mirror of
https://github.com/open-webui/helm-charts
synced 2025-06-09 08:07:00 +00:00
commit
1647c29b02
@ -1,6 +1,6 @@
|
|||||||
# open-webui
|
# open-webui
|
||||||
|
|
||||||
 
|
 
|
||||||
|
|
||||||
Open WebUI: A User-Friendly Web Interface for Chat Interactions 👋
|
Open WebUI: A User-Friendly Web Interface for Chat Interactions 👋
|
||||||
|
|
||||||
@ -40,6 +40,71 @@ helm upgrade --install open-webui open-webui/open-webui
|
|||||||
|
|
||||||
## Values
|
## Values
|
||||||
|
|
||||||
|
### SSO Configuration
|
||||||
|
|
||||||
|
| Key | Type | Default | Description |
|
||||||
|
|-----|------|---------|-------------|
|
||||||
|
| sso.enableGroupManagement | bool | `false` | Enable OAuth group management through access token groups claim |
|
||||||
|
| sso.enableRoleManagement | bool | `false` | Enable OAuth role management through access token roles claim |
|
||||||
|
| sso.enableSignup | bool | `false` | Enable account creation when logging in with OAuth (distinct from regular signup) |
|
||||||
|
| sso.enabled | bool | `false` | **Enable SSO authentication globally** must enable to use SSO authentication |
|
||||||
|
| sso.groupManagement.groupsClaim | string | `"groups"` | The claim that contains the groups (can be nested, e.g., user.memberOf) |
|
||||||
|
| sso.mergeAccountsByEmail | bool | `false` | Allow logging into accounts that match email from OAuth provider (considered insecure) |
|
||||||
|
|
||||||
|
### GitHub OAuth configuration
|
||||||
|
|
||||||
|
| Key | Type | Default | Description |
|
||||||
|
|-----|------|---------|-------------|
|
||||||
|
| sso.github.clientId | string | `""` | GitHub OAuth client ID |
|
||||||
|
| sso.github.clientSecret | string | `""` | GitHub OAuth client secret |
|
||||||
|
| sso.github.enabled | bool | `false` | Enable GitHub OAuth |
|
||||||
|
|
||||||
|
### Google OAuth configuration
|
||||||
|
|
||||||
|
| Key | Type | Default | Description |
|
||||||
|
|-----|------|---------|-------------|
|
||||||
|
| sso.google.clientId | string | `""` | Google OAuth client ID |
|
||||||
|
| sso.google.clientSecret | string | `""` | Google OAuth client secret |
|
||||||
|
| sso.google.enabled | bool | `false` | Enable Google OAuth |
|
||||||
|
|
||||||
|
### Microsoft OAuth configuration
|
||||||
|
|
||||||
|
| Key | Type | Default | Description |
|
||||||
|
|-----|------|---------|-------------|
|
||||||
|
| sso.microsoft.clientId | string | `""` | Microsoft OAuth client ID |
|
||||||
|
| sso.microsoft.clientSecret | string | `""` | Microsoft OAuth client secret |
|
||||||
|
| sso.microsoft.enabled | bool | `false` | Enable Microsoft OAuth |
|
||||||
|
| sso.microsoft.tenantId | string | `""` | Microsoft tenant ID - use 9188040d-6c67-4c5b-b112-36a304b66dad for personal accounts |
|
||||||
|
|
||||||
|
### OIDC configuration
|
||||||
|
|
||||||
|
| Key | Type | Default | Description |
|
||||||
|
|-----|------|---------|-------------|
|
||||||
|
| sso.oidc.clientId | string | `""` | OIDC client ID |
|
||||||
|
| sso.oidc.clientSecret | string | `""` | OIDC client secret |
|
||||||
|
| sso.oidc.enabled | bool | `false` | Enable OIDC authentication |
|
||||||
|
| sso.oidc.providerName | string | `"SSO"` | Name of the provider to show on the UI |
|
||||||
|
| sso.oidc.providerUrl | string | `""` | OIDC provider well known URL |
|
||||||
|
| sso.oidc.scopes | string | `"openid email profile"` | Scopes to request (space-separated). |
|
||||||
|
|
||||||
|
### Role management configuration
|
||||||
|
|
||||||
|
| Key | Type | Default | Description |
