k8s部署dify

以前部署过，最近重新部署发现还是存在很多问题，这里进行记录

1.基础配置内容

配置信息和账号密码

# dify-deployment.yaml---
# Namespace
apiVersion: v1
kind: Namespace
metadata:name: dify-min---
# ConfigMap for shared environment variables
apiVersion: v1
kind: ConfigMap
metadata:name: dify-confignamespace: dify-min
data:DB_HOST: 10.42.2.49DB_NAME: difyDB_PORT: '5432'LOG_LEVEL: INFOREDIS_HOST: 172.18.11.222REDIS_PORT: '6379'# 没有redis用户的配置，需要添加用户明的调整为#redis://$(REDIS_USERNAME):$(REDIS_PASSWORD)@$(REDIS_HOST):$(REDIS_PORT)/1CELERY_BROKER_URL: redis://:$(REDIS_PASSWORD)@$(REDIS_HOST):$(REDIS_PORT)/1STORAGE_LOCAL_PATH: /app/api/storageVECTOR_STORE: weaviateWEAVIATE_API_KEY: WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkihWEAVIATE_ENDPOINT: http://$(WEAVIATE_HOST):$(WEAVIATE_PORT)WEAVIATE_HOST: dify-weaviateWEAVIATE_PORT: '8080'# 添加其他非敏感环境变量...---
# Secret for sensitive data
apiVersion: v1
kind: Secret
metadata:name: dify-secretsnamespace: dify-min
type: Opaque
data:SECRET_KEY: "c2stOWY3M3MzbGpUWFZjTVQzQmxiM2xqVHF0c0tpR0hYVmNNVDNCbGJrRkpMSzdV"  # base64 encodedDB_PASSWORD: "ZGlmeWFpMTIzNDU2"  # difyai123456REDIS_PASSWORD: "ZGlmeWFpMTIzNDU2"  # difyai123456

2.postgresql配置 

有外部接入的需自己调整ConfigMap文件

---
# PostgreSQL Deployment
apiVersion: apps/v1
kind: Deployment
metadata:name: postgresnamespace: dify-min
spec:replicas: 1selector:matchLabels:app: postgrestemplate:metadata:labels:app: postgresspec:containers:- name: postgresimage: 本地仓库/ai/postgres:15-alpineenv:- name: POSTGRES_DBvalueFrom:configMapKeyRef:name: dify-configkey: DB_NAME- name: POSTGRES_PASSWORDvalueFrom:secretKeyRef:name: dify-secretskey: DB_PASSWORDports:- containerPort: 5432volumeMounts:- mountPath: /var/lib/postgresql/dataname: postgres-datavolumes:- name: postgres-datapersistentVolumeClaim:claimName: postgres-pvc---
# PostgreSQL Service
apiVersion: v1
kind: Service
metadata:name: postgresnamespace: dify-min
spec:selector:app: postgresports:- protocol: TCPport: 5432targetPort: 5432
---
# PVCs
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: postgres-pvcnamespace: dify-min
spec:accessModes:- ReadWriteOnceresources:requests:storage: 5Gi

 3.redis配置

有外部接入的需自己调整ConfigMap文件

---
# Redis Deployment
apiVersion: apps/v1
kind: Deployment
metadata:name: redisnamespace: dify-min
spec:replicas: 1selector:matchLabels:app: redistemplate:metadata:labels:app: redisspec:containers:- name: redisimage: 本地仓库/library/redis:7.2.2-debian-11-r0env:- name: REDIS_PASSWORDvalueFrom:secretKeyRef:name: dify-secretskey: REDIS_PASSWORDcommand: ["redis-server", "--requirepass $(REDIS_PASSWORD)"]ports:- containerPort: 6379volumeMounts:- mountPath: /dataname: redis-datavolumes:- name: redis-datapersistentVolumeClaim:claimName: redis-pvc---
# Redis Service
apiVersion: v1
kind: Service
metadata:name: redisnamespace: dify-min
spec:selector:app: redisports:- protocol: TCPport: 6379targetPort: 6379
---
# pvc
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: redis-pvcnamespace: dify-min
spec:accessModes:- ReadWriteOnceresources:requests:storage: 1Gi

