Canner · aryankumar04 · Jun 19, 2025 · coderabbitai · Jun 19, 2025 · coderabbitai
diff --git a/deployment/helm-chart/Chart.yaml b/deployment/helm-chart/Chart.yaml
@@ -0,0 +1,26 @@
+apiVersion: v2
+name: wren
+description: A Helm chart for Wren AI Service
+type: application
+version: 1.0.0
+appVersion: "0.22.2"
+keywords:
+  - ai
+  - analytics
+  - data
+home: https://github.com/Canner/WrenAI
+sources:
+  - https://github.com/Canner/WrenAI
+maintainers:
+  - name: Wren AI Team
+    email: [email protected]
+
+dependencies:
+  - name: qdrant
+    version: "1.14.0"
+    repository: "https://qdrant.github.io/qdrant-helm"
+    condition: qdrant.enabled
+  - name: postgresql
+    version: "15.5.30"
+    repository: "https://charts.bitnami.com/bitnami"
+    condition: postgresql.enabled
diff --git a/deployment/helm-chart/NOTES.txt b/deployment/helm-chart/NOTES.txt
@@ -0,0 +1,34 @@
+1. Get the application URL by running these commands:
+{{- if contains "NodePort" .Values.ui.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "wren-ai.fullname" . }}-ui-svc)
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.ui.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "wren-ai.fullname" . }}-ui-svc'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "wren-ai.fullname" . }}-ui-svc --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.ui.service.port }}
+{{- else if contains "ClusterIP" .Values.ui.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "wren-ai.name" . }},app.kubernetes.io/instance1. Get the application URL by running these commands:
+{{- if contains "NodePort" .Values.aiService.service.type }}
-{{- else if contains "ClusterIP" .Values.ui.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "wren-ai.name" . }},app.kubernetes.io/instance1. Get the application URL by running these commands:
-{{- if contains "NodePort" .Values.aiService.service.type }}
+{{- else if contains "ClusterIP" .Values.ui.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} \
+    -l "app.kubernetes.io/name={{ include "wren-ai.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=ui" \
+    -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME \
+    -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to access the UI"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- if contains "NodePort" .Values.aiService.service.type }}
-{{- else if contains "ClusterIP" .Values.ui.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "wren-ai.name" . }},app.kubernetes.io/instance1. Get the application URL by running these commands:
-{{- if contains "NodePort" .Values.aiService.service.type }}
+{{- else if contains "ClusterIP" .Values.ui.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} \
+    -l "app.kubernetes.io/name={{ include "wren-ai.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=ui" \
+    -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME \
+    -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to access the UI"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- if contains "NodePort" .Values.aiService.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "wren-ai.fullname" . }}-ai-service-svc)
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.aiService.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "wren-ai.fullname" . }}-ai-service-svc'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "wren-ai.fullname" . }}-ai-service-svc --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.aiService.service.port }}
+{{- else if contains "ClusterIP" .Values.aiService.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "wren-ai.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=ai-service" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}
+
+Service Details:
+- AI Service Port: {{ .Values.config.ports.aiService }}
+- Replicas: {{ .Values.aiService.replicaCount }}
+- Version: {{ .Values.global.versions.aiService }}
+
+For more information about Wren AI, visit: https://docs.getwren.ai
diff --git a/deployment/helm-chart/README.md b/deployment/helm-chart/README.md
@@ -0,0 +1,122 @@
+# Deployment of Wren AI to Kubernetes with Helm Chart
+1. Ensure you satisfy the dependencies required to deploy Wren AI.
+2. Adjust the values accordingly to fit your Kubernetes environment.
+3. Secrets vales can be deployed together or separately.
+Note: Without authentication, once you publish this on the internet, anyone can access your app, see your data, and modify your settings!
+
+## Dependencies used in this kustomization:
+- nginx.ingress
+- external-dns
+- cert-manager
+- kubectl
+- helm 
+
+## Steps to deploy:
+
+`Suggestion`: Before deploying, check out the Helm values in the `deployment/helm ` file and modify them to suit your Kubernetes environment.
+
+The `deployment/helm` folder contains a `values.yaml` file that will inflate the manifests into a `deployment/helm/template` files used to deploy the app to your Kubernetes cluster.
+
+```shell
+# Clone the repository with Helm chart
+git clone https://github.com/Canner/WrenAI.git
+cd WrenAI
+
+# Create namespace
+kubectl create namespace wren
+
+# !!!!!!!!!!!!
