langfuse
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# Langfuse Helm Chart Configuration
2
3
global:
4
security:
5
# -- Allow insecure images to use bitnami legacy repository. Can be set to false if secure images are being used (Paid).
6
allowInsecureImages: true
7
# -- Override the name for the selector labels, defaults to the chart name
8
nameOverride: ""
9
# -- Override the full name of the deployed resources, defaults to a combination of the release name and the name for the selector labels
10
fullnameOverride: ""
11
# Core Langfuse Configuration
12
langfuse:
13
# Logging configuration
14
logging:
15
# -- Set the log level for the application (trace, debug, info, warn, error, fatal)
16
level: info
17
# -- Set the log format for the application (text or json)
18
format: text
19
# -- Used to hash API keys. Can be configured by value or existing secret reference. To generate a new salt, run `openssl rand -base64 32`.
20
salt:
21
value: ""
22
secretKeyRef:
23
name: ""
24
key: ""
25
# -- Langfuse EE license key.
26
licenseKey:
27
value: ""
28
secretKeyRef:
29
name: ""
30
key: ""
31
# -- EE: Langfuse allowed organization creators. See [documentation](https://langfuse.com/self-hosting/organization-creators)
32
allowedOrganizationCreators: []
33
# -- Authentication and SSO settings:
34
# -- If you want to disable username/password login, set auth.disableUsernamePassword to true.
35
# -- Refer to [documentation](https://langfuse.com/self-hosting/authentication-and-sso) for available keys for each provider.
36
# -- For each provider, add it to auth.providers, and add respective configuration options under it.
37
# -- For options, use the last part (after provider name) of the respective environment variable's name, in camelCase.
38
# -- Values can be specified directly as strings, or as secret references using secretKeyRef.
39
# -- For example, to use Azure AD as your SSO provider, use the following lines:
40
# auth:
41
# disableUsernamePassword: true
42
# providers:
43
# azureAd:
44
# clientId: "<YOUR CLIENT ID>"
45
# clientSecret:
46
# secretKeyRef:
47
# name: "my-sso-secret"
48
# key: "azure-client-secret"
49
# tenantId: "<YOUR TENANT ID>"
50
# -- For sensitive fields, it is recommended to use secretKeyRef to avoid storing secrets in values.yaml
51
52
# -- Used to encrypt sensitive data. Must be 256 bits (64 string characters in hex format). Generate via `openssl rand -hex 32`.
53
encryptionKey:
54
value: ""
55
secretKeyRef:
56
name: ""
57
key: ""
58
# Feature flags
59
features:
60
# -- Whether or not to report basic usage statistics to a centralized server.
61
telemetryEnabled: true
62
# -- Disable public sign up
63
signUpDisabled: false
64
# -- Enable experimental features
65
experimentalFeaturesEnabled: false
66
# -- Node.js environment to use for all langfuse deployments
67
nodeEnv: production
68
serviceAccount:
69
# -- Whether to create a service account for all langfuse deployments
70
create: true
71
# -- Annotations for the service account
72
annotations: {}
73
# -- Override the name of the service account to use, discovered automatically if not set
74
name: ""
75
# -- Whether to automount service account token in pods. Set to false to disable automatic mounting of the service account token.
76
automountServiceAccountToken: true
77
smtp:
78
# -- SMTP connection URL. See [documentation](https://langfuse.com/self-hosting/transactional-emails)
79
connectionUrl: ""
