add document for Label Studio

[davidwtf]

Summary by CodeRabbit

• Documentation
  • Clarified that configurations can be modified post-creation via the Update method in the Evidently deployment guide.
  • Improved wording in the Featureform guide for application creation and PostgreSQL/Redis setup steps.
  • Added a comprehensive Label Studio installation and usage guide covering architecture, Kubernetes/Alauda deployment, storage/PostgreSQL/Redis examples, access methods, environment variables, and publishing steps.

[coderabbitai]

Walkthrough

Documentation-only changes: two existing solution guides received minor wording clarifications, and a new comprehensive Label Studio installation and deployment guide was added.

Changes

Cohort / File(s)	Summary
Docs wording updates docs/en/solutions/How_to_Install_and_use_Evidently.md, docs/en/solutions/How_to_Install_and_use_Featureform.md	Minor wording clarifications (clarified that configuration can be modified after creation; rephrased setup instructions). No behavioral or structural changes.
New documentation: Label Studio docs/en/solutions/How_to_install_and_use_Label_Studio.md	Added full Label Studio guide: architecture and core concepts, Kubernetes/Alauda deployment steps, configuration examples (storage, PostgreSQL, Redis, access methods), access guidance, and publishing steps.

Sequence Diagram(s)

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• add document for Evidently #58 — Edits the same Evidently documentation file; closely related wording refinement.
• update featureform docs #50 — Updates the Featureform documentation and publishing steps; likely related to the Featureform wording changes here.

Pre-merge checks (3 passed)

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "add document for Label Studio" directly reflects the main change — adding a Label Studio documentation file — and is concise and relevant, so it clearly conveys the primary intent of the pull request to reviewers.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

Poem

I nibbled through lines with a careful hop,
Tuned a sentence, then planted a doc on top.
Label Studio now sits, neat and bright,
Guides for deploys from morning to night.
🥕 — rabbit-approved, hop on and delight!

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch add/label-studio

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (7)

docs/en/solutions/How_to_Install_and_use_Featureform.md (1)

363-363: Minor phrasing improvement (optional)

“need to be available” reads fine; if you want imperative style across docs, consider “must be available.”

-  PostgreSQL and Redis services need to be available. The following methods can be used to set them up:
+  PostgreSQL and Redis services must be available. The following methods can be used to set them up:

docs/en/solutions/How_to_install_and_use_Label_Studio.md (6)

146-147: Parameterize package version (optional)

Hardcoding label-studio.ALL.v1.20.0-1.tgz may drift. Consider templating or referencing the chart/appVersion to reduce future edits.

-violet push ... label-studio.ALL.v1.20.0-1.tgz
+# Example (replace <VERSION> with the packaged version)
+violet push ... label-studio.ALL.v<VERSION>.tgz

---

215-225: Database auto-creation claim needs nuance

Label Studio migrates tables, but creating the database itself requires proper DB privileges or pre-creation. Reword to avoid implying DB will always be auto-created.

-    dbName: labelstudio                      # Database name, note: database will be created automatically
+    dbName: labelstudio                      # Target database name

Please confirm whether your chart/init container creates the database when absent; if not, add a note to pre-create or ensure the PostgreSQL user has CREATEDB.

---

232-244: Avoid duplicating Redis password in URL and Secret

If password is embedded in host (redis://:pwd@host:port/db) and also provided via Secret, behavior can be ambiguous. Suggest documenting that only one method should be used.

-    host: "redis://your-redis-host:6379/1"    # Redis connection address, format: redis://[:password]@host:port/db
+    host: "redis://your-redis-host:6379/1"    # Redis connection address, format: redis://[:password]@host:port/db
+    # Use either password in URL OR the Secret below, not both.

---

248-259: Default Service type LoadBalancer: add guidance for environments without LB

Many clusters lack an external LB controller. Suggest defaulting to ClusterIP with Ingress, or add a short note to switch to NodePort/Ingress when no LB is available.

-      type: LoadBalancer                     # Can be changed to NodePort or ClusterIP
+      type: LoadBalancer                     # Change to NodePort or ClusterIP if no external LB controller is available

---

294-301: Service name verification

Service name <Application Name>-ls-app looks chart-specific. If the chart enforces a suffix, consider linking or noting the exact naming rule (e.g., <release-name>-ls-app).

