DirectorySecurity AdvisoriesPricing
Sign in
Directory
langfuse logoHELM

langfuse

Helm chart
Last changed
Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Overview
Chart versions
Default values
Chart metadata
Images

Tag:

1
# Langfuse Helm Chart Configuration
2
3
global:
4
security:
5
# -- Allow insecure images to use bitnami legacy repository. Can be set to false if secure images are being used (Paid).
6
allowInsecureImages: true
7
# -- Override the name for the selector labels, defaults to the chart name
8
nameOverride: ""
9
# -- Override the full name of the deployed resources, defaults to a combination of the release name and the name for the selector labels
10
fullnameOverride: ""
11
# Core Langfuse Configuration
12
langfuse:
13
# Logging configuration
14
logging:
15
# -- Set the log level for the application (trace, debug, info, warn, error, fatal)
16
level: info
17
# -- Set the log format for the application (text or json)
18
format: text
19
# -- Used to hash API keys. Can be configured by value or existing secret reference. To generate a new salt, run `openssl rand -base64 32`.
20
salt:
21
value: ""
22
secretKeyRef:
23
name: ""
24
key: ""
25
# -- Langfuse EE license key.
26
licenseKey:
27
value: ""
28
secretKeyRef:
29
name: ""
30
key: ""
31
# -- EE: Langfuse allowed organization creators. See [documentation](https://langfuse.com/self-hosting/organization-creators)
32
allowedOrganizationCreators: []
33
# -- Authentication and SSO settings:
34
# -- If you want to disable username/password login, set auth.disableUsernamePassword to true.
35
# -- Refer to [documentation](https://langfuse.com/self-hosting/authentication-and-sso) for available keys for each provider.
36
# -- For each provider, add it to auth.providers, and add respective configuration options under it.
37
# -- For options, use the last part (after provider name) of the respective environment variable's name, in camelCase.
38
# -- Values can be specified directly as strings, or as secret references using secretKeyRef.
39
# -- For example, to use Azure AD as your SSO provider, use the following lines:
40
# auth:
41
# disableUsernamePassword: true
42
# providers:
43
# azureAd:
44
# clientId: "<YOUR CLIENT ID>"
45
# clientSecret:
46
# secretKeyRef:
47
# name: "my-sso-secret"
48
# key: "azure-client-secret"
49
# tenantId: "<YOUR TENANT ID>"
50
# -- For sensitive fields, it is recommended to use secretKeyRef to avoid storing secrets in values.yaml
51
52
# -- Used to encrypt sensitive data. Must be 256 bits (64 string characters in hex format). Generate via `openssl rand -hex 32`.
53
encryptionKey:
54
value: ""
55
secretKeyRef:
56
name: ""
57
key: ""
58
# Feature flags
59
features:
60
# -- Whether or not to report basic usage statistics to a centralized server.
61
telemetryEnabled: true
62
# -- Disable public sign up
63
signUpDisabled: false
64
# -- Enable experimental features
65
experimentalFeaturesEnabled: false
66
# -- Node.js environment to use for all langfuse deployments
67
nodeEnv: production
68
serviceAccount:
69
# -- Whether to create a service account for all langfuse deployments
70
create: true
71
# -- Annotations for the service account
72
annotations: {}
73
# -- Override the name of the service account to use, discovered automatically if not set
74
name: ""
75
# -- Whether to automount service account token in pods. Set to false to disable automatic mounting of the service account token.
76
automountServiceAccountToken: true
77
smtp:
78
# -- SMTP connection URL. See [documentation](https://langfuse.com/self-hosting/transactional-emails)
79
connectionUrl: ""
