From 86e42681ca82195c248486d0e667c03f25fcdc26 Mon Sep 17 00:00:00 2001 From: Mario Trangoni Date: Tue, 6 May 2025 09:05:00 +0200 Subject: [PATCH] feat(open-webui): Make it possible to configure Google Cloud Storage Application Credentials JSON file via k8s secrets Signed-off-by: Mario Trangoni --- charts/open-webui/README.md | 11 +++++++++-- charts/open-webui/templates/workload-manager.yaml | 7 +++++++ charts/open-webui/values.yaml | 10 +++++++++- 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/charts/open-webui/README.md b/charts/open-webui/README.md index fd1a002..ef87fd7 100644 --- a/charts/open-webui/README.md +++ b/charts/open-webui/README.md @@ -51,6 +51,15 @@ helm upgrade --install open-webui open-webui/open-webui | persistence.azure.keyExistingSecret | string | `""` | Set the access key for Azure Storage from existing secret | | persistence.azure.keyExistingSecretKey | string | `""` | Set the access key for Azure Storage from existing secret key | +### Google Cloud Storage configuration + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| persistence.gcs.appCredentialsJson | string | `""` | Contents of Google Application Credentials JSON file (ignored if appCredentialsJsonExistingSecret is set). Optional - if not provided, credentials will be taken from the environment. User credentials if run locally and Google Metadata server if run on a Google Compute Engine. File can be generated for a service account following this guide: https://developers.google.com/workspace/guides/create-credentials#service-account | +| persistence.gcs.appCredentialsJsonExistingSecret | string | `""` | Set the Google Application Credentials JSON file for Google Cloud Storage from existing secret | +| persistence.gcs.appCredentialsJsonExistingSecretKey | string | `""` | Set the Google Application Credentials JSON file for Google Cloud Storage from existing secret key | +| persistence.gcs.bucket | string | `""` | Sets the bucket name for Google Cloud Storage. Bucket must already exist | + ### SSO Configuration | Key | Type | Default | Description | @@ -165,8 +174,6 @@ helm upgrade --install open-webui open-webui/open-webui | persistence.annotations | object | `{}` | | | persistence.enabled | bool | `true` | | | persistence.existingClaim | string | `""` | Use existingClaim if you want to re-use an existing Open WebUI PVC instead of creating a new one | -| persistence.gcs.appCredentialsJson | string | `""` | Contents of Google Application Credentials JSON file. Optional - if not provided, credentials will be taken from the environment. User credentials if run locally and Google Metadata server if run on a Google Compute Engine. File can be generated for a service account following this guide: https://developers.google.com/workspace/guides/create-credentials#service-account | -| persistence.gcs.bucket | string | `""` | Sets the bucket name for Google Cloud Storage. Bucket must already exist | | persistence.provider | string | `"local"` | Sets the storage provider, availables values are `local`, `s3`, `gcs` or `azure` | | persistence.s3.accessKey | string | `""` | Sets the access key ID for S3 storage | | persistence.s3.bucket | string | `""` | Sets the bucket name for S3 storage | diff --git a/charts/open-webui/templates/workload-manager.yaml b/charts/open-webui/templates/workload-manager.yaml index 44a3f7a..5890b64 100644 --- a/charts/open-webui/templates/workload-manager.yaml +++ b/charts/open-webui/templates/workload-manager.yaml @@ -172,7 +172,14 @@ spec: - name: "STORAGE_PROVIDER" value: {{ .Values.persistence.provider }} - name: "GOOGLE_APPLICATION_CREDENTIALS_JSON" + {{- if .Values.persistence.gcs.appCredentialsJsonExistingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.persistence.gcs.appCredentialsJsonExistingSecret }} + key: {{ .Values.persistence.gcs.appCredentialsJsonExistingSecretKey }} + {{- else }} value: {{ .Values.persistence.gcs.appCredentialsJson }} + {{- end }} - name: "GCS_BUCKET_NAME" value: {{ .Values.persistence.gcs.bucket }} {{- else if eq .Values.persistence.provider "azure" }} diff --git a/charts/open-webui/values.yaml b/charts/open-webui/values.yaml index 349456c..06be107 100644 --- a/charts/open-webui/values.yaml +++ b/charts/open-webui/values.yaml @@ -227,9 +227,17 @@ persistence: # -- Sets the key prefix for a S3 object keyPrefix: "" gcs: - # -- Contents of Google Application Credentials JSON file. Optional - if not provided, credentials will be taken from the environment. User credentials if run locally and Google Metadata server if run on a Google Compute Engine. File can be generated for a service account following this guide: https://developers.google.com/workspace/guides/create-credentials#service-account + # -- Contents of Google Application Credentials JSON file (ignored if appCredentialsJsonExistingSecret is set). Optional - if not provided, credentials will be taken from the environment. User credentials if run locally and Google Metadata server if run on a Google Compute Engine. File can be generated for a service account following this guide: https://developers.google.com/workspace/guides/create-credentials#service-account + # @section -- Google Cloud Storage configuration appCredentialsJson: "" + # -- Set the Google Application Credentials JSON file for Google Cloud Storage from existing secret + # @section -- Google Cloud Storage configuration + appCredentialsJsonExistingSecret: "" + # -- Set the Google Application Credentials JSON file for Google Cloud Storage from existing secret key + # @section -- Google Cloud Storage configuration + appCredentialsJsonExistingSecretKey: "" # -- Sets the bucket name for Google Cloud Storage. Bucket must already exist + # @section -- Google Cloud Storage configuration bucket: "" azure: # -- Sets the endpoint URL for Azure Storage