This is a community-maintained repository that contains resources for deploying Langfuse on Kubernetes.
We provide a Helm chart that helps you deploy Langfuse on Kubernetes.
This Chart is a release candidate for the 1.0.0 version of the Langfuse Helm Chart. Please provide all thoughts and feedbacks on the interface and the upgrade path via our GitHub Discussion.
For details on how to migrate from 0.13.x to 1.0.0, refer to our migration guide.
Configure the required secrets and parameters as defined below in a new values.yaml file.
Then install the helm chart using the commands below:
helm repo add langfuse https://langfuse.github.io/langfuse-k8s
helm repo update
helm install langfuse langfuse/langfuse -f values.yamlhelm repo update
helm upgrade langfuse langfuse/langfusePlease validate whether the helm sub-charts in the Chart.yaml were updated between versions. If yes, follow the guide for the respective sub-chart to upgrade it.
The required configuration options to set are:
# Optional, but highly recommended. Generate via `openssl rand -hex 32`.
# langfuse:
# encryptionKey:
# value: ""
nextauth:
secret:
value: ""
postgresql:
auth:
password: ""
clickhouse:
auth:
password: ""
redis:
auth:
password: ""They can alternatively set via secret references (the secrets must exist):
# Optional, but highly recommended. Generate via `openssl rand -hex 32`.
# langfuse:
# encryptionKey:
# secretKeyRef:
# name: langfuse-encryption-key-secret
# key: encryptionKey
nextauth:
secret:
secretKeyRef:
name: langfuse-nextauth-secret
key: nextauth-secret
postgresql:
auth:
existingSecret: langfuse-postgresql-auth
secretKeys:
userPasswordKey: password
clickhouse:
auth:
existingSecret: langfuse-clickhouse-auth
secretKeys:
userPasswordKey: password
redis:
auth:
existingSecret: langfuse-redis-auth
secretKeys:
userPasswordKey: passwordSee the Helm README for a full list of all configuration options.
[...]
postgresql:
deploy: false
auth:
username: my-username
password: my-password
database: my-database
host: my-external-postgres-server.com
directUrl: postgres://my-username:[email protected]
shadowDatabaseUrl: postgres://my-username:[email protected][...]
langfuse:
ingress:
enabled: true
hosts:
- host: langfuse.your-host.com
paths:
- path: /
pathType: Prefix
annotations: []With an external Postgres server with client certificates using own secrets and additionalEnv for mappings
langfuse:
salt: null
nextauth:
secret: null
extraVolumes:
- name: db-keystore # referencing an existing secret to mount server/client certs for postgres
secret:
secretName: langfuse-postgres # contain the following files (server-ca.pem, sslidentity.pk12)
extraVolumeMounts:
- name: db-keystore
mountPath: /secrets/db-keystore # mounting the db-keystore store certs in the pod under the given path
readOnly: true
additionalEnv:
- name: DATABASE_URL # Using the certs in the url eg. postgresql://the-db-user:the-password@postgres-host:5432/langfuse?ssl=true&sslmode=require&sslcert=/secrets/db-keystore/server-ca.pem&sslidentity=/secrets/db-keystore/sslidentity.pk12&sslpassword=the-ssl-identity-pw
valueFrom:
secretKeyRef:
name: langfuse-postgres # referencing an existing secret
key: database-url
- name: NEXTAUTH_SECRET
valueFrom:
secretKeyRef:
name: langfuse-general # referencing an existing secret
key: nextauth-secret
- name: SALT
valueFrom:
secretKeyRef:
name: langfuse-general
key: salt
service:
[...]
ingress:
[...]
postgresql:
deploy: false
auth:
password: null
username: nullThis is going to add a record to the /etc/hosts file of all containers under the langfuse-web pod in such a way that every traffic towards "oauth.id.jumpcloud.com" is going to be forwarded to the localhost network.
langfuse:
web:
hostAliases:
- ip: 127.0.0.1
hostnames:
- "oauth.id.jumpcloud.com"examplesdirectory contains exampleyamlconfigurationscharts/langfusedirectory contains Helm chart for deploying Langfuse with an associated database
Please feel free to contribute any improvements or suggestions.
Langfuse deployment docs: https://langfuse.com/docs/deployment/self-host
