From 487dccdcff03de29d17a5acc5e9713ef8499b6c8 Mon Sep 17 00:00:00 2001 From: Maicon Berlofa Date: Fri, 3 Jul 2026 16:29:41 -0300 Subject: [PATCH] docs(langflow): sync template standards updates --- src/data/playground-configs.ts | 44 +++++++++++++++++++++++++++++- src/pages/docs/charts/langflow.mdx | 25 ++++++++++++----- src/pages/playground.astro | 1 + 3 files changed, 62 insertions(+), 8 deletions(-) diff --git a/src/data/playground-configs.ts b/src/data/playground-configs.ts index ddd39839..d065eec9 100644 --- a/src/data/playground-configs.ts +++ b/src/data/playground-configs.ts @@ -1204,7 +1204,7 @@ export const chartConfigs: Record = { key: 'ingress.ingressClassName', type: 'select', default: 'traefik', - options: ['traefik', 'nginx'], + options: ['', 'traefik', 'nginx'], description: 'Ingress controller class', }, ], @@ -1229,6 +1229,20 @@ export const chartConfigs: Record = { }, ], }, + { + name: 'NetworkPolicy', + collapsible: true, + gateField: 'networkPolicy.enabled', + fields: [ + { + label: 'Database Egress Port', + key: 'networkPolicy.extraEgress[0].ports[0].port', + type: 'number', + default: '5432', + description: 'Additional database, provider, or proxy egress port', + }, + ], + }, ], 'envoy-gateway': [ { @@ -4533,6 +4547,34 @@ export const chartConfigs: Record = { }, ], }, + { + name: 'DNS Egress', + collapsible: true, + gateField: 'networkPolicy.enabled', + fields: [ + { + label: 'DNS Namespace', + key: 'networkPolicy.dnsEgressPeers[0].namespaceSelector.matchLabels.kubernetes\\.io/metadata\\.name', + type: 'text', + default: 'kube-system', + description: 'Namespace label for cluster DNS pods', + }, + { + label: 'DNS Pod Label', + key: 'networkPolicy.dnsEgressPeers[0].podSelector.matchLabels.k8s-app', + type: 'text', + default: 'kube-dns', + description: 'Pod label for cluster DNS', + }, + { + label: 'Extra Egress Port', + key: 'networkPolicy.extraEgress[0].ports[0].port', + type: 'number', + default: '5432', + description: 'Additional egress port', + }, + ], + }, ], vaultwarden: [ { diff --git a/src/pages/docs/charts/langflow.mdx b/src/pages/docs/charts/langflow.mdx index 1afc9793..819d0749 100644 --- a/src/pages/docs/charts/langflow.mdx +++ b/src/pages/docs/charts/langflow.mdx @@ -11,7 +11,7 @@ integrations. ## Overview -The HelmForge Langflow chart uses the official `docker.io/langflowai/langflow:1.10.0` image and exposes the web/API server on port `7860`. +The HelmForge Langflow chart uses the official `docker.io/langflowai/langflow:1.10.1` image and exposes the web/API server on port `7860`. The default deployment persists `/app/langflow` because flows, local SQLite state, provider settings, and local configuration are not stateless. The chart generates the core Langflow runtime environment: @@ -19,8 +19,8 @@ The chart generates the core Langflow runtime environment: - `LANGFLOW_HOST=0.0.0.0` - `LANGFLOW_PORT` - `LANGFLOW_CONFIG_DIR` -- `LANGFLOW_SAVE_DB_IN_CONFIG_DIR=true` -- `LANGFLOW_OPEN_BROWSER=false` +- `LANGFLOW_SAVE_DB_IN_CONFIG_DIR` +- `LANGFLOW_OPEN_BROWSER` ## Configuration Reference @@ -46,7 +46,7 @@ Storage and scaling: - `persistence.enabled`, `persistence.size`, `persistence.storageClass`: local config and SQLite storage. - `persistence.accessModes`: generated PVC access modes. Multi-replica persistent deployments require `ReadWriteMany`. -- `persistence.existingClaim`: mount an existing claim instead of creating one. +- `persistence.existingClaim`: mount an existing claim instead of creating one. With `replicaCount > 1`, the external claim controls access modes. - `persistence.mountPath`: Langflow config directory, default `/app/langflow`. - `pdb.enabled`, `pdb.minAvailable`: disruption budget for scaled deployments. @@ -54,9 +54,13 @@ Exposure and operations: - `serviceAccount.create`, `serviceAccount.name`, `serviceAccount.annotations`, `serviceAccount.automountServiceAccountToken`. - `service.type`, `service.port`, `service.annotations`, `service.ipFamilyPolicy`, `service.ipFamilies`. -- `ingress.enabled`, `ingress.ingressClassName`, `ingress.annotations`, `ingress.hosts`, `ingress.tls`. +- `ingress.enabled`, `ingress.ingressClassName`, `ingress.annotations`, `ingress.hosts`, `ingress.tls`. Set + `ingress.ingressClassName: ""` to omit `spec.ingressClassName`. - `gateway.enabled`, `gateway.parentRefs`, `gateway.hostnames`, `gateway.path`, `gateway.pathType`. -- `networkPolicy.enabled`, `networkPolicy.ingressFrom`. +- `networkPolicy.enabled`, `networkPolicy.ingressFrom`, `networkPolicy.dnsEgressPeers`, `networkPolicy.extraEgress`. + Enabling `networkPolicy.enabled` creates ingress restrictions plus egress isolation with built-in DNS and HTTPS allowances. + `networkPolicy.dnsEgressPeers` defaults to kube-system/kube-dns and can be changed for clusters with different DNS labels. + `networkPolicy.extraEgress` appends database, provider, or proxy rules after the built-in allowances. - `probes.startup`, `probes.liveness`, `probes.readiness`: enable flags and timing values. - `resources`, `podSecurityContext`, `securityContext`, `nodeSelector`, `tolerations`, `affinity`. - `topologySpreadConstraints`, `priorityClassName`, `terminationGracePeriodSeconds`. @@ -95,6 +99,13 @@ persistence: networkPolicy: enabled: true + dnsEgressPeers: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns ``` ## Secrets @@ -124,7 +135,7 @@ pdb: ``` The chart blocks `replicaCount > 1` unless `database.url` or `database.existingSecret` is configured. -When persistence stays enabled for multiple replicas, the shared config directory must use `ReadWriteMany`; the default generated +When chart-created persistence stays enabled for multiple replicas, the shared config directory must use `ReadWriteMany`; the default generated `ReadWriteOnce` PVC is rejected to avoid multi-attach failures on multi-node clusters. ## Backup diff --git a/src/pages/playground.astro b/src/pages/playground.astro index 07b8fe5b..93abb989 100644 --- a/src/pages/playground.astro +++ b/src/pages/playground.astro @@ -24,6 +24,7 @@ const siteSyncPlaygroundConfigs: Record = { 'adguard-home': 'src/data/playground-configs.ts', booklore: 'src/data/playground-configs.ts', changedetection: 'src/data/playground-configs.ts', + langflow: 'src/data/playground-configs.ts', medikeep: 'src/data/playground-configs.ts', memcached: 'src/data/playground-configs.ts', notediscovery: 'src/data/playground-configs.ts',