Kubernetes Deployment
SafeLLM provides a Helm chart for easy Kubernetes deployment.
Prerequisites
Section titled βPrerequisitesβ- Kubernetes 1.24+
- Helm 3.10+
kubectlconfigured for your cluster
Quick Start
Section titled βQuick Startβ1. Add Helm Repository
Section titled β1. Add Helm Repositoryβhelm repo add safellm https://safellm.github.io/chartshelm repo update2. Install SafeLLM OSS
Section titled β2. Install SafeLLM OSSβ# Basic installationhelm install safellm safellm/safellm-oss
# With custom namespacehelm install safellm safellm/safellm-oss -n safellm --create-namespace
# With custom valueshelm install safellm safellm/safellm-oss -f my-values.yaml3. Verify Installation
Section titled β3. Verify Installationβkubectl get pods -l app.kubernetes.io/name=safellm-osskubectl logs -l app.kubernetes.io/name=safellm-ossConfiguration
Section titled βConfigurationβBasic Values
Section titled βBasic ValuesβreplicaCount: 2
image: repository: ghcr.io/safellmio/safellm-apisix-gateway-sidecar tag: '2.0.0' # Pin to specific version!
safellm: edition: oss enableMetrics: true enableCache: true enableKeywords: true enablePII: true useFastPII: true failOpen: false shadowMode: false
resources: limits: cpu: 500m memory: 512Mi requests: cpu: 100m memory: 256MiDocker Hub alternative:
image: repository: docker.io/safellm/safellm-apisix-gateway-sidecar tag: '2.0.0'Redis Configuration
Section titled βRedis ConfigurationβBundled Redis (default)
Section titled βBundled Redis (default)βredis: enabled: true architecture: standalone auth: enabled: false master: persistence: size: 1GiExternal Redis
Section titled βExternal Redisβredis: enabled: false host: 'redis.example.com' port: 6379High Availability
Section titled βHigh AvailabilityβreplicaCount: 3
affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/name: safellm-oss topologyKey: kubernetes.io/hostnameIntegration with APISIX
Section titled βIntegration with APISIXβSafeLLM is designed to run alongside APISIX in Kubernetes.
Architecture
Section titled βArchitectureβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ Kubernetes Cluster ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€β βββββββββββββββ βββββββββββββββ βββββββββββββββ ββ β Ingress βββββΆβ APISIX βββββΆβ LLM β ββ β Controller β β Gateway β β Service β ββ βββββββββββββββ ββββββββ¬βββββββ βββββββββββββββ ββ β ββ POST /auth ββ βΌ ββ βββββββββββββββ ββ β SafeLLM β ββ β Sidecar β ββ ββββββββ¬βββββββ ββ β ββ βΌ ββ βββββββββββββββ ββ β Redis β ββ β Cache β ββ βββββββββββββββ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββAPISIX ConfigMap
Section titled βAPISIX ConfigMapβConfigure APISIX to call SafeLLM:
apiVersion: v1kind: ConfigMapmetadata: name: apisix-configdata: apisix.yaml: | routes: - uri: /v1/chat/completions plugins: serverless-pre-function: phase: rewrite functions: - | return function(conf, ctx) local http = require("resty.http") ngx.req.read_body() local body = ngx.req.get_body_data()
local httpc = http.new() local res = httpc:request_uri("http://safellm-safellm-oss:8000/auth", { method = "POST", body = body, headers = { ["Content-Type"] = "application/json" } })
if res.status == 403 then ngx.exit(403) end endMonitoring
Section titled βMonitoringβPrometheus Metrics
Section titled βPrometheus MetricsβSafeLLM exposes metrics on /metrics:
podAnnotations: prometheus.io/scrape: 'true' prometheus.io/port: '8000' prometheus.io/path: '/metrics'ServiceMonitor (if using Prometheus Operator)
Section titled βServiceMonitor (if using Prometheus Operator)βapiVersion: monitoring.coreos.com/v1kind: ServiceMonitormetadata: name: safellmspec: selector: matchLabels: app.kubernetes.io/name: safellm-oss endpoints: - port: http path: /metricsUpgrading
Section titled βUpgradingβ# Check available versionshelm search repo safellm --versions
# Upgrade to specific versionhelm upgrade safellm safellm/safellm-oss --version 2.0.0
# Upgrade with new valueshelm upgrade safellm safellm/safellm-oss -f new-values.yamlUninstalling
Section titled βUninstallingβhelm uninstall safellmTroubleshooting
Section titled βTroubleshootingβPod not starting
Section titled βPod not startingβkubectl describe pod -l app.kubernetes.io/name=safellm-osskubectl logs -l app.kubernetes.io/name=safellm-oss --previousHealth check failing
Section titled βHealth check failingβkubectl exec -it deploy/safellm-safellm-oss -- curl localhost:8000/healthRedis connection issues
Section titled βRedis connection issuesβkubectl exec -it deploy/safellm-safellm-oss -- python -c "import redis; r=redis.Redis(host='safellm-redis-master'); print(r.ping())"