80
# -- From address for emails. Required if connectionUrl is set.
81
fromAddress: ""
82
ingress:
83
# -- Set to `true` to enable the ingress resource
84
enabled: false
85
# -- Additional labels for the ingress resource
86
additionalLabels: {}
87
# -- Annotations for the ingress resource
88
annotations: {}
89
# -- The class name for the ingress resource
90
className: ""
91
# -- The hosts for the ingress resource
92
hosts: []
93
# Example:
94
# - host: "langfuse.example.com"
95
# paths:
96
# - path: /
97
# pathType: ImplementationSpecific
98
99
tls:
100
# -- Set to `true` to enable use HTTPS on the ingress
101
enabled: false
102
# -- The name of the secret to use for TLS Key
103
secretName: ""
104
# -- Pod security context for all langfuse deployments
105
podSecurityContext: {}
106
# -- Security context for all langfuse deployments
107
securityContext: {}
108
# -- Node selector for all langfuse deployments
109
nodeSelector: {}
110
# -- Tolerations for all langfuse deployments
111
tolerations: []
112
# -- Affinity for all langfuse deployments
113
affinity: {}
114
# -- DNS configuration for all langfuse deployments
115
dnsConfig: {}
116
pod:
117
# -- Annotations for all langfuse pods
118
annotations: {}
119
# -- Labels for all langfuse pods
120
labels: {}
121
# -- Topology spread constraints for all langfuse pods
122
topologySpreadConstraints: []
123
deployment:
124
# -- Annotations for all langfuse deployments
125
annotations: {}
126
# -- Deployment strategy for all langfuse deployments (can be overridden by individual deployments)
127
strategy: {}
128
# -- Number of replicas to use for all langfuse deployments. Can be overridden by the individual deployments
129
replicas: 1
130
# -- Number of old ReplicaSets to retain to allow rollback. Can be overridden by the individual deployments
131
revisionHistoryLimit: 10
132
# -- Resources for all langfuse deployments. Can be overridden by the individual deployments
133
resources: {}
134
image:
135
# -- The image tag to use for all langfuse deployments. Can be overridden by the individual deployments. Falls back to appVersion if not set.
136
tag: Null
137
# -- The pull policy to use for all langfuse deployments. Can be overridden by the individual deployments.
138
pullPolicy: Always
139
# -- The pull secrets to use for all langfuse deployments. Can be overridden by the individual deployments.
140
pullSecrets: []
141
# -- List of additional environment variables to be added to all langfuse deployments. See [documentation](https://langfuse.com/docs/deployment/self-host#configuring-environment-variables) for details.
142
additionalEnv: []
143
# -- Secrets or ConfigMap of additional environment variables to be added to all langfuse deployments. See [documentation](https://langfuse.com/docs/deployment/self-host#configuring-environment-variables) for details.
144
additionalEnvFrom: []
145
# -- Allows additional containers to be added to all langfuse deployments
146
extraContainers: []
147
# -- Allows additional volumes to be added to all langfuse deployments
148
extraVolumes: []
149
# -- Allows additional init containers to be added to all langfuse deployments
150
extraInitContainers: []
151
# -- Allows additional volume mounts to be added to all langfuse deployments
152
extraVolumeMounts: []
153
# -- Allows additional lifecycle hooks to be added to all langfuse deployments
154
extraLifecycle: {}
155
# Web deployment configuration
156
web:
157
image:
158
# -- The image repository to use for the langfuse web pods.
159
repository: cgr.dev/chainguard-private/langfuse-fips
160
# -- The tag to use for the langfuse web pods. Using `langfuse.image.tag` if not set.
161
tag: latest@sha256:6162bcf4304ea85c2e7ba0366d53235a49db96571cb9296346f3f17d935fcc67
162
# -- The pull policy to use for the langfuse web pods. Using `langfuse.image.pullPolicy` if not set.
163
pullPolicy: Null
164
# -- The pull secrets to use for the langfuse web pods. Using `langfuse.image.pullSecrets` if not set.
165
pullSecrets: Null
166
deployment:
167
# -- Additional labels for the langfuse web deployment
168
additionalLabels: {}
169
# -- Annotations for the web deployment
170
annotations: {}
171
# -- Deployment strategy for the web deployment. Overrides the global deployment strategy
172
strategy: {}
173
pod:
174
# -- Annotations for the web pods
175
annotations: {}
176
# -- Labels for the web pods
177
labels: {}
178
# -- Node selector for the web pods. Overrides the global nodeSelector
179
nodeSelector: null
180
# -- Tolerations for the web pods. Overrides the global tolerations
181
tolerations: null
182
# -- Affinity for the web pods. Overrides the global affinity
183
affinity: null
184
# -- Topology spread constraints for the web pods. Overrides the global topologySpreadConstraints
185
topologySpreadConstraints: null
186
# -- Allows additional containers to be added to all langfuse web pods
187
extraContainers: []
188
# -- List of additional environment variables to be added to all langfuse web pods. See [documentation](https://langfuse.com/docs/deployment/self-host#configuring-environment-variables) for details.