-The `Service` name is: `<Application Name>-ls-app`.
+The `Service` name is: `<release-name>-ls-app` (replace with your application/release name).

Please confirm the actual Helm release naming in 3rdparty/chart-label-studio.

---

170-179: Redis “Sentinel then switch to standalone” instruction reads odd

Selecting “Redis Sentinel” and then changing spec.arch to standalone may confuse readers. If this is a UI constraint, add a brief rationale; otherwise, provide a direct path to create standalone without first choosing Sentinel.

-  1. When creating the `Redis` instance, select `Redis Sentinel` for `Architecture`.
+  1. If the UI lacks a standalone option, temporarily select `Redis Sentinel` and then edit YAML.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8324c3c and 923639c.

📒 Files selected for processing (3)

• docs/en/solutions/How_to_Install_and_use_Evidently.md (1 hunks)
• docs/en/solutions/How_to_Install_and_use_Featureform.md (2 hunks)
• docs/en/solutions/How_to_install_and_use_Label_Studio.md (1 hunks)

🔇 Additional comments (3)

docs/en/solutions/How_to_Install_and_use_Evidently.md (1)

219-219: Wording tweak LGTM

Clarifies post-creation editability without altering procedure flow.

docs/en/solutions/How_to_Install_and_use_Featureform.md (1)

231-231: Wording tweak LGTM

Keeps instructions consistent with Evidently doc step 5.

docs/en/solutions/How_to_install_and_use_Label_Studio.md (1)

308-314: Access control wording too broad — soften wording and verify for v1.20.x

The sentence "All users have the same functional permissions and can access all projects" is misleading; permissions and project visibility depend on edition/configuration (signup, RBAC, project membership). Replace with:

-- All users have the same functional permissions and can access all projects
+- In the default open signup mode, any user can register. Project visibility and roles depend on your Label Studio edition/configuration.
+- For production, disable open signup and manage access via invites/links and project membership.

Verify exact behavior for the packaged v1.20.x against the official Label Studio RBAC/docs and align wording.

[coderabbitai]

🛠️ Refactor suggestion

Ingress host vs LABEL_STUDIO_HOST inconsistency

You note host must be a domain, but the example for LABEL_STUDIO_HOST uses an IP with https, which will commonly fail TLS/SNI. Align the examples to a domain.

-      host: localhost                        # Access domain, must be set, cannot fill IP address, only domain name
+      host: label-studio.example.com         # Access domain (DNS name required)
...
-    LABEL_STUDIO_HOST: https://x.x.x.x       # Browser access address, used to set the base address for loading frontend resources
+    LABEL_STUDIO_HOST: https://label-studio.example.com  # Public base URL used by the app

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	label-studio:
	app:
	ingress:
	enabled: true # Enable Ingress functionality
	host: localhost # Access domain, must be set, cannot fill IP address, only domain name
	tls:
	- secretName: certificate-secret # Secret name storing TLS certificate
	global:
	extraEnvironmentVars:
	LABEL_STUDIO_HOST: https://x.x.x.x # Browser access address, used to set the base address for loading frontend resources
	```
	label-studio:
	app:
	ingress:
	enabled: true # Enable Ingress functionality
	host: label-studio.example.com # Access domain (DNS name required)
	tls:
	- secretName: certificate-secret # Secret name storing TLS certificate
	global:
	extraEnvironmentVars:
	LABEL_STUDIO_HOST: https://label-studio.example.com # Public base URL used by the app

🤖 Prompt for AI Agents

In docs/en/solutions/How_to_install_and_use_Label_Studio.md around lines 266 to
276, the ingress host comment requires a domain but the LABEL_STUDIO_HOST
example uses an IP (https://x.x.x.x) which will break TLS/SNI; change the
LABEL_STUDIO_HOST example to a domain-based URL (e.g.
https://label-studio.example.com) and ensure the comment and example
consistently indicate a domain-only host (no raw IP), updating any explanatory
text to match.

[coderabbitai]

🛠️ Refactor suggestion

Environment variable booleans should be strings

Kubernetes env vars are strings; Helm/YAML booleans may render unexpectedly. Quote the value to ensure the container receives "true".

-    LABEL_STUDIO_DISABLE_SIGNUP_WITHOUT_LINK: true
+    LABEL_STUDIO_DISABLE_SIGNUP_WITHOUT_LINK: "true"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	global:
	extraEnvironmentVars:
	LABEL_STUDIO_DISABLE_SIGNUP_WITHOUT_LINK: true
	```
	global:
	extraEnvironmentVars:
	LABEL_STUDIO_DISABLE_SIGNUP_WITHOUT_LINK: "true"

