Label Studio Helm Chart 可用的 Helm 值
在Kubernetes上配置Label Studio部署时,请参考这些包含可用Helm chart值的表格来设置您的values.yaml文件。更多信息请参阅在Kubernetes上部署Label Studio。
全局参数
Helm 图表的全局参数。
| 参数 | 描述 | 默认值 |
|---|---|---|
global.imagePullSecrets |
Global Docker registry secret names as an array | [] |
global.image.repository |
Image repository | heartexlabs/label-studio |
global.image.pullPolicy |
Image pull policy | IfNotPresent |
global.image.tag |
Image tag (immutable tags are recommended) | develop |
global.pgConfig.host |
PostgreSQL hostname | "" |
global.pgConfig.port |
PostgreSQL port | 5432 |
global.pgConfig.dbName |
PostgreSQL database name | "" |
global.pgConfig.userName |
PostgreSQL database user account | "" |
global.pgConfig.password.secretName |
Name of an existing secret holding the password of PostgreSQL database user account | "" |
global.pgConfig.password.secretKey |
Key of an existing secret holding the password of PostgreSQL database user account | "" |
global.pgConfig.ssl.pgSslMode |
PostgreSQL SSL mode | "" |
global.pgConfig.ssl.pgSslSecretName |
Name of an existing secret holding the ssl certificate for PostgreSQL host | "" |
global.pgConfig.ssl.pgSslRootCertSecretKey |
Key of an existing secret holding the ssl certificate for PostgreSQL host | "" |
global.pgConfig.ssl.pgSslCertSecretKey |
Name of an existing secret holding the ssl certificate private key for PostgreSQL host | "" |
global.pgConfig.ssl.pgSslKeySecretKey |
Key of an existing secret holding the ssl certificate private key for PostgreSQL host | "" |
global.redisConfig.host |
Redis connection string in a format: redis://[:password]@localhost:6379/1 | "" |
global.redisConfig.password.secretName |
Name of an existing secret holding the password of Redis database | "" |
global.redisConfig.password.secretKey |
Key of an existing secret holding the password of Redis database | "" |
global.redisConfig.ssl.redisSslCertReqs |
Whether to validate the server public key or ignore it. Accepts ("", "optional", "required"). |
"" |
global.redisConfig.ssl.redisSslSecretName |
Name of an existing secret holding the ssl certificate for Redis host | "" |
global.redisConfig.ssl.redisSslCaCertsSecretKey |
Key of an existing secret holding the ssl certificate for Redis host | "" |
global.redisConfig.ssl.redisSslCertFileSecretKey |
Name of an existing secret holding the ssl certificate private key for Redis host | "" |
global.redisConfig.ssl.redisSslKeyFileSecretKey |
Key of an existing secret holding the ssl certificate private key for Redis host | "" |
global.extraEnvironmentVars |
Key/value map of an extra Environment variables, for example, PYTHONUNBUFFERED: 1 |
{} |
global.extraEnvironmentSecrets |
Key/value map of an extra Secrets | {} |
global.persistence.enabled |
Enable persistent storage. See more about setting up persistent storage | true |
global.persistence.type |
Persistent storage type | volume |
global.persistence.config.s3.accessKey |
Access key to use to access AWS S3 | "" |
global.persistence.config.s3.secretKey |
Secret key to use to access AWS S3 | "" |
global.persistence.config.s3.accessKeyExistingSecret |
Existing Secret name to extract Access key from to access AWS S3 | "" |
global.persistence.config.s3.accessKeyExistingSecretKey |
Existing Secret key to extract Access key from to access AWS S3 | "" |
global.persistence.config.s3.secretKeyExistingSecret |
Existing Secret name to extract Access secret key from to access AWS S3 | "" |
global.persistence.config.s3.secretKeyExistingSecretKey |
Existing Secret key to extract Access secret key from to access AWS S3 | "" |
global.persistence.config.s3.region |
AWS S3 region | "" |
global.persistence.config.s3.bucket |
AWS S3 bucket name | "" |
global.persistence.config.s3.folder |
AWS S3 folder name | "" |
global.persistence.config.s3.urlExpirationSecs |
The number of seconds that a presigned URL is valid for | 86400 |
global.persistence.config.s3.endpointUrl |
Custom S3 URL to use when connecting to S3, including scheme | "" |
global.persistence.config.volume.storageClass |
