Skip to main content

pharia-ai

Version: 0.50.1

PhariaAI Helm Chart

This document provides an overview of the chart dependencies and configurable Helm chart values for PhariaAI. It covers global configurations, detailed dependency settings, image pull credentials, PostgreSQL settings, and resource management options, offering a comprehensive guide for deploying and customizing PhariaAI.

Requirements

RepositoryNameVersion
oci://alephalpha.jfrog.io/helm/assistantpharia-assistant0.5.282
oci://alephalpha.jfrog.io/helm/assistantpharia-assistant-api0.13.12
oci://alephalpha.jfrog.io/helmdocument-index0.25.4
oci://alephalpha.jfrog.io/helmdocument-index-ui0.3.4
oci://alephalpha.jfrog.io/helminference-api0.11.5
oci://alephalpha.jfrog.io/helminference-worker0.7.30
oci://alephalpha.jfrog.io/helmpharia-data-api0.23.5
oci://alephalpha.jfrog.io/helmpharia-finetuning0.5.10
oci://alephalpha.jfrog.io/helmpharia-iam0.13.117
oci://alephalpha.jfrog.io/helmpharia-kernel0.2.24
oci://alephalpha.jfrog.io/helm/pharia-studiopharia-studio-api0.16.12
oci://alephalpha.jfrog.io/helm/pharia-studiopharia-studio-ui0.14.23
oci://alephalpha.jfrog.io/helmpharia-transcribe0.1.8
oci://alephalpha.jfrog.io/helmpharia-translate0.3.6
oci://alephalpha.jfrog.io/helm/phariaosphariaos-manager0.17.0
oci://alephalpha.jfrog.io/helm/phariaosphariaos-ui0.14.0

Values

Global

KeyTypeDefaultDescription
global.imagePullOpaqueSecretNamestring"aleph-alpha-oci-registry-opaque"Default PhariaAI Secret name as an Opaque secret. Override name for existing image pull secret if required
global.imagePullSecretNamestring"aleph-alpha-oci-registry"Default PhariaAI Secret name to pull images from Aleph Alpha artifactory. Override name for existing image pull secret if required
global.inference.enabledbooltrueActivate deployment of Pharia AA inference stack (inference-api, inference-worker)
global.inferenceApiServicesSecretRefstring"inference-api-services"Secret to be used to authenticate inference api services. See inferenceApiServices for more info.
global.ingressobject{"additionalAnnotations":{},"ingressClassName":"nginx","ingressDomain":"pharia-ai.local"}Global config for all ingress resources
global.ingress.ingressClassNamestring"nginx"The ingressClassName globally defined for all ingress resources ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#the-ingress-resource Override possible on sub-chart level: .ingress.ingressClassName overrides global.ingress.ingressClassName
global.ingress.ingressDomainstring"pharia-ai.local"Domain for external access / ingress to services via . Override possible on sub-chart level: .ingress.ingressDomain overrides global.ingress.ingressDomain
global.permissionModelobject{"AssistantUser":[{"permission":"ExecuteTextJobs"},{"permission":"KernelAccess"},{"model":null,"permission":"ModelAccess"},{"namespace":"Assistant","permission":"AccessNamespace"},{"permission":"AccessDataPlatform"},{"permission":"AccessAssistant"},{"permission":"OsReadUsecase"}],"Client":[{"permission":"ExecuteJobs"},{"model":null,"permission":"AccessModel"}],"EtlServiceUser":[{"namespace":"Studio","permission":"AccessNamespace"},{"namespace":"Assistant","permission":"AccessNamespace"},{"permission":"AccessDataPlatform"}],"InferenceServiceUser":[{"permission":"ExecuteJobs"},{"permission":"ExecuteTextJobs"},{"permission":"CreateSteeringConcepts"},{"permission":"ReadSteeringConcepts"},{"permission":"DeleteSteeringConcepts"},{"model":null,"permission":"AccessModel"}],"OsUser":[{"permission":"OsReadUsecase"},{"permission":"OsWriteUsecase"},{"permission":"OsReadHardware"},{"permission":"OsReadModels"},{"permission":"KernelAccess"}],"StudioUser":[{"permission":"ExecuteJobs"},{"permission":"KernelAccess"},{"model":null,"permission":"AccessModel"},{"namespace":"Studio","permission":"AccessNamespace"},{"permission":"AccessDataPlatform"},{"permission":"AccessStudio"},{"permission":"AccessFinetuning"},{"permission":"OsReadUsecase"},{"permission":"OsWriteUsecase"}],"UseCaseServiceUser":[{"permission":"ExecuteJobs"},{"model":null,"permission":"AccessModel"},{"namespace":"Studio","permission":"AccessNamespace"},{"namespace":"Assistant","permission":"AccessNamespace"},{"permission":"KernelAccess"}]}Permission model (Roles to Permissions) used in the PhariaAI stack
global.permissionSchemaConfigMapNamestring"pharia-ai-permissions"Default PhariaAI Config Map for setting permission model
global.phariaAIConfigMapstring"pharia-ai-config"Default PhariaAI ConfigMap for setting environment variables
global.phariaAiEditionstring"1"Default PhariaAI edition <-- Will be dropped soon once we have coordinated with all customers
global.phariaAiFeatureSetstring"1"Default PhariaAI feature set

General

KeyTypeDefaultDescription
imagePullCredentials.passwordstring""Password to login into artifactory registry
imagePullCredentials.registrystring"alephalpha.jfrog.io"Aleph Alpha artifactory registry
imagePullCredentials.usernamestring""Username to login into artifactory registry