🤖 Prompt for AI Agents

In docs/en/solutions/How_to_install_and_use_Label_Studio.md around lines 285 to
288, the YAML sets LABEL_STUDIO_DISABLE_SIGNUP_WITHOUT_LINK as a bare boolean
which can be interpreted incorrectly by Helm/Kubernetes; change the value to a
quoted string (e.g., "true") so the environment variable is delivered to the
container as the literal string "true".

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (2)

docs/en/solutions/How_to_install_and_use_Label_Studio.md (2)

285-288: Env var boolean must be a string

Kubernetes envs are strings; quote it to avoid Helm/YAML boolean coercion.

 global:
   extraEnvironmentVars:
-    LABEL_STUDIO_DISABLE_SIGNUP_WITHOUT_LINK: true
+    LABEL_STUDIO_DISABLE_SIGNUP_WITHOUT_LINK: "true"

---

266-276: Ingress host still mismatched with LABEL_STUDIO_HOST

Use a real domain for both to avoid TLS/SNI issues and ensure external reachability. This aligns with the earlier review note.

 label-studio:
   app:
     ingress:
       enabled: true                          # Enable Ingress functionality
-      host: localhost                        # Access domain (must be DNS name, not IP address)
+      host: label-studio.example.com         # Access domain (DNS name required; no raw IP)
       tls:
         - secretName: certificate-secret     # Secret name storing TLS certificate
 global:
   extraEnvironmentVars:
-    LABEL_STUDIO_HOST: https://label-studio.example.com       # Web access URL for frontend resource loading
+    LABEL_STUDIO_HOST: https://label-studio.example.com       # Public base URL used by the app

🧹 Nitpick comments (6)

docs/en/solutions/How_to_install_and_use_Label_Studio.md (6)

172-179: Unordered list style and clarity for Redis architecture

• Use dash for unordered lists (markdownlint MD004).
• Clarify that “Standalone” is preferred; only fall back to YAML edit if UI lacks it.

- * Create a `Redis` in `standalone` mode:
-
-  1. When creating the `Redis` instance, select `Redis Sentinel` for `Architecture`.
-
-  2. After setting all parameters, switch to `YAML` mode, change `spec.arch` to `standalone`, then click the `Create` button.
-
-  3. After creation, switch to the `Alauda Container Platform` view and find the `Service` named `rfr-<Redis instance name>-read-write`, which is the access address for this Redis instance.
+ - Create a `Redis` in `standalone` mode:
+   1. Preferred: When creating the `Redis` instance, select `Redis Standalone` for `Architecture` (if available).
+   2. If not available: select `Redis Sentinel`, switch to `YAML` mode, set `spec.arch: standalone`, then click `Create`.
+   3. After creation, in `Alauda Container Platform` find the `Service` `rfr-<Redis instance name>-read-write` for the access address.

---

153-154: Minor wording polish

Remove repetition for clarity.

-Label Studio stores data in a database and requires persistent storage. The cluster needs to have CSI pre-installed or `PersistentVolume` pre-prepared.
+Label Studio stores data in a database and requires persistent storage. Ensure CSI is installed in the cluster or pre-create the required `PersistentVolume`.

---

220-221: Database auto-creation note may be inaccurate

DB creation often requires elevated privileges; some charts require the DB to exist. Reword to avoid over-promising.

-    dbName: labelstudio                      # Database name, note: database will be created automatically
+    dbName: labelstudio                      # Database name; ensure the user can create it, or pre-create the DB if required by your environment/chart

---

235-237: Prefer Secret over embedding passwords in URLs

To avoid leakage via logs/env dumps, recommend Secret-first and keep URL without credentials.