|
||||||
|
|-----|------|---------|-------------|
|
||||||
|
| sso.roleManagement.adminRoles | string | `""` | Comma-separated list of roles allowed to log in as admin (receive open webui role admin) |
|
||||||
|
| sso.roleManagement.allowedRoles | string | `""` | Comma-separated list of roles allowed to log in (receive open webui role user) |
|
||||||
|
| sso.roleManagement.rolesClaim | string | `"roles"` | The claim that contains the roles (can be nested, e.g., user.roles) |
|
||||||
|
|
||||||
|
### SSO trusted header authentication
|
||||||
|
|
||||||
|
| Key | Type | Default | Description |
|
||||||
|
|-----|------|---------|-------------|
|
||||||
|
| sso.trustedHeader.emailHeader | string | `""` | Header containing the user's email address |
|
||||||
|
| sso.trustedHeader.enabled | bool | `false` | Enable trusted header authentication |
|
||||||
|
| sso.trustedHeader.nameHeader | string | `""` | Header containing the user's name (optional, used for new user creation) |
|
||||||
|
|
||||||
|
### Other Values
|
||||||
|
|
||||||
| Key | Type | Default | Description |
|
| Key | Type | Default | Description |
|
||||||
|-----|------|---------|-------------|
|
|-----|------|---------|-------------|
|
||||||
| affinity | object | `{}` | Affinity for pod assignment |
|
| affinity | object | `{}` | Affinity for pod assignment |
|
||||||
@ -56,7 +121,7 @@ helm upgrade --install open-webui open-webui/open-webui
|
|||||||
| image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/open-webui/open-webui","tag":""}` | Open WebUI image tags can be found here: https://github.com/open-webui/open-webui |
|
| image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/open-webui/open-webui","tag":""}` | Open WebUI image tags can be found here: https://github.com/open-webui/open-webui |
|
||||||
| imagePullSecrets | list | `[]` | Configure imagePullSecrets to use private registry ref: <https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry> |
|
| imagePullSecrets | list | `[]` | Configure imagePullSecrets to use private registry ref: <https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry> |
|
||||||
| ingress.additionalHosts | list | `[]` | |
|
| ingress.additionalHosts | list | `[]` | |
|
||||||
| ingress.annotations | object | `{}` | Use appropriate annotations for your Ingress controller, e.g., for NGINX: |
|
| ingress.annotations | object | `{}` | Use appropriate annotations for your Ingress controller, e.g., for NGINX: |
|
||||||
| ingress.class | string | `""` | |
|
| ingress.class | string | `""` | |
|
||||||
| ingress.enabled | bool | `false` | |
|
| ingress.enabled | bool | `false` | |
|
||||||
| ingress.existingSecret | string | `""` | |
|
| ingress.existingSecret | string | `""` | |
|
||||||
@ -112,7 +177,7 @@ helm upgrade --install open-webui open-webui/open-webui
|
|||||||
| volumes | list | `[]` | Configure pod volumes ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-volume-storage/> |
|
| volumes | list | `[]` | Configure pod volumes ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-volume-storage/> |
|
||||||
| websocket.enabled | bool | `false` | Enables websocket support in Open WebUI with env `ENABLE_WEBSOCKET_SUPPORT` |
|
| websocket.enabled | bool | `false` | Enables websocket support in Open WebUI with env `ENABLE_WEBSOCKET_SUPPORT` |
|
||||||
| websocket.manager | string | `"redis"` | Specifies the websocket manager to use with env `WEBSOCKET_MANAGER`: redis (default) |
|
| websocket.manager | string | `"redis"` | Specifies the websocket manager to use with env `WEBSOCKET_MANAGER`: redis (default) |
