# k8s/ai/label-studio/secret-pg.yaml apiVersion: v1 kind: Secret metadata: { name: labelstudio-pg, namespace: ml } type: Opaque stringData: { POSTGRES_PASSWORD: "admin" } --- # k8s/ai/label-studio/secret-minio.yaml apiVersion: v1 kind: Secret metadata: { name: minio-label, namespace: ml } type: Opaque stringData: accesskey: "minioadmin" secretkey: "minioadmin" --- # k8s/ai/label-studio/deploy.yaml apiVersion: apps/v1 kind: Deployment metadata: { name: label-studio, namespace: ml } spec: replicas: 1 selector: { matchLabels: { app: label-studio } } template: metadata: { labels: { app: label-studio } } spec: containers: - name: app image: heartexlabs/label-studio:latest env: - { name: POSTGRE_NAME, value: "labelstudio" } - { name: POSTGRE_USER, value: "admin" } - name: POSTGRE_PASSWORD valueFrom: { secretKeyRef: { name: labelstudio-pg, key: POSTGRES_PASSWORD } } - { name: POSTGRE_HOST, value: "postgres.db.svc.cluster.local" } - { name: POSTGRE_PORT, value: "5432" } - { name: S3_ENDPOINT, value: "https://minio.betelgeusebytes.io" } - name: AWS_ACCESS_KEY_ID valueFrom: { secretKeyRef: { name: minio-label, key: accesskey } } - name: AWS_SECRET_ACCESS_KEY valueFrom: { secretKeyRef: { name: minio-label, key: secretkey } } - name: ALLOWED_HOSTS value: "label.betelgeusebytes.io" - name: CSRF_TRUSTED_ORIGINS value: "https://label.betelgeusebytes.io" - name: CSRF_COOKIE_SECURE value: "1" - name: SESSION_COOKIE_SECURE value: "1" ports: [{ containerPort: 8080 }] --- apiVersion: v1 kind: Service metadata: { name: label-studio, namespace: ml } spec: { selector: { app: label-studio }, ports: [ { port: 80, targetPort: 8080 } ] } --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: label-studio namespace: ml annotations: { cert-manager.io/cluster-issuer: letsencrypt-prod } spec: ingressClassName: nginx tls: [{ hosts: ["label.betelgeusebytes.io"], secretName: label-tls }] rules: - host: label.betelgeusebytes.io http: paths: - path: / pathType: Prefix backend: { service: { name: label-studio, port: { number: 80 } } }