80
# -- From address for emails. Required if connectionUrl is set.
81
fromAddress: ""
82
ingress:
83
# -- Set to `true` to enable the ingress resource
84
enabled: false
85
# -- Additional labels for the ingress resource
86
additionalLabels: {}
87
# -- Annotations for the ingress resource
88
annotations: {}
89
# -- The class name for the ingress resource
90
className: ""
91
# -- The hosts for the ingress resource
92
hosts: []
93
# Example:
94
# - host: "langfuse.example.com"
95
# paths:
96
# - path: /
97
# pathType: ImplementationSpecific
98
99
tls:
100
# -- Set to `true` to enable use HTTPS on the ingress
101
enabled: false
102
# -- The name of the secret to use for TLS Key
103
secretName: ""
104
# -- Pod security context for all langfuse deployments
105
podSecurityContext: {}
106
# -- Security context for all langfuse deployments
107
securityContext: {}
108
# -- Node selector for all langfuse deployments
109
nodeSelector: {}
110
# -- Tolerations for all langfuse deployments
111
tolerations: []
112
# -- Affinity for all langfuse deployments
113
affinity: {}
114
# -- DNS configuration for all langfuse deployments
115
dnsConfig: {}
116
pod:
117
# -- Annotations for all langfuse pods
118
annotations: {}
119
# -- Labels for all langfuse pods
120
labels: {}
121
# -- Topology spread constraints for all langfuse pods
122
topologySpreadConstraints: []
123
deployment:
124
# -- Annotations for all langfuse deployments
125
annotations: {}
126
# -- Deployment strategy for all langfuse deployments (can be overridden by individual deployments)
127
strategy: {}
128
# -- Number of replicas to use for all langfuse deployments. Can be overridden by the individual deployments
129
replicas: 1
130
# -- Number of old ReplicaSets to retain to allow rollback. Can be overridden by the individual deployments
131
revisionHistoryLimit: 10
132
# -- Resources for all langfuse deployments. Can be overridden by the individual deployments
133
resources: {}
134
image:
135
# -- The image tag to use for all langfuse deployments. Can be overridden by the individual deployments. Falls back to appVersion if not set.
136
tag: Null
137
# -- The pull policy to use for all langfuse deployments. Can be overridden by the individual deployments.
138
pullPolicy: Always
139
# -- The pull secrets to use for all langfuse deployments. Can be overridden by the individual deployments.
140
pullSecrets: []
141
# -- List of additional environment variables to be added to all langfuse deployments. See [documentation](https://langfuse.com/docs/deployment/self-host#configuring-environment-variables) for details.
142
additionalEnv: []
143
# -- Secrets or ConfigMap of additional environment variables to be added to all langfuse deployments. See [documentation](https://langfuse.com/docs/deployment/self-host#configuring-environment-variables) for details.
144
additionalEnvFrom: []
145
# -- Allows additional containers to be added to all langfuse deployments
146
extraContainers: []
147
# -- Allows additional volumes to be added to all langfuse deployments
148
extraVolumes: []
149
# -- Allows additional init containers to be added to all langfuse deployments
150
extraInitContainers: []
151
# -- Allows additional volume mounts to be added to all langfuse deployments
152
extraVolumeMounts: []
153
# -- Allows additional lifecycle hooks to be added to all langfuse deployments
154
extraLifecycle: {}
155
# Web deployment configuration
156
web:
157
image:
158
# -- The image repository to use for the langfuse web pods.
159
repository: cgr.dev/chainguard-private/langfuse-fips
160
# -- The tag to use for the langfuse web pods. Using `langfuse.image.tag` if not set.
161
tag: latest@sha256:de9b1eeb6bdcc509adc6ca04f7a0919b62f7902d831ace9635133623937a0937
162
# -- The pull policy to use for the langfuse web pods. Using `langfuse.image.pullPolicy` if not set.
163
pullPolicy: Null
164
# -- The pull secrets to use for the langfuse web pods. Using `langfuse.image.pullSecrets` if not set.
165
pullSecrets: Null
166
deployment:
167
# -- Additional labels for the langfuse web deployment
168
additionalLabels: {}
169
# -- Annotations for the web deployment
170
annotations: {}
171
# -- Deployment strategy for the web deployment. Overrides the global deployment strategy
172
strategy: {}
173
pod:
174
# -- Annotations for the web pods
175
annotations: {}
176
# -- Labels for the web pods
177
labels: {}
178
# -- Node selector for the web pods. Overrides the global nodeSelector
179
nodeSelector: null
180
# -- Tolerations for the web pods. Overrides the global tolerations
181
tolerations: null
182
# -- Affinity for the web pods. Overrides the global affinity
183
affinity: null
184
# -- Topology spread constraints for the web pods. Overrides the global topologySpreadConstraints
185
topologySpreadConstraints: null
186
# -- Allows additional containers to be added to all langfuse web pods
187
extraContainers: []
188
# -- List of additional environment variables to be added to all langfuse web pods. See [documentation](https://langfuse.com/docs/deployment/self-host#configuring-environment-variables) for details.
