From dca61bd47f6c85c7aed05b7ebda9a799306792aa Mon Sep 17 00:00:00 2001 From: sd109 Date: Mon, 3 Mar 2025 15:22:21 +0000 Subject: [PATCH 1/2] Add separate API service resource This feature useful for cases where RAGFlow is running behind an authenticating proxy because it allows a route to bypass the proxy (e.g. by defining a separate ingress resource which forwards to the separate API-only k8s service added here) to provide RAGFlow API access. This is still secure since API access is already authenticated by API keys inside RAGFlow itself. --- helm/templates/ingress.yaml | 2 +- helm/templates/ragflow.yaml | 22 ++++++++++++++++++++++ helm/values.yaml | 4 ++++ 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/helm/templates/ingress.yaml b/helm/templates/ingress.yaml index 3d7e596e37d..43fbbe97db9 100644 --- a/helm/templates/ingress.yaml +++ b/helm/templates/ingress.yaml @@ -35,7 +35,7 @@ spec: {{- end }} backend: service: - name: {{ include "ragflow.fullname" $ }} + name: {{ .Release.Name }} port: name: http {{- end }} diff --git a/helm/templates/ragflow.yaml b/helm/templates/ragflow.yaml index e992ea5b431..553d1c9bd86 100644 --- a/helm/templates/ragflow.yaml +++ b/helm/templates/ragflow.yaml @@ -31,6 +31,8 @@ spec: ports: - containerPort: 80 name: http + - containerPort: 9380 + name: http-api volumeMounts: - mountPath: /etc/nginx/conf.d/ragflow.conf subPath: ragflow.conf @@ -70,3 +72,23 @@ spec: targetPort: http name: http type: {{ .Values.ragflow.service.type }} +--- +{{- if .Values.ragflow.api.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-api + labels: + {{- include "ragflow.labels" . | nindent 4 }} + app.kubernetes.io/component: ragflow +spec: + selector: + {{- include "ragflow.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: ragflow + ports: + - protocol: TCP + port: 80 + targetPort: http-api + name: http-api + type: {{ .Values.ragflow.api.service.type }} +{{- end }} diff --git a/helm/values.yaml b/helm/values.yaml index 898fdd5dbb0..4aa9a32a0a7 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -69,6 +69,10 @@ ragflow: service: # Use LoadBalancer to expose the web interface externally type: ClusterIP + api: + service: + enabled: true + type: ClusterIP infinity: image: From c7c9398a8016348142657e8c87ea70cfde195c75 Mon Sep 17 00:00:00 2001 From: sd109 Date: Mon, 3 Mar 2025 15:25:54 +0000 Subject: [PATCH 2/2] Add separate Zenith service for RAGFlow API --- helm-azimuth/templates/client.yaml | 11 ----- helm-azimuth/templates/reservation.yaml | 13 ------ helm-azimuth/templates/zenith.yaml | 55 +++++++++++++++++++++++++ helm-azimuth/values.yaml | 4 ++ 4 files changed, 59 insertions(+), 24 deletions(-) delete mode 100644 helm-azimuth/templates/client.yaml delete mode 100644 helm-azimuth/templates/reservation.yaml create mode 100644 helm-azimuth/templates/zenith.yaml diff --git a/helm-azimuth/templates/client.yaml b/helm-azimuth/templates/client.yaml deleted file mode 100644 index ea273781cc9..00000000000 --- a/helm-azimuth/templates/client.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: zenith.stackhpc.com/v1alpha1 -kind: Client -metadata: - name: {{ include "ragflow-azimuth.fullname" . }} - labels: {{ include "ragflow-azimuth.labels" . | nindent 4 }} -spec: - reservationName: {{ include "ragflow-azimuth.fullname" . }} - upstream: - serviceName: {{ .Release.Name }} - auth: - skip: {{ .Values.zenithClient.skipAuth }} diff --git a/helm-azimuth/templates/reservation.yaml b/helm-azimuth/templates/reservation.yaml deleted file mode 100644 index 4c612769fa1..00000000000 --- a/helm-azimuth/templates/reservation.