pub_soft/WeKnora
3
0
Fork 0
mirror of https://github.com/Tencent/WeKnora.git synced 2026-06-04 13:30:32 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
ffc4eeaf571df648e21715e827f8135ba929b21c
WeKnora/helm
History

README.md

WeKnora Helm Chart

Artifact Hub License

Helm chart for deploying WeKnora - an AI-powered Knowledge RAG Platform.

Overview

WeKnora is an intelligent knowledge base platform that combines:

  • Document parsing and understanding
  • Vector search with BM25 hybrid retrieval
  • LLM integration for conversational AI
  • Multi-tenant support with encryption

Prerequisites

  • Kubernetes 1.25+
  • Helm 3.10+
  • PV provisioner support in the underlying infrastructure
  • Ingress controller (nginx-ingress recommended) for external access

Quick Start

# Add required secrets
helm install weknora ./helm \
  --namespace weknora \
  --create-namespace \
  --set secrets.dbPassword=<your-db-password> \
  --set secrets.redisPassword=<your-redis-password> \
  --set secrets.jwtSecret=<your-jwt-secret>

Architecture

                    ┌─────────────┐
                    │   Ingress   │
                    └──────┬──────┘
                           │
           ┌───────────────┴───────────────┐
           │                               │
           ▼                               ▼
    ┌─────────────┐                 ┌─────────────┐
    │  Frontend   │                 │   Backend   │
    │  (Vue.js)   │                 │   (Go/Gin)  │
    └─────────────┘                 └──────┬──────┘
                                           │
                    ┌──────────────────────┼──────────────────────┐
                    │                      │                      │
                    ▼                      ▼                      ▼
             ┌─────────────┐        ┌─────────────┐        ┌─────────────┐
             │  Docreader  │        │  PostgreSQL │        │    Redis    │
             │   (gRPC)    │        │  (ParadeDB) │        │   (Queue)   │
             └─────────────┘        └─────────────┘        └─────────────┘

Installation

Basic Installation

helm install weknora ./helm \
  --namespace weknora \
  --create-namespace \
  --set secrets.dbPassword=secure-password \
  --set secrets.redisPassword=secure-password \
  --set secrets.jwtSecret=$(openssl rand -base64 32)

With Ingress

helm install weknora ./helm \
  --namespace weknora \
  --create-namespace \
  --set ingress.enabled=true \
  --set ingress.host=weknora.example.com \
  --set ingress.tls.enabled=true \
  --set ingress.tls.secretName=weknora-tls \
  --set secrets.dbPassword=secure-password \
  --set secrets.redisPassword=secure-password \
  --set secrets.jwtSecret=$(openssl rand -base64 32)

With External LLM (Ollama)

helm install weknora ./helm \
  --namespace weknora \
  --create-namespace \
  --set app.extraEnv[0].name=OLLAMA_BASE_URL \
  --set app.extraEnv[0].value=http://ollama.ollama:11434 \
  --set app.extraEnv[1].name=INIT_LLM_MODEL_NAME \
  --set app.extraEnv[1].value=qwen2.5:7b \
  --set secrets.dbPassword=secure-password \
  --set secrets.redisPassword=secure-password \
  --set secrets.jwtSecret=$(openssl rand -base64 32)

Production Installation

For production, use a values file:

# values-production.yaml
global:
  storageClass: "fast-ssd"

app:
  replicaCount: 3
  resources:
    requests:
      cpu: 500m
      memory: 1Gi
    limits:
      cpu: 2
      memory: 4Gi

postgresql:
  persistence:
    size: 100Gi

ingress:
  enabled: true
  host: weknora.company.com
  tls:
    enabled: true
    secretName: weknora-tls

secrets:
  existingSecret: weknora-secrets  # Use pre-created secret

helm install weknora ./helm \
  --namespace weknora \
  --create-namespace \
  -f values-production.yaml

Configuration

Global Parameters

Parameter Description Default
global.storageClass Storage class for PVCs ""
global.imagePullSecrets Image pull secrets []
global.podSecurityContext Pod security context See values.yaml
global.containerSecurityContext Container security context See values.yaml