+# OPENAI_API_KEY or GEMINI_API_KEY is REQUIRED: without a valid key the wren-ai-service pod will not start
+# You must update PG_URL, otherwise wren-ui will not work
+
+# MODIFY/GENERATE values of secret and apply kubectl command to create secret (recommended for production)
+
+# Generate secure passwords
+OPENAI_API_KEY=UkVRVUlSRUQ6IHNrLXByb2otYWxsLWFjY2Vzcy1wbGFjZWhvbGRlci00LXdyZW4tYWktc2VydmljZS1kZXBsb3ltZW50
+PG_USERNAME=wrenai
+PG_PASSWORD=$(openssl rand -base64 32)
+PG_ADMIN_PASSWORD=$(openssl rand -base64 32)
+PG_URL=postgres://wrenai-user:wrenai-pass@wren-postgresql:5432/wrenai
+LANGFUSE_PUBLIC_KEY=VUlSYWxsLWFjRUQ6IHNrLtdmljZS1kZXBYWxsLWFktc2VydmljZS13ltZW50
+LANGFUSE_SECRET_KEY=UQ6IHNrLsLWFjtYWxsLWFdmljZS1kZXBktVUlSRUQ6IHNrLXByHNYWxsLWFj
+POSTHOG_API_KEY=YWxsLWZS1kZXBYWxsLWFkHNrLXByb2oYWxsLWFjtc2VydmljZS1kZXHNrLXByb2o
+USER_UUID=$(openssl rand -base64 32)
-OPENAI_API_KEY=UkVRVUlSRUQ6IHNrLXByb2otYWxsLWFjY2Vzcy1wbGFjZWhvbGRlci00LXdyZW4tYWktc2VydmljZS1kZXBsb3ltZW50
-PG_USERNAME=wrenai
-PG_PASSWORD=$(openssl rand -base64 32)
-PG_ADMIN_PASSWORD=$(openssl rand -base64 32)
-PG_URL=postgres://wrenai-user:wrenai-pass@wren-postgresql:5432/wrenai
-LANGFUSE_PUBLIC_KEY=VUlSYWxsLWFjRUQ6IHNrLtdmljZS1kZXBYWxsLWFktc2VydmljZS13ltZW50
-LANGFUSE_SECRET_KEY=UQ6IHNrLsLWFjtYWxsLWFdmljZS1kZXBktVUlSRUQ6IHNrLXByHNYWxsLWFj
-POSTHOG_API_KEY=YWxsLWZS1kZXBYWxsLWFkHNrLXByb2oYWxsLWFjtc2VydmljZS1kZXHNrLXByb2o
-USER_UUID=$(openssl rand -base64 32)
+OPENAI_API_KEY=<YOUR_OPENAI_API_KEY>
+PG_USERNAME=wrenai
+PG_PASSWORD=$(openssl rand -base64 32)
+PG_ADMIN_PASSWORD=$(openssl rand -base64 32)
+PG_URL=postgres://wrenai-user:wrenai-pass@wren-postgresql:5432/wrenai
+LANGFUSE_PUBLIC_KEY=<YOUR_LANGFUSE_PUBLIC_KEY>
+LANGFUSE_SECRET_KEY=<YOUR_LANGFUSE_SECRET_KEY>
+POSTHOG_API_KEY=<YOUR_POSTHOG_API_KEY>
+USER_UUID=$(openssl rand -base64 32)
-OPENAI_API_KEY=UkVRVUlSRUQ6IHNrLXByb2otYWxsLWFjY2Vzcy1wbGFjZWhvbGRlci00LXdyZW4tYWktc2VydmljZS1kZXBsb3ltZW50
-PG_USERNAME=wrenai
-PG_PASSWORD=$(openssl rand -base64 32)
-PG_ADMIN_PASSWORD=$(openssl rand -base64 32)
-PG_URL=postgres://wrenai-user:wrenai-pass@wren-postgresql:5432/wrenai
-LANGFUSE_PUBLIC_KEY=VUlSYWxsLWFjRUQ6IHNrLtdmljZS1kZXBYWxsLWFktc2VydmljZS13ltZW50
-LANGFUSE_SECRET_KEY=UQ6IHNrLsLWFjtYWxsLWFdmljZS1kZXBktVUlSRUQ6IHNrLXByHNYWxsLWFj
-POSTHOG_API_KEY=YWxsLWZS1kZXBYWxsLWFkHNrLXByb2oYWxsLWFjtc2VydmljZS1kZXHNrLXByb2o
-USER_UUID=$(openssl rand -base64 32)
+OPENAI_API_KEY=<YOUR_OPENAI_API_KEY>
+PG_USERNAME=wrenai
+PG_PASSWORD=$(openssl rand -base64 32)
+PG_ADMIN_PASSWORD=$(openssl rand -base64 32)
+PG_URL=postgres://wrenai-user:wrenai-pass@wren-postgresql:5432/wrenai
+LANGFUSE_PUBLIC_KEY=<YOUR_LANGFUSE_PUBLIC_KEY>
+LANGFUSE_SECRET_KEY=<YOUR_LANGFUSE_SECRET_KEY>
+POSTHOG_API_KEY=<YOUR_POSTHOG_API_KEY>
+USER_UUID=$(openssl rand -base64 32)
+
+kubectl create secret generic wrenai-secrets \
+  --from-literal=OPENAI_API_KEY=$OPENAI_API_KEY \
+  --from-literal=PG_USERNAME=$PG_USERNAME \
+  --from-literal=PG_PASSWORD=$PG_PASSWORD \
+  --from-literal=PG_ADMIN_PASSWORD=$PG_ADMIN_PASSWORD \
+  --from-literal=PG_URL=$PG_URL \
+  --from-literal=LANGFUSE_PUBLIC_KEY=$LANGFUSE_PUBLIC_KEY \
+  --from-literal=LANGFUSE_SECRET_KEY=$LANGFUSE_SECRET_KEY \
+  --from-literal=POSTHOG_API_KEY=$POSTHOG_API_KEY \
+  --from-literal=USER_UUID=$USER_UUID \
+  -n wren
+
+
+# Download Wren AI dependency charts like Qdrant or postgresql
+helm dependency build ./deployment/helm
+
+# Deploy Wren AI with Helm
+helm upgrade --install wrenai ./deployment/helm \
+  --namespace wren \
+  -f deployment/helm/values.yaml \