|
||||||
| websocket.redis | object | `{"affinity":{},"annotations":{},"args":[],"command":[],"enabled":true,"image":{"pullPolicy":"IfNotPresent","repository":"redis","tag":"7.4.2-alpine3.21"},"labels":{},"name":"open-webui-redis","pods":{"annotations":{}},"resources":{},"service":{"annotations":{},"containerPort":6379,"labels":{},"nodePort":"","port":6379,"type":"ClusterIP"},"tolerations":[]}` | Deploys a redis |
|
| websocket.redis | object | `{"affinity":{},"annotations":{},"args":[],"command":[],"enabled":true,"image":{"pullPolicy":"IfNotPresent","repository":"redis","tag":"7.4.2-alpine3.21"},"labels":{},"name":"open-webui-redis","pods":{"annotations":{}},"resources":{},"securityContext":{},"service":{"annotations":{},"containerPort":6379,"labels":{},"nodePort":"","port":6379,"type":"ClusterIP"},"tolerations":[]}` | Deploys a redis |
|
||||||
| websocket.redis.affinity | object | `{}` | Redis affinity for pod assignment |
|
| websocket.redis.affinity | object | `{}` | Redis affinity for pod assignment |
|
||||||
| websocket.redis.annotations | object | `{}` | Redis annotations |
|
| websocket.redis.annotations | object | `{}` | Redis annotations |
|
||||||
| websocket.redis.args | list | `[]` | Redis arguments (overrides default) |
|
| websocket.redis.args | list | `[]` | Redis arguments (overrides default) |
|
||||||
@ -124,7 +189,7 @@ helm upgrade --install open-webui open-webui/open-webui
|
|||||||
| websocket.redis.pods | object | `{"annotations":{}}` | Redis pod |
|
| websocket.redis.pods | object | `{"annotations":{}}` | Redis pod |
|
||||||
| websocket.redis.pods.annotations | object | `{}` | Redis pod annotations |
|
| websocket.redis.pods.annotations | object | `{}` | Redis pod annotations |
|
||||||
| websocket.redis.resources | object | `{}` | Redis resources |
|
| websocket.redis.resources | object | `{}` | Redis resources |
|
||||||
| websocket.redis.securityContext | object | `{}` | Redis security context ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-containe> |
|
| websocket.redis.securityContext | object | `{}` | Redis security context |
|
||||||
| websocket.redis.service | object | `{"annotations":{},"containerPort":6379,"labels":{},"nodePort":"","port":6379,"type":"ClusterIP"}` | Redis service |
|
| websocket.redis.service | object | `{"annotations":{},"containerPort":6379,"labels":{},"nodePort":"","port":6379,"type":"ClusterIP"}` | Redis service |
|
||||||
| websocket.redis.service.annotations | object | `{}` | Redis service annotations |
|
| websocket.redis.service.annotations | object | `{}` | Redis service annotations |
|
||||||
| websocket.redis.service.containerPort | int | `6379` | Redis container/target port |
|
| websocket.redis.service.containerPort | int | `6379` | Redis container/target port |
|
||||||
|
@ -161,6 +161,76 @@ spec:
|
|||||||
- name: "WEBSOCKET_REDIS_URL"
|
- name: "WEBSOCKET_REDIS_URL"
|
||||||
value: {{ .Values.websocket.url | quote }}
|
value: {{ .Values.websocket.url | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.sso.enabled }}
|
||||||
|
{{- if .Values.sso.enableSignup }}
|
||||||
|
- name: "ENABLE_OAUTH_SIGNUP"
|
||||||
|
value: "True"
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.sso.mergeAccountsByEmail }}
|
||||||
|
- name: "OAUTH_MERGE_ACCOUNTS_BY_EMAIL"
|
||||||
|
value: "True"
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.sso.google.enabled }}
|
||||||
|
- name: "GOOGLE_CLIENT_ID"
|
||||||
|
value: {{ .Values.sso.google.clientId | quote }}