4.weaviate配置

有外部接入的需自己调整ConfigMap文件

 

apiVersion: apps/v1
kind: Deployment
metadata:name: redisnamespace: dify-min
spec:replicas: 1selector:matchLabels:app: weaviatetemplate:metadata:labels:app: weaviatespec:containers:- env:- name: QUERY_DEFAULTS_LIMITvalue: '25'- name: AUTHENTICATION_ANONYMOUS_ACCESS_ENABLEDvalue: 'false'- name: PERSISTENCE_DATA_PATHvalue: /var/lib/weaviate- name: DEFAULT_VECTORIZER_MODULEvalue: none- name: AUTHENTICATION_APIKEY_ENABLEDvalue: 'true'- name: AUTHENTICATION_APIKEY_ALLOWED_KEYSvalue: WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih- name: AUTHENTICATION_APIKEY_USERSvalue: hello@dify.ai- name: AUTHORIZATION_ADMINLIST_ENABLEDvalue: 'true'- name: AUTHORIZATION_ADMINLIST_USERSvalue: hello@dify.aivolumeMounts:- mountPath: /var/lib/weaviatename: weaviate-datavolumes:- name: weaviate-datapersistentVolumeClaim:claimName: weaviate-pvc
----
#PVC
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: weaviate-pvcnamespace: dify-min
spec:accessModes:- ReadWriteOnceresources:requests:storage: 1Gi

 5.api和web

---
# API Deployment
apiVersion: apps/v1
kind: Deployment
metadata:name: dify-apinamespace: dify-min
spec:replicas: 2selector:matchLabels:app: dify-apitemplate:metadata:labels:app: dify-apispec:containers:- name: apiimage: 本地仓库/ai/langgenius/dify-api:0.15.3envFrom:- configMapRef:name: dify-config- secretRef:name: dify-secretsenv:- name: MODEvalue: "api"- name: REDIS_USE_SSLvalue: 'false'- name: REDIS_DBvalue: '0'- name: WEB_API_CORS_ALLOW_ORIGINSvalue: '*'- name: CONSOLE_CORS_ALLOW_ORIGINSvalue: '*'- name: STORAGE_TYPEvalue: opendal- name: OPENDAL_SCHEMEvalue: fs- name: OPENDAL_FS_ROOTvalue: storage- name: LOG_LEVELvalue: DEBUG- name: INIT_PASSWORDvalue: password- name: MIGRATION_ENABLEDvalue: 'true'ports:- containerPort: 5001volumeMounts:- mountPath: /app/api/storagename: vol-api-datavolumes:- name: vol-api-datapersistentVolumeClaim:claimName: api-pvc
---
# API Service
apiVersion: v1
kind: Service
metadata:name: dify-apinamespace: dify-min
spec:selector:app: dify-apiports:- protocol: TCPport: 5001targetPort: 5001---
# Web Deployment
apiVersion: apps/v1
kind: Deployment
metadata:name: dify-webnamespace: dify-min
spec:replicas: 2selector:matchLabels:app: dify-webtemplate:metadata:labels:app: dify-webspec:containers:- env:- name: EDITIONvalue: SELF_HOSTED- name: CONSOLE_API_URL- name: APP_API_URL- name: SENTRY_DSN- name: NEXT_TELEMETRY_DISABLEDvalue: '0'- name: TEXT_GENERATION_TIMEOUT_MSvalue: '60000'- name: CSP_WHITELIST- name: webimage: 本地仓库/ai/langgenius/dify-web:0.15.3ports:- containerPort: 3000---
# PVC---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: api-pvcnamespace: api-pvc
spec:accessModes:- ReadWriteOnceresources:requests:storage: 5Gi

6.对外服务

简单说明下Ingress和nginx配置

• Ingress

安装过Ingress Controller有域名直接采用ingress

# Ingress (需要提前安装Ingress Controller)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: dify-ingressnamespace: dify-min
spec:rules:- host: dify.example.comhttp:paths:- path: /pathType: Prefixbackend:service:name: dify-webport:number: 80- path: /apipathType: Prefixbackend:service:name: dify-apiport:number: 5001

• nginx

1.先部署nginx

配置nginx对外

---
# Web Service 这里是对应nginx对外暴露端口
apiVersion: v1
kind: Service
metadata:name: dify-webnamespace: dify-min
spec:type: NodePortselector:app: dify-nginxports:- protocol: TCP# 自定义对外端口，port: 8888targetPort: 3000nodePort: 30080