StorageClass for Persistent Volume | "" |
global.persistence.config.volume.size |
Persistent volume size | 10Gi |
global.persistence.config.volume.accessModes |
PVC Access mode | [ReadWriteOnce] |
global.persistence.config.volume.annotations |
Persistent volume additional annotations | {} |
global.persistence.config.volume.existingClaim |
Name of an existing PVC to use | "" |
global.persistence.config.volume.resourcePolicy |
PVC resource policy | "" |
global.persistence.config.volume.annotations |
Persistent volume additional annotations | {} |
global.persistence.config.azure.storageAccountName |
Azure Storage Account Name to use to access Azure Blob Storage | "" |
global.persistence.config.azure.storageAccountKey |
Azure Storage Account Key to use to access Azure Blob Storage | "" |
global.persistence.config.azure.storageAccountNameExistingSecret |
Existing Secret name to extract Azure Storage Account Name from to access Azure Blob Storage | "" |
global.persistence.config.azure.storageAccountNameExistingSecretKey |
Existing Secret key to extract Azure Storage Account Name from to use to access Azure Blob Storage | "" |
global.persistence.config.azure.storageAccountKeyExistingSecret |
Existing Secret name to extract Azure Storage Account Key from to access Azure Blob Storage | "" |
global.persistence.config.azure.storageAccountKeyExistingSecretKey |
Existing Secret key to extract Azure Storage Account Key from to use to access Azure Blob Storage | "" |
global.persistence.config.azure.containerName |
Azure Storage container name | "" |
global.persistence.config.azure.folder |
Azure Storage folder name | "" |
global.persistence.config.azure.urlExpirationSecs |
The number of seconds that a presigned URL is valid for | 86400 |
global.persistence.config.gcs.projectID |
GCP Project ID to use | "" |
global.persistence.config.gcs.applicationCredentialsJSON |
Service Account key to access GCS | "" |
global.persistence.config.gcs.applicationCredentialsJSONExistingSecret |
Existing Secret name to extract Service Account Key from to access GCS | "" |
global.persistence.config.gcs.applicationCredentialsJSONExistingSecretKey |
Existing Secret key to extract Service Account Key from to access GCS | "" |
global.persistence.config.gcs.bucket |
GCS bucket name | "" |
global.persistence.config.gcs.folder |
GCS folder name | "" |
global.persistence.config.gcs.urlExpirationSecs |
The number of seconds that a presigned URL is valid for | 86400 |
global.featureFlags |
Key/value map of Feature Flags | {} |
global.envInjectSources |
List of file names of a shell scripts to load additional environment variables from. This is useful when using Vault Agent Injector | [] |
global.cmdWrapper |
Additional commands to run prior to starting App. Useful to run wrappers before startup command | "" |
global.customCaCerts |
List of file names of SSL certificates to add into trust chain | [] |
应用参数
Label Studio 部署中 app 部分的特定参数。
| 参数 | 描述 | 默认值 |
|---|---|---|
app.args |
Override default container args (useful when using custom images) | ["label-studio-uwsgi"] |
app.deploymentStrategy.type |
Deployment strategy type | RollingUpdate |
app.replicas |
Amount of app pod replicas | 1 |
app.NameOverride |
String to partially override release template name | "" |
app.FullnameOverride |
String to fully override release template name | "" |
app.resources.requests.memory |
The requested memory resources for the App container | 384Mi |
app.resources.requests.cpu |
The requested cpu resources for the App container | 250m |
app.resources.limits.memory |
The memory resources limits for the App container | "" |
app.resources.limits.cpu |
The cpu resources limits for the App container | "" |
app.initContainer.resources.requests |
Init container db-migrations resource requests | {} |
app.initContainer.resources.limits |
Init container db-migrations resource limits | {} |
app.readinessProbe.enabled |
Enable redinessProbe | false |
app.readinessProbe.path |
Path for reasinessProbe | /version |
app.readinessProbe.failureThreshold |