Sub charts

pharia-assistant

KeyTypeDefaultDescription
pharia-assistant-api.databaseConfig.externalobject{"databaseName":"","existingSecret":"","host":"","password":"","port":"","user":""}Provide an existing database if you want to use an external database
pharia-assistant-api.databaseConfig.external.databaseNamestring""The name of the database
pharia-assistant-api.databaseConfig.external.existingSecretstring""Set this value if a k8s Secret with PostgreSQL values already exists. Make sure that the all the keys exists in the secret with a valid value.
pharia-assistant-api.databaseConfig.external.hoststring""The host of the database
pharia-assistant-api.databaseConfig.external.passwordstring""The password of the database
pharia-assistant-api.databaseConfig.external.portstring""The port of the database
pharia-assistant-api.databaseConfig.external.userstring""The user of the database
pharia-assistant-api.databaseConfig.secretKeys.databaseNameKeystring"databaseName"The key in the secret that contains the database name
pharia-assistant-api.databaseConfig.secretKeys.hostKeystring"host"The key in the secret that contains the host of the database
pharia-assistant-api.databaseConfig.secretKeys.passwordKeystring"password"The key in the secret that contains the password of the database
pharia-assistant-api.databaseConfig.secretKeys.portKeystring"port"The key in the secret that contains the port of the database
pharia-assistant-api.databaseConfig.secretKeys.userKeystring"user"The key in the secret that contains the user of the database
pharia-assistant-api.enabledbooltrueSet this to true to install the pharia-assistant-api subchart as a dependency
pharia-assistant-api.env.APPLICATION_NAMEstring"Assistant"The name of the application to be displayed in the top bar
pharia-assistant-api.faviconobject{"png":"","svg":"PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGhlaWdodD0iNzgiIHdpZHRoPSI3OCIgdmlld0JveD0iMjQgMjQgMTAyIDEwMiI+CiAgPHN0eWxlPgogICAgQG1lZGlhIChwcmVmZXJzLWNvbG9yLXNjaGVtZTpkYXJrKXtwYXRoe2ZpbGw6I2ZmZn19CiAgPC9zdHlsZT4KICA8cGF0aCBkPSJtMzQuNjcgMTA2LjQzLTUuNTUtMTMuNTVBMTkuMTQgMTkuMTQgMCAwIDAgMjkgNTcuNDJsNS40Ny0xMy41OWEzMy43OCAzMy43OCAwIDAgMSAuMiA2Mi42Wm0yMi45MyAxNy4xMi04LjY4LTExLjhhNDUuMjggNDUuMjggMCAwIDAgOC42MS04LjI3TDY5IDExMi42MmE1OS44MiA1OS44MiAwIDAgMS0xMS40IDEwLjkzWiIvPgogIDxwYXRoIGQ9Ik04Mi4yMyA3NS4xN2E2MC4zNyA2MC4zNyAwIDAgMC0yNC42NC00OC4zOWwtOC42OCAxMS44MWE0NS42MyA0NS42MyAwIDAgMSAxOC42OCAzNi41OCA2MC4yOCA2MC4yOCAwIDAgMCAyNC40OCA0OC4zOGw4LjY4LTExLjhhNDUuNiA0NS42IDAgMCAxLTE4LjUyLTM2LjU4Wm05Ljg1LTI4LjIzLTExLjQ3LTkuMTJhNjAuMTQgNjAuMTQgMCAwIDEgMTEuOTQtMTEuMzdsOC41NiAxMS44OGE0NS41IDQ1LjUgMCAwIDAtOS4wMyA4LjYxWk0xMTUgMTA2LjUyYTM0LjMyIDM0LjMyIDAgMCAxLS4yOS02Mi41Mmw2LjEgMTMuMzJhMTkuNjggMTkuNjggMCAwIDAgLjE5IDM1LjgzWiIvPgo8L3N2Zz4K"}The favicon used in the assistant can be customized by providing the contents of a logo.svg or logo.png file as a base64 encoded string. This can be created by executing cat favicon.svg | base64 in a terminal. The svg value takes precedence over the png value
pharia-assistant-api.favicon.pngstring""The base64 encoded favicon.png
pharia-assistant-api.favicon.svgstring"PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGhlaWdodD0iNzgiIHdpZHRoPSI3OCIgdmlld0JveD0iMjQgMjQgMTAyIDEwMiI+CiAgPHN0eWxlPgogICAgQG1lZGlhIChwcmVmZXJzLWNvbG9yLXNjaGVtZTpkYXJrKXtwYXRoe2ZpbGw6I2ZmZn19CiAgPC9zdHlsZT4KICA8cGF0aCBkPSJtMzQuNjcgMTA2LjQzLTUuNTUtMTMuNTVBMTkuMTQgMTkuMTQgMCAwIDAgMjkgNTcuNDJsNS40Ny0xMy41OWEzMy43OCAzMy43OCAwIDAgMSAuMiA2Mi42Wm0yMi45MyAxNy4xMi04LjY4LTExLjhhNDUuMjggNDUuMjggMCAwIDAgOC42MS04LjI3TDY5IDExMi42MmE1OS44MiA1OS44MiAwIDAgMS0xMS40IDEwLjkzWiIvPgogIDxwYXRoIGQ9Ik04Mi4yMyA3NS4xN2E2MC4zNyA2MC4zNyAwIDAgMC0yNC42NC00OC4zOWwtOC42OCAxMS44MWE0NS42MyA0NS42MyAwIDAgMSAxOC42OCAzNi41OCA2MC4yOCA2MC4yOCAwIDAgMCAyNC40OCA0OC4zOGw4LjY4LTExLjhhNDUuNiA0NS42IDAgMCAxLTE4LjUyLTM2LjU4Wm05Ljg1LTI4LjIzLTExLjQ3LTkuMTJhNjAuMTQgNjAuMTQgMCAwIDEgMTEuOTQtMTEuMzdsOC41NiAxMS44OGE0NS41IDQ1LjUgMCAwIDAtOS4wMyA4LjYxWk0xMTUgMTA2LjUyYTM0LjMyIDM0LjMyIDAgMCAxLS4yOS02Mi41Mmw2LjEgMTMuMzJhMTkuNjggMTkuNjggMCAwIDAgLjE5IDM1LjgzWiIvPgo8L3N2Zz4K"The base64 encoded favicon.svg
pharia-assistant-api.featureFlagsobject{"enableHomepage":true,"enableQa":true,"enableSummarize":true,"enableTranslate":true}Feature flags for pharia-assistant-api
pharia-assistant-api.featureFlags.enableHomepagebooltrueEnable homepage
pharia-assistant-api.featureFlags.enableQabooltrueEnable QA feature
pharia-assistant-api.featureFlags.enableSummarizebooltrueEnable summarize feature
pharia-assistant-api.featureFlags.enableTranslatebooltrueEnable translate feature
pharia-assistant-api.fullnameOverridestring"pharia-assistant-api"Override for the full name of pharia-assistant-api
pharia-assistant-api.logoobject{"png":"","svg":"PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGhlaWdodD0iNzgiIHdpZHRoPSI3OCIgdmlld0JveD0iMjQgMjQgMTAyIDEwMiI+CiAgPHBhdGggZD0ibTM0LjY3IDEwNi40My01LjU1LTEzLjU1QTE5LjE0IDE5LjE0IDAgMCAwIDI5IDU3LjQybDUuNDctMTMuNTlhMzMuNzggMzMuNzggMCAwIDEgLjIgNjIuNlptMjIuOTMgMTcuMTItOC42OC0xMS44YTQ1LjI4IDQ1LjI4IDAgMCAwIDguNjEtOC4yN0w2OSAxMTIuNjJhNTkuODIgNTkuODIgMCAwIDEtMTEuNCAxMC45M1oiIC8+CiAgPHBhdGggZD0iTTgyLjIzIDc1LjE3YTYwLjM3IDYwLjM3IDAgMCAwLTI0LjY0LTQ4LjM5bC04LjY4IDExLjgxYTQ1LjYzIDQ1LjYzIDAgMCAxIDE4LjY4IDM2LjU4IDYwLjI4IDYwLjI4IDAgMCAwIDI0LjQ4IDQ4LjM4bDguNjgtMTEuOGE0NS42IDQ1LjYgMCAwIDEtMTguNTItMzYuNThabTkuODUtMjguMjMtMTEuNDctOS4xMmE2MC4xNCA2MC4xNCAwIDAgMSAxMS45NC0xMS4zN2w4LjU2IDExLjg4YTQ1LjUgNDUuNSAwIDAgMC05LjAzIDguNjFaTTExNSAxMDYuNTJhMzQuMzIgMzQuMzIgMCAwIDEtLjI5LTYyLjUybDYuMSAxMy4zMmExOS42OCAxOS42OCAwIDAgMCAuMTkgMzUuODNaIiAvPgo8L3N2Zz4K"}The logo used in the assistant can be customized by providing the contents of a logo.svg or logo.png file as a base64 encoded string. This can be created by executing cat logo.svg | base64 in a terminal. The svg value takes precedence over the png value
pharia-assistant-api.logo.pngstring""The base64 encoded logo.png
pharia-assistant-api.logo.svgstring"PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGhlaWdodD0iNzgiIHdpZHRoPSI3OCIgdmlld0JveD0iMjQgMjQgMTAyIDEwMiI+CiAgPHBhdGggZD0ibTM0LjY3IDEwNi40My01LjU1LTEzLjU1QTE5LjE0IDE5LjE0IDAgMCAwIDI5IDU3LjQybDUuNDctMTMuNTlhMzMuNzggMzMuNzggMCAwIDEgLjIgNjIuNlptMjIuOTMgMTcuMTItOC42OC0xMS44YTQ1LjI4IDQ1LjI4IDAgMCAwIDguNjEtOC4yN0w2OSAxMTIuNjJhNTkuODIgNTkuODIgMCAwIDEtMTEuNCAxMC45M1oiIC8+CiAgPHBhdGggZD0iTTgyLjIzIDc1LjE3YTYwLjM3IDYwLjM3IDAgMCAwLTI0LjY0LTQ4LjM5bC04LjY4IDExLjgxYTQ1LjYzIDQ1LjYzIDAgMCAxIDE4LjY4IDM2LjU4IDYwLjI4IDYwLjI4IDAgMCAwIDI0LjQ4IDQ4LjM4bDguNjgtMTEuOGE0NS42IDQ1LjYgMCAwIDEtMTguNTItMzYuNThabTkuODUtMjguMjMtMTEuNDctOS4xMmE2MC4xNCA2MC4xNCAwIDAgMSAxMS45NC0xMS4zN2w4LjU2IDExLjg4YTQ1LjUgNDUuNSAwIDAgMC05LjAzIDguNjFaTTExNSAxMDYuNTJhMzQuMzIgMzQuMzIgMCAwIDEtLjI5LTYyLjUybDYuMSAxMy4zMmExOS42OCAxOS42OCAwIDAgMCAuMTkgMzUuODNaIiAvPgo8L3N2Zz4K"The base64 encoded logo.svg
pharia-assistant-api.postgresql.auth.passwordstring""If internal PostgreSQL is used a dedicated password has to be provided for setup of application authentication
pharia-assistant-api.postgresql.enabledbooltrueThis is used to indicate whether the internal PostgreSQL should be used or not.
pharia-assistant-api.redis.auth.existingSecretstring""
pharia-assistant-api.redis.auth.passwordstring""Either password or existingSecret has to be set if redis.enabled = true
pharia-assistant-api.redis.enabledbooltrueIndicate whether the internal Redis should be used.
pharia-assistant-api.redisConfig.externalobject{"existingSecret":"","host":"my-redis","password":"redispassword","port":"6379"}Note: If not using any Redis at all, please leave the default values untouched for now.
pharia-assistant-api.resources.limits.cpustring"1000m"
pharia-assistant-api.resources.limits.memorystring"8Gi"
pharia-assistant-api.resources.requests.cpustring"500m"
pharia-assistant-api.resources.requests.memorystring"8Gi"
pharia-assistant-api.secretobject{"serviceUserToken":""}Allows to populate the secret identified by 'pharia-assistant-api.serviceUserSecret' through this helm-chart. The secret must contain the field apiToken. See 'pharia-assistant-api.serviceUserSecret' for more information.
pharia-assistant-api.serviceUserSecretstring"pharia-iam-service-user-pharia-assistant-api"The name of a secret containing the service user token used by the pharia-assistant-api for sending requests to the inference. This allows to connect the pharia-assistant-api to an externally running inference. The secret must contain the field apiToken. It can either be pre-existing or the chart creates it for you with the value defined in 'pharia-assistant-api.secret'.
pharia-assistant-api.worker.enabledboolfalseRequires a running Redis instance.
enabledbooltrueSet this to true to install the pharia-assistant subchart as a dependency
fullnameOverridestring"pharia-assistant"Override for the full name of pharia-assistant
ingress.annotationsobject{}Annotations for the ingress-resource. This can be used to add ingress controller specific annotations.
ingress.enabledbooltrueEnabled ingress creation
ingress.hostnamestring"assistant"Hostname for the ingress (without domain). The domain is read from global.ingress.ingressDomain. This needs to be changed, if multiple instances are deployed to the same cluster using the same domain.
ingress.tls.enabledbooltrueEnable TLS configuration for this Ingress
ingress.tls.secretNamestring"pharia-assistant-tls"The name of the secret containing the TLS certificate. See also: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
resources.limits.cpustring"500m"
resources.limits.memorystring"256Mi"
resources.requests.cpustring"100m"
resources.requests.memorystring"256Mi"

