values.yaml
1 replicaCount: 1 2 3 image: 4 repository: ghcr.io/apocas/restai 5 pullPolicy: IfNotPresent 6 # Overrides the image tag (default is the chart appVersion) 7 tag: "" 8 9 imagePullSecrets: [] 10 nameOverride: "" 11 fullnameOverride: "" 12 13 serviceAccount: 14 create: true 15 automount: true 16 annotations: {} 17 name: "" 18 19 # -- RESTai application configuration (non-sensitive, stored in ConfigMap) 20 config: 21 port: 9000 22 logLevel: "INFO" 23 dev: false 24 gpu: false 25 mcpServer: false 26 agentMaxIterations: 20 27 maxAudioUploadSize: 10 28 embeddingsPath: "/app/embeddings/" 29 appName: "RESTai" 30 hideBranding: false 31 anonymizedTelemetry: false 32 33 # Database — one of: postgresql, mysql, sqlite 34 database: 35 type: "postgresql" 36 postgres: 37 host: "" 38 port: "5432" 39 database: "restai" 40 user: "restai" 41 mysql: 42 host: "" 43 database: "restai" 44 user: "restai" 45 poolSize: 100 46 maxOverflow: 300 47 poolRecycle: 300 48 49 # Redis (optional — enables persistent chat store) 50 redis: 51 enabled: false 52 host: "" 53 port: "6379" 54 55 # Vector store (configure the one you use) 56 vectorStore: 57 chromadb: 58 host: "" 59 port: "8000" 60 pgvector: 61 host: "" 62 port: "" 63 user: "" 64 database: "restai_vectors" 65 weaviate: 66 host: "" 67 port: "8080" 68 grpcPort: "50051" 69 pinecone: 70 index: "" 71 72 # LDAP authentication 73 ldap: 74 enabled: false 75 serverHost: "" 76 serverPort: "" 77 searchBase: "" 78 searchFilters: "" 79 attributeForMail: "" 80 attributeForUsername: "" 81 appDn: "" 82 useTls: "" 83 caCertFile: "" 84 ciphers: "" 85 86 # OAuth / SSO providers (client IDs are non-sensitive) 87 oauth: 88 google: 89 clientId: "" 90 scope: "openid email profile" 91 redirectUri: "" 92 microsoft: 93 clientId: "" 94 tenantId: "" 95 scope: "openid email profile" 96 redirectUri: "" 97 github: 98 clientId: "" 99 scope: "user:email" 100 redirectUri: "" 101 oidc: 102 clientId: "" 103 providerUrl: "" 104 redirectUri: "" 105 scopes: "openid email profile" 106 providerName: "SSO" 107 emailClaim: "email" 108 allowedDomains: "*" 109 autoCreateUser: false 110 sessionCookieSameSite: "lax" 111 sessionCookieSecure: false 112 113 # Proxy mode 114 proxy: 115 url: "" 116 teamId: "" 117 118 # Base URL for OAuth callbacks 119 restaiUrl: "" 120 defaultDevice: "" 121 122 # -- Sensitive values (stored in K8s Secret) 123 # IMPORTANT: For production/multi-replica deployments, you MUST set authSecret, 124 # ssoSecretKey, and fernetKey to fixed values. If left empty, each pod generates 125 # random values which breaks JWT validation and encryption across pods/restarts. 126 secrets: 127 # Application secrets (MUST be set for production) 128 authSecret: "" 129 ssoSecretKey: "" 130 fernetKey: "" 131 132 # Admin password 133 defaultPassword: "admin" 134 135 # Database passwords 136 postgresPassword: "" 137 mysqlPassword: "" 138 139 # LLM API keys 140 openaiApiKey: "" 141 anthropicApiKey: "" 142 groqApiKey: "" 143 googleApiKey: "" 144 xaiApiKey: "" 145 hfToken: "" 146 147 # Vector store secrets 148 weaviateApiKey: "" 149 pineconeApiKey: "" 150 151 # LDAP 152 ldapAppPassword: "" 153 154 # OAuth client secrets 155 googleClientSecret: "" 156 microsoftClientSecret: "" 157 githubClientSecret: "" 158 oidcClientSecret: "" 159 160 # Proxy 161 proxyKey: "" 162 163 # Monitoring 164 sentryDsn: "" 165 166 # -- Use an existing K8s Secret instead of chart-managed secrets. 167 # When set, the chart will NOT create a Secret resource and will reference 168 # this secret name in envFrom. Your secret must contain the expected env var 169 # keys (e.g. RESTAI_AUTH_SECRET, POSTGRES_PASSWORD, OPENAI_API_KEY, etc.) 170 existingSecret: "" 171 172 # -- Service 173 service: 174 type: ClusterIP 175 port: 9000 176 177 # -- Ingress 178 ingress: 179 enabled: false 180 className: "" 181 annotations: {} 182 # kubernetes.io/ingress.class: nginx 183 # cert-manager.io/cluster-issuer: letsencrypt-prod 184 hosts: 185 - host: restai.local 186 paths: 187 - path: / 188 pathType: ImplementationSpecific 189 tls: [] 190 # - secretName: restai-tls 191 # hosts: 192 # - restai.local 193 194 # -- Resource limits 195 resources: {} 196 # limits: 197 # cpu: 2000m 198 # memory: 4Gi 199 # requests: 200 # cpu: 500m 201 # memory: 1Gi 202 203 # -- Horizontal Pod Autoscaler 204 autoscaling: 205 enabled: false 206 minReplicas: 1 207 maxReplicas: 10 208 targetCPUUtilizationPercentage: 80 209 # targetMemoryUtilizationPercentage: 80 210 211 # -- Probes 212 livenessProbe: 213 httpGet: 214 path: /health/live 215 port: http 216 initialDelaySeconds: 30 217 periodSeconds: 15 218 timeoutSeconds: 5 219 failureThreshold: 3 220 221 readinessProbe: 222 httpGet: 223 path: /health/ready 224 port: http 225 initialDelaySeconds: 15 226 periodSeconds: 10 227 timeoutSeconds: 5 228 failureThreshold: 3 229 230 startupProbe: 231 httpGet: 232 path: /health/live 233 port: http 234 initialDelaySeconds: 10 235 periodSeconds: 10 236 timeoutSeconds: 5 237 # 30 * 10s = 5 min startup window (Brain init can be slow) 238 failureThreshold: 30 239 240 nodeSelector: {} 241 tolerations: [] 242 affinity: {} 243 244 podSecurityContext: 245 fsGroup: 1000 246 247 securityContext: 248 runAsNonRoot: true 249 runAsUser: 1000