When a probe fails, Kubernetes will try failureThreshold times before giving up | 2 |
app.readinessProbe.initialDelaySeconds |
Number of seconds after the container has started before probe initiates | 60 |
app.readinessProbe.periodSeconds |
How often (in seconds) to perform the probe | 10 |
app.readinessProbe.successThreshold |
Minimum consecutive successes for the probe to be considered successful after having failed | 1 |
app.readinessProbe.timeoutSeconds |
Number of seconds after which the probe times out | 5 |
app.livenessProbe.enabled |
Enable livenessProbe | true |
app.livenessProbe.path |
Path for livenessProbe | /health |
app.livenessProbe.failureThreshold |
When a probe fails, Kubernetes will try failureThreshold times before giving up | 3 |
app.livenessProbe.initialDelaySeconds |
Number of seconds after the container has started before probe initiates | 60 |
app.livenessProbe.periodSeconds |
How often (in seconds) to perform the probe | 10 |
app.livenessProbe.successThreshold |
Minimum consecutive successes for the probe to be considered successful after having failed | 1 |
app.livenessProbe.timeoutSeconds |
Number of seconds after which the probe times out | 5 |
app.extraEnvironmentVars |
A map of extra environment variables to set | {} |
app.extraEnvironmentSecrets |
A map of extra environment secrets to set | {} |
app.nodeSelector |
Labels for pod assignment, formatted as a multi-line string or YAML map | {} |
app.annotations |
k8s annotations to attach to the app pods | {} |
app.extraLabels |
extra k8s labels to attach | {} |
app.affinity |
Affinity for pod assignment | {} |
app.tolerations |
Toleration settings for pod | [] |
app.nginx.resources.requests |
Nginx sidecar container: resource requests | {} |
app.nginx.resources.limits |
Nginx sidecar container: resource limits | {} |
app.dnsPolicy |
Pod DNS policy | ClusterFirst |
app.enableServiceLinks |
Service environment variables | false |
app.shareProcessNamespace |
Enable shared process namespace in a pod | false |
app.automountServiceAccountToken |
Automount service account token for the server service account | true |
app.serviceAccount.create |
Enable the creation of a ServiceAccount for app pod | true |
app.serviceAccount.name |
Name of the created ServiceAccount | |
app.serviceAccount.annotations |
Custom annotations for app ServiceAccount | {} |
app.podSecurityContext.enabled |
Enable pod Security Context | true |
app.podSecurityContext.fsGroup |
Group ID for the pod | 1001 |
app.containerSecurityContext.enabled |
Enable container security context | true |
app.containerSecurityContext.runAsUser |
User ID for the container | 1001 |
app.containerSecurityContext.runAsNonRoot |
Avoid privilege escalation to root user | true |
app.extraVolumes |
Array to add extra volumes | [] |
app.extraVolumeMounts |
Array to add extra mounts (normally used with extraVolumes) | [] |
app.topologySpreadConstraints |
Topology Spread Constraints for pod assignment | [] |
app.nginx.args |
Override default container args (useful when using custom images) | ["nginx"] |
app.nginx.livenessProbe.enabled |
Nginx sidecar container: Enable livenessProbe | true |
app.nginx.livenessProbe.path |
Nginx sidecar container: path for livenessProbe | /nginx_health |
app.nginx.livenessProbe.failureThreshold |
Nginx sidecar container: when a probe fails, Kubernetes will try failureThreshold times before giving up | 2 |
app.nginx.livenessProbe.initialDelaySeconds |
Nginx sidecar container: Number of seconds after the container has started before probe initiates | 60 |
app.nginx.livenessProbe.periodSeconds |
Nginx sidecar container: How often (in seconds) to perform the probe | 5 |
app.nginx.livenessProbe.successThreshold |
Nginx sidecar container: Minimum consecutive successes for the probe to be considered successful after having failed | 1 |
app.nginx.livenessProbe.timeoutSeconds |
Nginx sidecar container: Number of seconds after which the probe times out | 3 |
app.nginx.readinessProbe.enabled |
Nginx sidecar container: Enable readinessProbe | true |
app.nginx.readinessProbe.path |
