diff --git a/apps/apps/dify/helmchart.yaml b/apps/apps/dify/helmchart.yaml index 70d401a..2a7b815 100644 --- a/apps/apps/dify/helmchart.yaml +++ b/apps/apps/dify/helmchart.yaml @@ -1,25 +1,57 @@ apiVersion: helm.cattle.io/v1 kind: HelmChart metadata: - name: halo + name: dify namespace: apps spec: repo: https://borispolonsky.github.io/dify-helm chart: dify targetNamespace: apps - version: 0.24.0 + version: 0.25.0 valuesContent: |- nodeSelector: - kubernetes.io/hostname: greenhk + kubernetes.io/hostname: clawhka + image: + api: + tag: "1.4.1" + worker: + tag: "1.4.1" + web: + tag: "1.4.1" + sandbox: + tag: "0.2.12" + pluginDaemon: + tag: "0.1.1-local" + api: persistence: - enabled: true - storageClass: local-path - accessMode: ReadWriteMany - size: 10Gi + persistentVolumeClaim: + storageClass: local-path + accessModes: ReadWriteOnce + size: 5Gi extraEnv: - name: LANG value: "C.UTF-8" + - name: VECTOR_STORE + value: "pgvector" + - name: PGVECTOR_HOST + value: "cnpg17-cluster-hk-rw.infra-data" + - name: PGVECTOR_PORT + value: "5432" + - name: PGVECTOR_DATABASE + value: "dify" + - name: DB_USERNAME + value: "app" + - name: DB_PASSWORD + value: "QrmOnigueiiKWDxS5HqS8h765fUZoV1fj2WFkHpqZOPnKAGcM9paiXC1VzGUA3PD" + pluginDaemon: + persistence: + persistentVolumeClaim: + storageClass: local-path + accessModes: ReadWriteOnce + size: 5Gi + proxy: + enabled: false postgresql: enabled: false redis: @@ -29,35 +61,16 @@ spec: externalPostgres: enabled: true username: app - password: nyrHzh9WWlDZzvVw7bDFo74gKb9zsls0Sy7OwRTDWiRTNPQQQkW85taUFAoX2AIC - address: cnpg-cluster-hk-rw.infra-data + password: QrmOnigueiiKWDxS5HqS8h765fUZoV1fj2WFkHpqZOPnKAGcM9paiXC1VzGUA3PD + address: cnpg17-cluster-hk-rw.infra-data port: 5432 database: api: dify pluginDaemon: dify_plugin - externalPgvector: - enabled: false - username: app - password: nyrHzh9WWlDZzvVw7bDFo74gKb9zsls0Sy7OwRTDWiRTNPQQQkW85taUFAoX2AIC - address: cnpg-cluster-hk-rw.infra-data - port: 5432 - dbName: dify externalRedis: enabled: true - host: redis.example + host: redis-cluster-hk-master.infra-data port: 6379 username: "" password: ribiPwYQNU6GWxCYR0Nj useSSL: false - proxy: - enable: false - ingress: - enabled: true - className: nginx - hosts: - - host: dify.dev.cm - paths: - - path: / - pathType: ImplementationSpecific - - diff --git a/apps/apps/dify/ingress.yaml b/apps/apps/dify/ingress.yaml new file mode 100644 index 0000000..6c3c34c --- /dev/null +++ b/apps/apps/dify/ingress.yaml @@ -0,0 +1,48 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: dify-web + namespace: apps + annotations: +spec: + ingressClassName: nginx + rules: + - host: dify.dev.cm + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: dify-web + port: + number: 3000 + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: dify-api + namespace: apps + annotations: + nginx.ingress.kubernetes.io/use-regex: "true" +spec: + ingressClassName: nginx + rules: + - host: dify.dev.cm + http: + paths: + - path: /(api|console/api|v1|files) + pathType: ImplementationSpecific + backend: + service: + name: dify-api + port: + number: 5001 + - path: /e/ + pathType: ImplementationSpecific + backend: + service: + name: dify-plugin-daemon + port: + number: 5002 diff --git a/apps/infra/data/cloudnative-pg/cnpg17-cluster-hk.yaml b/apps/infra/data/cloudnative-pg/cnpg17-cluster-hk.yaml index e762a43..f3b5cc0 100644 --- a/apps/infra/data/cloudnative-pg/cnpg17-cluster-hk.yaml +++ b/apps/infra/data/cloudnative-pg/cnpg17-cluster-hk.yaml @@ -22,6 +22,9 @@ spec: postgresql: parameters: archive_timeout: 30min + # 启用向量扩展 + shared_preload_libraries: + - "vectors.so" backup: retentionPolicy: "7d" barmanObjectStore: diff --git a/apps/infra/data/postgresql-ha/configmap-pgpool-script.yaml b/apps/infra/data/postgresql-ha/configmap-pgpool-script.yaml deleted file mode 100644 index ee9f08e..0000000 --- a/apps/infra/data/postgresql-ha/configmap-pgpool-script.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: postgresql-ha-pgpool-script - namespace: infra-data -data: - latency_test.sh: |- - #!/bin/bash - - install_packages ping - - # 读取环境变量 - nodes=$PGPOOL_BACKEND_NODES - - echo $nodes \ No newline at end of file diff --git a/apps/infra/data/postgresql-ha/helmchart.yaml b/apps/infra/data/postgresql-ha/helmchart.yaml deleted file mode 100644 index af2824d..0000000 --- a/apps/infra/data/postgresql-ha/helmchart.