189
additionalEnv: []
190
# -- Secrets or ConfigMap of additional environment variables to be added to all langfuse web pods. See [documentation](https://langfuse.com/docs/deployment/self-host#configuring-environment-variables) for details.
191
additionalEnvFrom: []
192
service:
193
# -- The type of service to use for the langfuse web application
194
type: ClusterIP
195
# -- The port to use for the langfuse web application
196
port: 3000
197
# -- The external port that will be exposed by the service. Falls back to `port` if not set.
198
externalPort: null
199
# -- The node port to use for the langfuse web application
200
nodePort: null
201
# -- Additional labels for the langfuse web application service
202
additionalLabels: {}
203
# -- Annotations for the langfuse web application service
204
annotations: {}
205
# -- Resources for the langfuse web pods. Defaults to the global resources
206
resources: {}
207
# -- Number of replicas to use if HPA is not enabled. Defaults to the global replicas
208
replicas: null
209
# -- Number of old ReplicaSets to retain to allow rollback.
210
revisionHistoryLimit: null
211
# KEDA ScaledObject configuration
212
keda:
213
# -- Set to `true` to enable KEDA for the langfuse web pods
214
# Note: When both KEDA and HPA are enabled, the deployment will fail.
215
enabled: false
216
# -- The minimum number of replicas to use for the langfuse web pods
217
minReplicas: 1
218
# -- The maximum number of replicas to use for the langfuse web pods
219
maxReplicas: 2
220
# -- The polling interval in seconds for checking metrics
221
pollingInterval: 30
222
# -- The trigger type for scaling (cpu or memory)
223
triggerType: "cpu"
224
# -- The metric type for scaling (Utilization or AverageValue)
225
metricType: "Utilization"
226
# -- The target utilization percentage for the langfuse web pods
227
value: "50"
228
# -- Optional container name to target for metrics (leave empty to target all containers)
229
containerName: ""
230
# Horizontal Pod Autoscaler configuration
231
hpa:
232
# -- Set to `true` to enable HPA for the langfuse web pods
233
# Note: When both KEDA and HPA are enabled, the deployment will fail.
234
enabled: false
235
# -- Annotations for the langfuse web HPA
236
annotations: {}
237
# -- The minimum number of replicas to use for the langfuse web pods
238
minReplicas: 1
239
# -- The maximum number of replicas to use for the langfuse web pods
240
maxReplicas: 2
241
# -- The target CPU utilization percentage for the langfuse web pods
242
targetCPUUtilizationPercentage: 50
243
# Vertical Pod Autoscaler configuration
244
vpa:
245
# -- Set to `true` to enable VPA for the langfuse web pods
246
enabled: false
247
# -- The resources to control for the langfuse web pods
248
controlledResources: []
249
# -- The maximum allowed resources for the langfuse web pods
250
maxAllowed: {}
251
# -- The minimum allowed resources for the langfuse web pods
252
minAllowed: {}
253
updatePolicy:
254
# -- The update policy mode for the langfuse web pods
255
updateMode: Auto
256
# -- Adding records to /etc/hosts in the pod's network.
257
hostAliases: []
258
livenessProbe:
259
# -- Path to check for liveness.
260
path: "/api/public/health"
261
# -- Initial delay seconds for livenessProbe.
262
initialDelaySeconds: 20
263
# -- Period seconds for livenessProbe.
264
periodSeconds: 10
265
# -- Timeout seconds for livenessProbe.
266
timeoutSeconds: 5
267
# -- Failure threshold for livenessProbe.
268
failureThreshold: 3
269
# -- Success threshold for livenessProbe.
270
successThreshold: 1
271
readinessProbe:
272
# -- Path to check for readiness.
273
path: "/api/public/ready"
