feat(dify): 新增dify配置

apps/apps/dify/helmchart.yaml

@@ -1,25 +1,57 @@
 apiVersion: helm.cattle.io/v1
 kind: HelmChart
 metadata:
-  name: halo
+  name: dify
   namespace: apps
 spec:
   repo: https://borispolonsky.github.io/dify-helm
   chart: dify
   targetNamespace: apps
-  version: 0.24.0
+  version: 0.25.0
   valuesContent: |-
     nodeSelector:
-      kubernetes.io/hostname: greenhk
+      kubernetes.io/hostname: clawhka
+    image:
+      api:
+        tag: "1.4.1"
+      worker:
+        tag: "1.4.1"
+      web:
+        tag: "1.4.1"
+      sandbox:
+        tag: "0.2.12"
+      pluginDaemon:
+        tag: "0.1.1-local"
+        
     api:
       persistence:
-        enabled: true
+        persistentVolumeClaim:
-        storageClass: local-path
+          storageClass: local-path
-        accessMode: ReadWriteMany
+          accessModes: ReadWriteOnce
-        size: 10Gi
+          size: 5Gi  
       extraEnv:
       - name: LANG
         value: "C.UTF-8"
+      - name: VECTOR_STORE
+        value: "pgvector"
+      - name: PGVECTOR_HOST
+        value: "cnpg17-cluster-hk-rw.infra-data"
+      - name: PGVECTOR_PORT
+        value: "5432"
+      - name: PGVECTOR_DATABASE
+        value: "dify"
+      - name: DB_USERNAME
+        value: "app"
+      - name: DB_PASSWORD
+        value: "QrmOnigueiiKWDxS5HqS8h765fUZoV1fj2WFkHpqZOPnKAGcM9paiXC1VzGUA3PD"
+    pluginDaemon:
+      persistence:
+        persistentVolumeClaim:
+          storageClass: local-path
+          accessModes: ReadWriteOnce
+          size: 5Gi  
+    proxy:
+      enabled: false
     postgresql:
       enabled: false
     redis:
@@ -29,35 +61,16 @@ spec:
     externalPostgres:
       enabled: true
       username: app
-      password: nyrHzh9WWlDZzvVw7bDFo74gKb9zsls0Sy7OwRTDWiRTNPQQQkW85taUFAoX2AIC
+      password: QrmOnigueiiKWDxS5HqS8h765fUZoV1fj2WFkHpqZOPnKAGcM9paiXC1VzGUA3PD
-      address: cnpg-cluster-hk-rw.infra-data
+      address: cnpg17-cluster-hk-rw.infra-data
       port: 5432
       database:
         api: dify
         pluginDaemon: dify_plugin
-    externalPgvector:
-      enabled: false
-      username: app
-      password: nyrHzh9WWlDZzvVw7bDFo74gKb9zsls0Sy7OwRTDWiRTNPQQQkW85taUFAoX2AIC
-      address: cnpg-cluster-hk-rw.infra-data
-      port: 5432
-      dbName: dify
     externalRedis:
       enabled: true
-      host: redis.example
+      host: redis-cluster-hk-master.infra-data
       port: 6379
       username: ""
       password: ribiPwYQNU6GWxCYR0Nj
       useSSL: false
-    proxy:
-      enable: false
-    ingress:
-      enabled: true
-      className: nginx
-      hosts:
-      - host: dify.dev.cm
-        paths:
-        - path: /
-          pathType: ImplementationSpecific
-    
-

apps/apps/dify/ingress.yaml

@@ -0,0 +1,48 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: dify-web
+  namespace: apps
+  annotations:
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: dify.dev.cm
+      http:
+        paths:
+          - path: /
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: dify-web
+                port:
+                  number: 3000
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: dify-api
+  namespace: apps
+  annotations:
+    nginx.ingress.kubernetes.io/use-regex: "true"
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: dify.dev.cm
+      http:
+        paths:
+          - path: /(api|console/api|v1|files)
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: dify-api
+                port:
+                  number: 5001
+          - path: /e/
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: dify-plugin-daemon
+                port:
+                  number: 5002

apps/infra/data/cloudnative-pg/cnpg17-cluster-hk.yaml

@@ -22,6 +22,9 @@ spec:
   postgresql:
     parameters:
       archive_timeout: 30min
+    # 启用向量扩展
+    shared_preload_libraries:
+      - "vectors.so"
   backup:
     retentionPolicy: "7d"
     barmanObjectStore:

apps/infra/data/postgresql-ha/configmap-pgpool-script.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: postgresql-ha-pgpool-script
-  namespace: infra-data
-data:
-  latency_test.sh: |-
-    #!/bin/bash
-    
-    install_packages ping
-    
-    # 读取环境变量
-    nodes=$PGPOOL_BACKEND_NODES
-    
-    echo $nodes