+
+kubectl get pods -n wren
+```
+
+### Notes on Helm:
+- `deployment/helm/values.yaml` is the main file responsible for versions of other apps such as Qdrant and PostgreSQL, version of your Wren AI app. It also combines resourses from the manifest such as ConfigMaps, Deployments, and Services. And example Ingress and Secrets.
+- `deployment/helm/template` is the manifests folder that contains the core Wren AI manifest templates, its less likely you need to modify them, but check just in case
+- `deployment/helm/charts` is directory contains any dependent Helm charts (subcharts) required by Wren AI, such as PostgreSQL or Qdrant. These dependencies are either added manually or using `helm dependency add`, and they are used to deploy third-party services alongside Wren AI.
+- `deployment/helm/Chart.yaml` This file defines the metadata for the Helm chart used to deploy Wren AI. It includes the chart name, version, application version, dependencies and a description. Helm uses this file to identify and manage the chart during installation and upgrades.
+
+#### Wren-UI Database
+Starting with wren-ui version 0.6.0 by default the postgres database is used for wren-ui in this helm chart and will be installed in the same namespace as wren-ai.
+- `postgres`: Database that will be installed in the same namespace as wren-ai. You *must* update `PG_URL` in the Secret manifest.
+
+Example: `PG_URL: "postgres://wrenai-user:wrenai-pass@wren-postgresql:5432/wrenai"`
+- `postgres://`        This is the protocol. It tells the system that you’re connecting to a PostgreSQL database.
+- `wrenai-user:wrenai-pass`  These are the username(first) and password(second) for the database respectively, separated by a colon. In this case, both the username and password are “postgres”.
+- `@wren-postgresql`   This is the hostname of the database server. "wren-postgresql" means the database server is running in a Kubernetes cluster and it is named "wren-postgresql" in the *same* namespace. If you are using another namespace you must provide the full hostname, example: `wren-postgresql.wrenai.svc.cluster.local`, "wrenai" is the namespace name, "svc.cluster.local" is the default domain name for Kubernetes services no need to change it.
+- `:5432`              This is the port number. PostgreSQL servers listen on port 5432 by default.
+- `/wrenai`          This is the name of the database you’re connecting to. In this case, the database name is `wrenai`. It can be found in the helm values file in the auth.database parameter.
+
+# Minikube
+Prepare your k8s environment. Then use the `Steps to deploy` section to deploy Wren AI app into your k8s.
+```shell
+minikube start
+minikube addons enable ingress
+minikube addons enable metallb
+minikube kubectl -- get nodes
+minikube kubectl -- get pods -A
+
+minikube update-context
+helm repo add bitnami https://charts.bitnami.com/bitnami
+helm repo update
+helm install external-dns bitnami/external-dns
+helm install \
+  external-dns bitnami/external-dns \
+  --namespace external-dns \
+  --version 7.5.2 \
+  --create-namespace \
+  --set installCRDs=true
+kubectl get pods -n external-dns
+
+helm repo add jetstack https://charts.jetstack.io
+helm repo update
+helm install \
+  cert-manager jetstack/cert-manager \
+  --namespace cert-manager \
+  --version v1.13.6 \
+  --create-namespace \
+  --set installCRDs=true
+kubectl get pods -n cert-manager
+
+##########
+# Use the `Steps to deploy` section to continue as you would on a production k8s cluster.
