# dify-k8s **Repository Path**: wheelman/dify-k8s ## Basic Information - **Project Name**: dify-k8s - **Description**: dify 在k8s下的部署 - **Primary Language**: Unknown - **License**: GPL-3.0 - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 1 - **Forks**: 2 - **Created**: 2024-09-25 - **Last Updated**: 2025-02-26 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # dify-kubernetes Deploy [Dify](https://dify.ai/) on Kubernetes > Star 🌟 if this repo help you ~~ ## Development Plan ### Add ssrf proxy component Integrated ssrf proxy component into `dify-deployment.yaml` and `dify-mirror-deployment.yaml`. You can get files in `dify/middleware`. ### Other vector database **Welcome PR!** I have a development plan for this and will start in October 2024. You can get files in `dify/database`. I create a new branch for HA database setup which is `feature/dify-database-HA-setup`, and a folder `database-ha` under folder `dify`. Feel free to add files if you want to contribute to HA database! ## How to use ```shell git clone https://gitee.com/wheelman/dify-k8s.git kubectl apply -f dify-deployment.yaml ``` After Deployed, you can visit the dify web site via nodeport at `http://$(PUBLIC_IP):30000`, the **default init password** is `password`, or you can deploy a ingress to your cluster. ```yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: dify-ingress namespace: dify spec: ingressClassName: "traefik" rules: - host: dify.example.com http: paths: - path: / pathType: Prefix backend: service: name: dify-nginx port: number: 80 - path: /api pathType: Prefix backend: service: name: dify-nginx port: number: 80 - path: /console/api pathType: Prefix backend: service: name: dify-nginx port: number: 80 - path: /v1 pathType: Prefix backend: service: name: dify-nginx port: number: 80 - path: /files pathType: Prefix backend: service: name: dify-nginx port: number: 80 tls: - secretName: dify-tls ``` If you want to expose dify api, uninstall nginx component and deploy a ingress below, if you use nginx ingress controller, change this yaml file. ```yaml # Traefik Ingress Route without nginx reverse proxy apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: dify-ingressroute namespace: dify spec: entryPoints: - web - websecure routes: - kind: Rule # console web url match: Host(`dify.example.com`) && PathPrefix(`/`) middlewares: - name: ingress-cors services: - name: dify-web port: 3000 - kind: Rule # app web url match: Host(`difyapp.example.com`) && PathPrefix(`/`) middlewares: - name: ingress-cors services: - name: dify-web port: 3000 - kind: Rule # service api url match: Host(`difyapi.example.com`) && PathPrefix(`/`) middlewares: - name: ingress-cors services: - name: dify-api port: 5001 - kind: Rule # console api url match: Host(`consoleapi.example.com`) && PathPrefix(`/`) middlewares: - name: ingress-cors services: - name: dify-api port: 5001 - kind: Rule # app api url match: Host(`appapi.example.com`) && PathPrefix(`/`) middlewares: - name: ingress-cors services: - name: dify-api port: 5001 tls: secretName: dify-tls # Traefik Middleware for Ingress --- apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: name: ingress-cors namespace: dify spec: headers: accessControlAllowCredentials: true accessControlAllowMethods: - "GET" - "OPTIONS" - "PUT" - "POST" - "DELETE" - "PATCH" accessControlAllowHeaders: # - "*" - "Content-Type" - "authorization" - "x-app-code" accessControlAllowOriginList: # - "*" - "https://consoleapi.example.com" - "https://dify.example.com" - "https://difyapi.example.com" - "https://difyapp.example.com" - "https://appapi.example.com" accessControlMaxAge: 100 addVaryHeader: true ```