Self-hosting LangSmith on Kubernetes
Self-hosting LangSmith is an add-on to the Enterprise Plan designed for our largest, most security-conscious customers. See our pricing page for more detail, and contact us at sales@langchain.dev if you want to get a license key to trial LangSmith in your environment.
This guide will walk you through the process of deploying LangSmith to a Kubernetes cluster. We will use Helm to install LangSmith and its dependencies.
We've successfully tested LangSmith on the following Kubernetes distributions:
- Google Kubernetes Engine (GKE)
- Amazon Elastic Kubernetes Service (EKS)
- Azure Kubernetes Service (AKS)
- OpenShift
- Minikube and Kind (for development purposes)
Prerequisites
Ensure you have the following tools/items ready. Some items are marked optional:
-
A working Kubernetes cluster that you can access via
kubectl
. Your cluster should have the following minimum requirements:- Recommended: At least 16 vCPUs, 64GB Memory available
- You may need to tune resource requests/limits for all of our different services based off of organization size/usage
- We recommend using a cluster autoscaler to handle scaling up/down of nodes based on resource usage
- We recommend setting up the metrics server so that autoscaling can be turned on
- You must have a node with at least 4 vCPUs and 16GB of memory allocatable as ClickHouse will request this amount of resources by default.
- Valid Dynamic PV provisioner or PVs available on your cluster. You can verify this by running:
- We will be using a PostgreSQL database, Redis, and ClickHouse for storing traces. These services require persistent storage.
- If using PVs in your cluster, we highly recommend setting up backups in a production environment.
- We strongly encourage using a storage class backed by SSDs for better performance. We recommend 7000 IOPS and 1000 MiB/s throughput.
kubectl get storageclass
The output should show at least one storage class with a provisioner that supports dynamic provisioning. For example:
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
gp2 (default) kubernetes.io/aws-ebs Delete WaitForFirstConsumer true 161dnoteWe highly recommend using a storage class that supports volume expansion. This is because traces can potentially require a lot of disk space and your volumes may need to be resized over time.
Refer to the Kubernetes documentation for more information on storage classes.
- Recommended: At least 16 vCPUs, 64GB Memory available
-
Helm
- To install helm refer to the Helm documentation
-
LangSmith License Key
- You can get this from your Langchain representative. Contact us at sales@langchain.dev for more information.
-
Api Key Salt
- This is a secret key that you can generate. It should be a random string of characters.
- You can generate this using the following command:
openssl rand -base64 32
-
Egress to
https://beacon.langchain.com
(if not running in offline mode)- LangSmith requires egress to
https://beacon.langchain.com
for license verification and usage reporting. This is required for LangSmith to function properly. You can find more information on egress requirements in the Egress section.
- LangSmith requires egress to
-
Configuration
- There are several configuration options that you can set in the
langsmith_config.yaml
file. You can find more information on specific configuration options in the Configuration section. - If you are new to Kubernetes or Helm, we’d recommend starting with one of the example configurations in the examples directory of the Helm Chart repository here: LangSmith helm chart examples.
- You can see a full list of configuration options in the
values.yaml
file in the Helm Chart repository here: LangSmith Helm Chart
- There are several configuration options that you can set in the
Configure your Helm Charts:
-
Create a new file called
langsmith_config.yaml
with the configuration options from the previous step. -
At a minimum, you will need to set the following configuration options (using basic auth):
config:
langsmithLicenseKey: "<your license key>"
apiKeySalt: "<your api key salt>"
authType: mixed
basicAuth:
enabled: true
initialOrgAdminEmail: "admin@langchain.dev" # Change this to your admin email address
initialOrgAdminPassword: "secure-password" # Must be at least 12 characters long and have at least one lowercase, uppercase, and symbol
jwtSecret: <your jwt salt>
Deploying to Kubernetes:
-
Verify that you can connect to your Kubernetes cluster(note: We highly suggest installing into an empty namespace)
-
Run
kubectl get pods
Output should look something like:
kubectl get pods ⎈ langsmith-eks-2vauP7wf 21:07:46
No resources found in default namespace.
-
-
Ensure you have the Langchain Helm repo added. (skip this step if you are using local charts)
helm repo add langchain https://langchain-ai.github.io/helm/ "langchain" has been added to your repositories
If you are using a namespace other than the default namespace, you will need to specify the namespace in the helm
and kubectl
commands by using the -n <namespace
flag.
-
Run
helm install langsmith langchain/langsmith --values langsmith_config.yaml --version <version> --debug
- Replace
<your-namespace>
with the namespace you want to deploy LangSmith to. - Replace
<version>
with the version of LangSmith you want to deploy. You can find the available versions in the Helm Chart repository. We generally recommend using the latest version. Output should look something like:
NAME: langsmith
LAST DEPLOYED: Fri Sep 17 21:08:47 2021
NAMESPACE: langsmith
STATUS: deployed
REVISION: 1
TEST SUITE: None - Replace
-
Run
kubectl get pods
Output should now look something like:langsmith-backend-6ff46c99c4-wz22d 1/1 Running 0 3h2m
langsmith-frontend-6bbb94c5df-8xrlr 1/1 Running 0 3h2m
langsmith-hub-backend-5cc68c888c-vppjj 1/1 Running 0 3h2m
langsmith-playground-6d95fd8dc6-x2d9b 1/1 Running 0 3h2m
langsmith-postgres-0 1/1 Running 0 9h
langsmith-queue-5898b9d566-tv6q8 1/1 Running 0 3h2m
langsmith-redis-0 1/1 Running 0 9h
Validate your deployment:
-
Run
kubectl get services
Output should look something like:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
langsmith-backend ClusterIP 172.20.140.77 <none> 1984/TCP 35h
langsmith-frontend LoadBalancer 172.20.253.251 <external ip> 80:31591/TCP 35h
langsmith-hub-backend ClusterIP 172.20.112.234 <none> 1985/TCP 35h
langsmith-playground ClusterIP 172.20.153.194 <none> 3001/TCP 9h
langsmith-postgres ClusterIP 172.20.244.82 <none> 5432/TCP 35h
langsmith-redis ClusterIP 172.20.81.217 <none> 6379/TCP 35h -
Curl the external ip of the
langsmith-frontend
service:curl <external ip>/api/tenants
[{"id":"00000000-0000-0000-0000-000000000000","has_waitlist_access":true,"created_at":"2023-09-13T18:25:10.488407","display_name":"Personal","config":{"is_personal":true,"max_identities":1},"tenant_handle":"default"}]% -
Visit the external ip for the
langsmith-frontend
service on your browserThe LangSmith UI should be visible/operational
Using LangSmith
Now that LangSmith is running, you can start using it to trace your code. You can find more information on how to use self-hosted LangSmith in the self-hosted usage guide.
Your LangSmith instance is now running but may not be fully setup yet.
If you used one of the basic configs, you may have deployed a no-auth configuration. In this state, there is no authentication or concept of user accounts nor API keys and traces can be submitted directly without an API key so long as the hostname is passed to the LangChain tracer/LangSmith SDK.
As a next step, it is strongly recommended you work with your infrastructure administrators to:
- Setup DNS for your LangSmith instance to enable easier access.
- Configure SSL to ensure in-transit encryption of traces submitted to LangSmith
- Configure LangSmith for oauth authentication or basic authentication to secure your LangSmith instance