Merge remote-tracking branch 'origin/release'

.github/workflows/build-images.yml

@@ -64,3 +64,4 @@ jobs:
           build-args: |
             CHROMA_VERSION=${{ matrix.chroma-version }}
           tags: "${{ env.IMAGE_NAME }}:${{ matrix.chroma-version }}"
+

.github/workflows/integration-test.yml

@@ -76,8 +76,64 @@ jobs:
 #          labels: ${{ steps.meta.outputs.labels }}
 #          build-args: |
 #            CHROMA_VERSION=${{ matrix.chroma-version }}
+#          tags: "${{ env.IMAGE_NAME }}:${{ matrix.chroma-version }}-dev"
+#  build-images:
+#    strategy:
+#      matrix:
+#        chroma-version:
+#          [
+#            0.4.9,
+#            0.4.10, #pre-flight checks introduced
+#            0.4.16, #multi-tenancy introduced
+#            0.4.24,
+#            0.5.5,
+#          ]
+#    runs-on: ubuntu-latest
+#    steps:
+#      - name: Checkout
+#        uses: actions/checkout@v2
+#        with:
+#          fetch-depth: 0
+#      - name: Log in to the Container registry
+#        uses: docker/[email protected]
+#        with:
+#          registry: ${{ env.REGISTRY }}
+#          username: ${{ github.actor }}
+#          password: ${{ secrets.GITHUB_TOKEN }}
+#      - name: Docker meta
+#        id: meta
+#        uses: docker/metadata-action@v4
+#        with:
+#          images: ${{ env.IMAGE_NAME }}
+#      - name: Set up QEMU
+#        uses: docker/setup-qemu-action@v2
+#      - name: Set up Docker Buildx
+#        uses: docker/setup-buildx-action@v2
+#      - name: Build and push release Docker image
+#        uses: docker/[email protected]
+#        if: ${{ env.LATEST_VERSION == matrix.chroma-version }}
+#        with:
+#          context: .
+#          file: image/Dockerfile
+#          push: true
+#          platforms: linux/amd64,linux/arm64
+#          build-args: |
+#            CHROMA_VERSION=${{ matrix.chroma-version }}
+#          tags: "${{ env.IMAGE_NAME }}:${{ matrix.chroma-version }}-dev,${{ env.IMAGE_NAME }}:canary"
+#      - name: Build and push release Docker image
+#        uses: docker/[email protected]
+#        if: ${{ env.LATEST_VERSION != matrix.chroma-version }}
+#        with:
+#          context: .
+#          file: image/Dockerfile
+#          push: true
+#          platforms: linux/amd64,linux/arm64
+#          labels: ${{ steps.meta.outputs.labels }}
+#          build-args: |
+#            CHROMA_VERSION=${{ matrix.chroma-version }}
 #          tags: "${{ env.IMAGE_NAME }}:${{ matrix.chroma-version }}-dev"
   integration-test:
+#    needs: build-images
 #    needs: build-images
     strategy:
       matrix:
@@ -106,6 +162,10 @@ jobs:
 #      - name: Build image from Dockerfile
 #        run: |
 #          eval $(minikube docker-env)
+#          docker build -t ghcr.io/amikos-tech/chromadb-chart/chroma:${{ matrix.chroma-version }} --build-arg CHROMA_VERSION=${{ matrix.chroma-version }} -f image/Dockerfile .
+#      - name: Build image from Dockerfile
+#        run: |
+#          eval $(minikube docker-env)
 #          docker build -t ghcr.io/amikos-tech/chromadb-chart/chroma:${{ matrix.chroma-version }} --build-arg CHROMA_VERSION=${{ matrix.chroma-version }} -f image/Dockerfile .
       - name: Install chromadb
         run: |
@@ -115,6 +175,7 @@ jobs:
           --set chromadb.isPersistent=true \
           --set chromadb.allowReset=true \
           --set chromadb.apiVersion=${{ matrix.chroma-version }}
+          --set chromadb.apiVersion=${{ matrix.chroma-version }}
       - name: Wait for deployment to be ready
         run: |
           kubectl wait \

README.md

@@ -108,6 +108,7 @@ generated at install time.
 