|
||||||
|
- name: "GOOGLE_CLIENT_SECRET"
|
||||||
|
value: {{ .Values.sso.google.clientSecret | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.sso.microsoft.enabled }}
|
||||||
|
- name: "MICROSOFT_CLIENT_ID"
|
||||||
|
value: {{ .Values.sso.microsoft.clientId | quote }}
|
||||||
|
- name: "MICROSOFT_CLIENT_SECRET"
|
||||||
|
value: {{ .Values.sso.microsoft.clientSecret | quote }}
|
||||||
|
- name: "MICROSOFT_CLIENT_TENANT_ID"
|
||||||
|
value: {{ .Values.sso.microsoft.tenantId | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.sso.github.enabled }}
|
||||||
|
- name: "GITHUB_CLIENT_ID"
|
||||||
|
value: {{ .Values.sso.github.clientId | quote }}
|
||||||
|
- name: "GITHUB_CLIENT_SECRET"
|
||||||
|
value: {{ .Values.sso.github.clientSecret | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.sso.oidc.enabled }}
|
||||||
|
- name: "OAUTH_CLIENT_ID"
|
||||||
|
value: {{ .Values.sso.oidc.clientId | quote }}
|
||||||
|
- name: "OAUTH_CLIENT_SECRET"
|
||||||
|
value: {{ .Values.sso.oidc.clientSecret | quote }}
|
||||||
|
- name: "OPENID_PROVIDER_URL"
|
||||||
|
value: {{ .Values.sso.oidc.providerUrl | quote }}
|
||||||
|
- name: "OAUTH_PROVIDER_NAME"
|
||||||
|
value: {{ .Values.sso.oidc.providerName | quote }}
|
||||||
|
- name: "OAUTH_SCOPES"
|
||||||
|
value: {{ .Values.sso.oidc.scopes | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.sso.enableRoleManagement }}
|
||||||
|
- name: "ENABLE_OAUTH_ROLE_MANAGEMENT"
|
||||||
|
value: "True"
|
||||||
|
- name: "OAUTH_ROLES_CLAIM"
|
||||||
|
value: {{ .Values.sso.roleManagement.rolesClaim | quote }}
|
||||||
|
{{- if .Values.sso.roleManagement.allowedRoles }}
|
||||||
|
- name: "OAUTH_ALLOWED_ROLES"
|
||||||
|
value: {{ .Values.sso.roleManagement.allowedRoles | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.sso.roleManagement.adminRoles }}
|
||||||
|
- name: "OAUTH_ADMIN_ROLES"
|
||||||
|
value: {{ .Values.sso.roleManagement.adminRoles | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.sso.enableGroupManagement }}
|
||||||
|
- name: "ENABLE_OAUTH_GROUP_MANAGEMENT"
|
||||||
|
value: "True"
|
||||||
|
- name: "OAUTH_GROUP_CLAIM"
|
||||||
|
value: {{ .Values.sso.groupManagement.groupsClaim | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.sso.trustedHeader.enabled }}
|
||||||
|
- name: "WEBUI_AUTH_TRUSTED_EMAIL_HEADER"
|
||||||
|
value: {{ .Values.sso.trustedHeader.emailHeader | quote }}
|
||||||
|
{{- if .Values.sso.trustedHeader.nameHeader }}
|
||||||
|
- name: "WEBUI_AUTH_TRUSTED_NAME_HEADER"
|
||||||
|
value: {{ .Values.sso.trustedHeader.nameHeader | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
tty: true
|
tty: true
|
||||||
{{- with .Values.nodeSelector }}
|
{{- with .Values.nodeSelector }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
nameOverride: ""
|
nameOverride: ""
|
||||||
namespaceOverride: ""
|
namespaceOverride: ""
|
||||||
|
|
||||||
ollama:
|
ollama:
|
||||||
# -- Automatically install Ollama Helm chart from https://otwld.github.io/ollama-helm/. Use [Helm Values](https://github.com/otwld/ollama-helm/#helm-values) to configure
|
# -- Automatically install Ollama Helm chart from https://otwld.github.io/ollama-helm/. Use [Helm Values](https://github.com/otwld/ollama-helm/#helm-values) to configure
|
||||||
enabled: true
|
enabled: true
|
||||||
@ -177,14 +176,14 @@ copyAppData:
|
|||||||
|
|
||||||
managedCertificate:
|
managedCertificate:
|
||||||
enabled: false
|
enabled: false
|
||||||
name: "mydomain-chat-cert" # You can override this name if needed
|