pharia-assistant-api

KeyTypeDefaultDescription
databaseConfig.externalobject{"databaseName":"","existingSecret":"","host":"","password":"","port":"","user":""}Provide an existing database if you want to use an external database
databaseConfig.external.databaseNamestring""The name of the database
databaseConfig.external.existingSecretstring""Set this value if a k8s Secret with PostgreSQL values already exists. Make sure that the all the keys exists in the secret with a valid value.
databaseConfig.external.hoststring""The host of the database
databaseConfig.external.passwordstring""The password of the database
databaseConfig.external.portstring""The port of the database
databaseConfig.external.userstring""The user of the database
databaseConfig.secretKeys.databaseNameKeystring"databaseName"The key in the secret that contains the database name
databaseConfig.secretKeys.hostKeystring"host"The key in the secret that contains the host of the database
databaseConfig.secretKeys.passwordKeystring"password"The key in the secret that contains the password of the database
databaseConfig.secretKeys.portKeystring"port"The key in the secret that contains the port of the database
databaseConfig.secretKeys.userKeystring"user"The key in the secret that contains the user of the database
enabledbooltrueSet this to true to install the pharia-assistant-api subchart as a dependency
env.APPLICATION_NAMEstring"Assistant"The name of the application to be displayed in the top bar
faviconobject{"png":"","svg":"PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGhlaWdodD0iNzgiIHdpZHRoPSI3OCIgdmlld0JveD0iMjQgMjQgMTAyIDEwMiI+CiAgPHN0eWxlPgogICAgQG1lZGlhIChwcmVmZXJzLWNvbG9yLXNjaGVtZTpkYXJrKXtwYXRoe2ZpbGw6I2ZmZn19CiAgPC9zdHlsZT4KICA8cGF0aCBkPSJtMzQuNjcgMTA2LjQzLTUuNTUtMTMuNTVBMTkuMTQgMTkuMTQgMCAwIDAgMjkgNTcuNDJsNS40Ny0xMy41OWEzMy43OCAzMy43OCAwIDAgMSAuMiA2Mi42Wm0yMi45MyAxNy4xMi04LjY4LTExLjhhNDUuMjggNDUuMjggMCAwIDAgOC42MS04LjI3TDY5IDExMi42MmE1OS44MiA1OS44MiAwIDAgMS0xMS40IDEwLjkzWiIvPgogIDxwYXRoIGQ9Ik04Mi4yMyA3NS4xN2E2MC4zNyA2MC4zNyAwIDAgMC0yNC42NC00OC4zOWwtOC42OCAxMS44MWE0NS42MyA0NS42MyAwIDAgMSAxOC42OCAzNi41OCA2MC4yOCA2MC4yOCAwIDAgMCAyNC40OCA0OC4zOGw4LjY4LTExLjhhNDUuNiA0NS42IDAgMCAxLTE4LjUyLTM2LjU4Wm05Ljg1LTI4LjIzLTExLjQ3LTkuMTJhNjAuMTQgNjAuMTQgMCAwIDEgMTEuOTQtMTEuMzdsOC41NiAxMS44OGE0NS41IDQ1LjUgMCAwIDAtOS4wMyA4LjYxWk0xMTUgMTA2LjUyYTM0LjMyIDM0LjMyIDAgMCAxLS4yOS02Mi41Mmw2LjEgMTMuMzJhMTkuNjggMTkuNjggMCAwIDAgLjE5IDM1LjgzWiIvPgo8L3N2Zz4K"}The favicon used in the assistant can be customized by providing the contents of a logo.svg or logo.png file as a base64 encoded string. This can be created by executing cat favicon.svg | base64 in a terminal. The svg value takes precedence over the png value
favicon.pngstring""The base64 encoded favicon.png
favicon.svgstring"PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGhlaWdodD0iNzgiIHdpZHRoPSI3OCIgdmlld0JveD0iMjQgMjQgMTAyIDEwMiI+CiAgPHN0eWxlPgogICAgQG1lZGlhIChwcmVmZXJzLWNvbG9yLXNjaGVtZTpkYXJrKXtwYXRoe2ZpbGw6I2ZmZn19CiAgPC9zdHlsZT4KICA8cGF0aCBkPSJtMzQuNjcgMTA2LjQzLTUuNTUtMTMuNTVBMTkuMTQgMTkuMTQgMCAwIDAgMjkgNTcuNDJsNS40Ny0xMy41OWEzMy43OCAzMy43OCAwIDAgMSAuMiA2Mi42Wm0yMi45MyAxNy4xMi04LjY4LTExLjhhNDUuMjggNDUuMjggMCAwIDAgOC42MS04LjI3TDY5IDExMi42MmE1OS44MiA1OS44MiAwIDAgMS0xMS40IDEwLjkzWiIvPgogIDxwYXRoIGQ9Ik04Mi4yMyA3NS4xN2E2MC4zNyA2MC4zNyAwIDAgMC0yNC42NC00OC4zOWwtOC42OCAxMS44MWE0NS42MyA0NS42MyAwIDAgMSAxOC42OCAzNi41OCA2MC4yOCA2MC4yOCAwIDAgMCAyNC40OCA0OC4zOGw4LjY4LTExLjhhNDUuNiA0NS42IDAgMCAxLTE4LjUyLTM2LjU4Wm05Ljg1LTI4LjIzLTExLjQ3LTkuMTJhNjAuMTQgNjAuMTQgMCAwIDEgMTEuOTQtMTEuMzdsOC41NiAxMS44OGE0NS41IDQ1LjUgMCAwIDAtOS4wMyA4LjYxWk0xMTUgMTA2LjUyYTM0LjMyIDM0LjMyIDAgMCAxLS4yOS02Mi41Mmw2LjEgMTMuMzJhMTkuNjggMTkuNjggMCAwIDAgLjE5IDM1LjgzWiIvPgo8L3N2Zz4K"The base64 encoded favicon.svg
featureFlagsobject{"enableHomepage":true,"enableQa":true,"enableSummarize":true,"enableTranslate":true}Feature flags for pharia-assistant-api
featureFlags.enableHomepagebooltrueEnable homepage
featureFlags.enableQabooltrueEnable QA feature
featureFlags.enableSummarizebooltrueEnable summarize feature
featureFlags.enableTranslatebooltrueEnable translate feature
fullnameOverridestring"pharia-assistant-api"Override for the full name of pharia-assistant-api
logoobject{"png":"","svg":"PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGhlaWdodD0iNzgiIHdpZHRoPSI3OCIgdmlld0JveD0iMjQgMjQgMTAyIDEwMiI+CiAgPHBhdGggZD0ibTM0LjY3IDEwNi40My01LjU1LTEzLjU1QTE5LjE0IDE5LjE0IDAgMCAwIDI5IDU3LjQybDUuNDctMTMuNTlhMzMuNzggMzMuNzggMCAwIDEgLjIgNjIuNlptMjIuOTMgMTcuMTItOC42OC0xMS44YTQ1LjI4IDQ1LjI4IDAgMCAwIDguNjEtOC4yN0w2OSAxMTIuNjJhNTkuODIgNTkuODIgMCAwIDEtMTEuNCAxMC45M1oiIC8+CiAgPHBhdGggZD0iTTgyLjIzIDc1LjE3YTYwLjM3IDYwLjM3IDAgMCAwLTI0LjY0LTQ4LjM5bC04LjY4IDExLjgxYTQ1LjYzIDQ1LjYzIDAgMCAxIDE4LjY4IDM2LjU4IDYwLjI4IDYwLjI4IDAgMCAwIDI0LjQ4IDQ4LjM4bDguNjgtMTEuOGE0NS42IDQ1LjYgMCAwIDEtMTguNTItMzYuNThabTkuODUtMjguMjMtMTEuNDctOS4xMmE2MC4xNCA2MC4xNCAwIDAgMSAxMS45NC0xMS4zN2w4LjU2IDExLjg4YTQ1LjUgNDUuNSAwIDAgMC05LjAzIDguNjFaTTExNSAxMDYuNTJhMzQuMzIgMzQuMzIgMCAwIDEtLjI5LTYyLjUybDYuMSAxMy4zMmExOS42OCAxOS42OCAwIDAgMCAuMTkgMzUuODNaIiAvPgo8L3N2Zz4K"}The logo used in the assistant can be customized by providing the contents of a logo.svg or logo.png file as a base64 encoded string. This can be created by executing cat logo.svg | base64 in a terminal. The svg value takes precedence over the png value
logo.pngstring""The base64 encoded logo.png
logo.svgstring"PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGhlaWdodD0iNzgiIHdpZHRoPSI3OCIgdmlld0JveD0iMjQgMjQgMTAyIDEwMiI+CiAgPHBhdGggZD0ibTM0LjY3IDEwNi40My01LjU1LTEzLjU1QTE5LjE0IDE5LjE0IDAgMCAwIDI5IDU3LjQybDUuNDctMTMuNTlhMzMuNzggMzMuNzggMCAwIDEgLjIgNjIuNlptMjIuOTMgMTcuMTItOC42OC0xMS44YTQ1LjI4IDQ1LjI4IDAgMCAwIDguNjEtOC4yN0w2OSAxMTIuNjJhNTkuODIgNTkuODIgMCAwIDEtMTEuNCAxMC45M1oiIC8+CiAgPHBhdGggZD0iTTgyLjIzIDc1LjE3YTYwLjM3IDYwLjM3IDAgMCAwLTI0LjY0LTQ4LjM5bC04LjY4IDExLjgxYTQ1LjYzIDQ1LjYzIDAgMCAxIDE4LjY4IDM2LjU4IDYwLjI4IDYwLjI4IDAgMCAwIDI0LjQ4IDQ4LjM4bDguNjgtMTEuOGE0NS42IDQ1LjYgMCAwIDEtMTguNTItMzYuNThabTkuODUtMjguMjMtMTEuNDctOS4xMmE2MC4xNCA2MC4xNCAwIDAgMSAxMS45NC0xMS4zN2w4LjU2IDExLjg4YTQ1LjUgNDUuNSAwIDAgMC05LjAzIDguNjFaTTExNSAxMDYuNTJhMzQuMzIgMzQuMzIgMCAwIDEtLjI5LTYyLjUybDYuMSAxMy4zMmExOS42OCAxOS42OCAwIDAgMCAuMTkgMzUuODNaIiAvPgo8L3N2Zz4K"The base64 encoded logo.svg
postgresql.auth.passwordstring""If internal PostgreSQL is used a dedicated password has to be provided for setup of application authentication
postgresql.enabledbooltrueThis is used to indicate whether the internal PostgreSQL should be used or not.
redis.auth.existingSecretstring""
redis.auth.passwordstring""Either password or existingSecret has to be set if redis.enabled = true
redis.enabledbooltrueIndicate whether the internal Redis should be used.
redisConfig.externalobject{"existingSecret":"","host":"my-redis","password":"redispassword","port":"6379"}Note: If not using any Redis at all, please leave the default values untouched for now.
resources.limits.cpustring"1000m"
resources.limits.memorystring"8Gi"
resources.requests.cpustring"500m"
resources.requests.memorystring"8Gi"
secretobject{"serviceUserToken":""}Allows to populate the secret identified by 'pharia-assistant-api.serviceUserSecret' through this helm-chart. The secret must contain the field apiToken. See 'pharia-assistant-api.serviceUserSecret' for more information.
serviceUserSecretstring"pharia-iam-service-user-pharia-assistant-api"The name of a secret containing the service user token used by the pharia-assistant-api for sending requests to the inference. This allows to connect the pharia-assistant-api to an externally running inference. The secret must contain the field apiToken. It can either be pre-existing or the chart creates it for you with the value defined in 'pharia-assistant-api.secret'.
worker.enabledboolfalseRequires a running Redis instance.