189
additionalEnv: []
190
# -- Secrets or ConfigMap of additional environment variables to be added to all langfuse web pods. See [documentation](https://langfuse.com/docs/deployment/self-host#configuring-environment-variables) for details.
191
additionalEnvFrom: []
192
service:
193
# -- The type of service to use for the langfuse web application
194
type: ClusterIP
195
# -- The port to use for the langfuse web application
196
port: 3000
197
# -- The external port that will be exposed by the service. Falls back to `port` if not set.
198
externalPort: null
199
# -- The node port to use for the langfuse web application
200
nodePort: null
201
# -- Additional labels for the langfuse web application service
202
additionalLabels: {}
203
# -- Annotations for the langfuse web application service
204
annotations: {}
205
# -- Resources for the langfuse web pods. Defaults to the global resources
206
resources: {}
207
# -- Number of replicas to use if HPA is not enabled. Defaults to the global replicas
208
replicas: null
209
# -- Number of old ReplicaSets to retain to allow rollback.
210
revisionHistoryLimit: null
211
# KEDA ScaledObject configuration
212
keda:
213
# -- Set to `true` to enable KEDA for the langfuse web pods
214
# Note: When both KEDA and HPA are enabled, the deployment will fail.
215
enabled: false
216
# -- The minimum number of replicas to use for the langfuse web pods
217
minReplicas: 1
218
# -- The maximum number of replicas to use for the langfuse web pods
219
maxReplicas: 2
220
# -- The polling interval in seconds for checking metrics
221
pollingInterval: 30
222
# -- The trigger type for scaling (cpu or memory)
223
triggerType: "cpu"
224
# -- The metric type for scaling (Utilization or AverageValue)
225
metricType: "Utilization"
226
# -- The target utilization percentage for the langfuse web pods
227
value: "50"
228
# -- Optional container name to target for metrics (leave empty to target all containers)
229
containerName: ""
230
# Horizontal Pod Autoscaler configuration
231
hpa:
232
# -- Set to `true` to enable HPA for the langfuse web pods
233
# Note: When both KEDA and HPA are enabled, the deployment will fail.
234
enabled: false
235
# -- Annotations for the langfuse web HPA
236
annotations: {}
237
# -- The minimum number of replicas to use for the langfuse web pods
238
minReplicas: 1
239
# -- The maximum number of replicas to use for the langfuse web pods
240
maxReplicas: 2
241
# -- The target CPU utilization percentage for the langfuse web pods
242
targetCPUUtilizationPercentage: 50
243
# Vertical Pod Autoscaler configuration
244
vpa:
245
# -- Set to `true` to enable VPA for the langfuse web pods
246
enabled: false
247
# -- The resources to control for the langfuse web pods
248
controlledResources: []
249
# -- The maximum allowed resources for the langfuse web pods
250
maxAllowed: {}
251
# -- The minimum allowed resources for the langfuse web pods
252
minAllowed: {}
253
updatePolicy:
254
# -- The update policy mode for the langfuse web pods
255
updateMode: Auto
256
# -- Adding records to /etc/hosts in the pod's network.
257
hostAliases: []
258
livenessProbe:
259
# -- Path to check for liveness.
260
path: "/api/public/health"
261
# -- Initial delay seconds for livenessProbe.
262
initialDelaySeconds: 20
263
# -- Period seconds for livenessProbe.
264
periodSeconds: 10
265
# -- Timeout seconds for livenessProbe.
266
timeoutSeconds: 5
267
# -- Failure threshold for livenessProbe.
268
failureThreshold: 3
269
# -- Success threshold for livenessProbe.
270
successThreshold: 1
271
readinessProbe:
272
# -- Path to check for readiness.
273
path: "/api/public/ready"
274
# -- Initial delay seconds for readinessProbe.
275
initialDelaySeconds: 20
276
# -- Period seconds for readinessProbe.
277
periodSeconds: 10
278
# -- Timeout seconds for readinessProbe.
279
timeoutSeconds: 5
280
# -- Failure threshold for readinessProbe.
281
failureThreshold: 3
282
# -- Success threshold for readinessProbe.
283
successThreshold: 1
284
# Pod Disruption Budget configuration for the web deployment
285
pdb:
286
# -- Set to `true` to create a Pod Disruption Budget for the langfuse web pods
287
create: true
288
# -- Minimum number of available pods during disruptions. Cannot be set simultaneously with maxUnavailable.
289
minAvailable: ""
290
# -- Maximum number of unavailable pods during disruptions. Cannot be set simultaneously with minAvailable. Defaults to 1 if neither is set.
291
maxUnavailable: ""
292
# Worker deployment configuration
293
worker:
294
# -- Adding records to /etc/hosts in the worker pod's network.
295
hostAliases: []
296
image:
297
# -- The image repository to use for the langfuse worker pods
298
repository: cgr.dev/chainguard-private/langfuse-worker-fips
299
# -- The tag to use for the langfuse worker pods. Using `langfuse.image.tag` if not set.
300
tag: latest@sha256:e351da5c0930ea685803c11940222117341fa8f6b680e4ebdf9116c8ad6c242e
301
# -- The pull policy to use for the langfuse worker pods. Using `langfuse.image.pullPolicy` if not set.
302
pullPolicy: Null
303
# -- The pull secrets to use for the langfuse worker pods. Using `langfuse.image.pullSecrets` if not set.
304
pullSecrets: Null
305
deployment:
306
# -- Additional labels for the worker deployment
307
additionalLabels: {}
308
# -- Annotations for the worker deployment
309
annotations: {}
310
# -- Deployment strategy for the worker deployment. Overrides the global deployment strategy
311
strategy: {}
312
pod:
313
# -- Annotations for the worker pods
314
annotations: {}
315
# -- Labels for the worker pods
316
labels: {}
317
# -- Node selector for the worker pods. Overrides the global nodeSelector
318
nodeSelector: null
319
# -- Tolerations for the worker pods. Overrides the global tolerations
320
tolerations: null
321
# -- Affinity for the worker pods. Overrides the global affinity
322
affinity: null
323
# -- Topology spread constraints for the worker pods. Overrides the global topologySpreadConstraints
324
topologySpreadConstraints: null
325
# -- Allows additional containers to be added to all langfuse worker pods
326
extraContainers: []
327
# -- List of additional environment variables to be added to all langfuse worker pods. See [documentation](https://langfuse.com/docs/deployment/self-host#configuring-environment-variables) for details.
328
additionalEnv: []
329
# -- Secrets or ConfigMap of additional environment variables to be added to all langfuse worker pods. See [documentation](https://langfuse.com/docs/deployment/self-host#configuring-environment-variables) for details.
330
additionalEnvFrom: []
331
# -- Resources for the langfuse worker pods. Defaults to the global resources
332
resources: {}
333
# -- Number of replicas to use if HPA is not enabled. Defaults to the global replicas
334
replicas: null
335
# -- Number of old ReplicaSets to retain to allow rollback.
336
revisionHistoryLimit: null
337
# KEDA ScaledObject configuration
338
keda:
339
# -- Set to `true` to enable KEDA for the langfuse worker pods
340
# Note: When both KEDA and HPA are enabled, the deployment will fail.
341
enabled: false
342
# -- The minimum number of replicas to use for the langfuse worker pods
343
minReplicas: 1
344
# -- The maximum number of replicas to use for the langfuse worker pods
345
maxReplicas: 2
346
# -- The polling interval in seconds for checking metrics
347
pollingInterval: 30
348
# -- The trigger type for scaling (cpu or memory)
349
triggerType: "cpu"
350
# -- The metric type for scaling (Utilization or AverageValue)
351
metricType: "Utilization"
352
# -- The target utilization percentage for the langfuse worker pods
353
value: "50"
354
# -- Optional container name to target for metrics (leave empty to target all containers)
355
containerName: ""
356
# Horizontal Pod Autoscaler configuration
357
hpa:
358
# -- Set to `true` to enable HPA for the langfuse worker pods
359
# Note: When both KEDA and HPA are enabled, the deployment will fail.
360
enabled: false
361
# -- Annotations for the langfuse worker HPA
362
annotations: {}
363
# -- The minimum number of replicas to use for the langfuse worker pods
364
minReplicas: 1
365
# -- The maximum number of replicas to use for the langfuse worker pods
366
maxReplicas: 2
367
# -- The target CPU utilization percentage for the langfuse worker pods
368
targetCPUUtilizationPercentage: 50
369
# Vertical Pod Autoscaler configuration
370
vpa:
371
# -- Set to `true` to enable VPA for the langfuse worker pods
372
enabled: false
373
# -- The resources to control for the langfuse worker pods
374
controlledResources: []
375
# -- The maximum allowed resources for the langfuse worker pods
376
maxAllowed: {}
377
# -- The minimum allowed resources for the langfuse worker pods
378
minAllowed: {}
379
updatePolicy:
380
# -- The update policy mode for the langfuse worker pods
381
updateMode: Auto
382
# Pod Disruption Budget configuration for the worker deployment
383
pdb:
384
# -- Set to `true` to create a Pod Disruption Budget for the worker deployment
385
create: true
386
# -- Minimum number of available pods during disruptions. Cannot be set simultaneously with maxUnavailable.
387
minAvailable: ""
388
# -- Maximum number of unavailable pods during disruptions. Cannot be set simultaneously with minAvailable. Defaults to 1 if neither is set.
389
maxUnavailable: ""
390
livenessProbe:
391
# -- Initial delay seconds for livenessProbe.
392
initialDelaySeconds: 20
393
# -- Period seconds for livenessProbe.
394
periodSeconds: 10
395
# -- Timeout seconds for livenessProbe.
396
timeoutSeconds: 5
397
# -- Failure threshold for livenessProbe.
398
failureThreshold: 3
399
# -- Success threshold for livenessProbe.
400
successThreshold: 1
401
# NextAuth configuration
402
nextauth:
403
# -- When deploying to production, set the `nextauth.url` value to the canonical URL of your site.
404
url: http://localhost:3000
405
# -- Used to encrypt the NextAuth.js JWT, and to hash email verification tokens. Can be configured by value or existing secret reference.
406
secret:
407
value: ""
408
secretKeyRef:
409
name: ""
410
key: ""
411
# PostgreSQL Configuration
412
postgresql:
413
# -- Enable PostgreSQL deployment (via Bitnami Helm Chart). If you want to use an external Postgres server (or a managed one), set this to false
414
deploy: true
415
# -- PostgreSQL host to connect to. If postgresql.deploy is true, this will be set automatically based on the release name.
416
host: ""
417
# -- Port of the postgres server to use. Defaults to 5432.
418
port: null
419
# -- Additional database connection arguments
420
args: ""
421
# -- If `postgresql.deploy` is set to false, Connection string of your Postgres database used for database migrations. Use this if you want to use a different user for migrations or use connection pooling on DATABASE_URL. For large deployments, configure the database user with long timeouts as migrations might need a while to complete.
422
directUrl: ""
423
# -- If your database user lacks the CREATE DATABASE permission, you must create a shadow database and configure the "SHADOW_DATABASE_URL". This is often the case if you use a Cloud database. Refer to the Prisma docs for detailed instructions.
424
shadowDatabaseUrl: ""
425
image:
426
# -- Overwrite default repository of helm chart to point to non-paid bitnami images.
427
repository: bitnamilegacy/postgresql
428
# image: docker.io/bitnami/postgresql:17.3.0-debian-12-r1
429
# Authentication configuration
430
auth:
431
# -- Username to use to connect to the postgres database deployed with Langfuse. In case `postgresql.deploy` is set to `true`, the user will be created automatically.
432
username: postgres
433
# -- Password to use to connect to the postgres database deployed with Langfuse. In case `postgresql.deploy` is set to `true`, the password will be set automatically.