274
# -- Initial delay seconds for readinessProbe.
275
initialDelaySeconds: 20
276
# -- Period seconds for readinessProbe.
277
periodSeconds: 10
278
# -- Timeout seconds for readinessProbe.
279
timeoutSeconds: 5
280
# -- Failure threshold for readinessProbe.
281
failureThreshold: 3
282
# -- Success threshold for readinessProbe.
283
successThreshold: 1
284
# Pod Disruption Budget configuration for the web deployment
285
pdb:
286
# -- Set to `true` to create a Pod Disruption Budget for the langfuse web pods
287
create: true
288
# -- Minimum number of available pods during disruptions. Cannot be set simultaneously with maxUnavailable.
289
minAvailable: ""
290
# -- Maximum number of unavailable pods during disruptions. Cannot be set simultaneously with minAvailable. Defaults to 1 if neither is set.
291
maxUnavailable: ""
292
# Worker deployment configuration
293
worker:
294
image:
295
# -- The image repository to use for the langfuse worker pods
296
repository: cgr.dev/chainguard-private/langfuse-worker-fips
297
# -- The tag to use for the langfuse worker pods. Using `langfuse.image.tag` if not set.
298
tag: latest@sha256:aab13cae9d898c0986c9c4de8fa09d8a9ccfdf33ec079f04633c7d9c865d60d1
299
# -- The pull policy to use for the langfuse worker pods. Using `langfuse.image.pullPolicy` if not set.
300
pullPolicy: Null
301
# -- The pull secrets to use for the langfuse worker pods. Using `langfuse.image.pullSecrets` if not set.
302
pullSecrets: Null
303
deployment:
304
# -- Additional labels for the worker deployment
305
additionalLabels: {}
306
# -- Annotations for the worker deployment
307
annotations: {}
308
# -- Deployment strategy for the worker deployment. Overrides the global deployment strategy
309
strategy: {}
310
pod:
311
# -- Annotations for the worker pods
312
annotations: {}
313
# -- Labels for the worker pods
314
labels: {}
315
# -- Node selector for the worker pods. Overrides the global nodeSelector
316
nodeSelector: null
317
# -- Tolerations for the worker pods. Overrides the global tolerations
318
tolerations: null
319
# -- Affinity for the worker pods. Overrides the global affinity
320
affinity: null
321
# -- Topology spread constraints for the worker pods. Overrides the global topologySpreadConstraints
322
topologySpreadConstraints: null
323
# -- Allows additional containers to be added to all langfuse worker pods
324
extraContainers: []
325
# -- List of additional environment variables to be added to all langfuse worker pods. See [documentation](https://langfuse.com/docs/deployment/self-host#configuring-environment-variables) for details.
326
additionalEnv: []
327
# -- Secrets or ConfigMap of additional environment variables to be added to all langfuse worker pods. See [documentation](https://langfuse.com/docs/deployment/self-host#configuring-environment-variables) for details.
328
additionalEnvFrom: []
329
# -- Resources for the langfuse worker pods. Defaults to the global resources
330
resources: {}
331
# -- Number of replicas to use if HPA is not enabled. Defaults to the global replicas
332
replicas: null
333
# -- Number of old ReplicaSets to retain to allow rollback.
334
revisionHistoryLimit: null
335
# KEDA ScaledObject configuration
336
keda:
337
# -- Set to `true` to enable KEDA for the langfuse worker pods
338
# Note: When both KEDA and HPA are enabled, the deployment will fail.
339
enabled: false
340
# -- The minimum number of replicas to use for the langfuse worker pods
341
minReplicas: 1
342
# -- The maximum number of replicas to use for the langfuse worker pods
343
maxReplicas: 2
344
# -- The polling interval in seconds for checking metrics
345
pollingInterval: 30
346
# -- The trigger type for scaling (cpu or memory)
347
triggerType: "cpu"
348
# -- The metric type for scaling (Utilization or AverageValue)
349
metricType: "Utilization"
350
# -- The target utilization percentage for the langfuse worker pods
351
value: "50"
352
# -- Optional container name to target for metrics (leave empty to target all containers)
353
containerName: ""
354
# Horizontal Pod Autoscaler configuration
355
hpa:
356
# -- Set to `true` to enable HPA for the langfuse worker pods
357
# Note: When both KEDA and HPA are enabled, the deployment will fail.
358
enabled: false
359
# -- Annotations for the langfuse worker HPA
360
annotations: {}
361
# -- The minimum number of replicas to use for the langfuse worker pods
362
minReplicas: 1
363
# -- The maximum number of replicas to use for the langfuse worker pods
364
maxReplicas: 2
365
# -- The target CPU utilization percentage for the langfuse worker pods
366
targetCPUUtilizationPercentage: 50
367
# Vertical Pod Autoscaler configuration
368
vpa:
369
# -- Set to `true` to enable VPA for the langfuse worker pods
370
enabled: false
371
# -- The resources to control for the langfuse worker pods
372
controlledResources: []
373
# -- The maximum allowed resources for the langfuse worker pods
374
maxAllowed: {}
375
# -- The minimum allowed resources for the langfuse worker pods
376
minAllowed: {}
377
updatePolicy:
378
# -- The update policy mode for the langfuse worker pods
379
updateMode: Auto
380
# Pod Disruption Budget configuration for the worker deployment
381
pdb:
382
# -- Set to `true` to create a Pod Disruption Budget for the worker deployment
383
create: true
384
# -- Minimum number of available pods during disruptions. Cannot be set simultaneously with maxUnavailable.
385
minAvailable: ""
386
# -- Maximum number of unavailable pods during disruptions. Cannot be set simultaneously with minAvailable. Defaults to 1 if neither is set.
387
maxUnavailable: ""
388
livenessProbe:
389
# -- Initial delay seconds for livenessProbe.
390
initialDelaySeconds: 20
391
# -- Period seconds for livenessProbe.
392
periodSeconds: 10
393
# -- Timeout seconds for livenessProbe.
394
timeoutSeconds: 5
395
# -- Failure threshold for livenessProbe.
396
failureThreshold: 3
397
# -- Success threshold for livenessProbe.
398
successThreshold: 1
399
# NextAuth configuration
400
nextauth:
401
# -- When deploying to production, set the `nextauth.url` value to the canonical URL of your site.
402
url: http://localhost:3000
403
# -- Used to encrypt the NextAuth.js JWT, and to hash email verification tokens. Can be configured by value or existing secret reference.
404
secret:
405
value: ""
406
secretKeyRef:
407
name: ""
408
key: ""
409
# PostgreSQL Configuration
410
postgresql:
411
# -- Enable PostgreSQL deployment (via Bitnami Helm Chart). If you want to use an external Postgres server (or a managed one), set this to false
412
deploy: true
413
# -- PostgreSQL host to connect to. If postgresql.deploy is true, this will be set automatically based on the release name.
414
host: ""
415
# -- Port of the postgres server to use. Defaults to 5432.
416
port: null
417
# -- Additional database connection arguments
418
args: ""
419
# -- If `postgresql.deploy` is set to false, Connection string of your Postgres database used for database migrations. Use this if you want to use a different user for migrations or use connection pooling on DATABASE_URL. For large deployments, configure the database user with long timeouts as migrations might need a while to complete.
420
directUrl: ""
421
# -- If your database user lacks the CREATE DATABASE permission, you must create a shadow database and configure the "SHADOW_DATABASE_URL". This is often the case if you use a Cloud database. Refer to the Prisma docs for detailed instructions.
422
shadowDatabaseUrl: ""
423
image:
424
# -- Overwrite default repository of helm chart to point to non-paid bitnami images.
425
repository: bitnamilegacy/postgresql
426
# image: docker.io/bitnami/postgresql:17.3.0-debian-12-r1
427
# Authentication configuration
428
auth:
429
# -- Username to use to connect to the postgres database deployed with Langfuse. In case `postgresql.deploy` is set to `true`, the user will be created automatically.
430
username: postgres
431
# -- Password to use to connect to the postgres database deployed with Langfuse. In case `postgresql.deploy` is set to `true`, the password will be set automatically.