apps/infra/data/postgresql-ha/helmchart.yaml

@@ -1,85 +0,0 @@
-apiVersion: helm.cattle.io/v1
-kind: HelmChart
-metadata:
-  name: postgresql-ha
-  namespace: infra-data
-spec:
-  chart: oci://registry-1.docker.io/bitnamicharts/postgresql-ha
-  targetNamespace: infra-data
-  version: 14.3.1
-  valuesContent: |-
-    diagnosticMode:
-      enabled: false
-    postgresql:
-      affinity:
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-            - podAffinityTerm:
-                labelSelector:
-                  matchLabels:
-                    app.kubernetes.io/name: postgresql-ha
-                    app.kubernetes.io/component: postgresql
-                topologyKey: kubernetes.io/hostname
-              weight: 1
-            - podAffinityTerm:
-                labelSelector:
-                  matchLabels:
-                    app.kubernetes.io/name: postgresql-ha
-                    app.kubernetes.io/component: postgresql
-                topologyKey: topology.kubernetes.io/region
-              weight: 1
-      tolerations:
-        - key: "node-role.kubernetes.io/control-plane"
-          operator: "Exists"
-          effect: "NoSchedule"
-      image:
-        debug: true
-      username: rohow
-      password: L#GRtTR2QuL@20pm6+c~
-      postgresPassword: L#GRtTR2QuL@20pm6+c~
-      repmgrPassword: yAn0l2eiLw
-    pgpool:
-      affinity:
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-            - podAffinityTerm:
-                labelSelector:
-                  matchLabels:
-                    app.kubernetes.io/name: postgresql-ha
-                    app.kubernetes.io/component: pgpool
-                topologyKey: kubernetes.io/hostname
-              weight: 1
-            - podAffinityTerm:
-                labelSelector:
-                  matchLabels:
-                    app.kubernetes.io/name: postgresql-ha
-                    app.kubernetes.io/component: pgpool
-                topologyKey: topology.kubernetes.io/region
-              weight: 1
-        podAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-            - podAffinityTerm:
-                labelSelector:
-                  matchLabels:
-                    app.kubernetes.io/name: postgresql-ha
-                    app.kubernetes.io/component: pgpool
-                topologyKey: kubernetes.io/hostname
-              weight: 1
-      tolerations:
-        - key: "node-role.kubernetes.io/control-plane"
-          operator: "Exists"
-          effect: "NoSchedule"
-      replicaCount: 1
-      containerSecurityContext:
-        runAsUser: 0
-        runAsGroup: 0
-        runAsNonRoot: false
-        readOnlyRootFilesystem: false
-        privileged: true
-        allowPrivilegeEscalation: true
-      image:
-        debug: true
-      adminPassword: wc8FVC55JX
-    volumePermissions:
-      enabled: true
-

apps/infra/data/postgresql-ha/loadbalancer.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: postgresql-ha-lb
-  namespace: infra-data
-spec:
-  selector:
-    app.kubernetes.io/instance: postgresql-ha
-    app.kubernetes.io/name: postgresql-ha
-    app.kubernetes.io/component: pgpool
-  ports:
-    - protocol: TCP
-      port: 65432
-      targetPort: 5432
-  type: LoadBalancer

apps/infra/devops/gitea/helmchart.yaml

@@ -36,7 +36,7 @@ spec:
     postgresql-ha:
       enabled: false
     image:
-      tag: 1.23.7
+      tag: 1.23.8
     ingress:
       enabled: true
       className: nginx

apps/infra/monitor/prometheus/helmchart.yaml

@@ -7,7 +7,7 @@ spec:
   repo: https://prometheus-community.github.io/helm-charts
   chart: kube-prometheus-stack
   targetNamespace: infra-monitor
-  version: 72.0.1
+  version: 72.6.3
   valuesContent: |-
     kubeControllerManager:
       enabled: false

apps/infra/net/nginx/helmchart.yaml

@@ -35,6 +35,9 @@ spec:
         ssl-redirect: "true"
         # 自定义错误页面
         custom-http-errors: "403,404,502,503"
+        # 全局限速配置
+        limit-req-status-code: "429"
+        limit-conn-status-code: "429"
         http-snippet: |
           # lua插件配置
           lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
@@ -43,15 +46,12 @@ spec:
           proxy_cache_key $uri$is_args$args;
           proxy_cache_lock on;
           proxy_cache_use_stale updating;
-          # 限速配置
+          # 全局限速配置
-          limit_req_zone $binary_remote_addr zone=global_limit:10m rate=10r/s;
+          limit_req_zone $binary_remote_addr zone=global_limit:20m rate=20r/s;
+          limit_req zone=global_limit burst=50 nodelay;
         server-snippet: |
           # dns配置 配置在http块下会出现重复配置 所以配置在server块下
           resolver 169.254.20.10 10.43.0.10 ipv6=off;
-        location-snippet: |
-          # 限速配置
-          limit_req zone=global_limit burst=30 nodelay;
-          limit_req_status 429;
         # 启用geoip2模块
         use-geoip: "false"
         use-geoip2: "true"