From 9aa192c4f0ad14a814d91ed3e291fc97b299d77e Mon Sep 17 00:00:00 2001 From: Trayan Azarov Date: Sun, 10 Sep 2023 10:43:27 +0300 Subject: [PATCH] Auth Support (#17) * feat: Added integration workflow Refs: #1 * fix: Added kubectl wait to wait for deployment to complete Refs: #1 * fix: Some issue with service. Experimenting with listing service. Refs: #1 * fix: Fixed the service issue and added matrix testing of kube versions Refs: #1 * chore: Updated test matrix to match chart kubeVersion range >=1.24 <= 1.27 Refs: #1 * fix: Fixed chart issue with boolean flags - Added further variance to the test matrix by including allowReset and isPersistent flags (no specific tests are implemented but those are coming soon) Refs: #1 * fix: Added docker image hnswlib rebuild + sqlite3 for debugging - Added a small test to ensure chroma is up and running. - Docker image rebuilt. * docs: Added small clarification how to build/push the docker image. * chore: Added bug and feature request issue templates and docker image in ghcr Refs: #2 * feat: Backup and restore feature Refs: #6 * feat: Backup and restore feature - Adding sudo to the image for fsfreeze use Refs: #6 * feat: Backup and restore feature - Making chroma user sudoer Refs: #6 * feat: Adding tests for v0.4.5 * feat: Adding Chroma 0.4.5 support to chart * feat: Updating WFs * feat: Lowering chart requirements to k8s API 1.23.0 * feat: Adding multi-platform build * fix: Moved platforms out of the matrix and directly into platform parameter of build-push action * fix: Fixed a typo in build images workflow. * chore: Removing hnswlib reinstall to check multi-arch build * feat: Adding support for Chroma 0.4.6 * chore: Updating integration tests * feat: Updating chart version and default version to 0.4.6 * fix: chroma-hnswlib reinstall is needed as it does uniformly work across platforms. * chore: Chart version bump for hnsw lib fix * chore: Chart version bump for hnsw lib fix * feat: Support for k8s API 1.28 and Chroma 0.4.7 Refs: #14 * feat: Support for k8s API 1.28 and Chroma 0.4.7 - Bumping upper bound of chart support. - Removed isPeristent/allowReset from test matrix to reduce generated jobs. Refs: #14 * fix: Made the integration test install local copy of the chart instead of pullingit. * fix: Updating chart version to allow RC Refs: #14 * chore: Version bumps - Default Chroma version set to 0.4.7 - Chart version bump Refs: #14 * feat: Chroma auth support - Token and basic auth support - Bumping chart version - Added chroma 0.4.8 and 0.4.9 support - Minor tweaks to Dockerfile Refs: #13 * feat: Chroma auth support - Fixed image builds Refs: #13 * feat: Chroma auth support - bump wait time Refs: #13 * feat: Chroma auth support - Adding debug Refs: #13 * feat: Chroma auth support - Adding debug Refs: #13 * feat: Chroma auth support - Adding debug Refs: #13 * feat: Chroma auth support - Merging dev image build with int test Refs: #13 * feat: Chroma auth support - Fixed a typo in dev image build Refs: #13 * feat: Chroma auth support - Fixed wrong chart value in integration test. Refs: #13 * feat: Chroma auth support - Increasing wait time for pod Refs: #13 * feat: Chroma auth support - Chasing 0.4.7 bug Refs: #13 * feat: Chroma auth support - Chasing 0.4.7 bug Refs: #13 * feat: Chroma auth support - Chasing 0.4.7 bug Refs: #13 * feat: Chroma auth support - Conditional support of auth: basic (0.4.7), token (0.4.8) Refs: #13 * feat: Chroma auth support - Added full test matrix Refs: #13 * feat: Chroma auth support - Int testing is now trigger for changes in Chart, tests, Docker image Refs: #13 --- .github/workflows/build-images-dev.yml | 60 ---------------- .github/workflows/build-images.yml | 8 +-- .github/workflows/integration-test.yml | 71 ++++++++++++++++--- .github/workflows/release.yml | 1 + README.md | 64 ++++++++++++++++- charts/chromadb-chart/Chart.yaml | 4 +- charts/chromadb-chart/templates/NOTES.txt | 8 +++ charts/chromadb-chart/templates/config.yaml | 29 ++++++++ .../chromadb-chart/templates/statefulset.yaml | 41 +++++++++++ charts/chromadb-chart/values.yaml | 30 +++++++- image/Dockerfile | 10 +-- tests/test_chroma.py | 2 +- 12 files changed, 242 insertions(+), 86 deletions(-) delete mode 100644 .github/workflows/build-images-dev.yml diff --git a/.github/workflows/build-images-dev.yml b/.github/workflows/build-images-dev.yml deleted file mode 100644 index c0b65de..0000000 --- a/.github/workflows/build-images-dev.yml +++ /dev/null @@ -1,60 +0,0 @@ -name: Build Images - -on: - push: - branches: - - develop -env: - REGISTRY: ghcr.io - IMAGE_NAME: "ghcr.io/amikos-tech/chromadb-chart/chroma" - LATEST_VERSION: "0.4.7" - -jobs: - build-images: - strategy: - matrix: - chroma-version: [ 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.4.7 ] - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Log in to the Container registry - uses: docker/login-action@v2.1.0 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Docker meta - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.IMAGE_NAME }} - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Build and push release Docker image - uses: docker/build-push-action@v3.2.0 - if: ${{ env.LATEST_VERSION == matrix.chroma-version }} - with: - context: . - file: image/Dockerfile - push: true - platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64 - build-args: | - CHROMA_VERSION=${{ matrix.chroma-version }} - tags: "${{ env.IMAGE_NAME }}:${{ matrix.chroma-version }}-dev,${{ env.IMAGE_NAME }}:canary" - - name: Build and push release Docker image - uses: docker/build-push-action@v3.2.0 - if: ${{ env.LATEST_VERSION != matrix.chroma-version }} - with: - context: . - file: image/Dockerfile - push: true - platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64 - labels: ${{ steps.meta.outputs.labels }} - build- args: | - CHROMA_VERSION=${{ matrix.chroma-version }} - tags: "${{ env.IMAGE_NAME }}:${{ matrix.chroma-version }}-dev" \ No newline at end of file diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml index 31e436c..d3c2705 100644 --- a/.github/workflows/build-images.yml +++ b/.github/workflows/build-images.yml @@ -7,13 +7,13 @@ on: env: REGISTRY: ghcr.io IMAGE_NAME: "ghcr.io/amikos-tech/chromadb-chart/chroma" - LATEST_VERSION: "0.4.7" + LATEST_VERSION: "0.4.9" jobs: build-images: strategy: matrix: - chroma-version: [ 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.4.7 ] + chroma-version: [ 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.4.7, 0.4.8, 0.4.9 ] runs-on: ubuntu-latest steps: - name: Checkout @@ -42,7 +42,7 @@ jobs: context: . file: image/Dockerfile push: true - platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64 + platforms: linux/amd64,linux/arm64 build-args: | CHROMA_VERSION=${{ matrix.chroma-version }} tags: "${{ env.IMAGE_NAME }}:${{ matrix.chroma-version }},${{ env.IMAGE_NAME }}:latest" @@ -53,7 +53,7 @@ jobs: context: . file: image/Dockerfile push: true - platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64 + platforms: linux/amd64,linux/arm64 build-args: | CHROMA_VERSION=${{ matrix.chroma-version }} tags: "${{ env.IMAGE_NAME }}:${{ matrix.chroma-version }}" \ No newline at end of file diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml index 510878f..45904a6 100644 --- a/.github/workflows/integration-test.yml +++ b/.github/workflows/integration-test.yml @@ -1,19 +1,75 @@ -name: Integration test +name: Dev Image Build and Integration test on: push: branches: - - main - develop + paths: + - charts/** + - image/** + - tests/** pull_request: branches: - main +env: + REGISTRY: ghcr.io + IMAGE_NAME: "ghcr.io/amikos-tech/chromadb-chart/chroma" + LATEST_VERSION: "0.4.9" jobs: - release: + build-images: + strategy: + matrix: + chroma-version: [ 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.4.7, 0.4.8, 0.4.9 ] + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Log in to the Container registry + uses: docker/login-action@v2.1.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Docker meta + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.IMAGE_NAME }} + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Build and push release Docker image + uses: docker/build-push-action@v3.2.0 + if: ${{ env.LATEST_VERSION == matrix.chroma-version }} + with: + context: . + file: image/Dockerfile + push: true + platforms: linux/amd64,linux/arm64 + build-args: | + CHROMA_VERSION=${{ matrix.chroma-version }} + tags: "${{ env.IMAGE_NAME }}:${{ matrix.chroma-version }}-dev,${{ env.IMAGE_NAME }}:canary" + - name: Build and push release Docker image + uses: docker/build-push-action@v3.2.0 + if: ${{ env.LATEST_VERSION != matrix.chroma-version }} + with: + context: . + file: image/Dockerfile + push: true + platforms: linux/amd64,linux/arm64 + labels: ${{ steps.meta.outputs.labels }} + build-args: | + CHROMA_VERSION=${{ matrix.chroma-version }} + tags: "${{ env.IMAGE_NAME }}:${{ matrix.chroma-version }}-dev" + integration-test: + needs: build-images strategy: matrix: kubernetes-version: [1.23.0, 1.24.0, 1.27.3, v1.28.0-rc.0 ] - chroma-version: [ 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.4.7 ] + chroma-version: [ 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.4.7, 0.4.8, 0.4.9 ] runs-on: ubuntu-latest steps: - name: Checkout @@ -31,17 +87,12 @@ jobs: uses: medyagh/setup-minikube@latest with: kubernetes-version: ${{ matrix.kubernetes-version }} -# - name: Add helm repo -# run: | -# set -e -# helm repo add chromadb https://amikos-tech.github.io/chromadb-chart/ -# helm repo update - name: Install chromadb run: | set -e helm install chromadb ./charts/chromadb-chart --set chromadb.isPersistent=true \ --set chromadb.allowReset=true \ - --set chromadb.chromaVersion=${{ matrix.chroma-version }} + --set chromadb.apiVersion=${{ matrix.chroma-version }}-dev - name: Wait for deployment to be ready run: | set -e diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 29211c2..9abf870 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -51,4 +51,5 @@ jobs: context: . file: image/Dockerfile push: true + platforms: linux/amd64,linux/arm64 tags: "${{ env.IMAGE_NAME }}:latest" \ No newline at end of file diff --git a/README.md b/README.md index 72fef09..73da692 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ This chart deploys a ChromaDB Vector Store cluster on a Kubernetes cluster using - [ ] Security - the ability to secure chroma API with TLS and OIDC <- PoC completed waiting to be merged in the main repo - [ ] Backup and restore - the ability to back up and restore the index data -- [ ] Monitoring - the ability to monitor the cluster using Prometheus and Grafana +- [ ] Observability - the ability to monitor the cluster using Prometheus and Grafana ## Prerequisites @@ -71,7 +71,9 @@ helm install chroma chroma/chromadb --set chromadb.allowReset="true" | `chromadb.serverHost` | string | `0.0.0.0` | The API server host. | | `chromadb.serverHttpPort` | int | `8000` | The API server port. | | `chromadb.dataVolumeSize` | string | `1Gi` | The data volume size. | -| `chromadb.dataVolumeStorageClass` | striung | `standard` | The storage class | +| `chromadb.dataVolumeStorageClass` | string | `standard` | The storage class | +| `chromadb.auth.enabled` | boolean | `true` | A flag to enable/disable authentication in Chroma | +| `chromadb.auth.type` | string | `token` | Type of auth. Currently "token" (apiVersion>=0.4.8) and "basic" (apiVersion>=0.4.7) are supported. | ## Verifying installation @@ -91,9 +93,65 @@ docker push For this example we'll set up a Kubernetes cluster using minikube. ```bash -minikube start --addons=ingress +minikube start --addons=ingress -p chroma #create a simple minikube cluster with ingress addon +minikube profile chroma #select chroma profile in minikube as active for kubectl commands ``` +## Chroma Authentication + +> Note: Token auth is enabled by default + +By default, the chart will use a `chromadb-auth` secret in Chroma's namespace to authenticate requests. This secret is +generated at install time. + +Chroma authentication is supported for the following API versions: +- basic >= 0.4.7 +- token >= 0.4.8 + +> Note: Using auth parameters with lower version will result in auth parameters being ignored. + +### Token Auth + +Token Auth works with two types of headers that can be configured via `chromadb.auth.token.tokenHeader`: +- `AUTHORIZATION` (default) - the clients are expected to pass `Authorization: Brearer ` header +- `X-CHROMA-TOKEN` - the clients are expected to pass `X-Chroma-Token: ` header + +Get the token: + +```bash +CHROMA_TOKEN=$(kubectl --namespace default get secret chromadb-auth -o jsonpath="{.data.token}" | base64 --decode) +CHROMA_HEADER_NAME=$(kubectl --namespace default get secret chromadb-auth -o jsonpath="{.data.header}" | base64 --decode) +``` + +>Note: The above examples assume `default` namespace is used for Chroma deployment. + +Test the token: + +```bash +curl -v http://localhost:8000/api/v1/collections -H "${CHROMA_HEADER_NAME}: ${CHROMA_TOKEN}" +``` + +> Note: The above `curl` assumes a localhost forwarding is made to port 8000 + +### Basic Auth + +Get auth credentials: + +```bash +CHROMA_BASIC_AUTH_USERNAME=$(kubectl --namespace default get secret chromadb-auth -o jsonpath="{.data.username}" | base64 --decode) +CHROMA_BASIC_AUTH_PASSWORD=$(kubectl --namespace default get secret chromadb-auth -o jsonpath="{.data.password}" | base64 --decode) +``` + +>Note: The above examples assume `default` namespace is used for Chroma deployment. + +Test the token: + +```bash +curl -v http://localhost:8000/api/v1/collections -u "${CHROMA_BASIC_AUTH_USERNAME}:${CHROMA_BASIC_AUTH_PASSWORD}" +``` + +> Note: The above `curl` assumes a localhost forwarding is made to port 8000 + ## References - Helm install: https://helm.sh/docs/intro/install/ diff --git a/charts/chromadb-chart/Chart.yaml b/charts/chromadb-chart/Chart.yaml index dd87259..e4c8aa0 100644 --- a/charts/chromadb-chart/Chart.yaml +++ b/charts/chromadb-chart/Chart.yaml @@ -17,6 +17,6 @@ keywords: - ai/ml type: application -version: 0.1.14 +version: 0.1.15 # chromadb version -appVersion: "0.4.7" +appVersion: "0.4.9" diff --git a/charts/chromadb-chart/templates/NOTES.txt b/charts/chromadb-chart/templates/NOTES.txt index 319f01b..59b6362 100644 --- a/charts/chromadb-chart/templates/NOTES.txt +++ b/charts/chromadb-chart/templates/NOTES.txt @@ -20,3 +20,11 @@ echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT {{- end }} +2. To get auth credentials run: + +{{- if and .Values.chromadb.auth.enabled (eq .Values.chromadb.auth.type "token") }} +kubectl --namespace {{ .Release.Namespace }} get secret chromadb-auth -o jsonpath="{.data.token}" | base64 --decode +{{- end }} +{{- if and .Values.chromadb.auth.enabled (eq .Values.chromadb.auth.type "basic") }} +kubectl --namespace {{ .Release.Namespace }} get secret chromadb-auth -o json | jq -r '(.data.username | @base64d) + ":" + (.data.password | @base64d)' +{{- end }} \ No newline at end of file diff --git a/charts/chromadb-chart/templates/config.yaml b/charts/chromadb-chart/templates/config.yaml index f27b201..2152195 100644 --- a/charts/chromadb-chart/templates/config.yaml +++ b/charts/chromadb-chart/templates/config.yaml @@ -6,4 +6,33 @@ metadata: data: log_config.yaml: |- {{- .Files.Get "config/log_config.yaml" | nindent 4 }} +--- +{{- if and (semverCompare ">= 0.4.8" .Values.chromadb.apiVersion) .Values.chromadb.auth.enabled (eq .Values.chromadb.auth.type "token") }} +apiVersion: v1 +kind: Secret +metadata: + name: chromadb-auth + namespace: {{ .Release.Namespace }} +type: Opaque +data: + token: {{ randAlphaNum 32 | b64enc | quote }} + {{- if eq .Values.chromadb.auth.token.headerType "AUTHORIZATION" }} + header: {{ "Authorization" | b64enc | quote}} + {{- end }} + {{- if eq .Values.chromadb.auth.token.headerType "X_CHROMA_TOKEN" }} + header: {{ "X-Chroma-Token" | b64enc | quote}} + {{- end }} +{{- end }} +--- +{{- if and (semverCompare ">= 0.4.7" .Values.chromadb.apiVersion) .Values.chromadb.auth.enabled (eq .Values.chromadb.auth.type "basic") }} +apiVersion: v1 +kind: Secret +metadata: + name: chromadb-auth + namespace: {{ .Release.Namespace }} +type: Opaque +data: + username: {{ .Values.chromadb.auth.basic.username | b64enc | quote}} + password: {{ randAlphaNum 16 | b64enc | quote }} +{{- end }} --- \ No newline at end of file diff --git a/charts/chromadb-chart/templates/statefulset.yaml b/charts/chromadb-chart/templates/statefulset.yaml index 89ea32f..b39cfdc 100644 --- a/charts/chromadb-chart/templates/statefulset.yaml +++ b/charts/chromadb-chart/templates/statefulset.yaml @@ -27,6 +27,31 @@ spec: nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} + {{- if and (semverCompare ">= 0.4.7" .Values.chromadb.apiVersion) .Values.chromadb.auth.enabled (eq .Values.chromadb.auth.type "basic") }} + initContainers: + - name: generate-htpasswd + image: httpd:2 + env: + - name: CHROMA_BASIC_USER + valueFrom: + secretKeyRef: + name: chromadb-auth + key: username + - name: CHROMA_BASIC_PASSWORD + valueFrom: + secretKeyRef: + name: chromadb-auth + key: password + command: + - sh + - -c + - | + htpasswd -Bbn ${CHROMA_BASIC_USER} ${CHROMA_BASIC_PASSWORD} > /chroma/auth/server.htpasswd + chmod 444 /chroma/auth/server.htpasswd + volumeMounts: + - mountPath: /chroma/auth/ + name: htpasswd-volume + {{- end }} containers: - name: "chromadb" image: "{{ .Values.image.repository }}:{{ .Values.chromadb.apiVersion | default .Chart.AppVersion }}" @@ -62,6 +87,14 @@ spec: - name: CHROMA_SERVER_HTTP_PORT value: "{{ .Values.chromadb.serverHttpPort }}" {{- end }} + {{- if and (semverCompare ">= 0.4.8" .Values.chromadb.apiVersion) .Values.chromadb.auth.enabled (eq .Values.chromadb.auth.type "token") }} + {{- toYaml .Values.chromadb.auth.token.config.env | nindent 12 }} + - name: CHROMA_SERVER_AUTH_TOKEN_TRANSPORT_HEADER + value: {{ .Values.chromadb.auth.token.headerType }} + {{- end }} + {{- if and (semverCompare ">= 0.4.7" .Values.chromadb.apiVersion) .Values.chromadb.auth.enabled (eq .Values.chromadb.auth.type "basic") }} + {{- toYaml .Values.chromadb.auth.basic.config.env | nindent 12 }} + {{- end }} ports: - containerPort: {{ .Values.chromadb.serverHttpPort }} name: http @@ -83,6 +116,10 @@ spec: - mountPath: "{{.Values.chromadb.persistDirectory}}" name: data {{- end }} + {{- if and (semverCompare ">= 0.4.7" .Values.chromadb.apiVersion) .Values.chromadb.auth.enabled (eq .Values.chromadb.auth.type "basic") }} + - mountPath: /chroma/auth/ + name: htpasswd-volume + {{- end }} readinessProbe: tcpSocket: port: {{ .Values.chromadb.serverHttpPort }} @@ -102,6 +139,10 @@ spec: periodSeconds: {{ .Values.startupProbe.periodSeconds }} initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} volumes: + {{- if and (semverCompare ">= 0.4.7" .Values.chromadb.apiVersion) .Values.chromadb.auth.enabled (eq .Values.chromadb.auth.type "basic") }} + - name: htpasswd-volume + emptyDir: { } + {{- end }} - name: log-config configMap: name: "{{ include "chart.fullname" . }}-log-config" diff --git a/charts/chromadb-chart/values.yaml b/charts/chromadb-chart/values.yaml index ce98046..19a1dac 100644 --- a/charts/chromadb-chart/values.yaml +++ b/charts/chromadb-chart/values.yaml @@ -7,7 +7,7 @@ replicaCount: 1 image: # repository: ghcr.io/chroma-core/chroma repository: ghcr.io/amikos-tech/chromadb-chart/chroma - pullPolicy: Always + pullPolicy: IfNotPresent imagePullSecrets: [ ] nameOverride: "" @@ -93,7 +93,7 @@ startupProbe: initialDelaySeconds: 10 chromadb: - apiVersion: "0.4.7" + apiVersion: "0.4.9" allowReset: false isPersistent: true persistDirectory: /index_data @@ -107,3 +107,29 @@ chromadb: serverHttpPort: 8000 dataVolumeSize: "1Gi" dataVolumeStorageClass: "standard" + auth: + enabled: true + type: "token" # possible values: basic, token + basic: + username: "chroma" + config: + env: + - name: CHROMA_SERVER_AUTH_CREDENTIALS_PROVIDER + value: "chromadb.auth.providers.HtpasswdFileServerAuthCredentialsProvider" + - name: CHROMA_SERVER_AUTH_PROVIDER + value: "chromadb.auth.basic.BasicAuthServerProvider" + - name: CHROMA_SERVER_AUTH_CREDENTIALS_FILE + value: "/chroma/auth/server.htpasswd" + token: + headerType: "AUTHORIZATION" #possible values AUTHORIZATION, X_CHROMA_TOKEN + config: + env: + - name: CHROMA_SERVER_AUTH_CREDENTIALS + valueFrom: + secretKeyRef: + name: chromadb-auth + key: token + - name: CHROMA_SERVER_AUTH_CREDENTIALS_PROVIDER + value: "chromadb.auth.token.TokenConfigServerAuthCredentialsProvider" + - name: CHROMA_SERVER_AUTH_PROVIDER + value: "chromadb.auth.token.TokenAuthServerProvider" \ No newline at end of file diff --git a/image/Dockerfile b/image/Dockerfile index 7b2fe2e..c99b21e 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -1,18 +1,20 @@ -ARG CHROMA_VERSION=0.4.7 +ARG CHROMA_VERSION=0.4.9 FROM ghcr.io/chroma-core/chroma:${CHROMA_VERSION} as base COPY ./image/docker_entrypoint.sh /docker_entrypoint.sh +WORKDIR /chroma RUN find /chroma -mindepth 1 -maxdepth 1 ! \( -name 'chromadb' -o -name 'LICENSE' -o -name 'requirements.txt' \) -exec rm -rf {} \; && \ groupadd chroma && \ pip install virtualenv && \ - useradd -g chroma chroma && \ + useradd -g chroma -d /chroma chroma && \ python -m virtualenv /chroma/venv && \ . /chroma/venv/bin/activate && \ pip install --force-reinstall --no-cache-dir -r /chroma/requirements.txt && \ chown -R chroma:chroma /chroma && \ apt-get update -qq && apt-get install sqlite3 sudo -y && \ - echo 'chroma ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers + echo 'chroma ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers && \ + chown -R chroma:chroma /docker_entrypoint.sh EXPOSE 8000 USER chroma -WORKDIR /chroma + CMD ["/docker_entrypoint.sh"] diff --git a/tests/test_chroma.py b/tests/test_chroma.py index cb453f6..e988a0b 100644 --- a/tests/test_chroma.py +++ b/tests/test_chroma.py @@ -30,7 +30,7 @@ def get_embedding_function(): def test_chroma(): - client = chromadb.HttpClient(host="34.135.246.105", port=8000) + client = chromadb.HttpClient() client.heartbeat() # client.reset() collection = client.get_or_create_collection("all1-my-documents",