432
password: ""
433
# -- If you want to use an existing secret for the postgres password, set the name of the secret here. (`postgresql.auth.password` will be ignored and picked up from this secret).
434
existingSecret: ""
435
# -- The keys in the existing secret that contain the passwords. If using the default `postgres` user, both `userPasswordKey` and `adminPasswordKey` must be provided.
436
secretKeys:
437
userPasswordKey: password
438
adminPasswordKey: password
439
# -- Database name to use for Langfuse.
440
database: postgres_langfuse
441
# -- Additional database connection arguments
442
args: ""
443
# Migration configuration
444
migration:
445
# -- Whether to run automatic migrations on startup
446
autoMigrate: true
447
# Subchart specific settings
448
architecture: standalone
449
primary:
450
service:
451
ports:
452
postgresql: 5432
453
# Key-Value Store / Redis Configuration
454
redis:
455
# -- Enable valkey deployment (via Bitnami Helm Chart). If you want to use a Redis or Valkey server already deployed, set to false.
456
deploy: true
457
# -- Redis host to connect to. If redis.deploy is true, this will be set automatically based on the release name.
458
host: ""
459
# -- Redis port to connect to.
460
port: 6379
461
image:
462
# -- Overwrite default repository of helm chart to point to non-paid bitnami images.
463
repository: bitnamilegacy/valkey
464
# image: docker.io/bitnami/valkey:8.0.2-debian-12-r2
465
# Redis TLS configuration
466
tls:
467
# -- Set to `true` to enable TLS/SSL encrypted connection to the Redis server
468
enabled: false
469
# -- Path to the CA certificate file for TLS verification
470
caPath: ""
471
# -- Path to the client certificate file for mutual TLS authentication
472
certPath: ""
473
# -- Path to the client private key file for mutual TLS authentication
474
keyPath: ""
475
# Authentication configuration
476
auth:
477
# -- Username for Redis authentication. Set to null to omit username from connection string entirely.
478
# In case `redis.deploy` is set to `true`, the user will be created automatically.
479
username: "default"
480
# -- Password for Redis authentication. Set to null to disable authentication (for passwordless Redis like AWS ElastiCache without auth).
481
# Use URL-encoded passwords or avoid special characters in the password.
482
password: ""
483
# -- If you want to use an existing secret for the redis password, set the name of the secret here. (`redis.auth.password` will be ignored and picked up from this secret).
484
existingSecret: ""
485
# -- The key in the existing secret that contains the password.
486
existingSecretPasswordKey: ""
487
database: 0
488
# Redis Cluster configuration
489
cluster:
490
# -- Set to `true` to enable Redis Cluster mode. When enabled, you must set `redis.deploy` to `false` and provide cluster nodes.
491
enabled: false
492
# -- List of Redis cluster nodes in the format "host:port". Example: ["redis-1:6379", "redis-2:6379", "redis-3:6379"]
493
nodes: []
494
# Redis Sentinel configuration
495
sentinel:
496
# -- Set to `true` to enable Redis Sentinel mode. Cannot be enabled simultaneously with cluster mode. When enabled, you must set `redis.deploy` to `false`.
497
enabled: false
498
# -- Name of the Redis Sentinel master. Required when `redis.sentinel.enabled` is `true`.
499
masterName: ""
500
# -- Comma-separated list of Redis Sentinel nodes in the format "host:port". Example: "sentinel-1:26379,sentinel-2:26379,sentinel-3:26379". Required when `redis.sentinel.enabled` is `true`.
501
nodes: ""
502
# -- Username for Redis Sentinel authentication (optional).
503
username: ""
504
# -- Password for Redis Sentinel authentication (optional).
505
password: ""
506
# -- If you want to use an existing secret for the sentinel password, set the name of the secret here. (`redis.sentinel.password` will be ignored and picked up from this secret).