document-index

KeyTypeDefaultDescription
document-index-ui.enabledbooltrue
document-index-ui.ingress.annotationsobject{}Annotations for the ingress-resource. This can be used to add ingress controller specific annotations.
document-index-ui.ingress.enabledbooltrueEnable ingress creation
document-index-ui.ingress.hostnamestring"document-index-ui"Hostname for the ingress (without domain). The domain is read from global.ingress.ingressDomain. This needs to be changed, if multiple instances are deployed to the same cluster using the same domain.
document-index-ui.ingress.tls.enabledbooltrueEnable TLS configuration for this Ingress
document-index-ui.ingress.tls.secretNamestring"document-index-ui-tls"The name of the secret containing the TLS certificate. See also: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
document-index-ui.resources.limits.cpustring"100m"
document-index-ui.resources.limits.memorystring"1Gi"
document-index-ui.resources.requests.cpustring"50m"
document-index-ui.resources.requests.memorystring"128Mi"
enabledbooltrueSet this to true to install the document-index subchart as a dependency
fullnameOverridestring"document-index"
ingress.enabledbooltrueEnabled ingress creation
ingress.tls.enabledbooltrueEnable TLS configuration for this Ingress
postgresql.auth.passwordstring""If internal PostgreSQL is used a dedicated password has to be provided for setup of application authentication
postgresql.enabledbooltrueThis is used to indicate whether the internal PostgreSQL should be used or not.
secretobject{"serviceUserToken":""}Allows to populate the secret identified by 'document-index.serviceUserSecret' through this helm-chart. The secret must contain the field apiToken. See 'document-index.serviceUserSecret' for more information.
serviceUserSecretstring"pharia-iam-service-user-document-index"The name of a secret containing the service user token used by the document-index for sending embedding requests to the inference. This allows to connect the document-index to an externally running inference. The secret must contain the field token. It can either be pre-existing or the chart creates it for you with the value defined in 'document-index.secret.serviceUserToken'. This can be left undefined if the document-index is connected to the internal inference (deployed through this helm-chart). In that case use this auto-generated secret.
sparse-embedding-service.defaultLanguagestring"english"The language to default to if language detection fails.
sparse-embedding-service.languageDetectorsstring"english,german"The language detectors to load. Set this to the languages you want to support. Supported values: "arabic,basque,catalan,danish,dutch,english,finnish,french,german, greek,hungarian,indonesian,italian,norwegian,portuguese,romanian,russian,spanish, swedish,turkish"

document-index-ui

KeyTypeDefaultDescription
enabledbooltrue
ingress.annotationsobject{}Annotations for the ingress-resource. This can be used to add ingress controller specific annotations.
ingress.enabledbooltrueEnable ingress creation
ingress.hostnamestring"document-index-ui"Hostname for the ingress (without domain). The domain is read from global.ingress.ingressDomain. This needs to be changed, if multiple instances are deployed to the same cluster using the same domain.
ingress.tls.enabledbooltrueEnable TLS configuration for this Ingress
ingress.tls.secretNamestring"document-index-ui-tls"The name of the secret containing the TLS certificate. See also: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
resources.limits.cpustring"100m"
resources.limits.memorystring"1Gi"
resources.requests.cpustring"50m"
resources.requests.memorystring"128Mi"