name: "mydomain-chat-cert" # You can override this name if needed
|
||||||
domains:
|
domains:
|
||||||
- chat.example.com # update to your real domain
|
- chat.example.com # update to your real domain
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
enabled: false
|
enabled: false
|
||||||
class: ""
|
class: ""
|
||||||
# -- Use appropriate annotations for your Ingress controller, e.g., for NGINX:
|
# -- Use appropriate annotations for your Ingress controller, e.g., for NGINX:
|
||||||
annotations: {}
|
annotations: {}
|
||||||
# # Example for GKE Ingress
|
# # Example for GKE Ingress
|
||||||
# kubernetes.io/ingress.class: "gce"
|
# kubernetes.io/ingress.class: "gce"
|
||||||
@ -194,8 +193,8 @@ ingress:
|
|||||||
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
||||||
# nginx.ingress.kubernetes.io/permanent-redirect: "https://chat.example.com"
|
# nginx.ingress.kubernetes.io/permanent-redirect: "https://chat.example.com"
|
||||||
# networking.gke.io/managed-certificates: "mydomain-chat-cert"
|
# networking.gke.io/managed-certificates: "mydomain-chat-cert"
|
||||||
# # nginx.ingress.kubernetes.io/rewrite-target: /
|
# # nginx.ingress.kubernetes.io/rewrite-target: /
|
||||||
host: "chat.example.com" # update to your real domain
|
host: "chat.example.com" # update to your real domain
|
||||||
additionalHosts: []
|
additionalHosts: []
|
||||||
tls: false
|
tls: false
|
||||||
existingSecret: ""
|
existingSecret: ""
|
||||||
@ -245,7 +244,8 @@ enableOpenaiApi: true
|
|||||||
openaiBaseApiUrl: "https://api.openai.com/v1"
|
openaiBaseApiUrl: "https://api.openai.com/v1"
|
||||||
|
|
||||||
# -- OpenAI base API URLs to use. Overwrites the value in openaiBaseApiUrl if set
|
# -- OpenAI base API URLs to use. Overwrites the value in openaiBaseApiUrl if set
|
||||||
openaiBaseApiUrls: []
|
openaiBaseApiUrls:
|
||||||
|
[]
|
||||||
# - "https://api.openai.com/v1"
|
# - "https://api.openai.com/v1"
|
||||||
# - "https://api.company.openai.com/v1"
|
# - "https://api.company.openai.com/v1"
|
||||||
|
|
||||||
@ -304,7 +304,6 @@ podSecurityContext:
|
|||||||
# supplementalGroups: []
|
# supplementalGroups: []
|
||||||
# fsGroup: 1001
|
# fsGroup: 1001
|
||||||
|
|
||||||
|
|
||||||
# -- Configure container security context
|
# -- Configure container security context
|
||||||
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-containe>
|
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-containe>
|
||||||
containerSecurityContext:
|
containerSecurityContext:
|
||||||
@ -321,6 +320,106 @@ containerSecurityContext:
|
|||||||
# seccompProfile:
|
# seccompProfile:
|
||||||
# type: "RuntimeDefault"
|
# type: "RuntimeDefault"
|
||||||
|
|
||||||
|
sso:
|
||||||
|
# -- **Enable SSO authentication globally** must enable to use SSO authentication
|
||||||
|
# @section -- SSO Configuration
|
||||||
|
enabled: false
|
||||||
|
# -- Enable account creation when logging in with OAuth (distinct from regular signup)
|
||||||
|
# @section -- SSO Configuration
|
||||||
|
enableSignup: false
|
||||||
|
# -- Allow logging into accounts that match email from OAuth provider (considered insecure)
|
||||||
|
# @section -- SSO Configuration
|
||||||
|
mergeAccountsByEmail: false
|
||||||
|
# -- Enable OAuth role management through access token roles claim
|
||||||
|
# @section -- SSO Configuration
|
||||||
|
enableRoleManagement: false
|
||||||
|
# -- Enable OAuth group management through access token groups claim
|
||||||
|
# @section -- SSO Configuration
|
||||||
|
enableGroupManagement: false
|
||||||
|
|
||||||
|
google:
|
