Repository](https://github.com/langgenius/dify) 561 | - [Submit an Issue](https://github.com/langgenius/dify/issues) 562 | -------------------------------------------------------------------------------- /artifacthub-repo.yml: -------------------------------------------------------------------------------- 1 | # Artifact Hub repository metadata file 2 | owners: 3 | - name: Kevin Zhao 4 | email: kevin8093@126.com -------------------------------------------------------------------------------- /index.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | entries: 3 | dify: 4 | - annotations: 5 | artifacthub.io/changes: | 6 | - 优化chart大小,移除不必要空行 7 | - 设置Redis和PostgreSQL为外部依赖 8 | - 解决"Request entity too large"错误 9 | artifacthub.io/containsSecurityUpdates: "false" 10 | artifacthub.io/license: Apache-2.0 11 | artifacthub.io/prerelease: "false" 12 | apiVersion: v2 13 | appVersion: 0.6.11 14 | created: "2025-03-04T12:37:06.435941+08:00" 15 | dependencies: 16 | - condition: minio.embedded 17 | name: minio 18 | repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami 19 | version: ~14.1.7 20 | description: Dify是一个LLM应用开发平台,通过使用此Helm chart可以在Kubernetes上轻松部署Dify应用。经过优化的chart大小确保了更快的部署速度。 21 | digest: a733f9a2820c54fd8e81724331ceaa6d4cc1bca3113009180f265351926a6b9f 22 | home: https://github.com/langgenius/dify 23 | keywords: 24 | - dify 25 | - llm 26 | - ai 27 | maintainers: 28 | - name: douban 29 | name: dify 30 | type: application 31 | urls: 32 | - https://kevinzhao.github.io/dify_helm/dify-1.0.0.tgz 33 | version: 1.0.0 34 | minio: 35 | - annotations: 36 | category: Infrastructure 37 | images: | 38 | - name: minio 39 | image: docker.io/bitnami/minio:2024.4.18-debian-12-r0 40 | - name: minio-client 41 | image: docker.io/bitnami/minio-client:2024.3.30-debian-12-r2 42 | - name: os-shell 43 | image: docker.io/bitnami/os-shell:12-debian-12-r18 44 | licenses: Apache-2.0 45 | apiVersion: v2 46 | appVersion: 2024.4.18 47 | created: "2025-03-04T12:37:06.437695+08:00" 48 | dependencies: 49 | - name: common 50 | repository: oci://registry-1.docker.io/bitnamicharts 51 | tags: 52 | - bitnami-common 53 | version: 2.x.x 54 | description: MinIO(R) is an object storage server, compatible with Amazon S3 cloud 55 | storage service, mainly used for storing unstructured data (such as photos, 56 | videos, log files, etc.). 57 | digest: 4e2fe0e0e25646f9bde303de7628a5f33b94aadb0246207c91c8c22e38388ffc 58 | home: https://bitnami.com 59 | icon: https://bitnami.com/assets/stacks/minio/img/minio-stack-220x234.png 60 | keywords: 61 | - minio 62 | - storage 63 | - object-storage 64 | - s3 65 | - cluster 66 | maintainers: 67 | - name: VMware, Inc. 68 | url: https://github.com/bitnami/charts 69 | name: minio 70 | sources: 71 | - https://github.com/bitnami/charts/tree/main/bitnami/minio 72 | urls: 73 | - https://kevinzhao.github.io/dify_helm/charts/minio-14.1.8.tgz 74 | version: 14.1.8 75 | generated: "2025-03-04T12:37:06.383977+08:00" 76 | -------------------------------------------------------------------------------- /templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{ include "dify.NOTES" . }} 2 | -------------------------------------------------------------------------------- /templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "dify.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "dify.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Installation Notes 28 | */}} 29 | {{- define "dify.NOTES" -}} 30 | 1. Get the application URL by running these commands: 31 | {{- if .Values.ingress.enabled }} 32 | {{- range $host := .Values.ingress.hosts }} 33 | {{- range .paths }} 34 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} 35 | {{- end }} 36 | {{- end }} 37 | {{- else }} 38 | ingress not enabled, service would be available only inside cluster 39 | {{- end }} 40 | {{- end }} 41 | 42 | {{/* 43 | Create chart name and version as used by the chart label. 44 | */}} 45 | {{- define "dify.chart" -}} 46 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 47 | {{- end }} 48 | 49 | {{/* 50 | Common labels 51 | */}} 52 | {{- define "dify.labels" -}} 53 | helm.sh/chart: {{ include "dify.chart" . }} 54 | {{ include "dify.selectorLabels" . }} 55 | {{- if .Chart.AppVersion }} 56 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 57 | {{- end }} 58 | app.kubernetes.io/managed-by: {{ .Release.Service }} 59 | {{- end }} 60 | 61 | {{/* 62 | Selector labels 63 | */}} 64 | {{- define "dify.selectorLabels" -}} 65 | app.kubernetes.io/name: {{ include "dify.name" . }} 66 | app.kubernetes.io/instance: {{ .Release.Name }} 67 | {{- end }} 68 | 69 | {{/* 70 | Global labels 71 | */}} 72 | {{- define "dify.global.labels" -}} 73 | {{- if .Values.global.labels }} 74 | {{- toYaml .Values.global.labels }} 75 | {{- end -}} 76 | {{- end -}} 77 | 78 | {{/* 79 | Create the name of the service account to use 80 | */}} 81 | {{- define "dify.serviceAccountName" -}} 82 | {{- if .Values.serviceAccount.create }} 83 | {{- default (include "dify.fullname" .) .Values.serviceAccount.name }} 84 | {{- else }} 85 | {{- default "default" .Values.serviceAccount.name }} 86 | {{- end }} 87 | {{- end }} 88 | 89 | {{- define "dify.baseUrl" -}} 90 | {{ if .Values.global.enableTLS }}https://{{ else }}http://{{ end }}{{.Values.global.host}}{{ if .Values.global.port }}:{{.Values.global.port}}{{ end }} 91 | {{- end }} 92 | 93 | {{/* 94 | dify environments 95 | commonEnvs are for all containers 96 | commonBackendEnvs are for api and worker containers 97 | */}} 98 | {{- define "dify.commonEnvs" -}} 99 | - name: EDITION 100 | value: {{ .Values.global.edition }} 101 | {{- range tuple "CONSOLE_API_URL" "CONSOLE_WEB_URL" "SERVICE_API_URL" "APP_API_URL" "APP_WEB_URL" }} 102 | - name: {{ . }} 103 | value: {{ include "dify.baseUrl" $ }} 104 | {{- end }} 105 | {{- end }} 106 | 107 | 108 | {{- define "dify.commonBackendEnvs" -}} 109 | - name: STORAGE_TYPE 110 | value: {{ .Values.global.storageType }} 111 | {{- if .Values.redis.embedded }} 112 | - name: CELERY_BROKER_URL 113 | value: redis://:{{ .Values.redis.auth.password }}@{{ include "dify.fullname" . }}-redis-master:6379/1 114 | - name: REDIS_HOST 115 | value: {{ include "dify.fullname" . }}-redis-master 116 | - name: REDIS_DB 117 | value: "1" 118 | - name: REDIS_PASSWORD 119 | value: {{ .Values.redis.auth.password }} 120 | {{- end }} 121 | {{- if .Values.postgresql.embedded }} 122 | - name: DB_USERNAME 123 | value: postgres 124 | - name: DB_PASSWORD 125 | value: "{{ .Values.postgresql.auth.postgresPassword }}" 126 | - name: DB_HOST 127 | value: {{ include "dify.fullname" . }}-postgresql 128 | - name: DB_PORT 129 | value: "5432" 130 | - name: DB_DATABASE 131 | value: {{ .Values.postgresql.auth.database }} 132 | {{- end }} 133 | 134 | {{- if .Values.minio.embedded }} 135 | - name: S3_ENDPOINT 136 | value: http://{{ include "dify.fullname" . }}-minio:{{ .Values.minio.service.ports.api }} 137 | - name: S3_BUCKET_NAME 138 | value: {{ .Values.minio.defaultBuckets }} 139 | - name: S3_ACCESS_KEY 140 | value: {{ .Values.minio.auth.rootUser }} 141 | - name: S3_SECRET_KEY 142 | value: {{ .Values.minio.auth.rootPassword }} 143 | {{- end }} 144 | {{- end }} 145 | -------------------------------------------------------------------------------- /templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ include "dify.fullname" . }}-sandbox-config 6 | data: 7 | python-requirements.txt: | 8 | {{ .Values.sandbox.config.python_requirements | indent 4 }} -------------------------------------------------------------------------------- /templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | # api 2 | --- 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: {{ include "dify.fullname" . }}-api 7 | labels: 8 | {{- include "dify.labels" . | nindent 4 }} 9 | app.kubernetes.io/component: api 10 | {{- include "dify.global.labels" . | nindent 4 }} 11 | spec: 12 | {{- if not .Values.api.autoscaling.enabled }} 13 | replicas: {{ .Values.api.replicaCount }} 14 | {{- end }} 15 | selector: 16 | matchLabels: 17 | {{- include "dify.selectorLabels" . | nindent 6 }} 18 | app.kubernetes.io/component: api 19 | template: 20 | metadata: 21 | {{- with .Values.api.podAnnotations }} 22 | annotations: 23 | {{- toYaml . | nindent 8 }} 24 | {{- end }} 25 | labels: 26 | {{- include "dify.selectorLabels" . | nindent 8 }} 27 | app.kubernetes.io/component: api 28 | {{- include "dify.global.labels" . | nindent 8 }} 29 | spec: 30 | {{- with .Values.api.imagePullSecrets }} 31 | imagePullSecrets: 32 | {{- toYaml . | nindent 8 }} 33 | {{- end }} 34 | serviceAccountName: {{ include "dify.serviceAccountName" . }} 35 | securityContext: 36 | {{- toYaml .Values.api.podSecurityContext | nindent 8 }} 37 | containers: 38 | - name: {{ .Chart.Name }}-api 39 | securityContext: 40 | {{- toYaml .Values.api.securityContext | nindent 12 }} 41 | image: "{{ .Values.api.image.repository }}:{{ coalesce .Values.api.image.tag .Values.global.image.tag .Chart.AppVersion }}" 42 | imagePullPolicy: {{ .Values.api.image.pullPolicy }} 43 | env: 44 | - name: MODE 45 | value: "api" 46 | {{- include "dify.commonEnvs" . | nindent 12 }} 47 | {{- include "dify.commonBackendEnvs" . | nindent 12 }} 48 | {{- with .Values.global.extraEnvs }} 49 | {{- toYaml . | nindent 12 }} 50 | {{- end }} 51 | {{- with .Values.global.extraBackendEnvs }} 52 | {{- toYaml . | nindent 12 }} 53 | {{- end }} 54 | {{- with .Values.api.envs }} 55 | {{- toYaml . | nindent 12 }} 56 | {{- end }} 57 | - name: CODE_EXECUTION_ENDPOINT 58 | value: "http://{{ include "dify.fullname" . }}-sandbox" 59 | - name: CODE_EXECUTION_API_KEY 60 | {{- if .Values.sandbox.apiKeySecret }} 61 | valueFrom: 62 | secretKeyRef: 63 | name: {{ .Values.sandbox.apiKeySecret }} 64 | key: sandbox-api-key 65 | {{- else if .Values.sandbox.apiKey }} 66 | value: {{ .Values.sandbox.apiKey | quote }} 67 | {{- else }} 68 | {{- end }} 69 | {{- with .Values.volumeMounts }} 70 | volumeMounts: 71 | {{- toYaml . | nindent 12 }} 72 | {{- end }} 73 | ports: 74 | - name: http 75 | containerPort: {{ .Values.api.containerPort }} 76 | protocol: TCP 77 | {{- with .Values.api.livenessProbe }} 78 | livenessProbe: 79 | {{- toYaml . | nindent 12 }} 80 | {{- end }} 81 | {{- with .Values.api.readinessProbe }} 82 | readinessProbe: 83 | {{- toYaml . | nindent 12 }} 84 | {{- end }} 85 | resources: 86 | {{- toYaml .Values.api.resources | nindent 12 }} 87 | {{- with .Values.volumes }} 88 | volumes: 89 | {{- toYaml . | nindent 8 }} 90 | {{- end }} 91 | {{- with .Values.api.nodeSelector }} 92 | nodeSelector: 93 | {{- toYaml . | nindent 8 }} 94 | {{- end }} 95 | {{- with .Values.api.affinity }} 96 | affinity: 97 | {{- toYaml . | nindent 8 }} 98 | {{- end }} 99 | {{- with .Values.api.tolerations }} 100 | tolerations: 101 | {{- toYaml . | nindent 8 }} 102 | {{- end }} 103 | 104 | # worker 105 | --- 106 | apiVersion: apps/v1 107 | kind: Deployment 108 | metadata: 109 | name: {{ include "dify.fullname" . }}-worker 110 | labels: 111 | {{- include "dify.labels" . | nindent 4 }} 112 | app.kubernetes.io/component: worker 113 | {{- include "dify.global.labels" . | nindent 4 }} 114 | spec: 115 | {{- if not .Values.worker.autoscaling.enabled }} 116 | replicas: {{ .Values.worker.replicaCount }} 117 | {{- end }} 118 | selector: 119 | matchLabels: 120 | {{- include "dify.selectorLabels" . | nindent 6 }} 121 | app.kubernetes.io/component: worker 122 | template: 123 | metadata: 124 | {{- with .Values.worker.podAnnotations }} 125 | annotations: 126 | {{- toYaml . | nindent 8 }} 127 | {{- end }} 128 | labels: 129 | {{- include "dify.selectorLabels" . | nindent 8 }} 130 | app.kubernetes.io/component: worker 131 | {{- include "dify.global.labels" . | nindent 8 }} 132 | spec: 133 | {{- with .Values.worker.imagePullSecrets }} 134 | imagePullSecrets: 135 | {{- toYaml . | nindent 8 }} 136 | {{- end }} 137 | serviceAccountName: {{ include "dify.serviceAccountName" . }} 138 | securityContext: 139 | {{- toYaml .Values.worker.podSecurityContext | nindent 8 }} 140 | containers: 141 | - name: {{ .Chart.Name }} 142 | securityContext: 143 | {{- toYaml .Values.worker.securityContext | nindent 12 }} 144 | image: "{{ .Values.worker.image.repository }}:{{ coalesce .Values.worker.image.tag .Values.global.image.tag .Chart.AppVersion }}" 145 | imagePullPolicy: {{ .Values.worker.image.pullPolicy }} 146 | args: 147 | - worker 148 | env: 149 | - name: MODE 150 | value: "worker" 151 | {{- include "dify.commonEnvs" . | nindent 12 }} 152 | {{- include "dify.commonBackendEnvs" . | nindent 12 }} 153 | {{- with .Values.global.extraEnvs }} 154 | {{- toYaml . | nindent 12 }} 155 | {{- end }} 156 | {{- with .Values.global.extraBackendEnvs }} 157 | {{- toYaml . | nindent 12 }} 158 | {{- end }} 159 | {{- with .Values.volumeMounts }} 160 | volumeMounts: 161 | {{- toYaml . | nindent 10 }} 162 | {{- end }} 163 | {{- with .Values.worker.livenessProbe }} 164 | livenessProbe: 165 | {{- toYaml . | nindent 12 }} 166 | {{- end }} 167 | {{- with .Values.worker.readinessProbe }} 168 | readinessProbe: 169 | {{- toYaml . | nindent 12 }} 170 | {{- end }} 171 | resources: 172 | {{- toYaml .Values.worker.resources | nindent 12 }} 173 | {{- with .Values.volumes }} 174 | volumes: 175 | {{- toYaml . | nindent 8 }} 176 | {{- end }} 177 | {{- with .Values.worker.nodeSelector }} 178 | nodeSelector: 179 | {{- toYaml . | nindent 8 }} 180 | {{- end }} 181 | {{- with .Values.worker.affinity }} 182 | affinity: 183 | {{- toYaml . | nindent 8 }} 184 | {{- end }} 185 | {{- with .Values.worker.tolerations }} 186 | tolerations: 187 | {{- toYaml . | nindent 8 }} 188 | {{- end }} 189 | 190 | # frontend 191 | --- 192 | apiVersion: apps/v1 193 | kind: Deployment 194 | metadata: 195 | name: {{ include "dify.fullname" . }}-frontend 196 | labels: 197 | {{- include "dify.labels" . | nindent 4 }} 198 | app.kubernetes.io/component: frontend 199 | {{- include "dify.global.labels" . | nindent 4 }} 200 | spec: 201 | {{- if not .Values.frontend.autoscaling.enabled }} 202 | replicas: {{ .Values.frontend.replicaCount }} 203 | {{- end }} 204 | selector: 205 | matchLabels: 206 | {{- include "dify.selectorLabels" . | nindent 6 }} 207 | app.kubernetes.io/component: frontend 208 | template: 209 | metadata: 210 | {{- with .Values.frontend.podAnnotations }} 211 | annotations: 212 | {{- toYaml . | nindent 8 }} 213 | {{- end }} 214 | labels: 215 | {{- include "dify.selectorLabels" . | nindent 8 }} 216 | app.kubernetes.io/component: frontend 217 | {{- include "dify.global.labels" . | nindent 8 }} 218 | spec: 219 | {{- with .Values.frontend.imagePullSecrets }} 220 | imagePullSecrets: 221 | {{- toYaml . | nindent 8 }} 222 | {{- end }} 223 | serviceAccountName: {{ include "dify.serviceAccountName" . }} 224 | securityContext: 225 | {{- toYaml .Values.frontend.podSecurityContext | nindent 8 }} 226 | containers: 227 | - name: {{ .Chart.Name }} 228 | securityContext: 229 | {{- toYaml .Values.frontend.securityContext | nindent 12 }} 230 | image: "{{ .Values.frontend.image.repository }}:{{ coalesce .Values.frontend.image.tag .Values.global.image.tag .Chart.AppVersion }}" 231 | imagePullPolicy: {{ .Values.frontend.image.pullPolicy }} 232 | env: 233 | {{- include "dify.commonEnvs" . | nindent 12 }} 234 | {{- with .Values.global.extraEnvs }} 235 | {{- toYaml . | nindent 12 }} 236 | {{- end }} 237 | {{- with .Values.frontend.envs }} 238 | {{- toYaml . | nindent 12 }} 239 | {{- end }} 240 | ports: 241 | - name: http 242 | containerPort: {{ .Values.frontend.containerPort }} 243 | protocol: TCP 244 | {{- with .Values.frontend.livenessProbe }} 245 | livenessProbe: 246 | {{- toYaml . | nindent 12 }} 247 | {{- end }} 248 | {{- with .Values.frontend.readinessProbe}} 249 | readinessProbe: 250 | {{- toYaml . | nindent 12 }} 251 | {{- end }} 252 | resources: 253 | {{- toYaml .Values.frontend.resources | nindent 12 }} 254 | {{- with .Values.frontend.nodeSelector }} 255 | nodeSelector: 256 | {{- toYaml . | nindent 8 }} 257 | {{- end }} 258 | {{- with .Values.frontend.affinity }} 259 | affinity: 260 | {{- toYaml . | nindent 8 }} 261 | {{- end }} 262 | {{- with .Values.frontend.tolerations }} 263 | tolerations: 264 | {{- toYaml . | nindent 8 }} 265 | {{- end }} 266 | 267 | 268 | # plugin_daemon 269 | --- 270 | apiVersion: apps/v1 271 | kind: Deployment 272 | metadata: 273 | name: {{ include "dify.fullname" . }}-plugin-daemon 274 | labels: 275 | {{- include "dify.labels" . | nindent 4 }} 276 | app.kubernetes.io/component: plugin_daemon 277 | {{- include "dify.global.labels" . | nindent 4 }} 278 | spec: 279 | {{- if not .Values.plugin_daemon.autoscaling.enabled }} 280 | replicas: {{ .Values.plugin_daemon.replicaCount }} 281 | {{- end }} 282 | selector: 283 | matchLabels: 284 | {{- include "dify.selectorLabels" . | nindent 6 }} 285 | app.kubernetes.io/component: plugin_daemon 286 | template: 287 | metadata: 288 | {{- with .Values.plugin_daemon.podAnnotations }} 289 | annotations: 290 | {{- toYaml . | nindent 8 }} 291 | {{- end }} 292 | labels: 293 | {{- include "dify.selectorLabels" . | nindent 8 }} 294 | app.kubernetes.io/component: plugin_daemon 295 | {{- include "dify.global.labels" . | nindent 8 }} 296 | spec: 297 | {{- with .Values.plugin_daemon.imagePullSecrets }} 298 | imagePullSecrets: 299 | {{- toYaml . | nindent 8 }} 300 | {{- end }} 301 | serviceAccountName: {{ include "dify.serviceAccountName" . }} 302 | securityContext: 303 | {{- toYaml .Values.plugin_daemon.podSecurityContext | nindent 8 }} 304 | containers: 305 | - name: {{ .Chart.Name }}-plugin-daemon 306 | securityContext: 307 | {{- toYaml .Values.plugin_daemon.securityContext | nindent 12 }} 308 | image: "{{ .Values.plugin_daemon.image.repository }}:{{ .Values.plugin_daemon.image.tag | default .Chart.AppVersion }}" 309 | imagePullPolicy: {{ .Values.plugin_daemon.image.pullPolicy }} 310 | env: 311 | {{- include "dify.commonEnvs" . | nindent 12 }} 312 | {{- include "dify.commonBackendEnvs" . | nindent 12 }} 313 | {{- with .Values.global.extraEnvs }} 314 | {{- toYaml . | nindent 12 }} 315 | {{- end }} 316 | {{- with .Values.global.extraBackendEnvs }} 317 | {{- toYaml . | nindent 12 }} 318 | {{- end }} 319 | {{- with .Values.plugin_daemon.envs }} 320 | {{- toYaml . | nindent 12 }} 321 | {{- end }} 322 | ports: 323 | - name: http 324 | containerPort: {{ .Values.plugin_daemon.containerPort }} 325 | protocol: TCP 326 | - name: debug 327 | containerPort: {{ .Values.plugin_daemon.debugPort }} 328 | protocol: TCP 329 | {{- with .Values.plugin_daemon.livenessProbe }} 330 | livenessProbe: 331 | {{- toYaml . | nindent 12 }} 332 | {{- end }} 333 | {{- with .Values.plugin_daemon.readinessProbe }} 334 | readinessProbe: 335 | {{- toYaml . | nindent 12 }} 336 | {{- end }} 337 | resources: 338 | {{- toYaml .Values.plugin_daemon.resources | nindent 12 }} 339 | volumeMounts: 340 | - name: plugin-daemon-storage 341 | mountPath: /app/storage 342 | volumes: 343 | - name: plugin-daemon-storage 344 | {{- if .Values.plugin_daemon.persistence.enabled }} 345 | persistentVolumeClaim: 346 | claimName: {{ include "dify.fullname" . }}-plugin-daemon-pvc 347 | {{- else }} 348 | emptyDir: {} 349 | {{- end }} 350 | {{- with .Values.plugin_daemon.nodeSelector }} 351 | nodeSelector: 352 | {{- toYaml . | nindent 8 }} 353 | {{- end }} 354 | {{- with .Values.plugin_daemon.affinity }} 355 | affinity: 356 | {{- toYaml . | nindent 8 }} 357 | {{- end }} 358 | {{- with .Values.plugin_daemon.tolerations }} 359 | tolerations: 360 | {{- toYaml . | nindent 8 }} 361 | {{- end }} 362 | 363 | # sandbox 364 | --- 365 | apiVersion: apps/v1 366 | kind: Deployment 367 | metadata: 368 | name: {{ include "dify.fullname" . }}-sandbox 369 | labels: 370 | {{- include "dify.labels" . | nindent 4 }} 371 | app.kubernetes.io/component: sandbox 372 | {{- include "dify.global.labels" . | nindent 4 }} 373 | spec: 374 | {{- if not .Values.sandbox.autoscaling.enabled }} 375 | replicas: {{ .Values.sandbox.replicaCount }} 376 | {{- end }} 377 | selector: 378 | matchLabels: 379 | {{- include "dify.selectorLabels" . | nindent 6 }} 380 | app.kubernetes.io/component: sandbox 381 | template: 382 | metadata: 383 | {{- with .Values.sandbox.podAnnotations }} 384 | annotations: 385 | {{- toYaml . | nindent 8 }} 386 | {{- end }} 387 | labels: 388 | {{- include "dify.selectorLabels" . | nindent 8 }} 389 | app.kubernetes.io/component: sandbox 390 | {{- include "dify.global.labels" . | nindent 8 }} 391 | spec: 392 | {{- with .Values.sandbox.imagePullSecrets }} 393 | imagePullSecrets: 394 | {{- toYaml . | nindent 8 }} 395 | {{- end }} 396 | serviceAccountName: {{ include "dify.serviceAccountName" . }} 397 | securityContext: 398 | {{- toYaml .Values.sandbox.podSecurityContext | nindent 8 }} 399 | containers: 400 | - name: {{ .Chart.Name }} 401 | securityContext: 402 | {{- toYaml .Values.sandbox.securityContext | nindent 12 }} 403 | image: "{{ .Values.sandbox.image.repository }}:{{ .Values.sandbox.image.tag | default "latest" }}" 404 | imagePullPolicy: {{ .Values.sandbox.image.pullPolicy }} 405 | env: 406 | - name: PLACEHOLDER 407 | value: "PLACEHOLDER" 408 | {{- with .Values.sandbox.envs }} 409 | {{- toYaml . | nindent 10 }} 410 | {{- end }} 411 | - name: API_KEY 412 | {{- if .Values.sandbox.apiKeySecret }} 413 | valueFrom: 414 | secretKeyRef: 415 | name: {{ .Values.sandbox.apiKeySecret }} 416 | key: sandbox-api-key 417 | {{- else if .Values.sandbox.apiKey }} 418 | value: {{ .Values.sandbox.apiKey | quote }} 419 | {{- else }} 420 | {{- end }} 421 | volumeMounts: 422 | - name: config-volume 423 | mountPath: /dependencies 424 | ports: 425 | - name: http 426 | containerPort: {{ .Values.sandbox.containerPort }} 427 | protocol: TCP 428 | {{- with .Values.sandbox.livenessProbe }} 429 | livenessProbe: 430 | {{- toYaml . | nindent 12 }} 431 | {{- end }} 432 | {{- with .Values.sandbox.readinessProbe}} 433 | readinessProbe: 434 | {{- toYaml . | nindent 12 }} 435 | {{- end }} 436 | resources: 437 | {{- toYaml .Values.sandbox.resources | nindent 12 }} 438 | {{- with .Values.sandbox.nodeSelector }} 439 | nodeSelector: 440 | {{- toYaml . | nindent 8 }} 441 | {{- end }} 442 | {{- with .Values.sandbox.affinity }} 443 | affinity: 444 | {{- toYaml . | nindent 8 }} 445 | {{- end }} 446 | {{- with .Values.sandbox.tolerations }} 447 | tolerations: 448 | {{- toYaml . | nindent 8 }} 449 | {{- end }} 450 | volumes: 451 | - name: config-volume 452 | configMap: 453 | name: {{ include "dify.fullname" . }}-sandbox-config 454 | -------------------------------------------------------------------------------- /templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.api.autoscaling.enabled }} 2 | --- 3 | apiVersion: autoscaling/v2 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | name: {{ include "dify.fullname" . }}-api 7 | labels: 8 | {{- include "dify.labels" . | nindent 4 }} 9 | spec: 10 | scaleTargetRef: 11 | apiVersion: apps/v1 12 | kind: Deployment 13 | name: {{ include "dify.fullname" . }}-api 14 | minReplicas: {{ .Values.api.autoscaling.minReplicas }} 15 | maxReplicas: {{ .Values.api.autoscaling.maxReplicas }} 16 | metrics: 17 | {{- if .Values.api.autoscaling.targetCPUUtilizationPercentage }} 18 | - type: Resource 19 | resource: 20 | name: cpu 21 | target: 22 | type: Utilization 23 | averageUtilization: {{ .Values.api.autoscaling.targetCPUUtilizationPercentage }} 24 | {{- end }} 25 | {{- if .Values.api.autoscaling.targetMemoryUtilizationPercentage }} 26 | - type: Resource 27 | resource: 28 | name: memory 29 | target: 30 | type: Utilization 31 | averageUtilization: {{ .Values.api.autoscaling.targetMemoryUtilizationPercentage }} 32 | {{- end }} 33 | {{- end }} 34 | 35 | 36 | {{- if .Values.frontend.autoscaling.enabled }} 37 | --- 38 | apiVersion: autoscaling/v2 39 | kind: HorizontalPodAutoscaler 40 | metadata: 41 | name: {{ include "dify.fullname" . }}-frontend 42 | labels: 43 | {{- include "dify.labels" . | nindent 4 }} 44 | spec: 45 | scaleTargetRef: 46 | apiVersion: apps/v1 47 | kind: Deployment 48 | name: {{ include "dify.fullname" . }}-frontend 49 | minReplicas: {{ .Values.frontend.autoscaling.minReplicas }} 50 | maxReplicas: {{ .Values.frontend.autoscaling.maxReplicas }} 51 | metrics: 52 | {{- if .Values.frontend.autoscaling.targetCPUUtilizationPercentage }} 53 | - type: Resource 54 | resource: 55 | name: cpu 56 | target: 57 | type: Utilization 58 | averageUtilization: {{ .Values.frontend.autoscaling.targetCPUUtilizationPercentage }} 59 | {{- end }} 60 | {{- if .Values.frontend.autoscaling.targetMemoryUtilizationPercentage }} 61 | - type: Resource 62 | resource: 63 | name: memory 64 | target: 65 | type: Utilization 66 | averageUtilization: {{ .Values.frontend.autoscaling.targetMemoryUtilizationPercentage }} 67 | {{- end }} 68 | {{- end }} 69 | 70 | {{- if .Values.worker.autoscaling.enabled }} 71 | --- 72 | apiVersion: autoscaling/v2 73 | kind: HorizontalPodAutoscaler 74 | metadata: 75 | name: {{ include "dify.fullname" . }}-worker 76 | labels: 77 | {{- include "dify.labels" . | nindent 4 }} 78 | spec: 79 | scaleTargetRef: 80 | apiVersion: apps/v1 81 | kind: Deployment 82 | name: {{ include "dify.fullname" . }}-worker 83 | minReplicas: {{ .Values.worker.autoscaling.minReplicas }} 84 | maxReplicas: {{ .Values.worker.autoscaling.maxReplicas }} 85 | metrics: 86 | {{- if .Values.worker.autoscaling.targetCPUUtilizationPercentage }} 87 | - type: Resource 88 | resource: 89 | name: cpu 90 | target: 91 | type: Utilization 92 | averageUtilization: {{ .Values.worker.autoscaling.targetCPUUtilizationPercentage }} 93 | {{- end }} 94 | {{- if .Values.worker.autoscaling.targetMemoryUtilizationPercentage }} 95 | - type: Resource 96 | resource: 97 | name: memory 98 | target: 99 | type: Utilization 100 | averageUtilization: {{ .Values.worker.autoscaling.targetMemoryUtilizationPercentage }} 101 | {{- end }} 102 | {{- end }} 103 | {{- if .Values.sandbox.autoscaling.enabled }} 104 | --- 105 | apiVersion: autoscaling/v2 106 | kind: HorizontalPodAutoscaler 107 | metadata: 108 | name: {{ include "dify.fullname" . }}-sandbox 109 | labels: 110 | {{- include "dify.labels" . | nindent 4 }} 111 | spec: 112 | scaleTargetRef: 113 | apiVersion: apps/v1 114 | kind: Deployment 115 | name: {{ include "dify.fullname" . }}-sandbox 116 | minReplicas: {{ .Values.sandbox.autoscaling.minReplicas }} 117 | maxReplicas: {{ .Values.sandbox.autoscaling.maxReplicas }} 118 | metrics: 119 | {{- if .Values.sandbox.autoscaling.targetCPUUtilizationPercentage }} 120 | - type: Resource 121 | resource: 122 | name: cpu 123 | target: 124 | type: Utilization 125 | averageUtilization: {{ .Values.sandbox.autoscaling.targetCPUUtilizationPercentage }} 126 | {{- end }} 127 | {{- if .Values.sandbox.autoscaling.targetMemoryUtilizationPercentage }} 128 | - type: Resource 129 | resource: 130 | name: memory 131 | target: 132 | type: Utilization 133 | averageUtilization: {{ .Values.sandbox.autoscaling.targetMemoryUtilizationPercentage }} 134 | {{- end }} 135 | {{- end }} 136 | -------------------------------------------------------------------------------- /templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "dify.fullname" . -}} 3 | {{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} 4 | {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} 5 | {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} 6 | {{- end }} 7 | {{- end }} 8 | {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} 9 | apiVersion: networking.k8s.io/v1 10 | {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} 11 | apiVersion: networking.k8s.io/v1beta1 12 | {{- else -}} 13 | apiVersion: extensions/v1beta1 14 | {{- end }} 15 | kind: Ingress 16 | metadata: 17 | name: {{ $fullName }} 18 | labels: 19 | {{- include "dify.labels" . | nindent 4 }} 20 | {{- with .Values.ingress.annotations }} 21 | annotations: 22 | {{- toYaml . | nindent 4 }} 23 | {{- end }} 24 | spec: 25 | {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} 26 | ingressClassName: {{ .Values.ingress.className }} 27 | {{- end }} 28 | {{- if .Values.global.enableTLS }} 29 | tls: 30 | - hosts: 31 | - {{ .Values.global.host }} 32 | secretName: {{ .Values.ingress.tlsSecretName }} 33 | {{- end }} 34 | rules: 35 | - host: {{ .Values.global.host | quote }} 36 | http: 37 | paths: 38 | - path: /console/api 39 | {{- if semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion }} 40 | pathType: Prefix 41 | {{- end }} 42 | backend: 43 | {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} 44 | service: 45 | name: {{ $fullName }}-api-svc 46 | port: 47 | number: {{ .Values.api.service.port }} 48 | {{- else }} 49 | serviceName: {{ $fullName }}-api-svc 50 | servicePort: {{ .Values.api.service.port }} 51 | {{- end }} 52 | - path: /api 53 | {{- if semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion }} 54 | pathType: Prefix 55 | {{- end }} 56 | backend: 57 | {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} 58 | service: 59 | name: {{ $fullName }}-api-svc 60 | port: 61 | number: {{ .Values.api.service.port }} 62 | {{- else }} 63 | serviceName: {{ $fullName }}-api-svc 64 | servicePort: {{ .Values.api.service.port }} 65 | {{- end }} 66 | - path: /v1 67 | {{- if semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion }} 68 | pathType: Prefix 69 | {{- end }} 70 | backend: 71 | {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} 72 | service: 73 | name: {{ $fullName }}-api-svc 74 | port: 75 | number: {{ .Values.api.service.port }} 76 | {{- else }} 77 | serviceName: {{ $fullName }}-api-svc 78 | servicePort: {{ .Values.api.service.port }} 79 | {{- end }} 80 | - path: /files 81 | {{- if semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion }} 82 | pathType: Prefix 83 | {{- end }} 84 | backend: 85 | {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} 86 | service: 87 | name: {{ $fullName }}-api-svc 88 | port: 89 | number: {{ .Values.api.service.port }} 90 | {{- else }} 91 | serviceName: {{ $fullName }}-api-svc 92 | servicePort: {{ .Values.api.service.port }} 93 | {{- end }} 94 | - path: / 95 | {{- if semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion }} 96 | pathType: Prefix 97 | {{- end }} 98 | backend: 99 | {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} 100 | service: 101 | name: {{ $fullName }}-frontend 102 | port: 103 | number: {{ .Values.frontend.service.port }} 104 | {{- else }} 105 | serviceName: {{ $fullName }}-frontend 106 | servicePort: {{ .Values.frontend.service.port }} 107 | {{- end }} 108 | {{- end }} 109 | -------------------------------------------------------------------------------- /templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.plugin_daemon.persistence.enabled }} 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: {{ include "dify.fullname" . }}-plugin-daemon-pvc 6 | labels: 7 | {{- include "dify.labels" . | nindent 4 }} 8 | app.kubernetes.io/component: plugin_daemon 9 | spec: 10 | accessModes: 11 | - {{ .Values.plugin_daemon.persistence.accessMode }} 12 | {{- if .Values.plugin_daemon.persistence.storageClass }} 13 | storageClassName: {{ .Values.plugin_daemon.persistence.storageClass }} 14 | {{- end }} 15 | resources: 16 | requests: 17 | storage: {{ .Values.plugin_daemon.persistence.size }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /templates/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | # dify-api would conflict with dify-api program 6 | # using alternative name for the service 7 | name: {{ include "dify.fullname" . }}-api-svc 8 | labels: 9 | {{- include "dify.labels" . | nindent 4 }} 10 | app.kubernetes.io/component: api 11 | spec: 12 | type: {{ .Values.api.service.type }} 13 | ports: 14 | - port: {{ .Values.api.service.port }} 15 | targetPort: http 16 | protocol: TCP 17 | name: http 18 | selector: 19 | {{- include "dify.selectorLabels" . | nindent 4 }} 20 | app.kubernetes.io/component: api 21 | 22 | --- 23 | apiVersion: v1 24 | kind: Service 25 | metadata: 26 | name: {{ include "dify.fullname" . }}-frontend 27 | labels: 28 | {{- include "dify.labels" . | nindent 4 }} 29 | app.kubernetes.io/component: frontend 30 | spec: 31 | type: {{ .Values.frontend.service.type }} 32 | ports: 33 | - port: {{ .Values.frontend.service.port }} 34 | targetPort: http 35 | protocol: TCP 36 | name: http 37 | selector: 38 | {{- include "dify.selectorLabels" . | nindent 4 }} 39 | app.kubernetes.io/component: frontend 40 | --- 41 | apiVersion: v1 42 | kind: Service 43 | metadata: 44 | name: {{ include "dify.fullname" . }}-plugin-daemon 45 | labels: 46 | {{- include "dify.labels" . | nindent 4 }} 47 | app.kubernetes.io/component: plugin_daemon 48 | spec: 49 | type: {{ .Values.plugin_daemon.service.type }} 50 | ports: 51 | - port: {{ .Values.plugin_daemon.service.port }} 52 | targetPort: http 53 | protocol: TCP 54 | name: http 55 | - port: {{ .Values.plugin_daemon.debugPort }} 56 | targetPort: debug 57 | protocol: TCP 58 | name: debug 59 | selector: 60 | {{- include "dify.selectorLabels" . | nindent 4 }} 61 | app.kubernetes.io/component: plugin_daemon 62 | --- 63 | apiVersion: v1 64 | kind: Service 65 | metadata: 66 | name: {{ include "dify.fullname" . }}-sandbox 67 | labels: 68 | {{- include "dify.labels" . | nindent 4 }} 69 | app.kubernetes.io/component: sandbox 70 | spec: 71 | type: {{ .Values.sandbox.service.type }} 72 | ports: 73 | - port: {{ .Values.sandbox.service.port }} 74 | targetPort: http 75 | protocol: TCP 76 | name: http 77 | selector: 78 | {{- include "dify.selectorLabels" . | nindent 4 }} 79 | app.kubernetes.io/component: sandbox 80 | -------------------------------------------------------------------------------- /templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "dify.serviceAccountName" . }} 6 | labels: 7 | {{- include "dify.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for dify. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | # volume and volumeMounts would be injected to api and worker 6 | volumes: [] 7 | volumeMounts: [] 8 | nameOverride: "" 9 | fullnameOverride: "" 10 | 11 | global: 12 | host: "chart-example.local" 13 | # Change this is your ingress is exposed with port other than 443, 80, like 8080 for instance 14 | port: "" 15 | enableTLS: false 16 | image: 17 | tag: "" 18 | edition: "SELF_HOSTED" 19 | storageType: "s3" 20 | # the following extra configs would be injected into: 21 | # * frontend 22 | # * api 23 | # * worker 24 | extraEnvs: [] 25 | 26 | # the following extra configs would be injected into: 27 | # * api 28 | # * worker 29 | extraBackendEnvs: 30 | # SECRET_KEY is a must, check https://docs.dify.ai/getting-started/install-self-hosted/environments#secret_key for detail 31 | # Generate your own secure secret key, e.g. with: openssl rand -base64 42 32 | - name: SECRET_KEY 33 | value: "" # IMPORTANT: You must set your own secure value here 34 | # use secretRef to protect your secret (recommended for production) 35 | # - name: SECRET_KEY 36 | # valueFrom: 37 | # secretKeyRef: 38 | # name: dify 39 | # key: SECRET_KEY 40 | # Plugin daemon related environment variables 41 | - name: PLUGIN_DAEMON_URL 42 | value: "http://{{ include \"dify.fullname\" . }}-plugin-daemon:5002" 43 | - name: PLUGIN_DAEMON_KEY 44 | value: "" # IMPORTANT: Generate a secure random string for production use 45 | - name: PLUGIN_MAX_PACKAGE_SIZE 46 | value: "52428800" 47 | - name: PLUGIN_DIFY_INNER_API_KEY 48 | value: "" # IMPORTANT: Generate a secure random string for production use 49 | 50 | # Provide extra labels for all deployments and related pods of this chart 51 | labels: {} 52 | 53 | ingress: 54 | enabled: false 55 | className: "" 56 | annotations: 57 | # kubernetes.io/ingress.class: nginx 58 | # kubernetes.io/tls-acme: "true" 59 | tlsSecretName: "dify-tls" 60 | 61 | serviceAccount: 62 | # Specifies whether a service account should be created 63 | create: true 64 | # Annotations to add to the service account 65 | annotations: {} 66 | # The name of the service account to use. 67 | # If not set and create is true, a name is generated using the fullname template 68 | name: "" 69 | 70 | frontend: 71 | replicaCount: 1 72 | image: 73 | repository: langgenius/dify-web 74 | pullPolicy: IfNotPresent 75 | # Overrides the image tag whose default is the chart appVersion. 