# https://github.com/BerriAI/litellm/tree/main/deploy/charts/litellm-helm
# https://github.com/BerriAI/litellm/tree/main/litellm/proxy/example_config_yaml

masterkeySecretName: ""
masterkeySecretKey: ""

# Note: LiteLLM image requires write access to /.cache for Prisma
# Pod Security Standards must be set to "baseline" for this namespace
podSecurityContext: {}

securityContext: {}

# Resource recommendations from Goldilocks VPA
# litellm target: cpu=11m, memory=549Mi
resources:
  requests:
    cpu: 25m
    memory: 512Mi
  limits:
    cpu: 100m
    memory: 1Gi

migrationJob:
  resources:
    requests:
      cpu: 100m
      memory: 512Mi
    limits:
      memory: 1Gi

environmentSecrets:
  - apikey
{{- if .Env.LITELLM_OIDC_ENABLED }}
  - keycloak-auth
{{- end }}
{{- if .Env.LITELLM_LANGFUSE_INTEGRATION_ENABLED }}
  - langfuse-auth
{{- end }}

extraEnvVars:
{{- if .Env.LITELLM_OIDC_ENABLED }}
  - name: PROXY_BASE_URL
    value: "https://{{ .Env.LITELLM_HOST }}"
  - name: GENERIC_AUTHORIZATION_ENDPOINT
    value: "https://{{ .Env.KEYCLOAK_HOST }}/realms/{{ .Env.KEYCLOAK_REALM }}/protocol/openid-connect/auth"
  - name: GENERIC_TOKEN_ENDPOINT
    value: "https://{{ .Env.KEYCLOAK_HOST }}/realms/{{ .Env.KEYCLOAK_REALM }}/protocol/openid-connect/token"
  - name: GENERIC_USERINFO_ENDPOINT
    value: "https://{{ .Env.KEYCLOAK_HOST }}/realms/{{ .Env.KEYCLOAK_REALM }}/protocol/openid-connect/userinfo"
  - name: GENERIC_SCOPE
    value: "openid email profile"
{{- end }}
{{- if .Env.LITELLM_LANGFUSE_INTEGRATION_ENABLED }}
  - name: LANGFUSE_HOST
    value: "https://{{ .Env.LANGFUSE_HOST }}"
{{- end }}

proxy_config:
  model_list:
{{ file.Read "models.yaml" | indent 4 }}
{{- if .Env.LITELLM_LANGFUSE_INTEGRATION_ENABLED }}
  litellm_settings:
    success_callback: ["langfuse"]
    failure_callback: ["langfuse"]
{{- end }}

db:
  useExisting: true

  endpoint: postgres-cluster-rw.postgres
  database: litellm
  secret:
    name: postgres-auth
    usernameKey: username
    passwordKey: password

  deployStandalone: false

redis:
  enabled: true
  # Resource recommendations from Goldilocks VPA
  # redis target: cpu=15m, memory=100Mi
  master:
    resources:
      requests:
        cpu: 25m
        memory: 128Mi
      limits:
        cpu: 100m
        memory: 256Mi

ingress:
  enabled: true
  className: traefik
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
  hosts:
    - host: {{ .Env.LITELLM_HOST }}
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls:
    - hosts:
      - {{ .Env.LITELLM_HOST }}

{{- if .Env.MONITORING_ENABLED }}
serviceMonitor:
  enabled: true
  labels:
    release: kube-prometheus-stack
  interval: 30s
  scrapeTimeout: 10s
{{- end }}