+```
+
+# GitOps Patches
+In the [patches](./patches) folder you can find usefull kustomization examples files if you wish to use existing official kustomization directly from this repo as a base kustomization layer and only customize some values. It can be usefull for you GitOps workflow and can be used in conjunction with FluxCD or ArgoCD.
diff --git a/deployment/helm-chart/templates/_helpers.tpl b/deployment/helm-chart/templates/_helpers.tpl
@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "wren-ai.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "wren-ai.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "wren-ai.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "wren-ai.labels" -}}
+helm.sh/chart: {{ include "wren-ai.chart" . }}
+{{ include "wren-ai.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "wren-ai.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "wren-ai.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
diff --git a/deployment/helm-chart/templates/ai-service-deployment.yaml b/deployment/helm-chart/templates/ai-service-deployment.yaml
@@ -0,0 +1,117 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "wren-ai.fullname" . }}-ai-service
+  labels:
+    {{- include "wren-ai.labels" . | nindent 4 }}
+    app.kubernetes.io/component: ai-service
+spec:
+  replicas: {{ default 1 .Values.aiService.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "wren-ai.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: ai-service
+  template:
+    metadata:
+      labels:
+        {{- include "wren-ai.selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/component: ai-service
+    spec:
+      {{- with .Values.aiService.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.aiService.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.aiService.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: wren-ai-service
+          image: "{{ .Values.aiService.image.repository }}:{{ .Values.aiService.image.tag | default .Values.global.versions.aiService}}"
+          imagePullPolicy: {{ .Values.aiService.image.pullPolicy }}
+          volumeMounts:
+            - name: config-volume
+              mountPath: /app/data
+          env:
+            - name: WREN_AI_SERVICE_PORT
+              value: {{ .Values.config.ports.aiService | quote }}
+            {{- if .Values.secrets.createFromValues }}
+              {{- if .Values.secrets.values.OPENAI_API_KEY }}
+            - name: OPENAI_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "wren-ai.fullname" . }}-secret
+                  key: OPENAI_API_KEY
+              {{- else if .Values.secrets.values.GEMINI_API_KEY }}
+            - name: GEMINI_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "wren-ai.fullname" . }}-secret
+                  key: GEMINI_API_KEY
+              {{- end }}
+            {{- else }}
+            - name: OPENAI_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.secrets.existingSecretName }}
+                  key: OPENAI_API_KEY
+                  optional: true
+            - name: GEMINI_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.secrets.existingSecretName }}
+                  key: GEMINI_API_KEY
+                  optional: true
+            {{- end }}
+            - name: QDRANT_HOST
+              value: {{ default (printf "%s-qdrant" .Release.Name) .Values.config.documentStore.qdrantHost | quote }}
+            - name: LOGGING_LEVEL
+              value: {{ .Values.config.logging.level | quote }}
+            - name: WREN_UI_ENDPOINT
+              value: {{ .Values.config.endpoints.ui | quote }}
+            - name: PYTHONUNBUFFERED
+              value: {{ .Values.aiService.env.pythonUnbuffered | quote }}
+            {{- if .Values.pipeline.settings.langfuseEnable }}
+            - name: LANGFUSE_PUBLIC_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ if .Values.secrets.useExistingSecret }}{{ .Values.secrets.existingSecretName }}{{ else }}{{ include "wren-ai.fullname" . }}-secret{{ end }}
+                  key: LANGFUSE_PUBLIC_KEY
+            - name: LANGFUSE_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ if .Values.secrets.useExistingSecret }}{{ .Values.secrets.existingSecretName }}{{ else }}{{ include "wren-ai.fullname" . }}-secret{{ end }}
+                  key: LANGFUSE_SECRET_KEY
+            - name: LANGFUSE_HOST
+              value: {{ .Values.pipeline.settings.langfuseHost | quote }}
+            {{- end }}
+            - name: CONFIG_PATH
+              value: {{ .Values.aiService.env.configPath | quote }}
+            {{- if .Values.config.telemetry.enabled }}
+            - name: POSTHOG_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ if .Values.secrets.useExistingSecret }}{{ .Values.secrets.existingSecretName }}{{ else }}{{ include "wren-ai.fullname" . }}-secret{{ end }}
+                  key: POSTHOG_API_KEY
+            - name: POSTHOG_HOST
+              value: {{ .Values.config.telemetry.posthogHost | quote }}
+            {{- end }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.config.ports.aiService }}
+              protocol: TCP
+          {{- with .Values.aiService.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      volumes:
+        - name: config-volume
+          configMap:
+            name: {{ include "wren-ai.fullname" . }}-ai-service-config
+            items:
+              - key: config.yaml
+                path: config.yaml