mirror of
https://github.com/LibreTranslate/LibreTranslate.git
synced 2025-01-05 10:20:36 +02:00
ae7af14660
Introduce a Helm chart to streamline the deployment and management of LibreTranslate within a Kubernetes cluster. The chart includes configurable parameters, persistent storage support, authentication, scalability features, health checks, and detailed documentation. See the PR for complete details.
165 lines
7.2 KiB
YAML
165 lines
7.2 KiB
YAML
# values.yaml
|
|
|
|
# Number of replicas
|
|
replicaCount: 1
|
|
|
|
# Extra annotations for pods
|
|
podAnnotations: {}
|
|
|
|
# Extra annotations
|
|
annotations: {}
|
|
|
|
# Extra tolerations for pods
|
|
tolerations: []
|
|
|
|
# Chart name override
|
|
nameOverride: ""
|
|
|
|
# Full name of the deployment to override the default one
|
|
fullnameOverride: ""
|
|
|
|
# Image settings
|
|
image:
|
|
repository: libretranslate/libretranslate
|
|
pullPolicy: Always
|
|
tag: "latest"
|
|
# Using a Private Registry
|
|
# If you want to use a custom image from a private registry, you'll need to create an image pull secret with the registry's credentials:
|
|
# kubectl create secret docker-registry my-registry-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
|
|
# imagePullSecrets:
|
|
# - name: my-registry-secret
|
|
imagePullSecrets: []
|
|
|
|
# Service settings
|
|
service:
|
|
type: ClusterIP
|
|
port: 5000
|
|
|
|
# Ingress settings
|
|
ingress:
|
|
enabled: false
|
|
className: "" # set this to the name of the ingress controller class to use like nginx
|
|
annotations:
|
|
# cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
|
nginx.ingress.kubernetes.io/proxy-body-size: 10m
|
|
# Check for the adminUser key below.
|
|
# This will enable basic auth for the whole site.
|
|
# nginx.ingress.kubernetes.io/auth-type: basic
|
|
# nginx.ingress.kubernetes.io/auth-secret: libretranslate-auth
|
|
# nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
|
|
hosts:
|
|
- host: translate.example.com
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
# tls:
|
|
# - secretName: libretranslate-secret-tls
|
|
# hosts:
|
|
# - translate.example.com
|
|
|
|
# Security Context
|
|
securityContext:
|
|
fsGroup: 1032
|
|
|
|
# Security Context for init container
|
|
initContainerSecurityContext:
|
|
runAsUser: 0
|
|
runAsGroup: 0
|
|
|
|
# Pod Security Context
|
|
podSecurityContext:
|
|
runAsUser: 1032
|
|
runAsGroup: 1032
|
|
|
|
# Persistent settings
|
|
# if you don't want to download a copy of the models per pod, you can use a shared storage like an nfs storage class
|
|
# and set it to ReadWriteMany. this way if you scale the pods later on, they will all use the same models and won't
|
|
# duplicate the space and download requests.
|
|
persistence:
|
|
enabled: false
|
|
db:
|
|
storageClass: ""
|
|
accessMode: "ReadWriteOnce"
|
|
size: "1Gi"
|
|
models:
|
|
storageClass: ""
|
|
accessMode: "ReadWriteOnce"
|
|
size: "10Gi" # as of August 2023, the models are about 6.6GB in size for all languages
|
|
|
|
|
|
# Resource limits
|
|
resources:
|
|
limits:
|
|
cpu: 1
|
|
memory: 2Gi
|
|
requests:
|
|
cpu: 500m
|
|
memory: 1Gi
|
|
|
|
# Readiness probe for kubernetes
|
|
readinessProbe:
|
|
exec:
|
|
command:
|
|
- /app/venv/bin/python
|
|
- /app/scripts/healthcheck.py
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 5
|
|
|
|
# Liveness probe for kubernetes
|
|
livenessProbe:
|
|
exec:
|
|
command:
|
|
- /app/venv/bin/python
|
|
- scripts/healthcheck.py
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 5
|
|
|
|
# Auth secret for basic authentication
|
|
# generate base64-user-password-pair with:
|
|
# htpasswd -nb <username> <password> | base64
|
|
#
|
|
# e.g.:
|
|
#
|
|
# htpasswd -nb admin mySecretPassword | base64
|
|
# This is used by the nginx ingress controller to enable basic auth for the whole site.
|
|
# It will create a secret with the name libretranslate-auth.
|
|
adminUser:
|
|
name: "YWRtaW4K" # copy the username in base64 as a reference
|
|
auth: "YWRtaW46JGFwcjEkYlpydmYvUFYkSHBHSlhqZU1EN0ZON2kyYndsMVRNMQoK" # copy the output from the htpasswd command here as a reference
|
|
password: "bXlTZWNyZXRQYXNzd29yZAo=" # copy the password as base64 for the admin user here as a reference
|
|
|
|
# Settings / Flags
|
|
appSettings:
|
|
debug: "false" # Enable debug environment (Default: Disabled)
|
|
ssl: "false" # Enable SSL (Default: Disabled)
|
|
apiKeys: "false" # Enable API keys database for per-client rate limits when --req-limit is reached (Default: Don't use API keys)
|
|
requireApiKeyOrigin: "" # Require use of an API key for programmatic access to the API, unless the request origin matches this domain (Default: No restrictions on domain origin)
|
|
requireApiKeySecret: "" # Require use of an API key for programmatic access to the API, unless the client also sends a secret match (Default: No secrets required)
|
|
suggestions: "false" # Allow user suggestions (Default: Disabled)
|
|
disableFilesTranslation: "false" # Disable files translation (Default: File translation allowed)
|
|
disableWebUi: "false" # Disable web ui (Default: Web Ui enabled)
|
|
updateModels: "false" # Update language models at startup (Default: Only on if no models found)
|
|
metrics: "false" # Enable the /metrics endpoint for exporting Prometheus usage metrics (Default: Disabled)
|
|
|
|
# Configuration Parameters
|
|
appConfig:
|
|
host: "0.0.0.0" # Set host to bind the server to (Default: 127.0.0.1)
|
|
port: "5000" # Set port to bind the server to (Default: 5000)
|
|
charLimit: "null" # Set character limit (Default: No limit)
|
|
reqLimit: "null" # Set maximum number of requests per minute per client (outside of limits set by api keys) (Default: No limit)
|
|
reqLimitStorage: "memory://" # Storage URI to use for request limit data storage. See Flask Limiter (Default: memory://)
|
|
batchLimit: "null" # Set maximum number of texts to translate in a batch request (Default: No limit)
|
|
gaId: "" # Enable Google Analytics on the API client page by providing an ID (Default: Empty (no tracking))
|
|
frontendLanguageSource: "auto" # Set frontend default language - source (Default: auto)
|
|
frontendLanguageTarget: "locale" # Set frontend default language - target (Default: locale (match site's locale))
|
|
frontendTimeout: "500" # Set frontend translation timeout (Default: 500)
|
|
apiKeysDbPath: "/app/db/api_keys.db" # Use a specific path inside the container for the local database. Can be absolute or relative (Default: /app/db/api_keys.db)
|
|
apiKeysDbPathMount: "/app/db" # Use a specific path inside the container for the local database. Must be the same as apiKeysDbPath (Default: /app/db)
|
|
apiKeysRemote: "" # Use this remote endpoint to query for valid API keys instead of using the local database (Default: Empty (use local db instead))
|
|
getApiKeyLink: "" # Show a link in the UI where to direct users to get an API key (Default: Empty (no link shown on web ui))
|
|
sharedStorage: "memory://" # Shared storage URI to use for multi-process data sharing (e.g. when using gunicorn) (Default: memory://)
|
|
loadOnly: "" # Set available languages (Default: Empty (use all from argostranslate))
|
|
threads: "4" # Set number of threads (Default: 4)
|
|
metricsAuthToken: "" # Protect the /metrics endpoint by allowing only clients that have a valid Authorization Bearer token (Default: Empty (no auth required))
|
|
urlPrefix: "" # Add prefix to URL: example.com:5000/url-prefix/ (Default: /)
|