76 | tag: "" 77 | envs: [] 78 | imagePullSecrets: [] 79 | podAnnotations: {} 80 | podSecurityContext: {} 81 | # fsGroup: 2000 82 | securityContext: {} 83 | # capabilities: 84 | # drop: 85 | # - ALL 86 | # readOnlyRootFilesystem: true 87 | # runAsNonRoot: true 88 | # runAsUser: 1000 89 | service: 90 | type: ClusterIP 91 | port: 80 92 | containerPort: 3000 93 | resources: {} 94 | # We usually recommend not to specify default resources and to leave this as a conscious 95 | # choice for the user. This also increases chances charts run on environments with little 96 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 97 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 98 | # limits: 99 | # cpu: 100m 100 | # memory: 128Mi 101 | # requests: 102 | # cpu: 100m 103 | # memory: 128Mi 104 | autoscaling: 105 | enabled: false 106 | minReplicas: 1 107 | maxReplicas: 100 108 | targetCPUUtilizationPercentage: 80 109 | # targetMemoryUtilizationPercentage: 80 110 | nodeSelector: {} 111 | tolerations: [] 112 | affinity: {} 113 | livenessProbe: 114 | httpGet: 115 | path: /apps 116 | port: http 117 | httpHeaders: 118 | - name: accept-language 119 | value: en 120 | initialDelaySeconds: 3 121 | timeoutSeconds: 5 122 | periodSeconds: 30 123 | successThreshold: 1 124 | failureThreshold: 2 125 | readinessProbe: 126 | httpGet: 127 | path: /apps 128 | port: http 129 | httpHeaders: 130 | - name: accept-language 131 | value: en 132 | initialDelaySeconds: 3 133 | timeoutSeconds: 5 134 | periodSeconds: 30 135 | successThreshold: 1 136 | failureThreshold: 2 137 | 138 | api: 139 | replicaCount: 1 140 | image: 141 | repository: langgenius/dify-api 142 | pullPolicy: IfNotPresent 143 | # Overrides the image tag whose default is the chart appVersion. 144 | tag: "" 145 | envs: 146 | # sandbox 147 | - name: CODE_MAX_NUMBER 148 | value: "9223372036854775807" 149 | - name: CODE_MIN_NUMBER 150 | value: "-9223372036854775808" 151 | - name: CODE_MAX_STRING_LENGTH 152 | value: "80000" 153 | - name: TEMPLATE_TRANSFORM_MAX_LENGTH 154 | value: "80000" 155 | - name: CODE_MAX_STRING_ARRAY_LENGTH 156 | value: "30" 157 | - name: CODE_MAX_OBJECT_ARRAY_LENGTH 158 | value: "30" 159 | - name: CODE_MAX_NUMBER_ARRAY_LENGTH 160 | value: "1000" 161 | imagePullSecrets: [] 162 | podAnnotations: {} 163 | podSecurityContext: {} 164 | # fsGroup: 2000 165 | securityContext: {} 166 | # capabilities: 167 | # drop: 168 | # - ALL 169 | # readOnlyRootFilesystem: true 170 | # runAsNonRoot: true 171 | # runAsUser: 1000 172 | service: 173 | type: ClusterIP 174 | port: 80 175 | containerPort: 5001 176 | resources: {} 177 | # We usually recommend not to specify default resources and to leave this as a conscious 178 | # choice for the user. This also increases chances charts run on environments with little 179 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 180 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 181 | # limits: 182 | # cpu: 100m 183 | # memory: 128Mi 184 | # requests: 185 | # cpu: 100m 186 | # memory: 128Mi 187 | autoscaling: 188 | enabled: false 189 | minReplicas: 1 190 | maxReplicas: 100 191 | targetCPUUtilizationPercentage: 80 192 | # targetMemoryUtilizationPercentage: 80 193 | nodeSelector: {} 194 | tolerations: [] 195 | affinity: {} 196 | livenessProbe: 197 | httpGet: 198 | path: /health 199 | port: http 200 | initialDelaySeconds: 30 201 | timeoutSeconds: 5 202 | periodSeconds: 30 203 | successThreshold: 1 204 | failureThreshold: 2 205 | readinessProbe: 206 | httpGet: 207 | path: /health 208 | port: http 209 | initialDelaySeconds: 10 210 | timeoutSeconds: 5 211 | periodSeconds: 5 212 | successThreshold: 1 213 | failureThreshold: 10 214 | 215 | worker: 216 | replicaCount: 1 217 | image: 218 | repository: langgenius/dify-api 219 | pullPolicy: IfNotPresent 220 | # Overrides the image tag whose default is the chart appVersion. 221 | tag: "" 222 | imagePullSecrets: [] 223 | podAnnotations: {} 224 | podSecurityContext: {} 225 | # fsGroup: 2000 226 | securityContext: {} 227 | # capabilities: 228 | # drop: 229 | # - ALL 230 | # readOnlyRootFilesystem: true 231 | # runAsNonRoot: true 232 | # runAsUser: 1000 233 | resources: {} 234 | # We usually recommend not to specify default resources and to leave this as a conscious 235 | # choice for the user. This also increases chances charts run on environments with little 236 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 237 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 238 | # limits: 239 | # cpu: 100m 240 | # memory: 128Mi 241 | # requests: 242 | # cpu: 100m 243 | # memory: 128Mi 244 | autoscaling: 245 | enabled: false 246 | minReplicas: 1 247 | maxReplicas: 100 248 | targetCPUUtilizationPercentage: 80 249 | # targetMemoryUtilizationPercentage: 80 250 | nodeSelector: {} 251 | tolerations: [] 252 | affinity: {} 253 | # livenessprobe for worker, default no probe 254 | livenessProbe: {} 255 | readinessProbe: {} 256 | 257 | # Plugin daemon service configuration 258 | plugin_daemon: 259 | replicaCount: 1 260 | image: 261 | repository: langgenius/dify-plugin-daemon 262 | pullPolicy: IfNotPresent 263 | # Overrides the image tag whose default is the chart appVersion. 