434
password: ""
435
# -- If you want to use an existing secret for the postgres password, set the name of the secret here. (`postgresql.auth.password` will be ignored and picked up from this secret).
436
existingSecret: ""
437
# -- The keys in the existing secret that contain the passwords. If using the default `postgres` user, both `userPasswordKey` and `adminPasswordKey` must be provided.
438
secretKeys:
439
userPasswordKey: password
440
adminPasswordKey: password
441
# -- Database name to use for Langfuse.
442
database: postgres_langfuse
443
# -- Additional database connection arguments
444
args: ""
445
# Migration configuration
446
migration:
447
# -- Whether to run automatic migrations on startup
448
autoMigrate: true
449
# Subchart specific settings
450
architecture: standalone
451
primary:
452
service:
453
ports:
454
postgresql: 5432
455
# Key-Value Store / Redis Configuration
456
redis:
457
# -- Enable valkey deployment (via Bitnami Helm Chart). If you want to use a Redis or Valkey server already deployed, set to false.
458
deploy: true
459
# -- Redis host to connect to. If redis.deploy is true, this will be set automatically based on the release name.
460
host: ""
461
# -- Redis port to connect to.
462
port: 6379
463
image:
464
# -- Overwrite default repository of helm chart to point to non-paid bitnami images.
465
repository: bitnamilegacy/valkey
466
# image: docker.io/bitnami/valkey:8.0.2-debian-12-r2
467
# Redis TLS configuration
468
tls:
469
# -- Set to `true` to enable TLS/SSL encrypted connection to the Redis server
470
enabled: false
471
# -- Path to the CA certificate file for TLS verification
472
caPath: ""
473
# -- Path to the client certificate file for mutual TLS authentication
474
certPath: ""
475
# -- Path to the client private key file for mutual TLS authentication
476
keyPath: ""
477
# Authentication configuration
478
auth:
479
# -- Username for Redis authentication. Set to null to omit username from connection string entirely.
480
# In case `redis.deploy` is set to `true`, the user will be created automatically.
481
username: "default"
482
# -- Password for Redis authentication. Set to null to disable authentication (for passwordless Redis like AWS ElastiCache without auth).
483
# Use URL-encoded passwords or avoid special characters in the password.
484
password: ""
485
# -- If you want to use an existing secret for the redis password, set the name of the secret here. (`redis.auth.password` will be ignored and picked up from this secret).
486
existingSecret: ""
487
# -- The key in the existing secret that contains the password.
488
existingSecretPasswordKey: ""
489
database: 0
490
# Redis Cluster configuration
491
cluster:
492
# -- Set to `true` to enable Redis Cluster mode. When enabled, you must set `redis.deploy` to `false` and provide cluster nodes.
493
enabled: false
494
# -- List of Redis cluster nodes in the format "host:port". Example: ["redis-1:6379", "redis-2:6379", "redis-3:6379"]
495
nodes: []
496
# Redis Sentinel configuration
497
sentinel:
498
# -- Set to `true` to enable Redis Sentinel mode. Cannot be enabled simultaneously with cluster mode. When enabled, you must set `redis.deploy` to `false`.
499
enabled: false
500
# -- Name of the Redis Sentinel master. Required when `redis.sentinel.enabled` is `true`.
501
masterName: ""
502
# -- Comma-separated list of Redis Sentinel nodes in the format "host:port". Example: "sentinel-1:26379,sentinel-2:26379,sentinel-3:26379". Required when `redis.sentinel.enabled` is `true`.
503
nodes: ""
504
# -- Username for Redis Sentinel authentication (optional).
505
username: ""
506
# -- Password for Redis Sentinel authentication (optional).
507
password: ""
508
# -- If you want to use an existing secret for the sentinel password, set the name of the secret here. (`redis.sentinel.password` will be ignored and picked up from this secret).