 Chroma authentication is supported for the following API versions:
 
+
 - basic >= 0.4.7
 - token >= 0.4.8
 
@@ -117,16 +118,19 @@ Chroma authentication is supported for the following API versions:
 
 Token Auth works with two types of headers that can be configured via `chromadb.auth.token.tokenHeader`:
 
+
 - `AUTHORIZATION` (default) - the clients are expected to pass `Authorization: Brearer <token>` header
 - `X-CHROMA-TOKEN` - the clients are expected to pass `X-Chroma-Token: <token>` header
 
 Get the token:
 
+
 ```bash
 export CHROMA_TOKEN=$(kubectl --namespace default get secret chromadb-auth -o jsonpath="{.data.token}" | base64 --decode)
 export CHROMA_HEADER_NAME=$(kubectl --namespace default get configmap chroma-chromadb-token-auth-config -o jsonpath="{.data.CHROMA_AUTH_TOKEN_TRANSPORT_HEADER}")
 ```
 
+> Note: The above examples assume `default` namespace is used for Chroma deployment.
 > Note: The above examples assume `default` namespace is used for Chroma deployment.
 
 Test the token:
@@ -147,12 +151,14 @@ CHROMA_BASIC_AUTH_USERNAME=$(kubectl --namespace default get secret chromadb-aut
 CHROMA_BASIC_AUTH_PASSWORD=$(kubectl --namespace default get secret chromadb-auth -o jsonpath="{.data.password}" | base64 --decode)
 ```
 
+> Note: The above examples assume `default` namespace is used for Chroma deployment.
 > Note: The above examples assume `default` namespace is used for Chroma deployment.
 
 Test the token:
 
 ```bash
 curl -v http://localhost:8000/api/v1/collections -u "${CHROMA_BASIC_AUTH_USERNAME}:${CHROMA_BASIC_AUTH_PASSWORD}"
+curl -v http://localhost:8000/api/v1/collections -u "${CHROMA_BASIC_AUTH_USERNAME}:${CHROMA_BASIC_AUTH_PASSWORD}"
 ```
 
 > Note: The above `curl` assumes a localhost forwarding is made to port 8000

charts/chromadb-chart/templates/statefulset.yaml

@@ -9,6 +9,7 @@ spec:
   serviceName: "{{ include "chart.fullname" . }}"
   podManagementPolicy: "Parallel" # This setting means that the StatefulSet controller doesn't block applying changes until the existing Pod is READY.
   replicas: {{ .Values.replicaCount }}
+  replicas: {{ .Values.replicaCount }}
   selector:
     matchLabels:
       {{- include "chart.selectorLabels" . | nindent 6 }}
@@ -57,6 +58,10 @@ spec:
             - mountPath: /chroma/auth/
               name: htpasswd-volume
       {{- end }}
+      tolerations:
+        {{- toYaml .Values.tolerations | nindent 8 }}
+      affinity:
+        {{- toYaml .Values.affinity | nindent 8 }}
       tolerations:
         {{- toYaml .Values.tolerations | nindent 8 }}
       affinity:
@@ -75,6 +80,16 @@ spec:
                 name: {{ include "chart.fullname" . }}-basic-auth-config
                 {{- end }}
           {{- end }}
+          {{- if .Values.chromadb.auth.enabled}}
+          envFrom:
+            - configMapRef:
+                {{- if (eq .Values.chromadb.auth.type "token") }}
+                name: {{ include "chart.fullname" . }}-token-auth-config
+                {{- end }}
+                {{- if (eq .Values.chromadb.auth.type "basic") }}
+                name: {{ include "chart.fullname" . }}-basic-auth-config
+                {{- end }}
+          {{- end }}
           env:
             - name: POD_NAME
               valueFrom:

charts/chromadb-chart/values.yaml

@@ -6,6 +6,8 @@ replicaCount: 1
 
 image:
   repository: ghcr.io/chroma-core/chroma
+#  repository: ghcr.io/amikos-tech/chromadb-chart/chroma
+  repository: ghcr.io/chroma-core/chroma
 #  repository: ghcr.io/amikos-tech/chromadb-chart/chroma
   pullPolicy: IfNotPresent
 
@@ -105,6 +107,7 @@ chromadb:
   anonymizedTelemetry: false
   corsAllowOrigins:
     - "*" # TODO this might be dangerous
+    - "*" # TODO this might be dangerous
 #  apiImpl: "chromadb.api.fastapi.FastAPI" # this doesn't seem to be working.
   serverHost: "0.0.0.0"
   serverHttpPort: 8000
@@ -118,5 +121,7 @@ chromadb:
       username: "chroma"
       password: null  # The string used as the auth.basic password. Only used if value not null, otherwise a random string will be generated and used.
     token:
+      headerType: "Authorization" #possible values Authorization, X-Chroma-Token
       headerType: "Authorization" #possible values Authorization, X-Chroma-Token
       value: null # The string used as the token (value). Only used if value not null, otherwise a random string will be generated and used.
+