ServiceAccount

Parameter Description Default
serviceAccount.create Create ServiceAccount true
serviceAccount.name ServiceAccount name ""
serviceAccount.annotations ServiceAccount annotations {}

App (Backend)

Parameter Description Default
app.enabled Enable backend true
app.replicaCount Number of replicas 1
app.image.repository Image repository wechatopenai/weknora-app
app.image.tag Image tag "" (uses appVersion)
app.resources Resource limits See values.yaml
app.env Environment variables See values.yaml
app.extraEnv Additional env vars []

Frontend

Parameter Description Default
frontend.enabled Enable frontend true
frontend.replicaCount Number of replicas 1
frontend.image.repository Image repository wechatopenai/weknora-ui
frontend.image.tag Image tag latest

PostgreSQL (ParadeDB)

Parameter Description Default
postgresql.enabled Enable PostgreSQL true
postgresql.image.repository Image repository paradedb/paradedb
postgresql.image.tag Image tag v0.18.9-pg17
postgresql.persistence.enabled Enable persistence true
postgresql.persistence.size PVC size 10Gi

Redis

Parameter Description Default
redis.enabled Enable Redis true
redis.image.repository Image repository redis
redis.image.tag Image tag 7-alpine
redis.persistence.enabled Enable persistence true
redis.persistence.size PVC size 1Gi

Ingress

Parameter Description Default
ingress.enabled Enable ingress false
ingress.className Ingress class nginx
ingress.host Hostname weknora.example.com
ingress.tls.enabled Enable TLS false
ingress.tls.secretName TLS secret name ""

Secrets

Parameter Description Default
secrets.dbUser Database username postgres
secrets.dbPassword Database password "" (required)
secrets.dbName Database name weknora
secrets.redisPassword Redis password "" (required)
secrets.jwtSecret JWT signing secret "" (required)
secrets.existingSecret Use existing secret ""

Optional Components

These map to docker-compose profiles:

Parameter Description Default
minio.enabled Enable MinIO storage false
neo4j.enabled Enable Neo4j (GraphRAG) false
qdrant.enabled Enable Qdrant vector DB false
jaeger.enabled Enable Jaeger tracing false

Security Best Practices

Secret Management

Never commit secrets to Git! Use one of these approaches:

  1. Helm --set flags (for testing)

    helm install weknora ./helm --set secrets.dbPassword=xxx

  2. External Secrets Operator (recommended for production)

    secrets:
  existingSecret: weknora-external-secret

  3. Sealed Secrets (for GitOps)

    kubeseal < secret.yaml > sealed-secret.yaml

Pod Security

The chart follows CNCF security best practices:

  • Runs as non-root user
  • Read-only root filesystem where possible
  • Drops all capabilities
  • Uses seccomp profiles

Upgrading

helm upgrade weknora ./helm \
  --namespace weknora \
  --reuse-values

Uninstalling

helm uninstall weknora --namespace weknora

# Optional: Remove PVCs
kubectl delete pvc -n weknora -l app.kubernetes.io/instance=weknora

Troubleshooting

Check Pod Status

kubectl get pods -n weknora

View Logs

# Backend logs
kubectl logs -n weknora -l app.kubernetes.io/component=app -f

# Frontend logs
kubectl logs -n weknora -l app.kubernetes.io/component=frontend -f

Common Issues

Pod stuck in Pending

  • Check if PVCs are bound: kubectl get pvc -n weknora
  • Verify storage class exists: kubectl get sc

Connection refused errors

  • Wait for all pods to be Ready
  • Check service endpoints: kubectl get endpoints -n weknora

Database connection errors

  • Verify secrets are correct
  • Check PostgreSQL logs: kubectl logs -n weknora -l app.kubernetes.io/component=database

Contributing

See CONTRIBUTING.md in the main repository.

References

This Helm chart follows best practices from:

License

This chart is licensed under the MIT License - see the LICENSE file for details.

Reference in New Issue View Git Blame Copy Permalink