||||||
|
# -- Enable Google OAuth
|
||||||
|
# @section -- Google OAuth configuration
|
||||||
|
enabled: false
|
||||||
|
# -- Google OAuth client ID
|
||||||
|
# @section -- Google OAuth configuration
|
||||||
|
clientId: ""
|
||||||
|
# -- Google OAuth client secret
|
||||||
|
# @section -- Google OAuth configuration
|
||||||
|
clientSecret: ""
|
||||||
|
|
||||||
|
microsoft:
|
||||||
|
# -- Enable Microsoft OAuth
|
||||||
|
# @section -- Microsoft OAuth configuration
|
||||||
|
enabled: false
|
||||||
|
# -- Microsoft OAuth client ID
|
||||||
|
# @section -- Microsoft OAuth configuration
|
||||||
|
clientId: ""
|
||||||
|
# -- Microsoft OAuth client secret
|
||||||
|
# @section -- Microsoft OAuth configuration
|
||||||
|
clientSecret: ""
|
||||||
|
# -- Microsoft tenant ID - use 9188040d-6c67-4c5b-b112-36a304b66dad for personal accounts
|
||||||
|
# @section -- Microsoft OAuth configuration
|
||||||
|
tenantId: ""
|
||||||
|
|
||||||
|
github:
|
||||||
|
# -- Enable GitHub OAuth
|
||||||
|
# @section -- GitHub OAuth configuration
|
||||||
|
enabled: false
|
||||||
|
# -- GitHub OAuth client ID
|
||||||
|
# @section -- GitHub OAuth configuration
|
||||||
|
clientId: ""
|
||||||
|
# -- GitHub OAuth client secret
|
||||||
|
# @section -- GitHub OAuth configuration
|
||||||
|
clientSecret: ""
|
||||||
|
|
||||||
|
oidc:
|
||||||
|
# -- Enable OIDC authentication
|
||||||
|
# @section -- OIDC configuration
|
||||||
|
enabled: false
|
||||||
|
# -- OIDC client ID
|
||||||
|
# @section -- OIDC configuration
|
||||||
|
clientId: ""
|
||||||
|
# -- OIDC client secret
|
||||||
|
# @section -- OIDC configuration
|
||||||
|
clientSecret: ""
|
||||||
|
# -- OIDC provider well known URL
|
||||||
|
# @section -- OIDC configuration
|
||||||
|
providerUrl: ""
|
||||||
|
# -- Name of the provider to show on the UI
|
||||||
|
# @section -- OIDC configuration
|
||||||
|
providerName: "SSO"
|
||||||
|
# -- Scopes to request (space-separated).
|
||||||
|
# @section -- OIDC configuration
|
||||||
|
scopes: "openid email profile"
|
||||||
|
|
||||||
|
roleManagement:
|
||||||
|
# -- The claim that contains the roles (can be nested, e.g., user.roles)
|
||||||
|
# @section -- Role management configuration
|
||||||
|
rolesClaim: "roles"
|
||||||
|
# -- Comma-separated list of roles allowed to log in (receive open webui role user)
|
||||||
|
# @section -- Role management configuration
|
||||||
|
allowedRoles: ""
|
||||||
|
# -- Comma-separated list of roles allowed to log in as admin (receive open webui role admin)
|
||||||
|
# @section -- Role management configuration
|
||||||
|
adminRoles: ""
|
||||||
|
|
||||||
|
groupManagement:
|
||||||
|
# -- The claim that contains the groups (can be nested, e.g., user.memberOf)
|
||||||
|
# @section -- SSO Configuration
|
||||||
|
groupsClaim: "groups"
|
||||||
|
|
||||||
|
trustedHeader:
|
||||||
|
# -- Enable trusted header authentication
|
||||||
|
# @section -- SSO trusted header authentication
|
||||||
|
enabled: false
|
||||||
|
# -- Header containing the user's email address
|
||||||
|
# @section -- SSO trusted header authentication
|
||||||
|
emailHeader: ""
|
||||||
|
# -- Header containing the user's name (optional, used for new user creation)
|
||||||
|
# @section -- SSO trusted header authentication
|
||||||
|
nameHeader: ""
|
||||||
|
|
||||||
# -- Extra resources to deploy with Open WebUI
|
# -- Extra resources to deploy with Open WebUI
|
||||||
extraResources:
|
extraResources:
|
||||||
[]
|
[]
|
||||||
|
Loading…
Reference in New Issue
Block a user