Nginx sidecar container: Path for readinessProbe | /version |
app.nginx.readinessProbe.failureThreshold |
Nginx sidecar container: When a probe fails, Kubernetes will try failureThreshold times before giving up | 2 |
app.nginx.readinessProbe.initialDelaySeconds |
Nginx sidecar container: Number of seconds after the container has started before probe initiates | 60 |
app.nginx.readinessProbe.periodSeconds |
Nginx sidecar container: How often (in seconds) to perform the probe | 10 |
app.nginx.readinessProbe.successThreshold |
Nginx sidecar container: Minimum consecutive successes for the probe to be considered successful after having failed | 1 |
app.nginx.readinessProbe.timeoutSeconds |
Nginx sidecar container: Number of seconds after which the probe times out | 5 |
app.service.type |
k8s service type | ClusterIP |
app.service.port |
k8s service port | 80 |
app.service.targetPort |
k8s service target port | 8085 |
app.service.portName |
k8s service port name | service |
app.service.annotations |
Custom annotations for app service | {} |
app.service.sessionAffinity |
Custom annotations for app service | None |
app.service.sessionAffinityConfig |
Additional settings for the sessionAffinity | {} |
app.ingress.enabled |
Set to true to enable ingress record generation | false |
app.ingress.className |
IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | "" |
app.ingress.host |
Default host for the ingress resource | "" |
app.ingress.path |
The Path to LabelStudio. You may need to set this to ‘/*’ in order to use this with ALB ingress controllers. | / |
app.ingress.extraPaths |
Extra paths to prepend to the host configuration | [] |
app.ingress.tls |
TLS secrets definition | [] |
app.ingress.annotations |
Additional ingress annotations | {} |
app.rbac.create |
Specifies whether RBAC resources should be created for app service | false |
app.rbac.rules |
Custom RBAC rules to set for app service | [] |
app.contextPath |
Context path appended for health/readiness checks | / |
app.cmdWrapper |
Additional commands to run prior to starting App. Useful to run wrappers before startup command | "" |
Rqworker 参数
Label Studio Enterprise 部署中 rqworkers 服务的特定参数。
| 参数 | 描述 | 默认值 |
|---|---|---|
rqworker.enabled |
Enable rqworker pod | true |
rqworker.NameOverride |
String to partially override release template name | "" |
rqworker.FullnameOverride |
String to fully override release template name | "" |
rqworker.deploymentStrategy.type |
Deployment strategy type | Recreate |
rqworker.extraEnvironmentVars |
A map of extra environment variables to set | {} |
rqworker.extraEnvironmentSecrets |
A map of extra environment secrets to set | {} |
rqworker.nodeSelector |
labels for pod assignment, formatted as a multi-line string or YAML map | {} |
rqworker.annotations |
k8s annotations to attach to the rqworker pods | {} |
rqworker.extraLabels |
extra k8s labels to attach | {} |
rqworker.affinity |
Affinity for pod assignment | {} |
rqworker.tolerations |
Toleration settings for pod | [] |
rqworker.queues.high.replicas |
Rqworker queue “high” replicas amount | 1 |
rqworker.queues.high.args |
Rqworker queue “high” launch arguments | "high" |
rqworker.queues.low.replicas |
Rqworker queue “low” replicas amount | 1 |
rqworker.queues.low.args |
Rqworker queue “low” launch arguments | "low" |
rqworker.queues.default.replicas |
Rqworker queue “default” replicas amount | 1 |
rqworker.queues.default.args |
Rqworker queue “default” launch arguments | "default" |
rqworker.queues.critical.replicas |
Rqworker queue “critical” replicas amount | 1 |
rqworker.queues.critical.args |
Rqworker queue “critical” launch arguments | "critical" |
rqworker.queues.all.replicas |
Rqworker queue “all” replicas amount | 1 |
rqworker.queues.all.args |
Rqworker queue “all” launch arguments | "low", "default", "critical", "high" |
rqworker.dnsPolicy |
Pod DNS policy | ClusterFirst |
rqworker.enableServiceLinks |
Service environment variables | false |
rqworker.shareProcessNamespace |
Enable shared process namespace in a pod | false |
rqworker.automountServiceAccountToken |