inference-api

KeyTypeDefaultDescription
admin.emailstring"tools@aleph-alpha.com"Email of the admin user to create on startup
admin.emailKeystring"email"The email key in the secret
admin.existingSecretstring""Existing secret to use instead of email/password.
admin.passwordstring""Initial password of the admin user. If no existing external secret is provided via admin.existingSecret, a password value has to be applied during installation
admin.passwordKeystring"password"The password key in the secret
databaseConfig.defaultSecretstring"inference-api-postgresql-secret"Default secret name is used to create a secret if external.existingSecret is not provided.
databaseConfig.externalobject{"databaseName":"","existingSecret":"","host":"","password":"","port":"","user":""}Provide an existing database if you want to use an external database
databaseConfig.external.databaseNamestring""The name of the database
databaseConfig.external.existingSecretstring""Set this value if a k8s Secret with PostgreSQL values already exists. Make sure that the all the keys exists in the secret with a valid value.
databaseConfig.external.hoststring""The host of the database
databaseConfig.external.passwordstring""The password of the database
databaseConfig.external.portstring""The port of the database
databaseConfig.external.userstring""The user of the database
databaseConfig.secretKeys.databaseNameKeystring"databaseName"The key in the secret that contains the database name
databaseConfig.secretKeys.hostKeystring"host"The key in the secret that contains the host of the database
databaseConfig.secretKeys.passwordKeystring"password"The key in the secret that contains the password of the database
databaseConfig.secretKeys.portKeystring"port"The key in the secret that contains the port of the database
databaseConfig.secretKeys.userKeystring"user"The key in the secret that contains the user of the database
enableOIDCbooltrueUse OIDC in addition to built-in tokens
enableUnauthenticatedAccessboolfalseSet this to true to disable all token validation in the inference api
fullnameOverridestring"pharia-ai-inference-api"
inferenceApiServices.existingSecretstring""Name of an existing inferenceApiServices secret. If you want to provide your own secret, set this to the name of your secret. Keep in mind to set global.inferenceApiServicesSecretRef to the same name if an existing secret is used. The secret is expected to have a key-value-pair with key secret.
inferenceApiServices.secretstring""Manually added services secret If no existing external secret is provided via inferenceApiServices.existingSecret, a secret value has to be applied during installation
ingress.annotationsobject{}Annotations for the ingress-resource. This can be used to add ingress controller specific annotations.
ingress.enabledbooltrueEnabled ingress creation
ingress.hostnamestring"inference-api"Hostname for the ingress (without domain). The domain is read from global.ingress.ingressDomain. This needs to be changed, if multiple instances are deployed to the same cluster using the same domain.
ingress.tls.enabledbooltrueEnable TLS configuration for this Ingress
ingress.tls.secretNamestring"inference-api-tls"The name of the secret containing the TLS certificate. See also: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
jwt.existingSecretstring""Name of an existing jwt secret to use The secret is expected to have a key-value-pair with key secret.
jwt.secretstring""Manually added jwt secret If no existing external secret is provided via jwt.existingSecret, a secret value has to be applied during installation
modelsobject{"llama-3.1-8b-instruct":{"adapter_name":null,"aligned":true,"bias_name":null,"chat_template":{"bos_token":"<|begin_of_text|>","eos_token":"<|end_of_text|>","template":"{% set loop_messages = messages %}{% for message in loop_messages %}{% set content = '<|start_header_id|>' + message['role'] + '<|end_header_id|>\n\n'+ message['content'] | trim + '<|eot_id|>' %}{% if loop.index0 == 0 %}{% set content = bos_token + content %}{% endif %}{{ content }}{% endfor %}{{ '<|start_header_id|>assistant<|end_header_id|>\n\n' }}"},"checkpoint":"llama-3.1-8b-instruct","completion_type":"full","description":"🦙 Llama 3.1 8B instruct version. The maximum number of completion tokens is limited to 8192 tokens.","embedding_type":"raw","experimental":false,"maximum_completion_tokens":8192,"multimodal_enabled":false,"prompt_template":"<|begin_of_text|>{% for message in messages %}<|start_header_id|>{{message.role}}<|end_header_id|>\n\n{% promptrange instruction %}{{message.content}}{% endpromptrange %}<|eot_id|>{% endfor %}<|start_header_id|>assistant<|end_header_id|>\n\n{% if response_prefix %}{{response_prefix}}{% endif %}","softprompt_name":null,"worker_type":"luminous"},"luminous-base":{"adapter_name":null,"aligned":false,"bias_name":null,"chat_template":null,"checkpoint":"luminous-base","completion_type":"full","description":"Multilingual model trained on English, German, French, Spanish and Italian","embedding_type":"semantic","experimental":false,"maximum_completion_tokens":8192,"multimodal_enabled":true,"prompt_template":"{% promptrange instruction %}{{instruction}}{% endpromptrange %}\n{% if input %}\n{% promptrange input %}{{input}}{% endpromptrange %}\n{% endif %}","semantic_embedding_enabled":true,"softprompt_name":null,"worker_type":"luminous"}}Provides model information to the inference-api. This does not mean that a worker is actually serving this model. The other way around is also not true: A worker serving this model currently does not mean it is visible to the user of the api, it also needs to be registered here. Overriding this value merges the values with the ones already given. If you want to overwrite all models use inference-api.modelsOverride.
modelsOverrideobject{}See inference-api.models.
postgresql.auth.passwordstring""If internal PostgreSQL is used a dedicated password has to be provided for setup of application authentication
postgresql.enabledbooltrueThis is used to indicate whether the internal PostgreSQL should be used or not.
resources.limits.cpustring"1"
resources.limits.memorystring"8Gi"
resources.requests.cpustring"1"
resources.requests.memorystring"1Gi"

inference-worker

KeyTypeDefaultDescription
checkpoints[0].generator.pipeline_parallel_sizeint1
checkpoints[0].generator.tensor_parallel_sizeint1
checkpoints[0].generator.tokenizer_pathstring"luminous-base-2022-04/alpha-001-128k.json"
checkpoints[0].generator.typestring"luminous"
checkpoints[0].generator.weight_set_directories[0]string"luminous-base-2022-04"
checkpoints[0].modelVolumeClaimstring"models-luminous-base"
checkpoints[0].queuestring"luminous-base"
checkpoints[0].replicasint1
checkpoints[1].generator.pipeline_parallel_sizeint1
checkpoints[1].generator.tensor_parallel_sizeint1
checkpoints[1].generator.tokenizer_pathstring"llama-3.1-8b-instruct/tokenizer.json"
checkpoints[1].generator.typestring"luminous"
checkpoints[1].generator.weight_set_directories[0]string"llama-3.1-8b-instruct"
checkpoints[1].modelVolumeClaimstring"models-llama-3.1-8b-instruct"
checkpoints[1].queuestring"llama-3.1-8b-instruct"
checkpoints[1].replicasint1
fullnameOverridestring"pharia-ai-inference-worker"
resources.limits.cpustring"4"
resources.limits.memorystring"8Gi"
resources.requests.cpustring"1"
resources.requests.memorystring"4Gi"
tolerationslist[]

pharia-data-api

KeyTypeDefaultDescription
enabledbooltrueSet this to true to install the pharia-data-api subchart as a dependency
fullnameOverridestring"pharia-data-api"
ingress.enabledbooltrueEnabled ingress creation locally
ingress.tls.enabledbooltrueEnable TLS configuration for this Ingress
minio.enabledbooltrue
minio.fullnameOverridestring"minio-data"
postgresql.auth.passwordstring""If internal PostgreSQL is used a dedicated password has to be provided for setup of application authentication
postgresql.enabledbooltrueThis is used to indicate whether the internal PostgreSQL should be used or not.
rabbitmq.auth.passwordstring""
rabbitmq.auth.usernamestring"user"
rabbitmq.enabledbooltrue
rabbitmq.loadDefinition.enabledboolfalse
rabbitmq.loadDefinition.existingSecretstring"pharia-data-api-rabbitmq-load-definitions-secret"
rabbitmqConfig.defaultLoadDefinitionsSecretstring"pharia-data-api-rabbitmq-load-definitions-secret"The load definitions secret must hold the RabbitMQ topology configuration.
rabbitmqConfig.defaultSecretstring"pharia-data-api-rabbitmq-secret"Default secret name is used to create a secret if external.existingSecret is not provided.
rabbitmqConfig.external.existingSecretstring""Set this value if a k8s Secret with RabbitMQ values already exists. Make sure that the all the keys exists in the secret with a valid value.
rabbitmqConfig.external.loadDefinitionsSecretstring""The load definitions secret name
rabbitmqConfig.external.rabbitmqUserstring""The user of the RabbitMQ
rabbitmqConfig.external.rabbitmqUserPasswordstring""The password of the user of RabbitMQ
rabbitmqConfig.secretKeys.hostKeystring"rabbitmq-host"The key in the secret that contains the host of the RabbitMQ
rabbitmqConfig.secretKeys.portKeystring"rabbitmq-port"The key in the secret that contains the port of the RabbitMQ
rabbitmqConfig.secretKeys.userKeystring"rabbitmq-username"The key in the secret that contains the user of the RabbitMQ
rabbitmqConfig.secretKeys.userPasswordKeystring"rabbitmq-password"The key in the secret that contains the password of the RabbitMQ
secret.serviceUserTokenstring""
serviceUserSecretstring"pharia-iam-service-user-pharia-data-etl"
serviceUserSecretKeystring""
storageConfig.externalBucket.defaultSecretstring"pharia-data-api-external-storage-secret"Default secret name is used to create a secret if external.existingSecret is not provided.
storageConfig.externalBucket.external.existingSecretstring""Set this value if a k8s Secret with storage values already exists. Make sure that all the keys exist in the secret with a valid value.
storageConfig.externalBucket.secretKeys.bucketNameKeystring"bucketName"The key in the secret that contains the bucket name
storageConfig.externalBucket.secretKeys.bucketPasswordKeystring"bucketPassword"The key in the secret that contains the bucket password
storageConfig.externalBucket.secretKeys.bucketUserKeystring"bucketUser"The key in the secret that contains the bucket user
storageConfig.internalBucket.defaultSecretstring"pharia-data-api-internal-storage-secret"Default secret name is used to create a secret if external.existingSecret is not provided.
storageConfig.internalBucket.external.existingSecretstring""Set this value if a k8s Secret with storage values already exists. Make sure that all the keys exist in the secret with a valid value.
storageConfig.internalBucket.secretKeys.bucketNameKeystring"bucketName"The key in the secret that contains the bucket name
storageConfig.internalBucket.secretKeys.bucketPasswordKeystring"bucketPassword"The key in the secret that contains the bucket password
storageConfig.internalBucket.secretKeys.bucketUserKeystring"bucketUser"The key in the secret that contains the bucket user
storageUrlstring""The storageUrl is used to configure the internal and external storages. If the storageUrl is not provided, the internal storage will be used.
tasks.enabledbooltrue

