Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion charts/orcha/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,13 @@ helm upgrade --install orcha ./charts/orcha \

Database migrations are run automatically by a Helm hook Job when `migrations.enabled` is true.
The Job runs `orcha migrate`, which applies Alembic migrations to the Orcha database.
It runs on `post-install` and `pre-upgrade`.
It runs on `pre-install` and `pre-upgrade`, so migrations complete before the app and
worker pods start serving.

Because the Job runs as a `pre-install` hook (before regular resources are created), a
**fresh install must use a pre-existing database secret** via `secrets.db.existingSecret`;
the chart-managed `db-secrets` Secret does not yet exist during `pre-install`. Upgrades are
unaffected, as the secret already exists.

Disable automatic migrations with:

Expand Down
41 changes: 41 additions & 0 deletions charts/orcha/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,25 @@ Database Secret Name
{{- end }}
{{- end }}

{{/*
Database connection env vars (PG*). Include with `nindent 12` under `env:`.
*/}}
{{- define "orcha.databaseEnv" -}}
- name: PGUSER
value: {{ include "orcha.databaseUser" . | quote }}
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: {{ include "orcha.dbSecretName" . }}
key: password
- name: PGHOST
value: {{ include "orcha.databaseHost" . | quote }}
- name: PGPORT
value: {{ include "orcha.databasePort" . | quote }}
- name: PGDATABASE
value: {{ include "orcha.databaseName" . | quote }}
{{- end }}

{{/*
LLM Secret Name
*/}}
Expand All @@ -132,6 +151,28 @@ Langfuse Secret Name
{{- end }}
{{- end }}

{{/*
Langfuse credential env vars. Include with `nindent 12` under `env:`.
*/}}
{{- define "orcha.langfuseEnv" -}}
{{- if or .Values.secrets.langfuse.publicKey .Values.secrets.langfuse.existingSecret }}
- name: LANGFUSE_PUBLIC_KEY
valueFrom:
secretKeyRef:
name: {{ include "orcha.langfuseSecretName" . }}
key: publicKey
optional: true
{{- end }}
{{- if or .Values.secrets.langfuse.secretKey .Values.secrets.langfuse.existingSecret }}
- name: LANGFUSE_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ include "orcha.langfuseSecretName" . }}
key: secretKey
optional: true
{{- end }}
{{- end }}

{{/*
Temporal Hostname
*/}}
Expand Down
31 changes: 3 additions & 28 deletions charts/orcha/templates/deployment-worker.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -36,19 +36,7 @@ spec:
- configMapRef:
name: {{ include "orcha.fullname" . }}-llm-config
env:
- name: PGUSER
value: {{ include "orcha.databaseUser" . | quote }}
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: {{ include "orcha.dbSecretName" . }}
key: password
- name: PGHOST
value: {{ include "orcha.databaseHost" . | quote }}
- name: PGPORT
value: {{ include "orcha.databasePort" . | quote }}
- name: PGDATABASE
value: {{ include "orcha.databaseName" . | quote }}
{{- include "orcha.databaseEnv" . | nindent 12 }}
- name: TEMPORAL_HOST
value: {{ include "orcha.temporalHost" . | quote }}
{{- if or .Values.secrets.llm.litellmApiKey .Values.secrets.llm.existingSecret }}
Expand All @@ -67,21 +55,8 @@ spec:
key: ollamaApiKey
optional: true
{{- end }}
{{- if or .Values.secrets.langfuse.publicKey .Values.secrets.langfuse.existingSecret }}
- name: LANGFUSE_PUBLIC_KEY
valueFrom:
secretKeyRef:
name: {{ include "orcha.langfuseSecretName" . }}
key: publicKey
optional: true
{{- end }}
{{- if or .Values.secrets.langfuse.secretKey .Values.secrets.langfuse.existingSecret }}
- name: LANGFUSE_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ include "orcha.langfuseSecretName" . }}
key: secretKey
optional: true
{{- with (include "orcha.langfuseEnv" .) }}
{{- . | trimAll "\n" | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
31 changes: 3 additions & 28 deletions charts/orcha/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -61,19 +61,7 @@ spec:
- configMapRef:
name: {{ include "orcha.fullname" . }}-llm-config
env:
- name: PGUSER
value: {{ include "orcha.databaseUser" . | quote }}
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: {{ include "orcha.dbSecretName" . }}
key: password
- name: PGHOST
value: {{ include "orcha.databaseHost" . | quote }}
- name: PGPORT
value: {{ include "orcha.databasePort" . | quote }}
- name: PGDATABASE
value: {{ include "orcha.databaseName" . | quote }}
{{- include "orcha.databaseEnv" . | nindent 12 }}
- name: TEMPORAL_HOST
value: {{ include "orcha.temporalHost" . | quote }}
{{- if or .Values.secrets.llm.litellmApiKey .Values.secrets.llm.existingSecret }}
Expand All @@ -92,21 +80,8 @@ spec:
key: ollamaApiKey
optional: true
{{- end }}
{{- if or .Values.secrets.langfuse.publicKey .Values.secrets.langfuse.existingSecret }}
- name: LANGFUSE_PUBLIC_KEY
valueFrom:
secretKeyRef:
name: {{ include "orcha.langfuseSecretName" . }}
key: publicKey
optional: true
{{- end }}
{{- if or .Values.secrets.langfuse.secretKey .Values.secrets.langfuse.existingSecret }}
- name: LANGFUSE_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ include "orcha.langfuseSecretName" . }}
key: secretKey
optional: true
{{- with (include "orcha.langfuseEnv" .) }}
{{- . | trimAll "\n" | nindent 12 }}
{{- end }}
{{- if .Values.persistence.tenants.enabled }}
volumeMounts:
Expand Down
19 changes: 2 additions & 17 deletions charts/orcha/templates/migration-job.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,10 @@ metadata:
{{- include "orcha.labels" . | nindent 4 }}
app.kubernetes.io/component: migrations
annotations:
"helm.sh/hook": post-install,pre-upgrade
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
backoffLimit: {{ .Values.migrations.backoffLimit }}
{{- with .Values.migrations.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ . }}
{{- end }}
template:
metadata:
labels:
Expand All @@ -38,19 +35,7 @@ spec:
{{- toYaml . | nindent 12 }}
{{- end }}
env:
- name: PGUSER
value: {{ include "orcha.databaseUser" . | quote }}
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: {{ include "orcha.dbSecretName" . }}
key: password
- name: PGHOST
value: {{ include "orcha.databaseHost" . | quote }}
- name: PGPORT
value: {{ include "orcha.databasePort" . | quote }}
- name: PGDATABASE
value: {{ include "orcha.databaseName" . | quote }}
{{- include "orcha.databaseEnv" . | nindent 12 }}
resources:
{{- toYaml .Values.migrations.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
Expand Down
1 change: 0 additions & 1 deletion charts/orcha/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ image:
migrations:
enabled: true
backoffLimit: 3
ttlSecondsAfterFinished: 300
resources: {}

serviceAccount:
Expand Down