amikos-tech / chromadb-chart Goto Github PK

View Code? Open in Web Editor NEW

34.0 1.0 12.0 160 KB

Chart for deploying ChromaDB in Kubernetes

License: MIT License

Smarty 37.66% Dockerfile 17.67% Shell 11.99% Python 32.68%

ai chromadb cloud-native helm-chart kubernetes mlops

chromadb-chart's Introduction

ChromaDB Vector Store Kubernetes Chart

This chart deploys a ChromaDB Vector Store cluster on a Kubernetes cluster using the Helm package manager.

Roadmap

Security - the ability to secure chroma API with TLS and OIDC <- PoC completed waiting to be merged in the main repo
Backup and restore - the ability to back up and restore the index data
Observability - the ability to monitor the cluster using Prometheus and Grafana

Prerequisites

Note: These prerequisites are necessary for local testing. If you have a Kubernetes cluster already setup you can skip

Docker
Minikube
Helm

Notes on the Chart image

To make it possible and efficient to run chroma in Kubernetes we take the chroma base image ( ghcr.io/chroma-core/chroma:) and we improve on it by:

Removing unnecessary files from the /chroma dir
Improving on the docker_entrypoint.sh script to make it more suitable for running in Kubernetes

Checkout image/ dir for more details.

Installing the Chart

Setup the helm repo:

helm repo add chroma https://amikos-tech.github.io/chromadb-chart/
helm repo update
helm search repo chroma/

Update the values.yaml file to match your environment.

helm install chroma chroma/chromadb -f values.yaml

Example values.yaml file:

chromadb:
  allowReset: "true"

Alternatively you can specify each parameter using the --set key=value[,key=value] argument to helm install.

helm install chroma chroma/chromadb --set chromadb.allowReset="true"

Chart Configuration Values

Key	Type	Default	Description
`chromadb.apiVersion`	string	`0.4.24`	The ChromaDB version. Supported version `0.4.3` - `0.4.24`
`chromadb.allowReset`	boolean	`false`	Allows resetting the index (delete all data)
`chromadb.isPersistent`	boolean	`true`	A flag to control whether data is persisted
`chromadb.persistDirectory`	string	`/index_data`	The location to store the index data. This configure both chromadb and underlying persistent volume
`chromadb.logConfigFileLocation`	string	`config/log_config.yaml`	The location of the log config file. By default the on in the chart's config/ dir is taken
`chromadb.anonymizedTelemetry`	boolean	`false`	The flag to send anonymized stats using posthog. By default this is enabled in the chromadb however for user's privacy we have disabled it so it is opt-in
`chromadb.corsAllowOrigins`	list	`- "*"`	The CORS config. By default we allow all (possibly a security concern)
`chromadb.apiImpl`	string	`- "chromadb.api.segment.SegmentAPI"`	The default API impl. It uses SegmentAPI however FastAPI is also available. Note: FastAPI seems to be bugging so we discourage users to use it in releases prior or equal to 0.4.3
`chromadb.serverHost`	string	`0.0.0.0`	The API server host.
`chromadb.serverHttpPort`	int	`8000`	The API server port.
`chromadb.dataVolumeSize`	string	`1Gi`	The data volume size.
`chromadb.dataVolumeStorageClass`	string	`standard`	The storage class
`chromadb.auth.enabled`	boolean	`true`	A flag to enable/disable authentication in Chroma
`chromadb.auth.type`	string	`token`	Type of auth. Currently "token" (apiVersion>=0.4.8) and "basic" (apiVersion>=0.4.7) are supported.

Verifying installation

minikube service chroma-chromadb --url

Building the Docker image

docker build --no-cache -t <image:tag> -f image/Dockerfile .
docker push <image:tag>

Setup Kubernetes Cluster

For this example we'll set up a Kubernetes cluster using minikube.

minikube start --addons=ingress -p chroma #create a simple minikube cluster with ingress addon
minikube profile chroma #select chroma profile in minikube as active for kubectl commands

Chroma Authentication

Note: Token auth is enabled by default

By default, the chart will use a chromadb-auth secret in Chroma's namespace to authenticate requests. This secret is generated at install time.

Chroma authentication is supported for the following API versions:

basic >= 0.4.7
token >= 0.4.8

Note: Using auth parameters with lower version will result in auth parameters being ignored.

