以前部署过,最近重新部署发现还是存在很多问题,这里进行记录
1.基础配置内容
配置信息和账号密码
# dify-deployment.yaml
---
# Namespace
apiVersion: v1
kind: Namespace
metadata:
name: dify-min
---
# ConfigMap for shared environment variables
apiVersion: v1
kind: ConfigMap
metadata:
name: dify-config
namespace: dify-min
data:
DB_HOST: 10.42.2.49
DB_NAME: dify
DB_PORT: '5432'
LOG_LEVEL: INFO
REDIS_HOST: 172.18.11.222
REDIS_PORT: '6379'
# 没有redis用户的配置,需要添加用户明的调整为
#redis://$(REDIS_USERNAME):$(REDIS_PASSWORD)@$(REDIS_HOST):$(REDIS_PORT)/1
CELERY_BROKER_URL: redis://:$(REDIS_PASSWORD)@$(REDIS_HOST):$(REDIS_PORT)/1
STORAGE_LOCAL_PATH: /app/api/storage
VECTOR_STORE: weaviate
WEAVIATE_API_KEY: WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih
WEAVIATE_ENDPOINT: http://$(WEAVIATE_HOST):$(WEAVIATE_PORT)
WEAVIATE_HOST: dify-weaviate
WEAVIATE_PORT: '8080'
# 添加其他非敏感环境变量...
---
# Secret for sensitive data
apiVersion: v1
kind: Secret
metadata:
name: dify-secrets
namespace: dify-min
type: Opaque
data:
SECRET_KEY: "c2stOWY3M3MzbGpUWFZjTVQzQmxiM2xqVHF0c0tpR0hYVmNNVDNCbGJrRkpMSzdV" # base64 encoded
DB_PASSWORD: "ZGlmeWFpMTIzNDU2" # difyai123456
REDIS_PASSWORD: "ZGlmeWFpMTIzNDU2" # difyai123456
2.postgresql配置
有外部接入的需自己调整ConfigMap文件
---
# PostgreSQL Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres
namespace: dify-min
spec:
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
containers:
- name: postgres
image: 本地仓库/ai/postgres:15-alpine
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: dify-config
key: DB_NAME
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: dify-secrets
key: DB_PASSWORD
ports:
- containerPort: 5432
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: postgres-data
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: postgres-pvc
---
# PostgreSQL Service
apiVersion: v1
kind: Service
metadata:
name: postgres
namespace: dify-min
spec:
selector:
app: postgres
ports:
- protocol: TCP
port: 5432
targetPort: 5432
---
# PVCs
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres-pvc
namespace: dify-min
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
3.redis配置
有外部接入的需自己调整ConfigMap文件
---
# Redis Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: dify-min
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: 本地仓库/library/redis:7.2.2-debian-11-r0
env:
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: dify-secrets
key: REDIS_PASSWORD
command: ["redis-server", "--requirepass $(REDIS_PASSWORD)"]
ports:
- containerPort: 6379
volumeMounts:
- mountPath: /data
name: redis-data
volumes:
- name: redis-data
persistentVolumeClaim:
claimName: redis-pvc
---
# Redis Service
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: dify-min
spec:
selector:
app: redis
ports:
- protocol: TCP
port: 6379
targetPort: 6379
---
# pvc
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: redis-pvc
namespace: dify-min
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
4.weaviate配置
有外部接入的需自己调整ConfigMap文件
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: dify-min
spec:
replicas: 1
selector:
matchLabels:
app: weaviate
template:
metadata:
labels:
app: weaviate
spec:
containers:
- env:
- name: QUERY_DEFAULTS_LIMIT
value: '25'
- name: AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED
value: 'false'
- name: PERSISTENCE_DATA_PATH
value: /var/lib/weaviate
- name: DEFAULT_VECTORIZER_MODULE
value: none
- name: AUTHENTICATION_APIKEY_ENABLED
value: 'true'
- name: AUTHENTICATION_APIKEY_ALLOWED_KEYS
value: WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih
- name: AUTHENTICATION_APIKEY_USERS
value: hello@dify.ai
- name: AUTHORIZATION_ADMINLIST_ENABLED
value: 'true'
- name: AUTHORIZATION_ADMINLIST_USERS
value: hello@dify.ai
volumeMounts:
- mountPath: /var/lib/weaviate
name: weaviate-data
volumes:
- name: weaviate-data
persistentVolumeClaim:
claimName: weaviate-pvc
----
#PVC
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: weaviate-pvc
namespace: dify-min
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi5.api和web
---
# API Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: dify-api
namespace: dify-min
spec:
replicas: 2
selector:
matchLabels:
app: dify-api
template:
metadata:
labels:
app: dify-api
spec:
containers:
- name: api
image: 本地仓库/ai/langgenius/dify-api:0.15.3
envFrom:
- configMapRef:
name: dify-config
- secretRef:
name: dify-secrets
env:
- name: MODE
value: "api"
- name: REDIS_USE_SSL
value: 'false'
- name: REDIS_DB
value: '0'
- name: WEB_API_CORS_ALLOW_ORIGINS
value: '*'