509
existingSecret: ""
510
# -- The key in the existing secret that contains the sentinel password.
511
existingSecretPasswordKey: ""
512
# Subchart specific settings
513
architecture: standalone
514
primary:
515
# -- Extra flags for the valkey deployment. Must include `--maxmemory-policy noeviction`.
516
extraFlags:
517
- "--maxmemory-policy noeviction"
518
# ClickHouse Configuration
519
clickhouse:
520
# -- Enable ClickHouse deployment (via Bitnami Helm Chart). If you want to use an external Clickhouse server (or a managed one), set this to false
521
deploy: true
522
# -- ClickHouse host to connect to. If clickhouse.deploy is true, this will be set automatically based on the release name.
523
host: ""
524
# -- ClickHouse HTTP port to connect to.
525
httpPort: 8123
526
# -- ClickHouse native port to connect to.
527
nativePort: 9000
528
# -- ClickHouse database to use.
529
database: default
530
image:
531
# -- Overwrite default repository of helm chart to point to non-paid bitnami images.
532
repository: bitnamilegacy/clickhouse
533
# image: docker.io/bitnami/clickhouse:25.2.1-debian-12-r0
534
zookeeper:
535
image:
536
# -- Overwrite default repository of helm chart to point to non-paid bitnami images.
537
repository: bitnamilegacy/zookeeper
538
# image: docker.io/bitnami/zookeeper:3.9.3-debian-12-r8
539
# Authentication configuration
540
auth:
541
# -- Username for the ClickHouse user.
542
username: default
543
# -- Password for the ClickHouse user.
544
password: ""
545
# -- If you want to use an existing secret for the ClickHouse password, set the name of the secret here. (`clickhouse.auth.password` will be ignored and picked up from this secret).
546
existingSecret: ""
547
# -- The key in the existing secret that contains the password.
548
existingSecretKey: ""
549
# Migration configuration
550
migration:
551
# -- Migration URL (TCP protocol) for clickhouse
552
url: ""
553
# -- Set to true to establish SSL connection for migration
554
ssl: false
555
# -- Whether to run automatic ClickHouse migrations on startup
556
autoMigrate: true
557
# -- Whether to run ClickHouse commands ON CLUSTER. Controls CLICKHOUSE_CLUSTER_ENABLED setting.
558
clusterEnabled: true
559
# -- Subchart specific settings
560
shards: 1 # Fixed - Langfuse does not support sharding
561
# -- Number of replicas to use for the ClickHouse cluster. 1 corresponds to a single, non-HA deployment.
562
replicaCount: 3
563
# -- The resources preset to use for the ClickHouse cluster.
564
resourcesPreset: 2xlarge
565
# S3/MinIO Configuration
566
s3:
567
# -- Enable MinIO deployment (via Bitnami Helm Chart). If you want to use a custom BlobStorage, e.g. S3, set to false.
568
deploy: true
569
# -- Storage provider to use. Options: s3 (default), azure, gcs
570
# -- When set to 'azure', enables Azure Blob Storage native integration
571
# -- When set to 'gcs', enables Google Cloud Storage native integration
572
# -- When set to 's3', uses S3-compatible interface (default behavior)
573
storageProvider: "s3"
574
image:
575
# -- Overwrite default repository of helm chart to point to non-paid bitnami images.
576
repository: bitnamilegacy/minio
577
# image: docker.io/bitnami/minio:2024.12.18-debian-12-r1
578
# -- S3 bucket to use for all uploads. Can be overridden per upload type.
579
bucket: ""
580
# -- S3 region to use for all uploads. Can be overridden per upload type.
581
region: "auto"
582
# -- S3 endpoint to use for all uploads. Can be overridden per upload type.
583
endpoint: ""
584
# -- Whether to force path style on requests. Required for MinIO. Can be overridden per upload type.
585
forcePathStyle: true
586
# -- S3 accessKeyId to use for all uploads. Can be overridden per upload type.
587
accessKeyId:
588
value: ""
589
secretKeyRef:
590
name: ""
591
key: ""