Token Auth

Token Auth works with two types of headers that can be configured via chromadb.auth.token.tokenHeader:

AUTHORIZATION (default) - the clients are expected to pass Authorization: Brearer <token> header
X-CHROMA-TOKEN - the clients are expected to pass X-Chroma-Token: <token> header

Get the token:

CHROMA_TOKEN=$(kubectl --namespace default get secret chromadb-auth -o jsonpath="{.data.token}" | base64 --decode)
CHROMA_HEADER_NAME=$(kubectl --namespace default get secret chromadb-auth -o jsonpath="{.data.header}" | base64 --decode)

Note: The above examples assume default namespace is used for Chroma deployment.

Test the token:

curl -v http://localhost:8000/api/v1/collections -H "${CHROMA_HEADER_NAME}: ${CHROMA_TOKEN}"

Note: The above curl assumes a localhost forwarding is made to port 8000

Basic Auth

Get auth credentials:

CHROMA_BASIC_AUTH_USERNAME=$(kubectl --namespace default get secret chromadb-auth -o jsonpath="{.data.username}" | base64 --decode)
CHROMA_BASIC_AUTH_PASSWORD=$(kubectl --namespace default get secret chromadb-auth -o jsonpath="{.data.password}" | base64 --decode)

Note: The above examples assume default namespace is used for Chroma deployment.

Test the token:

curl -v http://localhost:8000/api/v1/collections -u "${CHROMA_BASIC_AUTH_USERNAME}:${CHROMA_BASIC_AUTH_PASSWORD}"

Note: The above curl assumes a localhost forwarding is made to port 8000

References

Helm install: https://helm.sh/docs/intro/install/
Minikube install: https://minikube.sigs.k8s.io/docs/start/
ChromaDB: https://docs.trychroma.com/getting-started

chromadb-chart's People

Contributors

Stargazers

Watchers

Forkers

leoyamasaki rginev klicktipp bjwswang abirdcfly 9brandon2 asksai-shakudo damianoneill lalitbyteiq adityaprakash-work luizguilhermeleste idasilva

chromadb-chart's Issues

[Feature Request]: Support Chroma v0.4.21-22

Describe the problem

It would be nice to catch up with Chroma version

Describe the proposed solution

Versions 0.4.21 and 0.4.22 to be supported

Alternatives considered

No response

Importance

would make my life easier

Additional Information

No response

What happened?

Error: INSTALLATION FAILED: chart requires kubeVersion: >= 1.23.0 <= 1.27.x which is incompatible with Kubernetes v1.28.0

ChromaDB Version

0.4.3

Kubernetes Version

1.27.x

Environment details

kubectl version
Client Version: v1.28.0
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.28.0

Logs, Kubectl output, Manifests, etc.

No response

[Feature Request]: Hugging Face Embedding Server

Describe the problem

As a user I want to be able to have custom embedding function server based on HuggingFace Embedding Inference server - https://github.com/huggingface/text-embeddings-inference

Describe the proposed solution

A simple replicaset that can scale the the huggingface EF server with initial CPU support only

Alternatives considered

N/A

Importance

would make my life easier

Additional Information

No response

[Feature Request]: K8s versisions in test

Describe the problem

Support for latest k8s releases -https://kubernetes.io/releases/

Describe the proposed solution

Add new k8s releases in test matrix

Alternatives considered

No response

Importance

I cannot run the chart without it

Additional Information

No response

Crash when adding collection?

Hi! 👋 Love this, thanks for making it. I tried this simple experiment on my computer. I was able to get a heartbeat. When I tried the following however:

import chromadb

client = chromadb.HttpClient(host="127.0.0.1", port="55897")

collection = client.create_collection("test")

print(collection.count())

It crashes

terminate called after throwing an instance of 'pybind11::error_already_set'
  what():  SystemError: null argument to internal routine
/docker_entrypoint.sh: line 6:    13 Aborted                 (core dumped) uvicorn chromadb.app:app --workers 1 --host ${CHROMA_SERVER_HOST} --port ${CHROMA_SERVER_HTTP_PORT} --proxy-headers --log-config ${CHROMA_SERVER_LOG_CONFIG}

Just curious if you had run into this! thanks!

[Feature Request]: Backup and Restore

Describe the problem

Embeddings are relatively cheap but not free, and data is precious so we need a way to keep our data safe from loss in a cloud-native setting.

Describe the proposed solution

It should be possible to automatically back up and restore data.