507
existingSecret: ""
508
# -- The key in the existing secret that contains the sentinel password.
509
existingSecretPasswordKey: ""
510
# Subchart specific settings
511
architecture: standalone
512
primary:
513
# -- Extra flags for the valkey deployment. Must include `--maxmemory-policy noeviction`.
514
extraFlags:
515
- "--maxmemory-policy noeviction"
516
# ClickHouse Configuration
517
clickhouse:
518
# -- Enable ClickHouse deployment (via Bitnami Helm Chart). If you want to use an external Clickhouse server (or a managed one), set this to false
519
deploy: true
520
# -- ClickHouse host to connect to. If clickhouse.deploy is true, this will be set automatically based on the release name.
521
host: ""
522
# -- ClickHouse HTTP port to connect to.
523
httpPort: 8123
524
# -- ClickHouse native port to connect to.
525
nativePort: 9000
526
# -- ClickHouse database to use.
527
database: default
528
image:
529
# -- Overwrite default repository of helm chart to point to non-paid bitnami images.
530
repository: bitnamilegacy/clickhouse
531
# image: docker.io/bitnami/clickhouse:25.2.1-debian-12-r0
532
zookeeper:
533
image:
534
# -- Overwrite default repository of helm chart to point to non-paid bitnami images.
535
repository: bitnamilegacy/zookeeper
536
# image: docker.io/bitnami/zookeeper:3.9.3-debian-12-r8
537
# Authentication configuration
538
auth:
539
# -- Username for the ClickHouse user.
540
username: default
541
# -- Password for the ClickHouse user.
542
password: ""
543
# -- If you want to use an existing secret for the ClickHouse password, set the name of the secret here. (`clickhouse.auth.password` will be ignored and picked up from this secret).
544
existingSecret: ""
545
# -- The key in the existing secret that contains the password.
546
existingSecretKey: ""
547
# Migration configuration
548
migration:
549
# -- Migration URL (TCP protocol) for clickhouse
550
url: ""
551
# -- Set to true to establish SSL connection for migration
552
ssl: false
553
# -- Whether to run automatic ClickHouse migrations on startup
554
autoMigrate: true
555
# -- Whether to run ClickHouse commands ON CLUSTER. Controls CLICKHOUSE_CLUSTER_ENABLED setting.
556
clusterEnabled: true
557
# -- Subchart specific settings
558
shards: 1 # Fixed - Langfuse does not support sharding
559
# -- Number of replicas to use for the ClickHouse cluster. 1 corresponds to a single, non-HA deployment.
560
replicaCount: 3
561
# -- The resources preset to use for the ClickHouse cluster.
562
resourcesPreset: 2xlarge
563
# S3/MinIO Configuration
564
s3:
565
# -- Enable MinIO deployment (via Bitnami Helm Chart). If you want to use a custom BlobStorage, e.g. S3, set to false.
566
deploy: true
567
# -- Storage provider to use. Options: s3 (default), azure, gcs
568
# -- When set to 'azure', enables Azure Blob Storage native integration
569
# -- When set to 'gcs', enables Google Cloud Storage native integration
570
# -- When set to 's3', uses S3-compatible interface (default behavior)
571
storageProvider: "s3"
572
image:
573
# -- Overwrite default repository of helm chart to point to non-paid bitnami images.
574
repository: bitnamilegacy/minio
575
# image: docker.io/bitnami/minio:2024.12.18-debian-12-r1
576
# -- S3 bucket to use for all uploads. Can be overridden per upload type.
577
bucket: ""
578
# -- S3 region to use for all uploads. Can be overridden per upload type.
579
region: "auto"
580
# -- S3 endpoint to use for all uploads. Can be overridden per upload type.
581
endpoint: ""
582
# -- Whether to force path style on requests. Required for MinIO. Can be overridden per upload type.
583
forcePathStyle: true
584
# -- S3 accessKeyId to use for all uploads. Can be overridden per upload type.
585
accessKeyId:
586
value: ""
587
secretKeyRef:
588
name: ""
589
key: ""