- name: CONSOLE_CORS_ALLOW_ORIGINS
value: '*'
- name: STORAGE_TYPE
value: opendal
- name: OPENDAL_SCHEME
value: fs
- name: OPENDAL_FS_ROOT
value: storage
- name: LOG_LEVEL
value: DEBUG
- name: INIT_PASSWORD
value: password
- name: MIGRATION_ENABLED
value: 'true'
ports:
- containerPort: 5001
volumeMounts:
- mountPath: /app/api/storage
name: vol-api-data
volumes:
- name: vol-api-data
persistentVolumeClaim:
claimName: api-pvc
---
# API Service
apiVersion: v1
kind: Service
metadata:
name: dify-api
namespace: dify-min
spec:
selector:
app: dify-api
ports:
- protocol: TCP
port: 5001
targetPort: 5001
---
# Web Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: dify-web
namespace: dify-min
spec:
replicas: 2
selector:
matchLabels:
app: dify-web
template:
metadata:
labels:
app: dify-web
spec:
containers:
- env:
- name: EDITION
value: SELF_HOSTED
- name: CONSOLE_API_URL
- name: APP_API_URL
- name: SENTRY_DSN
- name: NEXT_TELEMETRY_DISABLED
value: '0'
- name: TEXT_GENERATION_TIMEOUT_MS
value: '60000'
- name: CSP_WHITELIST
- name: web
image: 本地仓库/ai/langgenius/dify-web:0.15.3
ports:
- containerPort: 3000
---
# PVC
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: api-pvc
namespace: api-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi6.对外服务
简单说明下Ingress和nginx配置
-
Ingress
安装过Ingress Controller有域名直接采用ingress
# Ingress (需要提前安装Ingress Controller)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dify-ingress
namespace: dify-min
spec:
rules:
- host: dify.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: dify-web
port:
number: 80
- path: /api
pathType: Prefix
backend:
service:
name: dify-api
port:
number: 5001-
nginx
1.先部署nginx
配置nginx对外
---
# Web Service 这里是对应nginx对外暴露端口
apiVersion: v1
kind: Service
metadata:
name: dify-web
namespace: dify-min
spec:
type: NodePort
selector:
app: dify-nginx
ports:
- protocol: TCP
# 自定义对外端口,
port: 8888
targetPort: 3000
nodePort: 300802.配置文件写入ConfigMap
apiVersion: v1
data:
nginx.conf: |
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
client_max_body_size 15M;
server {
listen 80;
server_name _;
location /console/api {
proxy_pass http://dify-api:5001;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
}
location /api {
proxy_pass http://dify-api:5001;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
}
location /v1 {
proxy_pass http://dify-api:5001;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
}
location /files {
proxy_pass http://dify-api:5001;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
}
location / {
proxy_pass http://dify-web;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
}
# If you want to support HTTPS, please uncomment the code snippet below
#listen 443 ssl;
#ssl_certificate ./../ssl/your_cert_file.cer;
#ssl_certificate_key ./../ssl/your_cert_key.key;
#ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
#ssl_prefer_server_ciphers on;
#ssl_session_cache shared:SSL:10m;
#ssl_session_timeout 10m;
}
}
kind: ConfigMap
metadata:
annotations:
objectset.rio.cattle.io/applied: >-
H4sIAAAAAAAA/4STXW+rOBCG/0o014SvE3pSzlW2YVskkqBC90PbFXLMkHhjbNY2aauK/74ybSq60navwPbzzjvjGb8C6dgvqDSTAmI4B+BATQyB+BXEgYlnl0rRQAy9RjWbjVs/HsWTVCdUVackRa1Rz2akN/LHo3gUqJRUFZeH2cw7E+VxefBGmQeDAycmaojhRoqGHTakAwdaNORiSYSQhhgmhbZLuf8LqdFoXMWkS4kxHF0mPWZjfL9eBot9Q+dR4y/mizC6ni+jKJjTmoTNVX3VRGFkLTnZI/8y3JHoI8TgL3BJ6ui7T6Mw9Oumib5FC7IMaECbBq8XC1qHob9EG1SQFiGGmjUv87E6eNvTHaGXA8vpDqm1VthxRomGOHBA4ZnZC79j2kj1krGWmfFAI0dqpLKKlhh6zD5yJ1138XvCPQyDAwbbjhODIz25RP6V6JKQ7Vcre2EKVGdGcUWpXZXyhALihnCNDlApDGEClYb4j1dAcR6/78Un67RMd1tw4Ex4b3eKJPu5utsVZbKGwfkAb3bbYpcl1SpPq4f7bCKYUqs8/x+iSLbl/e/Vutj+B7BNfiurMsmSTTKCabH6KUvWE9qf4qXFb5Ntcr+yhVRlukl2D2W1KSaKK9/3P6luirz69S4tkywtyk+J/OkAa8nBLo5E7aVy94zIrhdoXCpbjzCPE3E4oGC99i5tiX03iNwQ3sV5z3kuOaMvEEPabKXJFWoUBj5PnW2oA51U5q05H73KpTIQf/N93yakUMteURzngdtJG/9o10MMke+34wtspbJ2wS2zQ6vw7x71FAz+DYbLDYNhsA5C1lhMBvfU71EJNKjt25IaYuBM9M8WH4Z/AgAA//99yoMbcQQAAA
objectset.rio.cattle.io/id: 79814bfc-5f04-4259-8551-cda2f6d6f525
creationTimestamp: '2025-06-06T03:30:45Z'
labels:
objectset.rio.cattle.io/hash: 04e8ad570c5220dff5354a81c1cffe944cd2208e
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:nginx.conf: {}
f:metadata:
f:annotations:
.: {}
f:objectset.rio.cattle.io/applied: {}
f:objectset.rio.cattle.io/id: {}
f:labels:
.: {}
f:objectset.rio.cattle.io/hash: {}
manager: rancher
operation: Update
time: '2025-06-06T05:03:21Z'
name: dify-bl-config
namespace: dify-min
resourceVersion: '1712744'
uid: bdbea84e-755d-4bf6-821c-5b0b07eb6001