2.配置文件写入ConfigMap

apiVersion: v1
data:nginx.conf: |user  nginx;worker_processes  auto;error_log  /var/log/nginx/error.log notice;pid        /var/run/nginx.pid;events {worker_connections  1024;}http {include       /etc/nginx/mime.types;default_type  application/octet-stream;log_format  main  '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';access_log  /var/log/nginx/access.log  main;sendfile        on;#tcp_nopush     on;keepalive_timeout  65;#gzip  on;client_max_body_size 15M;server {listen 80;server_name _;location /console/api {proxy_pass http://dify-api:5001;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;proxy_http_version 1.1;proxy_set_header Connection "";proxy_buffering off;proxy_read_timeout 3600s;proxy_send_timeout 3600s;}location /api {proxy_pass http://dify-api:5001;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;proxy_http_version 1.1;proxy_set_header Connection "";proxy_buffering off;proxy_read_timeout 3600s;proxy_send_timeout 3600s;}location /v1 {proxy_pass http://dify-api:5001;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;proxy_http_version 1.1;proxy_set_header Connection "";proxy_buffering off;proxy_read_timeout 3600s;proxy_send_timeout 3600s;}location /files {proxy_pass http://dify-api:5001;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;proxy_http_version 1.1;proxy_set_header Connection "";proxy_buffering off;proxy_read_timeout 3600s;proxy_send_timeout 3600s;}location / {proxy_pass http://dify-web;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;proxy_http_version 1.1;proxy_set_header Connection "";proxy_buffering off;proxy_read_timeout 3600s;proxy_send_timeout 3600s;}# If you want to support HTTPS, please uncomment the code snippet below#listen 443 ssl;#ssl_certificate ./../ssl/your_cert_file.cer;#ssl_certificate_key ./../ssl/your_cert_key.key;#ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;#ssl_prefer_server_ciphers on;#ssl_session_cache shared:SSL:10m;#ssl_session_timeout 10m;}}
kind: ConfigMap
metadata:annotations:objectset.rio.cattle.io/applied: >-H4sIAAAAAAAA/4STXW+rOBCG/0o014SvE3pSzlW2YVskkqBC90PbFXLMkHhjbNY2aauK/74ybSq60navwPbzzjvjGb8C6dgvqDSTAmI4B+BATQyB+BXEgYlnl0rRQAy9RjWbjVs/HsWTVCdUVackRa1Rz2akN/LHo3gUqJRUFZeH2cw7E+VxefBGmQeDAycmaojhRoqGHTakAwdaNORiSYSQhhgmhbZLuf8LqdFoXMWkS4kxHF0mPWZjfL9eBot9Q+dR4y/mizC6ni+jKJjTmoTNVX3VRGFkLTnZI/8y3JHoI8TgL3BJ6ui7T6Mw9Oumib5FC7IMaECbBq8XC1qHob9EG1SQFiGGmjUv87E6eNvTHaGXA8vpDqm1VthxRomGOHBA4ZnZC79j2kj1krGWmfFAI0dqpLKKlhh6zD5yJ1138XvCPQyDAwbbjhODIz25RP6V6JKQ7Vcre2EKVGdGcUWpXZXyhALihnCNDlApDGEClYb4j1dAcR6/78Un67RMd1tw4Ex4b3eKJPu5utsVZbKGwfkAb3bbYpcl1SpPq4f7bCKYUqs8/x+iSLbl/e/Vutj+B7BNfiurMsmSTTKCabH6KUvWE9qf4qXFb5Ntcr+yhVRlukl2D2W1KSaKK9/3P6luirz69S4tkywtyk+J/OkAa8nBLo5E7aVy94zIrhdoXCpbjzCPE3E4oGC99i5tiX03iNwQ3sV5z3kuOaMvEEPabKXJFWoUBj5PnW2oA51U5q05H73KpTIQf/N93yakUMteURzngdtJG/9o10MMke+34wtspbJ2wS2zQ6vw7x71FAz+DYbLDYNhsA5C1lhMBvfU71EJNKjt25IaYuBM9M8WH4Z/AgAA//99yoMbcQQAAAobjectset.rio.cattle.io/id: 79814bfc-5f04-4259-8551-cda2f6d6f525creationTimestamp: '2025-06-06T03:30:45Z'labels:objectset.rio.cattle.io/hash: 04e8ad570c5220dff5354a81c1cffe944cd2208emanagedFields:- apiVersion: v1fieldsType: FieldsV1fieldsV1:f:data:.: {}f:nginx.conf: {}f:metadata:f:annotations:.: {}f:objectset.rio.cattle.io/applied: {}f:objectset.rio.cattle.io/id: {}f:labels:.: {}f:objectset.rio.cattle.io/hash: {}manager: rancheroperation: Updatetime: '2025-06-06T05:03:21Z'name: dify-bl-confignamespace: dify-minresourceVersion: '1712744'uid: bdbea84e-755d-4bf6-821c-5b0b07eb6001