pharia-finetuning

KeyTypeDefaultDescription
aimobject{"ingress":{"annotations":{},"enabled":false,"hostname":"pharia-aim","ingressClassName":"","tls":{"enabled":true,"secretName":"pharia-aim-tls"}},"storageClassName":""}Configuration of the experiment tracker
aim.ingressobject{"annotations":{},"enabled":false,"hostname":"pharia-aim","ingressClassName":"","tls":{"enabled":true,"secretName":"pharia-aim-tls"}}Configure external access to Pharia finetuning Aim UI
aim.ingress.annotationsobject{}Annotations for the Ingress resource. This can be used to add ingress controller specific annotations
aim.ingress.enabledboolfalseSet this to true to set up an Ingress for Pharia finetuning Aim UI Warning: The UI does support auth at the moment.
aim.ingress.hostnamestring"pharia-aim"Hostname for the Ingress (without domain). The domain is read from global.ingressDomain. This needs to be changed, if multiple instances are deployed to the same cluster using the same domain
aim.ingress.ingressClassNamestring""Ingress class to be used to the ingress of the experiment tracking framework. If unset, global.ingress.ingressClassName will be used. This is value is to be deprecated as soon as authentication is implemented.
aim.ingress.tlsobject{"enabled":true,"secretName":"pharia-aim-tls"}Configure TLS for this Ingress
aim.ingress.tls.enabledbooltrueEnable TLS configuration for this Ingress
aim.ingress.tls.secretNamestring"pharia-aim-tls"The name of the secret containing the TLS certificate. See also: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
aim.storageClassNamestring""Storage class to be used for PVC
enabledbooltrueSet this to true to install the pharia-finetuning subchart as a dependency.
finetuningApiobject{"ingress":{"annotations":{},"enabled":true,"hostname":"pharia-finetuning-api","tls":{"enabled":true,"secretName":"pharia-finetuning-api-tls"}}}Configuration of the Finetuning API
finetuningApi.ingressobject{"annotations":{},"enabled":true,"hostname":"pharia-finetuning-api","tls":{"enabled":true,"secretName":"pharia-finetuning-api-tls"}}Configure external access to Pharia finetuning API
finetuningApi.ingress.annotationsobject{}Annotations for the Ingress resource. This can be used to add ingress controller specific annotations
finetuningApi.ingress.enabledbooltrueSet this to true to set up an Ingress for Pharia finetuning API
finetuningApi.ingress.hostnamestring"pharia-finetuning-api"Hostname for the Ingress (without domain). The domain is read from global.ingressDomain. This needs to be changed, if multiple instances are deployed to the same cluster using the same domain
finetuningApi.ingress.tlsobject{"enabled":true,"secretName":"pharia-finetuning-api-tls"}Configure TLS for this Ingress
finetuningApi.ingress.tls.enabledbooltrueEnable TLS configuration for this Ingress
finetuningApi.ingress.tls.secretNamestring"pharia-finetuning-api-tls"The name of the secret containing the TLS certificate. See also: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
fullnameOverridestring"pharia-finetuning"Set this to override the fully qualified name for Pharia Finetuning
kuberay-operatorobject{}Configuration of kuberay operator. See https://github.com/ray-project/kuberay/blob/master/helm-chart/kuberay-operator/values.yaml for available values.
minioobject{"enabled":true,"fullnameOverride":"pharia-finetuning-minio","nameOverride":"pharia-finetuning-minio","persistence":{"size":"1Ti"}}Configuration of built-in S3 storage. It is recommended to disable the built-in storage for production installations and connect to an external S3 storage instead.
minio.enabledbooltrueSet to false to disable built-in storage
minio.persistence.sizestring"1Ti"Disk space allocated to storage
rayClusterobject{"workerGroups":{"cpu-group":{"maxReplicas":4,"nodeSelector":{},"tolerations":[]},"gpu-group":{"maxReplicas":4,"nodeSelector":{},"tolerations":[]}}}Configuration of the distributed training framework
storageConfigobject{"fromSecret":{"secretKeys":{"bucketNameKey":"bucketName","endpointUrlKey":"endpointUrl","passwordKey":"bucketPassword","regionKey":"region","userKey":"bucketUser"},"secretName":""},"fromValues":{"bucketName":"","endpointUrl":"","password":"","region":"","user":""}}Configuration of S3 storage used to store base model weights and finetuning artifacts like checkpoints. When using the built-in storage, this configuration can stay untouched.
storageConfig.fromSecretobject{"secretKeys":{"bucketNameKey":"bucketName","endpointUrlKey":"endpointUrl","passwordKey":"bucketPassword","regionKey":"region","userKey":"bucketUser"},"secretName":""}Provide credentials as a k8s secret for access to external S3 storage. When providing credentails in plaintext, this section can stay untouched and fromValues should be adjusted.
storageConfig.fromSecret.secretKeysobject{"bucketNameKey":"bucketName","endpointUrlKey":"endpointUrl","passwordKey":"bucketPassword","regionKey":"region","userKey":"bucketUser"}Provide the keys within the k8s secret under which to find bucket name, username, password, endoint URL and region
storageConfig.fromSecret.secretNamestring""Name of the k8s secret that holds the S3 credentials. This secret is expected to exist when this helm chart is installed.
storageConfig.fromValuesobject{"bucketName":"","endpointUrl":"","password":"","region":"","user":""}Provide credentials to external S3 storage in plaintext. When providing credentials via a k8s secret, this section can stay untouched and fromSecret should be adjusted.