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: zenith.stackhpc.com/v1alpha1 -kind: Reservation -metadata: - name: {{ include "ragflow-azimuth.fullname" . }} - labels: {{ include "ragflow-azimuth.labels" . | nindent 4 }} - annotations: - azimuth.stackhpc.com/service-label: {{ quote .Values.zenithClient.label }} - azimuth.stackhpc.com/service-icon-url: {{ .Values.zenithClient.iconUrl }} - {{- with .Values.zenithClient.description }} - azimuth.stackhpc.com/service-description: {{ quote . }} - {{- end }} -spec: - credentialSecretName: {{ include "ragflow-azimuth.fullname" . }}-credential diff --git a/helm-azimuth/templates/zenith.yaml b/helm-azimuth/templates/zenith.yaml new file mode 100644 index 00000000000..ceeb7ce8f55 --- /dev/null +++ b/helm-azimuth/templates/zenith.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: zenith.stackhpc.com/v1alpha1 +kind: Client +metadata: + name: {{ include "ragflow-azimuth.fullname" . }} + labels: {{ include "ragflow-azimuth.labels" . | nindent 4 }} +spec: + reservationName: {{ include "ragflow-azimuth.fullname" . }} + upstream: + serviceName: {{ .Release.Name }} + auth: + skip: {{ .Values.zenithClient.skipAuth }} +--- +apiVersion: zenith.stackhpc.com/v1alpha1 +kind: Reservation +metadata: + name: {{ include "ragflow-azimuth.fullname" . }} + labels: {{ include "ragflow-azimuth.labels" . | nindent 4 }} + annotations: + azimuth.stackhpc.com/service-label: {{ quote .Values.zenithClient.label }} + azimuth.stackhpc.com/service-icon-url: {{ .Values.zenithClient.iconUrl }} + {{- with .Values.zenithClient.description }} + azimuth.stackhpc.com/service-description: {{ quote . }} + {{- end }} +spec: + credentialSecretName: {{ include "ragflow-azimuth.fullname" . }}-credential +--- +{{- if .Values.ragflow.ragflow.api.service.enabled }} +apiVersion: zenith.stackhpc.com/v1alpha1 +kind: Client +metadata: + name: {{ include "ragflow-azimuth.fullname" . }}-api + labels: {{ include "ragflow-azimuth.labels" . | nindent 4 }} +spec: + reservationName: {{ include "ragflow-azimuth.fullname" . }}-api + upstream: + serviceName: {{ .Release.Name }}-api + auth: + {{/* NOTE(sd109): API is authenticated by RAGFlow API key */}} + skip: true +--- +apiVersion: zenith.stackhpc.com/v1alpha1 +kind: Reservation +metadata: + name: {{ include "ragflow-azimuth.fullname" . }}-api + labels: {{ include "ragflow-azimuth.labels" . | nindent 4 }} + annotations: + azimuth.stackhpc.com/service-label: {{ printf "%s API" .Values.zenithClient.label }} + azimuth.stackhpc.com/service-icon-url: {{ .Values.zenithClient.apiProxyIconUrl }} + {{- with .Values.zenithClient.description }} + azimuth.stackhpc.com/service-description: {{ quote . }} + {{- end }} +spec: + credentialSecretName: {{ include "ragflow-azimuth.fullname" . }}-api-credential +{{- end }} diff --git a/helm-azimuth/values.yaml b/helm-azimuth/values.yaml index a5d790fe1a9..63cf7a0859e 100644 --- a/helm-azimuth/values.yaml +++ b/helm-azimuth/values.yaml @@ -1,6 +1,7 @@ # Zenith client configuration zenithClient: iconUrl: https://raw.githubusercontent.com/infiniflow/ragflow/refs/heads/main/web/public/logo.svg + apiProxyIconUrl: https://raw.githubusercontent.com/infiniflow/ragflow/06e0c7d1a9b25b9c19c518d339f0a2c98b516515/web/src/assets/svg/api.svg description: label: "RAGFlow" skipAuth: false @@ -11,3 +12,6 @@ ragflow: env: RAGFLOW_IMAGE: infiniflow/ragflow:v0.15.1 DOC_ENGINE: infinity + api: + service: + enabled: true