Alternatives considered

No response

Importance

I cannot run the chart without it

Additional Information

This would take us one step closer using ChromaDB in production

[Feature Request]: More mindful release process

Describe the problem

Trigger new releases of the chart via new tags/releases in GH. Include changes made (e.g. merged PR etc)

Describe the proposed solution

New GH WF

Alternatives considered

No response

Importance

would make my life easier

Additional Information

No response

What happened?

I've installed ChromaDB with the helm chart, and enabled the ingress in values.yaml. However I'm always getting Bad Gateways 502. Is there some graphical interface which I'm supposed to see when exposing via ingress or what is it used for?
Otherwise the pod is up and running and I was able to get the token from the default secret. So am I supposed to to be able to reach it via Postman, for example, by hostname specified in my ingress and using the Authorization + Bearer token in the header of the API call? Apologies, I'm new to ChromaDB and I cannot find description on how to connect to it, how to use it and etc.
Thanks in advance!

ChromaDB Version

0.4.3

Kubernetes Version

1.26.x

Environment details

AKS, with an azure application gateway as an ingress controller.

Logs, Kubectl output, Manifests, etc.

No response

Orphan Data clean-up

About

Seems that after a reset the vector stores are left. This could be problematic as the DB can run out of space.

We suggest an opt-in approach where vector segments can be removed by a periodic clean up job.

Here's how it works

We have the following setup:

chroma@chroma-chromadb-0:/index_data$ ls -latrh
total 128K
drwxr-xr-x 2 chroma chroma 4.0K Jul 29 10:45 63d9fc32-4b60-4cec-8273-ec1eff1eb8e5
drwxr-xr-x 2 chroma chroma 4.0K Jul 29 10:48 ae040612-374b-41cb-93ae-7f737bf0ee80
drwxr-xr-x 2 chroma chroma 4.0K Jul 29 10:52 f080e2b7-d8b3-4dde-812c-5d8e653111fe
drwxr-xr-x 2 chroma chroma 4.0K Jul 29 10:52 52dbd990-3e6d-458f-838e-e226a0e20a23
drwxr-xr-x 1 root   root   4.0K Jul 29 11:00 ..
drwxr-xr-x 2 chroma chroma 4.0K Jul 29 11:04 06bd8d3d-9f7b-48c1-a5e9-425e24edc5f6
-rw-r--r-- 1 chroma chroma  96K Jul 29 11:04 chroma.sqlite3
drwxrwxrwx 7 root   root   4.0K Jul 29 11:04 .
chroma@chroma-chromadb-0:/index_data$ sqlite3 chroma.sqlite3 "select id from segments where scope='VECTOR';"
06bd8d3d-9f7b-48c1-a5e9-425e24edc5f6
chroma@chroma-chromadb-0:/index_data$

As seen from the DB query only 06bd8d3d-9f7b-48c1-a5e9-425e24edc5f6 is an active vector segment and everything else can be "safely" removed.

We'll add a chart flag which when enabled and isPersistent is set can create a cronjob that will periodically clean up.

[Feature Request]: Remove reinstall of hnsw lib

Describe the problem

We don't need to reinstall the lib as it is now (0.7.3+) delivered a binary whl.

Describe the proposed solution

Remove pip install --force-reinstall --no-cache-dir chroma-hnswlib from the entry point

Alternatives considered

N/A

Importance

would make my life easier

Additional Information

No response

[Feature Request]: Observability - metrics

Describe the problem

Endpoint metrics

Describe the proposed solution

Instrument API to add Prometheus middleware

Alternatives considered

No response

Importance

would make my life easier

Additional Information

No response

Create a test matrix for various ChromaDB configs

[Bug]: `np.float_` was removed in the NumPy 2.0 release. Use `np.float64` instead

What happened?

After switching to a new node pool we started encountering this issue. When using the 0.4.20 version we also see SyntaxWarning: "is" with a literal. Did you mean "=="?. However, when I change the image tag to 0.5.0 I can only see the numpy error.

I can see the second issue is fixed here:

chroma-core/chroma@47447b6

But I don't find anything related to the numpy issue.

ChromaDB Version

0.4.3

Kubernetes Version

1.27.x

Environment details

AKS

Logs, Kubectl output, Manifests, etc.