590
# -- S3 secretAccessKey to use for all uploads. Can be overridden per upload type.
591
secretAccessKey:
592
value: ""
593
secretKeyRef:
594
name: ""
595
key: ""
596
# Google Cloud Storage Configuration (only used when storageProvider is 'gcs')
597
gcs:
598
# -- Google Cloud Storage credentials JSON or path to credentials file
599
# -- Can be the JSON content directly or a path to the credentials file
600
# -- If not provided, will fallback to environment credentials (e.g., service account attached to pods)
601
# -- Example: Set value to the JSON service account key content, or use secretKeyRef to reference a secret
602
credentials:
603
value: ""
604
secretKeyRef:
605
name: ""
606
key: ""
607
# S3 Concurrency Configuration
608
concurrency:
609
# -- Maximum number of concurrent read operations to S3. Defaults to 50.
610
reads: 50
611
# -- Maximum number of concurrent write operations to S3. Defaults to 50.
612
writes: 50
613
# Event Upload Configuration
614
eventUpload:
615
# -- S3 bucket to use for event uploads.
616
bucket: ""
617
# -- Prefix to use for event uploads within the bucket.
618
prefix: ""
619
# -- S3 region to use for event uploads.
620
region: ""
621
# -- S3 endpoint to use for event uploads.
622
endpoint: ""
623
# -- Whether to force path style on requests. Required for MinIO.
624
forcePathStyle: Null
625
# -- S3 accessKeyId to use for event uploads.
626
accessKeyId:
627
value: ""
628
secretKeyRef:
629
name: ""
630
key: ""
631
# -- S3 secretAccessKey to use for event uploads.
632
secretAccessKey:
633
value: ""
634
secretKeyRef:
635
name: ""
636
key: ""
637
# Batch Export Configuration
638
batchExport:
639
# -- Enable batch export.
640
enabled: true
641
# -- S3 bucket to use for batch exports.
642
bucket: ""
643
# -- Prefix to use for batch exports within the bucket.
644
prefix: ""
645
# -- S3 region to use for batch exports.
646
region: ""
647
# -- S3 endpoint to use for batch exports.
648
endpoint: ""
649
# -- Whether to force path style on requests. Required for MinIO.
650
forcePathStyle: Null
651
# -- S3 accessKeyId to use for batch exports.
652
accessKeyId:
653
value: ""
654
secretKeyRef:
655
name: ""
656
key: ""
657
# -- S3 secretAccessKey to use for batch exports.
658
secretAccessKey:
659
value: ""
660
secretKeyRef:
661
name: ""
662
key: ""
663
# Media Upload Configuration
664
mediaUpload:
665
# -- Enable media uploads.
666
enabled: true
667
# -- S3 bucket to use for media uploads.
668
bucket: ""
669
# -- Prefix to use for media uploads within the bucket.
670
prefix: ""
671
# -- S3 region to use for media uploads.
672
region: ""
673
# -- S3 endpoint to use for media uploads.
674
endpoint: ""
675
# -- Whether to force path style on requests. Required for MinIO.
676
forcePathStyle: Null
677
# -- S3 accessKeyId to use for media uploads.
678
accessKeyId:
679
value: ""
680
secretKeyRef:
681
name: ""
682
key: ""
683
# -- S3 secretAccessKey to use for media uploads.
684
secretAccessKey:
685
value: ""
686
secretKeyRef:
687
name: ""
688
key: ""
689
# -- Maximum content length for media uploads. Defaults to 1GB.
690
maxContentLength: 1000000000
691
# -- Expiry time for download URLs. Defaults to 1 hour.
692
downloadUrlExpirySeconds: 3600
693
# MinIO subchart specific settings
694
defaultBuckets: langfuse
695
auth:
696
# -- root username
697
rootUser: minio
698
# -- Password for MinIO root user
699
rootPassword: ""
700
# -- If you want to use an existing secret for the root user password, set the name of the secret here. (`s3.auth.rootPassword` will be ignored and picked up from this secret).
701
existingSecret: ""
702
# -- Key where the Minio root user is being stored inside the existing secret `s3.auth.existingSecret`
703
rootUserSecretKey: ""
704
# -- Key where the Minio root user password is being stored inside the existing secret `s3.auth.existingSecret`
705
rootPasswordSecretKey: ""
706
# Additional manifests
707
extraManifests: []
708
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.