LibreTranslate/chart/values.yaml
Dominick Rivard ae7af14660 Add Helm Chart for LibreTranslate Deployment
Introduce a Helm chart to streamline the deployment and management of LibreTranslate within a Kubernetes cluster. The chart includes configurable parameters, persistent storage support, authentication, scalability features, health checks, and detailed documentation. See the PR for complete details.
2023-08-11 02:38:12 -04:00

164 lines
7.2 KiB
YAML

# values.yaml
# Number of replicas
replicaCount: 1
# Extra annotations for pods
podAnnotations: {}
# Extra annotations
annotations: {}
# Extra tolerations for pods
tolerations: []
# Chart name override
nameOverride: ""
# Full name of the deployment to override the default one
fullnameOverride: ""
# Image settings
image:
repository: libretranslate/libretranslate
pullPolicy: Always
tag: "latest"
# Using a Private Registry
# If you want to use a custom image from a private registry, you'll need to create an image pull secret with the registry's credentials:
# kubectl create secret docker-registry my-registry-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
# imagePullSecrets:
# - name: my-registry-secret
imagePullSecrets: []
# Service settings
service:
type: ClusterIP
port: 5000
# Ingress settings
ingress:
enabled: false
className: "" # set this to the name of the ingress controller class to use like nginx
annotations:
# cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/proxy-body-size: 10m
# Check for the adminUser key below.
# This will enable basic auth for the whole site.
# nginx.ingress.kubernetes.io/auth-type: basic
# nginx.ingress.kubernetes.io/auth-secret: libretranslate-auth
# nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
hosts:
- host: translate.example.com
paths:
- path: /
pathType: Prefix
# tls:
# - secretName: libretranslate-secret-tls
# hosts:
# - translate.example.com
# Security Context
securityContext:
fsGroup: 1032
# Security Context for init container
initContainerSecurityContext:
runAsUser: 0
runAsGroup: 0
# Pod Security Context
podSecurityContext:
runAsUser: 1032
runAsGroup: 1032
# Persistent settings
# if you don't want to download a copy of the models per pod, you can use a shared storage like an nfs storage class
# and set it to ReadWriteMany. this way if you scale the pods later on, they will all use the same models and won't
# duplicate the space and download requests.
persistence:
enabled: false
db:
storageClass: ""
accessMode: "ReadWriteOnce"
size: "1Gi"
models:
storageClass: ""
accessMode: "ReadWriteOnce"
size: "10Gi" # as of August 2023, the models are about 6.6GB in size for all languages
# Resource limits
resources:
limits:
cpu: 1
memory: 2Gi
requests:
cpu: 500m
memory: 1Gi
# Readiness probe for kubernetes
readinessProbe:
exec:
command:
- /app/venv/bin/python
- /app/scripts/healthcheck.py
initialDelaySeconds: 10
periodSeconds: 5
# Liveness probe for kubernetes
livenessProbe:
exec:
command:
- /app/venv/bin/python
- scripts/healthcheck.py
initialDelaySeconds: 10
periodSeconds: 5
# Auth secret for basic authentication
# generate base64-user-password-pair with:
# htpasswd -nb <username> <password> | base64
#
# e.g.:
#
# htpasswd -nb admin mySecretPassword | base64
# This is used by the nginx ingress controller to enable basic auth for the whole site.
# It will create a secret with the name libretranslate-auth.
adminUser:
name: "YWRtaW4K" # copy the username in base64 as a reference
auth: "YWRtaW46JGFwcjEkYlpydmYvUFYkSHBHSlhqZU1EN0ZON2kyYndsMVRNMQoK" # copy the output from the htpasswd command here as a reference
password: "bXlTZWNyZXRQYXNzd29yZAo=" # copy the password as base64 for the admin user here as a reference
# Settings / Flags
appSettings:
debug: "false" # Enable debug environment (Default: Disabled)
ssl: "false" # Enable SSL (Default: Disabled)
apiKeys: "false" # Enable API keys database for per-client rate limits when --req-limit is reached (Default: Don't use API keys)
requireApiKeyOrigin: "" # Require use of an API key for programmatic access to the API, unless the request origin matches this domain (Default: No restrictions on domain origin)
requireApiKeySecret: "" # Require use of an API key for programmatic access to the API, unless the client also sends a secret match (Default: No secrets required)
suggestions: "false" # Allow user suggestions (Default: Disabled)
disableFilesTranslation: "false" # Disable files translation (Default: File translation allowed)
disableWebUi: "false" # Disable web ui (Default: Web Ui enabled)
updateModels: "false" # Update language models at startup (Default: Only on if no models found)
metrics: "false" # Enable the /metrics endpoint for exporting Prometheus usage metrics (Default: Disabled)
# Configuration Parameters
appConfig:
host: "0.0.0.0" # Set host to bind the server to (Default: 127.0.0.1)
port: "5000" # Set port to bind the server to (Default: 5000)
charLimit: "null" # Set character limit (Default: No limit)
reqLimit: "null" # Set maximum number of requests per minute per client (outside of limits set by api keys) (Default: No limit)
reqLimitStorage: "memory://" # Storage URI to use for request limit data storage. See Flask Limiter (Default: memory://)
batchLimit: "null" # Set maximum number of texts to translate in a batch request (Default: No limit)
gaId: "" # Enable Google Analytics on the API client page by providing an ID (Default: Empty (no tracking))
frontendLanguageSource: "auto" # Set frontend default language - source (Default: auto)
frontendLanguageTarget: "locale" # Set frontend default language - target (Default: locale (match site's locale))
frontendTimeout: "500" # Set frontend translation timeout (Default: 500)
apiKeysDbPath: "/app/db/api_keys.db" # Use a specific path inside the container for the local database. Can be absolute or relative (Default: /app/db/api_keys.db)
apiKeysDbPathMount: "/app/db" # Use a specific path inside the container for the local database. Must be the same as apiKeysDbPath (Default: /app/db)
apiKeysRemote: "" # Use this remote endpoint to query for valid API keys instead of using the local database (Default: Empty (use local db instead))
getApiKeyLink: "" # Show a link in the UI where to direct users to get an API key (Default: Empty (no link shown on web ui))
sharedStorage: "memory://" # Shared storage URI to use for multi-process data sharing (e.g. when using gunicorn) (Default: memory://)
loadOnly: "" # Set available languages (Default: Empty (use all from argostranslate))
threads: "4" # Set number of threads (Default: 4)
metricsAuthToken: "" # Protect the /metrics endpoint by allowing only clients that have a valid Authorization Bearer token (Default: Empty (no auth required))
urlPrefix: "" # Add prefix to URL: example.com:5000/url-prefix/ (Default: /)