Collecting chroma-hnswlib
  Downloading chroma_hnswlib-0.7.3-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (252 bytes)
Collecting numpy (from chroma-hnswlib)
  Downloading numpy-2.0.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (60 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 60.9/60.9 kB 3.9 MB/s eta 0:00:00
Downloading chroma_hnswlib-0.7.3-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.4 MB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 2.4/2.4 MB 115.1 MB/s eta 0:00:00
Downloading numpy-2.0.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (19.3 MB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 19.3/19.3 MB 103.2 MB/s eta 0:00:00
Installing collected packages: numpy, chroma-hnswlib
  Attempting uninstall: numpy
    Found existing installation: numpy 1.26.4
    Uninstalling numpy-1.26.4:
      Successfully uninstalled numpy-1.26.4
  Attempting uninstall: chroma-hnswlib
    Found existing installation: chroma-hnswlib 0.7.3
    Uninstalling chroma-hnswlib-0.7.3:
      Successfully uninstalled chroma-hnswlib-0.7.3
Successfully installed chroma-hnswlib-0.7.3 numpy-2.0.0
/chroma/./chromadb/utils/embedding_functions.py:584: SyntaxWarning: "is" with a literal. Did you mean "=="?
  if self._task_type is "RETRIEVAL_DOCUMENT":
Traceback (most recent call last):
  File "/chroma/venv/bin/uvicorn", line 8, in <module>
    sys.exit(main())
  File "/chroma/venv/lib/python3.10/site-packages/click/core.py", line 1157, in __call__
    return self.main(*args, **kwargs)
  File "/chroma/venv/lib/python3.10/site-packages/click/core.py", line 1078, in main
    rv = self.invoke(ctx)
  File "/chroma/venv/lib/python3.10/site-packages/click/core.py", line 1434, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/chroma/venv/lib/python3.10/site-packages/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
  File "/chroma/venv/lib/python3.10/site-packages/uvicorn/main.py", line 408, in main
    run(
  File "/chroma/venv/lib/python3.10/site-packages/uvicorn/main.py", line 576, in run
    server.run()
  File "/chroma/venv/lib/python3.10/site-packages/uvicorn/server.py", line 60, in run
    return asyncio.run(self.serve(sockets=sockets))
  File "/usr/local/lib/python3.10/asyncio/runners.py", line 44, in run
    return loop.run_until_complete(main)
  File "uvloop/loop.pyx", line 1517, in uvloop.loop.Loop.run_until_complete
  File "/chroma/venv/lib/python3.10/site-packages/uvicorn/server.py", line 67, in serve
    config.load()
  File "/chroma/venv/lib/python3.10/site-packages/uvicorn/config.py", line 479, in load
    self.loaded_app = import_from_string(self.app)
  File "/chroma/venv/lib/python3.10/site-packages/uvicorn/importer.py", line 21, in import_from_string
    module = importlib.import_module(module_str)
  File "/usr/local/lib/python3.10/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1050, in _gcd_import
  File "<frozen importlib._bootstrap>", line 1027, in _find_and_load
  File "<frozen importlib._bootstrap>", line 992, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
  File "<frozen importlib._bootstrap>", line 1050, in _gcd_import
  File "<frozen importlib._bootstrap>", line 1027, in _find_and_load
  File "<frozen importlib._bootstrap>", line 1006, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 688, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 883, in exec_module
  File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
  File "/chroma/./chromadb/__init__.py", line 3, in <module>
    from chromadb.api.client import Client as ClientCreator
  File "/chroma/./chromadb/api/__init__.py", line 7, in <module>
    from chromadb.api.models.Collection import Collection
  File "/chroma/./chromadb/api/models/Collection.py", line 7, in <module>
    import chromadb.utils.embedding_functions as ef
  File "/chroma/./chromadb/utils/embedding_functions.py", line 3, in <module>
    from chromadb.api.types import (
  File "/chroma/./chromadb/api/types.py", line 101, in <module>
    ImageDType = Union[np.uint, np.int_, np.float_]
  File "/chroma/venv/lib/python3.10/site-packages/numpy/__init__.py", line 397, in __getattr__
    raise AttributeError(
AttributeError: `np.float_` was removed in the NumPy 2.0 release. Use `np.float64` instead.. Did you mean: 'float16'?

[Feature Request]: Support EKS, GKS and AKS

Describe the problem

Users are starting to adopt Chroma in cloud provider settings with vendor-specific version of k8s.

Describe the proposed solution

Update the chart to support EKS, GKS and AKS k8s distros.