264 | tag: "main-local" 265 | envs: 266 | - name: DB_DATABASE 267 | value: "dify_plugin" 268 | - name: SERVER_PORT 269 | value: "5002" 270 | - name: SERVER_KEY 271 | value: "" # IMPORTANT: Use the same value as PLUGIN_DAEMON_KEY above 272 | - name: MAX_PLUGIN_PACKAGE_SIZE 273 | value: "52428800" 274 | - name: PPROF_ENABLED 275 | value: "false" 276 | - name: DIFY_INNER_API_URL 277 | value: "http://{{ include \"dify.fullname\" . }}-api-svc:80" 278 | - name: DIFY_INNER_API_KEY 279 | value: "" # IMPORTANT: Use the same value as PLUGIN_DIFY_INNER_API_KEY above 280 | - name: PLUGIN_REMOTE_INSTALLING_HOST 281 | value: "0.0.0.0" 282 | - name: PLUGIN_REMOTE_INSTALLING_PORT 283 | value: "5003" 284 | - name: PLUGIN_WORKING_PATH 285 | value: "/app/storage/cwd" 286 | - name: FORCE_VERIFYING_SIGNATURE 287 | value: "true" 288 | imagePullSecrets: [] 289 | podAnnotations: {} 290 | podSecurityContext: {} 291 | # fsGroup: 2000 292 | securityContext: {} 293 | # capabilities: 294 | # drop: 295 | # - ALL 296 | # readOnlyRootFilesystem: true 297 | # runAsNonRoot: true 298 | # runAsUser: 1000 299 | service: 300 | type: ClusterIP 301 | port: 80 302 | debugPort: 5003 303 | containerPort: 5002 304 | debugPort: 5003 305 | # Plugin daemon persistence configuration 306 | persistence: 307 | enabled: true 308 | size: 1Gi 309 | storageClass: "" 310 | accessMode: ReadWriteOnce 311 | resources: {} 312 | # We usually recommend not to specify default resources and to leave this as a conscious 313 | # choice for the user. This also increases chances charts run on environments with little 314 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 315 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 316 | # limits: 317 | # cpu: 100m 318 | # memory: 128Mi 319 | # requests: 320 | # cpu: 100m 321 | # memory: 128Mi 322 | autoscaling: 323 | enabled: false 324 | minReplicas: 1 325 | maxReplicas: 100 326 | targetCPUUtilizationPercentage: 80 327 | # targetMemoryUtilizationPercentage: 80 328 | nodeSelector: {} 329 | tolerations: [] 330 | affinity: {} 331 | # Health check probes 332 | livenessProbe: 333 | tcpSocket: 334 | port: http 335 | initialDelaySeconds: 30 336 | timeoutSeconds: 5 337 | periodSeconds: 30 338 | successThreshold: 1 339 | failureThreshold: 2 340 | readinessProbe: 341 | tcpSocket: 342 | port: http 343 | initialDelaySeconds: 10 344 | timeoutSeconds: 5 345 | periodSeconds: 5 346 | successThreshold: 1 347 | failureThreshold: 10 348 | 349 | sandbox: 350 | replicaCount: 1 351 | # IMPORTANT: Change this to a secure value to prevent abuse 352 | apiKey: "" 353 | # prefer to use secret 354 | apiKeySecret: "" 355 | image: 356 | repository: langgenius/dify-sandbox 357 | pullPolicy: IfNotPresent 358 | # Overrides the image tag whose default is the chart appVersion. 359 | tag: "0.2.0" 360 | config: 361 | # python_requirements: | 362 | # numpy==1.20.3 363 | # scipy==1.6.3 364 | python_requirements: "" 365 | envs: 366 | - name: GIN_MODE 367 | value: "release" 368 | - name: WORKER_TIMEOUT 369 | value: "15" 370 | imagePullSecrets: [] 371 | podAnnotations: {} 372 | podSecurityContext: {} 373 | # fsGroup: 2000 374 | securityContext: {} 375 | # capabilities: 376 | # drop: 377 | # - ALL 378 | # readOnlyRootFilesystem: true 379 | # runAsNonRoot: true 380 | # runAsUser: 1000 381 | service: 382 | type: ClusterIP 383 | port: 80 384 | containerPort: 8194 385 | resources: {} 386 | # We usually recommend not to specify default resources and to leave this as a conscious 387 | # choice for the user. This also increases chances charts run on environments with little 388 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 389 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 390 | # limits: 391 | # cpu: 100m 392 | # memory: 128Mi 393 | # requests: 394 | # cpu: 100m 395 | # memory: 128Mi 396 | autoscaling: 397 | enabled: false 398 | minReplicas: 1 399 | maxReplicas: 100 400 | targetCPUUtilizationPercentage: 80 401 | # targetMemoryUtilizationPercentage: 80 402 | nodeSelector: {} 403 | tolerations: [] 404 | affinity: {} 405 | readinessProbe: 406 | tcpSocket: 407 | port: http 408 | initialDelaySeconds: 1 409 | timeoutSeconds: 5 410 | periodSeconds: 5 411 | successThreshold: 1 412 | failureThreshold: 10 413 | livenessProbe: 414 | tcpSocket: 415 | port: http 416 | initialDelaySeconds: 30 417 | timeoutSeconds: 5 418 | periodSeconds: 30 419 | successThreshold: 1 420 | failureThreshold: 2 421 | 422 | ##### dependencies ##### 423 | redis: 424 | # using embedded redis 425 | # connection info would be set automatically 426 | # best to use external redis if you have one 427 | embedded: false 428 | # embedded: false 429 | # url: "redis://127.0.0.1:6379/0" 430 | # urlSecret: "" 431 | # urlSecretKey: "CACHE_URL" 432 | # please consult to chart manual if you want to change it. 433 | # https://artifacthub.io/packages/helm/bitnami/redis 434 | architecture: standalone 435 | auth: 436 | password: "REDIS_PASSWORD" 437 | master: 438 | persistence: 439 | enabled: false 440 | size: 8Gi 441 | 442 | postgresql: 443 | # using embedded postgresql 444 | # connection info would be set automatically 445 | # best to use external pg if you have one 446 | # setting embedded to false and set pg url in envrionment variable 447 | embedded: false 448 | # embedded: false 449 | # goto extraBackendEnvs to set pg url 450 | architecture: standalone 451 | auth: 452 | postgresPassword: "testpassword" 453 | database: "dify" 454 | primary: 455 | persistence: 456 | enabled: false 457 | 458 | minio: 459 | embedded: false 460 | # using embedded minio 461 | # connection info would be set automatically 462 | # best to use external s3/minio if you have one 463 | # setting embedded to false and set minio/s3 url in envrionment variable 464 | auth: 465 | rootUser: minioadmin 466 | rootPassword: minioadmin 467 | defaultBuckets: "dify" 468 | persistence: 469 | enabled: false 470 | --------------------------------------------------------------------------------