pharia-iam

KeyTypeDefaultDescription
apiobject{"ingress":{"annotations":{},"enabled":false,"tls":{"enabled":true,"secretName":"pharia-iam-api-tls"}}}Internal API configuration
api.ingress.annotationsobject{}Annotations for the ingress-resource. This can be used to add ingress controller specific annotations.
api.ingress.enabledboolfalseEnabled ingress creation
api.ingress.tls.enabledbooltrueEnable TLS configuration for this Ingress
api.ingress.tls.secretNamestring"pharia-iam-api-tls"The name of the secret containing the TLS certificate. See also: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
configobject{"adminEmail":"admin@localhost","adminEnableDirectUserManagement":false,"adminEnableZitadelManagement":false,"adminPassword":null,"adminUserName":"admin","defaultRolesForLogin":["AssistantUser"],"serviceUsers":{"document-index":{"description":"Initial service user for the Document Index","name":"Document Index","ownedResources":["document_index_namespace"],"roles":["InferenceServiceUser"]},"pharia-assistant-api":{"description":"Initial service user for the Pharia Assistant API","name":"Pharia Assistant API","roles":["InferenceServiceUser"]},"pharia-data-etl":{"description":"Initial service user for the Pharia Data ETL","name":"Pharia Data ETL","roles":["EtlServiceUser"]},"pharia-os":{"description":"Initial service user for Pharia OS","name":"Pharia OS","roles":["InferenceServiceUser"]},"pharia-studio":{"description":"Service user for studio to upload relations and check privileges","name":"Pharia Studio","ownedResources":["project"],"roles":["StudioUser"]},"use-cases":{"description":"One service user for all use cases as intermediate solution until authentication can be dynamically generated.","name":"Use Case Service User","roles":["UseCaseServiceUser"]}}}IAM configuration
config.adminEmailstring"admin@localhost"Email of initial user
config.adminEnableDirectUserManagementboolfalseEnable direct access to user management console for initial admin account. Enable if PhariaOs console is not used, but user management is needed.
config.adminEnableZitadelManagementboolfalseEnable direct access to internal identity provider - only needed to configure advanced features such as self-signup or user federation
config.adminPasswordstringnilInit password of initial user. To be valid it requires to have 10-70 characters, including at least one uppercase letter, one lowercase letter, and one digit. User will need to change this password on the first login. @schema type: - string - null @schema
config.adminUserNamestring"admin"initial user name
config.defaultRolesForLoginlist["AssistantUser"]Configure the default roles for a user that registers via SSO or self sign up
enabledbooltrueSet this to true to install the pharia-iam subchart as a dependency
imageobject{"repository":"alephalpha.jfrog.io/pharia-iam/pharia-iam","tag":""}Image of API and configuration job
ingressobject{"annotations":{},"enabled":true,"tls":{"enabled":true,"secretName":"pharia-iam-tls"}}Ingress configuration for Zitadel (including login endpoints)
ingress.annotationsobject{}Annotations for the ingress-resource. This can be used to add ingress controller specific annotations.
ingress.enabledbooltrueEnabled ingress creation
ingress.tls.enabledbooltrueEnable TLS configuration for this Ingress
ingress.tls.secretNamestring"pharia-iam-tls"The name of the secret containing the TLS certificate. See also: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
openFgaDatabaseConfig.defaultSecretstring"pharia-iam-openfga-postgres-secret"
openFgaDatabaseConfig.external.databaseNamestring""The name of the database for the secret to create
openFgaDatabaseConfig.external.existingSecretstring""Set this value if a k8s Secret with PostgreSQL values already exists. Make sure it has the key 'uri' with a valid value. There is a workaround for different keys, see below.
openFgaDatabaseConfig.external.hoststring""The host of the database for the secret to create
openFgaDatabaseConfig.external.passwordstring""The password of the database for the secret to create
openFgaDatabaseConfig.external.portstring""The port of the database for the secret to create
openFgaDatabaseConfig.external.uristring""A postgres connection URI for the secret to create. This overwrites all other values, if set. Otherwise, the uri is build from the above values.
openFgaDatabaseConfig.external.userstring""The user of the database for the secret to create
openFgaDatabaseConfig.secretKeys.passwordKeystring"password"
openFgaDatabaseConfig.secretKeys.uriKeystring"uri"
openFgaPostgresql.auth.passwordstring""If internal PostgreSQL is used a dedicated password has to be provided for setup of application authentication
openFgaPostgresql.enabledbooltrueThis is used to indicate whether the internal PostgreSQL should be used or not.
openfgaobject{"datastore":{"migrations":{"resources":{}},"uriSecret":"pharia-iam-openfga-postgres-secret"},"resources":{}}OpenFGA Service Configuration
openfga.datastore.migrations.resourcesobject{}Specify resources for the migration job
openfga.datastore.uriSecretstring"pharia-iam-openfga-postgres-secret"Secret with key "uri" containing the connection string to the database connection string for OpenFGA. Format: postgres://user:password@host:port/database?flags. This name must be overwritten if an existing secret is used!
openfga.resourcesobject{}Specify resources for the openfga service
openfgaEnabledbooltrueEnable OpenFGA for IAM. This will be mandatory for IAM to work in the future!
zitadelDatabaseConfig.externalobject{"databaseName":"","existingSecret":"","host":"","password":"","port":"","user":""}Provide an existing database if you want to use an external database
zitadelDatabaseConfig.external.databaseNamestring""The name of the database
zitadelDatabaseConfig.external.existingSecretstring""Set this value if a k8s Secret with PostgreSQL values already exists. Make sure that the all the keys exists in the secret with a valid value.
zitadelDatabaseConfig.external.hoststring""The host of the database
zitadelDatabaseConfig.external.passwordstring""The password of the database
zitadelDatabaseConfig.external.portstring""The port of the database
zitadelDatabaseConfig.external.userstring""The user of the database
zitadelDatabaseConfig.secretKeys.databaseNameKeystring"databaseName"The key in the secret that contains the database name
zitadelDatabaseConfig.secretKeys.hostKeystring"host"The key in the secret that contains the host of the database
zitadelDatabaseConfig.secretKeys.passwordKeystring"password"The key in the secret that contains the password of the database
zitadelDatabaseConfig.secretKeys.portKeystring"port"The key in the secret that contains the port of the database
zitadelDatabaseConfig.secretKeys.userKeystring"user"The key in the secret that contains the user of the database
zitadelPostgresql.auth.passwordstring""If internal PostgreSQL is used a dedicated password has to be provided for setup of application authentication
zitadelPostgresql.enabledbooltrueThis is used to indicate whether the internal PostgreSQL should be used or not.

pharia-kernel

KeyTypeDefaultDescription
defaultNamespaceslist["assistant"]Specify the default namespaces for Pharia Kernel, which provide the default skills.
If the default namespaces are configured, any duplicate namespaces in pharia-kernel.namespaces are ignored.

For each default namespace, the following values need to be provided in the Pharia AI ConfigMap:

  • NAMESPACES____CONFIG_URL: URL to the namespace configuration
  • NAMESPACES____REGISTRY: Skill registry of the namespace
  • NAMESPACES____BASE_REPOSITORY: Base repository of the namespace

The credentials for accessing the skill registries are retrieved from registryUser and registryPassword in the Secret configured as global.imagePullOpaqueSecretName. | | enabled | bool | true | Set this to true to install the pharia-kernel subchart as a dependency. | | env | list | [] | Define additional environment variables. This is required when namespace is added in pharia-kernel.namespaces. Both env and envFrom fields are supported. Schema: https://github.com/yannh/kubernetes-json-schema/blob/master/master-standalone-strict/envvar.json See also: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/ | | fullnameOverride | string | "pharia-kernel" | Set this to override the fully qualified name for Pharia Kernel | | ingress | object | {"annotations":{},"enabled":true,"hostname":"pharia-kernel","tls":{"enabled":true,"secretName":"pharia-kernel-tls"}} | Configure external access to Pharia Kernel | | ingress.annotations | object | {} | Annotations for the Ingress resource. This can be used to add ingress controller specific annotations | | ingress.enabled | bool | true | Set this to true to set up an Ingress for Pharia Kernel | | ingress.hostname | string | "pharia-kernel" | Hostname for the Ingress (without domain). The domain is read from global.ingressDomain. This needs to be changed, if multiple instances are deployed to the same cluster using the same domain | | ingress.tls | object | {"enabled":true,"secretName":"pharia-kernel-tls"} | Configure TLS for this Ingress | | ingress.tls.enabled | bool | true | Enable TLS configuration for this Ingress | | ingress.tls.secretName | string | "pharia-kernel-tls" | The name of the secret containing the TLS certificate. See also: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls | | logLevel | string | "info" | Set the log level for Pharia Kernel. This does not affect other targets, where errors are always logged. The options are:

  • error
  • warn
  • info
  • debug
  • trace
  • off | | namespaces | object | {} | Configure the namespaces for Pharia Kernel. Each namespace needs to be explicitly defined. The name of each namespace can be specified in camelCase, and is converted to kebab-case when deployed.

Example:

# The Namespace name
playground:
# The URL to the corresponding namespace configuration TOML file
configUrl: "https://gitlab.aleph-alpha.de/api/v4/projects/123/repository/files/namespace.toml/raw?ref=main"
# The Container Registry that backs the skill registry for this namespace
registry: "registry.gitlab.aleph-alpha.de"
# The base repository in `registry` that backs the skill registry for this namespace
# This composes the final repository for each skill e.g. ${baseRepository}/${skillName}
baseRepository: "engineering/pharia-kernel-playground/skills"

Each of the value can alternatively be provided as environment variables, which is highly encouraged for providing the credentials:

  # The access token for `configUrl`
NAMESPACES__PLAYGROUND__CONFIG_ACCESS_TOKEN
# The user name for accessing `registry`
NAMESPACES__PLAYGROUND__REGISTRY_USER
# The password or access token for accessing `registry`
NAMESPACES__PLAYGROUND__REGISTRY_PASSWORD
``` |
| openTelemetryEndpoint | string | `""` | Set the address of the OpenTelemetry protocol (OTLP) collector. No OpenTelemetry tracing subscriber is created if this is not set. Example: "https://tracing.aleph-alpha.com" |
| resources | object | `{}` | Specify how much of each resource Pharia Kernel needs. Schema: https://github.com/yannh/kubernetes-json-schema/blob/master/master-standalone-strict/resourcerequirements.json See also: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
| serviceMonitor | object | `{"enabled":false}` | Enable the ServiceMonitor that targets Pharia Kernel |
#### pharia-studio-api
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| databaseConfig | object | `{"external":{"databaseName":"","existingSecret":"","host":"","password":"","port":"","user":""},"secretKeys":{"databaseNameKey":"databaseName","hostKey":"host","passwordKey":"password","portKey":"port","userKey":"user"}}` | Default database configuration for the pharia-studio-api service access postgres database |
| databaseConfig.external | object | `{"databaseName":"","existingSecret":"","host":"","password":"","port":"","user":""}` | Provide an existing database if you want to use an external database |
| databaseConfig.external.databaseName | string | `""` | The name of the database |
| databaseConfig.external.existingSecret | string | `""` | Set this value if a k8s Secret with PostgreSQL values already exists. Make sure that the all the keys exists in the secret with a valid value. |
| databaseConfig.external.host | string | `""` | The host of the database |
| databaseConfig.external.password | string | `""` | The password of the database |
| databaseConfig.external.port | string | `""` | The port of the database |
| databaseConfig.external.user | string | `""` | The user of the database |
| databaseConfig.secretKeys.databaseNameKey | string | `"databaseName"` | The key in the secret that contains the database name |
| databaseConfig.secretKeys.hostKey | string | `"host"` | The key in the secret that contains the host of the database |
| databaseConfig.secretKeys.passwordKey | string | `"password"` | The key in the secret that contains the password of the database |
| databaseConfig.secretKeys.portKey | string | `"port"` | The key in the secret that contains the port of the database |
| databaseConfig.secretKeys.userKey | string | `"user"` | The key in the secret that contains the user of the database |
| enabled | bool | `true` | Set this to true to install the pharia-studio-api subchart as a dependency |
| fullnameOverride | string | `"pharia-studio-api"` | Default nameOverride of the application |
| ingress.annotations | object | `{}` | Annotations for the ingress-resource. This can be used to add ingress controller specific annotations. |
| ingress.enabled | bool | `true` | Enabled ingress creation |
| ingress.hostname | string | `"pharia-studio-api"` | Hostname for the ingress (without domain). The domain is read from global.ingress.ingressDomain. This needs to be changed, if multiple instances are deployed to the same cluster using the same domain. |
| ingress.tls.enabled | bool | `true` | Enable TLS configuration for this Ingress |
| ingress.tls.secretName | string | `"pharia-studio-api-tls"` | The name of the secret containing the TLS certificate. See also: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls |
| postgresql.auth.password | string | `""` | If internal PostgreSQL is used a dedicated password has to be provided for setup of application authentication |
| postgresql.enabled | bool | `true` | This is used to indicate whether the internal PostgreSQL should be used or not. |
| resources.limits.cpu | string | `"1"` | |
| resources.limits.memory | string | `"1Gi"` | |
| resources.requests.cpu | string | `"500m"` | |
| resources.requests.memory | string | `"1Gi"` | |
| serviceUserSecret | string | `"pharia-iam-service-user-pharia-studio"` | Needed for creation of relations in IAM |
#### pharia-studio-ui
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| enabled | bool | `true` | |
| fullnameOverride | string | `"pharia-studio"` | |
| ingress.annotations | object | `{}` | Annotations for the ingress-resource. This can be used to add ingress controller specific annotations. |
| ingress.enabled | bool | `true` | Enabled ingress creation |
| ingress.hostname | string | `"pharia-studio"` | Hostname for the ingress (without domain). The domain is read from global.ingress.ingressDomain. This needs to be changed, if multiple instances are deployed to the same cluster using the same domain. |
| ingress.tls.enabled | bool | `true` | Enable TLS configuration for this Ingress |
| ingress.tls.secretName | string | `"pharia-studio-tls"` | The name of the secret containing the TLS certificate. See also: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls |
| phariaStudioAPISchema | string | `"http"` | Internal cluster communication with pharia-studio-api. This is the default value. https can be set if the internal communication is over https. |
| resources.limits.cpu | string | `"100m"` | |
| resources.limits.memory | string | `"256Mi"` | |
| resources.requests.cpu | string | `"50m"` | |
| resources.requests.memory | string | `"256Mi"` | |
#### pharia-transcribe
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| enabled | bool | `true` | Set this to true to install the pharia-transcribe subchart as a dependency |
| fullnameOverride | string | `"pharia-transcribe"` | |
| tolerations | list | `[]` | |
#### pharia-translate
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| client.resources.limits.cpu | string | `"1"` | |
| client.resources.limits.memory | string | `"1Gi"` | |
| client.resources.requests.cpu | string | `"100m"` | |
| client.resources.requests.memory | string | `"1Gi"` | |
| deployment | object | `{}` | |
| enabled | bool | `true` | Set this to true to install the pharia-translate subchart as a dependency |
| fullnameOverride | string | `"pharia-translate"` | |
| marianServer.resources.limits."nvidia.com/gpu" | int | `1` | |
| marianServer.resources.limits.cpu | string | `"1"` | |
| marianServer.resources.limits.memory | string | `"16Gi"` | |
| marianServer.resources.requests.cpu | string | `"100m"` | |
| marianServer.resources.requests.memory | string | `"16Gi"` | |
| nodeSelector | object | `{}` | |
| tolerations | list | `[]` | |
#### phariaos-manager
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| applicationsProxy.additionalAllowedOrigins | list | `[]` | Set this to specify extra origins that are permitted to make cross-origin requests under CORS settings. |
| applicationsProxy.enabled | bool | `true` | Enable usecases (applications) proxy server. It is responsible for redirecting requests into the targeted usecases. |
| applicationsProxy.fullnameOverride | string | `"pharia-os-applications-proxy"` | Set this to override the full name of the pharia-os-applications-proxy |
| applicationsProxy.ingress.annotations | object | `{}` | Annotations for the ingress-resource. This can be used to add ingress controller specific annotations. Some ingress classes limits body size allowed in requests. Therefore, override the annotations value if the application requires large files to be uploaded. Example for nginx ingress class: `nginx.ingress.kubernetes.io/proxy-body-size: 20m` |
| applicationsProxy.ingress.enabled | bool | `true` | Enable ingress creation |
| applicationsProxy.ingress.hostname | string | `"pharia-os-applications"` | Hostname for the ingress (without domain). The domain is read from global.ingress.ingressDomain. This needs to be changed, if multiple instances are deployed to the same cluster using the same domain. |
| applicationsProxy.ingress.tls.enabled | bool | `true` | Enable TLS configuration for this Ingress |
| applicationsProxy.ingress.tls.secretName | string | `"phariaos-applications-tls"` | The name of the secret containing the TLS certificate. See also: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls |
| clusterRole.enabled | bool | `true` | Enable the cluster role for the phariaos-manager to enable for hardware listing. |
| databaseConfig.external | object | `{"databaseName":"","existingSecret":"","host":"","password":"","port":"","user":""}` | Provide an existing database if you want to use an external database |
| databaseConfig.external.databaseName | string | `""` | The name of the database |
| databaseConfig.external.existingSecret | string | `""` | Set this value if a k8s Secret with PostgreSQL values already exists. Make sure that the all the keys exists in the secret with a valid value. |
| databaseConfig.external.host | string | `""` | The host of the database |
| databaseConfig.external.password | string | `""` | The password of the database |
| databaseConfig.external.port | string | `""` | The port of the database |
| databaseConfig.external.user | string | `""` | The user of the database |
| databaseConfig.secretKeys.databaseNameKey | string | `"databaseName"` | The key in the secret that contains the database name |
| databaseConfig.secretKeys.hostKey | string | `"host"` | The key in the secret that contains the host of the database |
| databaseConfig.secretKeys.passwordKey | string | `"password"` | The key in the secret that contains the password of the database |
| databaseConfig.secretKeys.portKey | string | `"port"` | The key in the secret that contains the port of the database |
| databaseConfig.secretKeys.userKey | string | `"user"` | The key in the secret that contains the user of the database |
| enabled | bool | `true` | Set this to true to install the phariaos-manager subchart as a dependency |
| fullnameOverride | string | `"pharia-os-manager"` | Set this to override the full name of the phariaos-manager |
| ingress.annotations | object | `{}` | Annotations for the ingress-resource. This can be used to add ingress controller specific annotations. |
| ingress.enabled | bool | `true` | Enabled ingress creation |
| ingress.hostname | string | `"pharia-os-manager"` | Hostname for the ingress (without domain). The domain is read from global.ingress.ingressDomain. This needs to be changed, if multiple instances are deployed to the same cluster using the same domain. |
| ingress.tls.enabled | bool | `true` | Enable TLS configuration for this Ingress |
| ingress.tls.secretName | string | `"pharia-os-manager-tls"` | The name of the secret containing the TLS certificate. See also: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls |
| postgresql.auth.password | string | `""` | If internal PostgreSQL is used, a dedicated password has to be provided for setup of application authentication |
| postgresql.enabled | bool | `true` | This is used to indicate whether the internal PostgreSQL should be used or not. |
| serviceMonitor.enabled | bool | `false` | Enable Prometheus service monitor for phariaos-manager |
| usecase.enabled | bool | `true` | Enable usecases creation and deployment in phariaos-manager API. |
| usecase.imagePullSecretName | string | `""` | DEPRECATED: Use `imagePullSecrets` instead. This will be removed in a future release. |
| usecase.imagePullSecrets | list | `[]` | Secrets to authenticate container registry to pull/verify usecase images. Make sure the secrets are in the Release namespace! |
| usecase.serviceMonitor.enabled | bool | `false` | Enable Prometheus service monitor for usecases deployed by phariaos-manager |
#### phariaos-ui
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| enabled | bool | `true` | Set this to true to install the phariaos-ui subchart as a dependency |
| fullnameOverride | string | `"pharia-os"` | Set this to override the full name of the phariaos-ui |
| ingress.annotations | object | `{}` | Annotations for the ingress-resource. This can be used to add ingress controller specific annotations. |
| ingress.enabled | bool | `true` | Enabled ingress creation |
| ingress.hostname | string | `"pharia-os"` | Hostname for the ingress (without domain). The domain is read from global.ingress.ingressDomain. This needs to be changed, if multiple instances are deployed to the same cluster using the same domain. |
| ingress.tls.enabled | bool | `true` | Enable TLS configuration for this Ingress |
| ingress.tls.secretName | string | `"pharia-os-tls"` | The name of the secret containing the TLS certificate. See also: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls |

## Maintainers

| Name | Email | Url |
| ---- | ------ | --- |
| PhariaAI | <phariaai@aleph-alpha.com> | |