Alternatives considered

N/A

Importance

I cannot run the chart without it

Additional Information

No response

[Bug]: 404 error on ChromaDB POST APIs

What happened?

Thank you for providing this helm chart for deploying chromadb on a kubernetes cluster. I managed to make a successful deployment. But when I test the backed APIs on swagger, I notice that the POST APIs, like creating a new collection returns a 404 - Not found error. The GET APIs seem to be working fine, and so are the heartbeat, preflightcheck APIs.

I also checked via code (python) with a HttpClient, and saw the same 404 errors when trying to create a collection. I'm not sure what's going wrong, and what resource is 'not found' during creation. There are no other errors other than the 404, and I don't see any errors in the container logs either.
Appreciate any help here. Thank you!
(ChromaDB version: 0.4.24)

ChromaDB Version

0.4.3

Kubernetes Version

1.27.x

Environment details

Managed kubernetes cluster

Logs, Kubectl output, Manifests, etc.

No response

[Feature Request]: AKS Deployment Guide

Describe the problem

Community request on how to setup Chroma in AKS

Describe the proposed solution

Deployment guide

Alternatives considered

N/A

Importance

nice to have

Additional Information

No response

[Feature Request]: Publish Images on Docker hub

Describe the problem

Add images to docker hub

Describe the proposed solution

Improve user experience

Alternatives considered

No response

Importance

would make my life easier

Additional Information

No response

[Feature Request]: Deployment example EKS

Describe the problem

be able to deploy Chroma in EKS cluster

Describe the proposed solution

Use AWS docs and/or Terraform for the automation

Alternatives considered

N/A

Importance

I cannot run the chart without it

Additional Information

No response

[Feature Request]: Auth Provider support

Describe the problem

Supporting the new auth provider feature in Chroma

Describe the proposed solution

For basic auth:

chroma-core/chroma#986

Alternatives considered

No response

Importance

I cannot run the chart without it

Additional Information

No response

[Feature Request]: Secure API Access

Describe the problem

I want to expose my chromadb instance over the internet.

Describe the proposed solution

I need two things to ensure that my Chroma instance is safe:

TLS encryption
AuthN/AuthZ, preferably external so that I can use my own SSO.

Alternatives considered

Wait for the chroma team to add this feature

Importance

I cannot run the chart without it

Additional Information

No response

[Bug]: Unable to add chart dependency

What happened?

Hi,

Installing chroma chart by adding it to the helm repo and doing a helm install, as described in your README works fine.
helm repo add chroma https://amikos-tech.github.io/chromadb-chart/

But when I add chroma as a dependency to my Chart.yaml and do a helm dependency update, I get an error saying
Error: Chart.yaml file missing

I added the dependency this way in my Chart.yaml:

dependencies:
  - name: chromadb
    version: 0.1.19
    repository: "https://amikos-tech.github.io/chromadb-chart/"

I also tried using the name of the repo I had added 'helm repo add chroma https://amikos-tech.github.io/chromadb-chart/` but that gave the same error.

dependencies:
  - name: chromadb
    version: 0.1.19
    repository: "@chroma"

Am I missing something here? Or is there an issue with pulling this chart as a dependency into my chart? Appreciate your support. Thanks!

ChromaDB Version

0.4.3

Kubernetes Version

1.27.x

Environment details

local k8s cluster

Logs, Kubectl output, Manifests, etc.

Error: Chart.yaml file is missing

[Feature Request]: Gateway API

Describe the problem

Support for Gateway API

Describe the proposed solution

Add optional config to use gateway API instead of ingress API.

Alternatives considered

No response

Importance

nice to have

Additional Information

No response

[Feature Request]: Decouple Chroma pod port from ingress port

Describe the problem

Both the ingress port and the pod configurable port share the same value from values chromadb.serverHttpPort

Describe the proposed solution

Move the ingress port to its own config in the values

Alternatives considered

N/A

Importance

nice to have

Additional Information

No response

NOFILE limit in Entrypoint/Template

Adding CHROMA_SERVER_NOFILE=65535 helps running large workloads e.g. multiple concurrent clients. It would be nice to add it to the template + entry file

[Feature Request]: Image Signing

Describe the problem

It would be nice to have some level of supply chain security

Describe the proposed solution

Sign images with cosign
Attach SBOM
Attach vulnerability scan

Alternatives considered

N/A

Importance

would make my life easier

Additional Information

No response