592
# -- S3 secretAccessKey to use for all uploads. Can be overridden per upload type.
593
secretAccessKey:
594
value: ""
595
secretKeyRef:
596
name: ""
597
key: ""
598
# Google Cloud Storage Configuration (only used when storageProvider is 'gcs')
599
gcs:
600
# -- Google Cloud Storage credentials JSON or path to credentials file
601
# -- Can be the JSON content directly or a path to the credentials file
602
# -- If not provided, will fallback to environment credentials (e.g., service account attached to pods)
603
# -- Example: Set value to the JSON service account key content, or use secretKeyRef to reference a secret
604
credentials:
605
value: ""
606
secretKeyRef:
607
name: ""
608
key: ""
609
# S3 Concurrency Configuration
610
concurrency:
611
# -- Maximum number of concurrent read operations to S3. Defaults to 50.
612
reads: 50
613
# -- Maximum number of concurrent write operations to S3. Defaults to 50.
614
writes: 50
615
# Event Upload Configuration
616
eventUpload:
617
# -- S3 bucket to use for event uploads.
618
bucket: ""
619
# -- Prefix to use for event uploads within the bucket.
620
prefix: ""
621
# -- S3 region to use for event uploads.
622
region: ""
623
# -- S3 endpoint to use for event uploads.
624
endpoint: ""
625
# -- Whether to force path style on requests. Required for MinIO.
626
forcePathStyle: Null
627
# -- S3 accessKeyId to use for event uploads.
628
accessKeyId:
629
value: ""
630
secretKeyRef:
631
name: ""
632
key: ""
633
# -- S3 secretAccessKey to use for event uploads.
634
secretAccessKey:
635
value: ""
636
secretKeyRef:
637
name: ""
638
key: ""
639
# Batch Export Configuration
640
batchExport:
641
# -- Enable batch export.
642
enabled: true
643
# -- S3 bucket to use for batch exports.
644
bucket: ""
645
# -- Prefix to use for batch exports within the bucket.
646
prefix: ""
647
# -- S3 region to use for batch exports.
648
region: ""
649
# -- S3 endpoint to use for batch exports.
650
endpoint: ""
651
# -- Whether to force path style on requests. Required for MinIO.
652
forcePathStyle: Null
653
# -- S3 accessKeyId to use for batch exports.
654
accessKeyId:
655
value: ""
656
secretKeyRef:
657
name: ""
658
key: ""
659
# -- S3 secretAccessKey to use for batch exports.
660
secretAccessKey:
661
value: ""
662
secretKeyRef:
663
name: ""
664
key: ""
665
# Media Upload Configuration
666
mediaUpload:
667
# -- Enable media uploads.
668
enabled: true
669
# -- S3 bucket to use for media uploads.
670
bucket: ""
671
# -- Prefix to use for media uploads within the bucket.
672
prefix: ""
673
# -- S3 region to use for media uploads.
674
region: ""
675
# -- S3 endpoint to use for media uploads.
676
endpoint: ""
677
# -- Whether to force path style on requests. Required for MinIO.
678
forcePathStyle: Null
679
# -- S3 accessKeyId to use for media uploads.
680
accessKeyId:
681
value: ""
682
secretKeyRef:
683
name: ""
684
key: ""
685
# -- S3 secretAccessKey to use for media uploads.
686
secretAccessKey:
687
value: ""
688
secretKeyRef:
689
name: ""
690
key: ""
691
# -- Maximum content length for media uploads. Defaults to 1GB.
692
maxContentLength: 1000000000
693
# -- Expiry time for download URLs. Defaults to 1 hour.
694
downloadUrlExpirySeconds: 3600
695
# MinIO subchart specific settings
696
defaultBuckets: langfuse
697
auth:
698
# -- root username
699
rootUser: minio
700
# -- Password for MinIO root user
701
rootPassword: ""
702
# -- If you want to use an existing secret for the root user password, set the name of the secret here. (`s3.auth.rootPassword` will be ignored and picked up from this secret).
703
existingSecret: ""
704
# -- Key where the Minio root user is being stored inside the existing secret `s3.auth.existingSecret`
705
rootUserSecretKey: ""
706
# -- Key where the Minio root user password is being stored inside the existing secret `s3.auth.existingSecret`
707
rootPasswordSecretKey: ""
708
# Additional manifests
709
extraManifests: []
710

The trusted source for open source

Talk to an expert
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsChainguard OS PackagesChainguard ActionsChainguard Agent SkillsIntegrationsPricing
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.