-    password:                                 # Optional, password can be included in host or provided separately via Secret
+    password:                                 # Recommended: provide password via Secret; avoid embedding credentials in the URL

---

238-244: Consider noting rediss:// for TLS

When SSL is enabled, many clients expect rediss:// scheme. Add a tip to reduce config confusion.

     ssl:                                      # Optional
       redisSslCertReqs: "optional"            # SSL certificate requirements: "" means not required, "optional", "required"
       redisSslSecretName: "redis-ssl-secret"  # SSL certificate Secret name
       redisSslCaCertsSecretKey: "ca.crt"      # CA certificate Secret key
       redisSslCertFileSecretKey: "tls.crt"    # Client certificate Secret key
       redisSslKeyFileSecretKey: "tls.key"     # Client private key Secret key
+    # Tip: If SSL is enabled, use the rediss:// scheme in the host, e.g., "rediss://your-redis-host:6379/1".

---

302-305: Ingress access section: add DNS/TLS prerequisites

Small addition to prevent common misconfigurations.

-If Ingress is enabled, please access through the configured LABEL_STUDIO_HOST.
+If Ingress is enabled, access via the configured LABEL_STUDIO_HOST. Ensure the DNS record points to the Ingress controller and the TLS certificate covers this host.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 923639c and 42fda00.

📒 Files selected for processing (1)

• docs/en/solutions/How_to_install_and_use_Label_Studio.md (1 hunks)

🧰 Additional context used

🪛 markdownlint-cli2 (0.17.2)

docs/en/solutions/How_to_install_and_use_Label_Studio.md

172-172: Unordered list style
Expected: dash; Actual: asterisk

(MD004, ul-style)

🔇 Additional comments (3)

docs/en/solutions/How_to_install_and_use_Label_Studio.md (3)

271-273: Verify TLS hosts handling in chart values

If the chart mirrors K8s Ingress spec, tls.hosts is required by many templates. Confirm the chart auto-wires hosts from ingress.host; otherwise add it.

       tls:
-        - secretName: certificate-secret     # Secret name storing TLS certificate
+        - secretName: certificate-secret     # Secret name storing TLS certificate
+          hosts:
+            - label-studio.example.com

---

311-313: User permissions statement likely inaccurate; verify and soften

Label Studio supports roles/project-level permissions. Reword or confirm against official docs.

-- All users have the same functional permissions and can access all projects
+- By default, newly registered users can sign in; project visibility and actions depend on roles/permissions configured by admins/owners.

Would you like me to cross-check the latest role model and update this section accordingly?

---

216-225: Chart values keys: confirm they match 3rdparty/chart-label-studio schema

Keys like global.pgConfig.* must align with the chart. Please verify against the chart’s values.yaml to avoid no-op configs.

[coderabbitai]

🛠️ Refactor suggestion

Service access wording is misleading for LoadBalancer

LoadBalancer is typically accessed via the LB’s external address, not node IP:nodePort. Restrict node IP guidance to NodePort only.

 If the `Service` type is `LoadBalancer` and the load balancer controller in the environment has assigned an access address, please access through that address.
-
-If the `Service` type is `LoadBalancer` or `NodePort`, access is available through `node IP` with its `NodePort`.
+If the `Service` type is `NodePort`, access is available through `node IP` with its `nodePort`.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	If the `Service` type is `LoadBalancer` and the load balancer controller in the environment has assigned an access address, please access through that address.
	If the `Service` type is `LoadBalancer` or `NodePort`, access is available through `node IP` with its `NodePort`.
	If the `Service` type is `LoadBalancer` and the load balancer controller in the environment has assigned an access address, please access through that address.
	If the `Service` type is `NodePort`, access is available through `node IP` with its `nodePort`.

🤖 Prompt for AI Agents

In docs/en/solutions/How_to_install_and_use_Label_Studio.md around lines 298 to
301, the guidance for Service access conflates LoadBalancer and NodePort; update
the wording to state that LoadBalancer should be accessed via the load
balancer’s external/ingress address assigned by the cloud/controller, and
restrict the node IP:nodePort access instruction to only NodePort services,
adjusting the sentences to clearly separate the two cases and remove the
suggestion to use node IP:nodePort for LoadBalancer.