Automount service account token for the server service account | true |
rqworker.readinessProbe.enabled |
Enable redinessProbe | false |
rqworker.readinessProbe.path |
Path for reasinessProbe | /version |
rqworker.readinessProbe.failureThreshold |
When a probe fails, Kubernetes will try failureThreshold times before giving up | 2 |
rqworker.readinessProbe.initialDelaySeconds |
Number of seconds after the container has started before probe initiates | 60 |
rqworker.readinessProbe.periodSeconds |
How often (in seconds) to perform the probe | 5 |
rqworker.readinessProbe.successThreshold |
Minimum consecutive successes for the probe to be considered successful after having failed | 1 |
rqworker.readinessProbe.timeoutSeconds |
Number of seconds after which the probe times out | 3 |
rqworker.livenessProbe.enabled |
Enable livenessProbe | false |
rqworker.livenessProbe.path |
Path for livenessProbe | /health |
rqworker.livenessProbe.failureThreshold |
When a probe fails, Kubernetes will try failureThreshold times before giving up | 2 |
rqworker.livenessProbe.initialDelaySeconds |
Number of seconds after the container has started before probe initiates | 60 |
rqworker.livenessProbe.periodSeconds |
How often (in seconds) to perform the probe | 5 |
rqworker.livenessProbe.successThreshold |
Minimum consecutive successes for the probe to be considered successful after having failed | 1 |
rqworker.livenessProbe.timeoutSeconds |
Number of seconds after which the probe times out | 3 |
rqworker.serviceAccount.create |
Enable the creation of a ServiceAccount for rqworker pod | true |
rqworker.serviceAccount.name |
Name of the created ServiceAccount | "" |
rqworker.podSecurityContext.enabled |
Enable pod Security Context | true |
rqworker.podSecurityContext.fsGroup |
Group ID for the pod | 1001 |
rqworker.containerSecurityContext.enabled |
Enable container security context | true |
rqworker.containerSecurityContext.runAsUser |
User ID for the container | 1001 |
rqworker.containerSecurityContext.runAsNonRoot |
Avoid privilege escalation to root user | true |
rqworker.serviceAccount.annotations |
Custom annotations for app ServiceAccount | {} |
rqworker.extraVolumes |
Array to add extra volumes | [] |
rqworker.extraVolumeMounts |
Array to add extra mounts (normally used with extraVolumes) | [] |
rqworker.topologySpreadConstraints |
Topology Spread Constraints for pod assignment | [] |
rqworker.rbac.create |
Specifies whether RBAC resources should be created for rqworker service | false |
rqworker.rbac.rules |
Custom RBAC rules to set for rqworker service | [] |
rqworker.cmdWrapper |
Additional commands to run prior to starting App. Useful to run wrappers before startup command | "" |
子图表参数
| 参数 | 描述 | 默认值 |
|---|---|---|
postgresql.enabled |
Enable Postgresql sub-chart | true |
postgresql.architecture |
PostgreSQL architecture (standalone or replication) | standalone |
postgresql.image.tag |
PostgreSQL image tag | 13.8.0 |
postgresql.auth.username |
Name for a custom user to create | labelstudio |
postgresql.auth.password |
Password for the custom user to create. Ignored if auth.existingSecret with key password is provided |
labelstudio |
postgresql.auth.database |
Name for a custom database to create | labelstudio |
redis.enabled |
Enable Redis sub-chart | false |
redis.architecture |
Redis architecture. Allowed values: standalone or replication |
standalone |
redis.auth.enabled |
Enable password authentication | false |
其他参数
| 参数 | 描述 | 默认值 |
|---|---|---|
| upgradeCheck.enabled | Enable upgradecheck | false |
| ci | Indicate that deployment running for CI purposes | false |
| clusterDomain | Kubernetes Cluster Domain | cluster.local |
| checkConfig.skipEnvValues | Skip validation for env variables | false |
global.extraEnvironmentVars 的使用方法
global.extraEnvironmentVars 部分可用于配置 Label Studio 的环境属性。
在此部分下设置的任何键值都会转换为用于控制Label Studio配置的环境变量。在设置环境变量之前,每个键名都会被转换为大写。
一个示例:
global:
extraEnvironmentVars:
PG_USER: labelstudio备注
如果您正在部署到生产环境,应设置 SSRF_PROTECTION_ENABLED: true。请参阅 Secure Label Studio。