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiVersion: helm.cattle.io/v1 -kind: HelmChart -metadata: - name: postgresql-ha - namespace: infra-data -spec: - chart: oci://registry-1.docker.io/bitnamicharts/postgresql-ha - targetNamespace: infra-data - version: 14.3.1 - valuesContent: |- - diagnosticMode: - enabled: false - postgresql: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: postgresql-ha - app.kubernetes.io/component: postgresql - topologyKey: kubernetes.io/hostname - weight: 1 - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: postgresql-ha - app.kubernetes.io/component: postgresql - topologyKey: topology.kubernetes.io/region - weight: 1 - tolerations: - - key: "node-role.kubernetes.io/control-plane" - operator: "Exists" - effect: "NoSchedule" - image: - debug: true - username: rohow - password: L#GRtTR2QuL@20pm6+c~ - postgresPassword: L#GRtTR2QuL@20pm6+c~ - repmgrPassword: yAn0l2eiLw - pgpool: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: postgresql-ha - app.kubernetes.io/component: pgpool - topologyKey: kubernetes.io/hostname - weight: 1 - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: postgresql-ha - app.kubernetes.io/component: pgpool - topologyKey: topology.kubernetes.io/region - weight: 1 - podAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: postgresql-ha - app.kubernetes.io/component: pgpool - topologyKey: kubernetes.io/hostname - weight: 1 - tolerations: - - key: "node-role.kubernetes.io/control-plane" - operator: "Exists" - effect: "NoSchedule" - replicaCount: 1 - containerSecurityContext: - runAsUser: 0 - runAsGroup: 0 - runAsNonRoot: false - readOnlyRootFilesystem: false - privileged: true - allowPrivilegeEscalation: true - image: - debug: true - adminPassword: wc8FVC55JX - volumePermissions: - enabled: true - diff --git a/apps/infra/data/postgresql-ha/loadbalancer.yaml b/apps/infra/data/postgresql-ha/loadbalancer.yaml deleted file mode 100644 index d753071..0000000 --- a/apps/infra/data/postgresql-ha/loadbalancer.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: postgresql-ha-lb - namespace: infra-data -spec: - selector: - app.kubernetes.io/instance: postgresql-ha - app.kubernetes.io/name: postgresql-ha - app.kubernetes.io/component: pgpool - ports: - - protocol: TCP - port: 65432 - targetPort: 5432 - type: LoadBalancer \ No newline at end of file diff --git a/apps/infra/devops/gitea/helmchart.yaml b/apps/infra/devops/gitea/helmchart.yaml index 7c3072f..b6a02b8 100644 --- a/apps/infra/devops/gitea/helmchart.yaml +++ b/apps/infra/devops/gitea/helmchart.yaml @@ -36,7 +36,7 @@ spec: postgresql-ha: enabled: false image: - tag: 1.23.7 + tag: 1.23.8 ingress: enabled: true className: nginx diff --git a/apps/infra/monitor/prometheus/helmchart.yaml b/apps/infra/monitor/prometheus/helmchart.yaml index cb01670..81b616d 100644 --- a/apps/infra/monitor/prometheus/helmchart.yaml +++ b/apps/infra/monitor/prometheus/helmchart.yaml @@ -7,7 +7,7 @@ spec: repo: https://prometheus-community.github.io/helm-charts chart: kube-prometheus-stack targetNamespace: infra-monitor - version: 72.0.1 + version: 72.6.3 valuesContent: |- kubeControllerManager: enabled: false diff --git a/apps/infra/net/nginx/helmchart.yaml b/apps/infra/net/nginx/helmchart.yaml index 93e4e1f..fe6581c 100644 --- a/apps/infra/net/nginx/helmchart.yaml +++ b/apps/infra/net/nginx/helmchart.yaml @@ -35,6 +35,9 @@ spec: ssl-redirect: "true" # 自定义错误页面 custom-http-errors: "403,404,502,503" + # 全局限速配置 + limit-req-status-code: "429" + limit-conn-status-code: "429" http-snippet: | # lua插件配置 lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt; @@ -43,15 +46,12 @@ spec: proxy_cache_key $uri$is_args$args; proxy_cache_lock on; proxy_cache_use_stale updating; - # 限速配置 - limit_req_zone $binary_remote_addr zone=global_limit:10m rate=10r/s; + # 全局限速配置 + limit_req_zone $binary_remote_addr zone=global_limit:20m rate=20r/s; + limit_req zone=global_limit burst=50 nodelay; server-snippet: | # dns配置 配置在http块下会出现重复配置 所以配置在server块下 resolver 169.254.20.10 10.43.0.10 ipv6=off; - location-snippet: | - # 限速配置 - limit_req zone=global_limit burst=30 nodelay; - limit_req_status 429; # 启用geoip2模块 use-geoip: "false" use-geoip2: "true"