diff --git a/charts/open-webui/templates/managed-cert.yaml b/charts/open-webui/templates/managed-cert.yaml new file mode 100644 index 0000000..a4ade9e --- /dev/null +++ b/charts/open-webui/templates/managed-cert.yaml @@ -0,0 +1,11 @@ +{{- if .Values.managedCertificate.enabled }} +apiVersion: networking.gke.io/v1 +kind: ManagedCertificate +metadata: + name: {{ .Values.managedCertificate.name | default "mydomain-cert" }} +spec: + domains: + {{- range .Values.managedCertificate.domains }} + - {{ . | quote }} + {{- end }} +{{- end }} diff --git a/charts/open-webui/values-gke-min.yaml b/charts/open-webui/values-gke-min.yaml new file mode 100644 index 0000000..0462e73 --- /dev/null +++ b/charts/open-webui/values-gke-min.yaml @@ -0,0 +1,290 @@ +nameOverride: "" +namespaceOverride: "" + +ollama: + # -- Automatically install Ollama Helm chart from https://otwld.github.io/ollama-helm/. Use [Helm Values](https://github.com/otwld/ollama-helm/#helm-values) to configure + enabled: false + # -- If enabling embedded Ollama, update fullnameOverride to your desired Ollama name value, or else it will use the default ollama.name value from the Ollama chart + fullnameOverride: "open-webui-ollama" + # -- Example Ollama configuration with nvidia GPU enabled, automatically downloading a model, and deploying a PVC for model persistence + # ollama: + # gpu: + # enabled: true + # type: 'nvidia' + # number: 1 + # models: + # - llama3 + # runtimeClassName: nvidia + # persistentVolume: + # enabled: true + # volumeName: "example-pre-existing-pv-created-by-smb-csi" + +pipelines: + # -- Automatically install Pipelines chart to extend Open WebUI functionality using Pipelines: https://github.com/open-webui/pipelines + enabled: false + # -- This section can be used to pass required environment variables to your pipelines (e.g. Langfuse hostname) + extraEnvVars: [] + +tika: + # -- Automatically install Apache Tika to extend Open WebUI + enabled: false + +# -- A list of Ollama API endpoints. These can be added in lieu of automatically installing the Ollama Helm chart, or in addition to it. +ollamaUrls: [] + +websocket: + # -- Enables websocket support in Open WebUI with env `ENABLE_WEBSOCKET_SUPPORT` + enabled: false + # -- Specifies the websocket manager to use with env `WEBSOCKET_MANAGER`: redis (default) + manager: redis + # -- Specifies the URL of the Redis instance for websocket communication. Template with `redis://[:@]:/` + url: redis://open-webui-redis:6379/0 + # -- Deploys a redis + redis: + # -- Enable redis installation + enabled: true + # -- Redis name + name: open-webui-redis + # -- Redis labels + labels: {} + # -- Redis annotations + annotations: {} + # -- Redis image + image: + repository: redis + tag: 7.4.2-alpine3.21 + pullPolicy: IfNotPresent + # -- Redis command (overrides default) + command: [] + # -- Redis arguments (overrides default) + args: [] + # -- Redis resources + resources: {} + # -- Redis service + service: + # -- Redis container/target port + containerPort: 6379 + # -- Redis service type + type: ClusterIP + # -- Redis service labels + labels: {} + # -- Redis service annotations + annotations: {} + # -- Redis service port + port: 6379 + # -- Redis service node port. Valid only when type is `NodePort` + nodePort: "" + +# -- Deploys a Redis cluster with subchart 'redis' from bitnami +redis-cluster: + # -- Enable Redis installation + enabled: false + # -- Redis cluster name (recommended to be 'open-webui-redis') + # - In this case, redis url will be 'redis://open-webui-redis-master:6379/0' or 'redis://[:@]open-webui-redis-master:6379/0' + fullnameOverride: open-webui-redis + # -- Redis Authentication + auth: + # -- Enable Redis authentication (disabled by default). For your security, we strongly suggest that you switch to 'auth.enabled=true' + enabled: false + # -- Replica configuration for the Redis cluster + replica: + # -- Number of Redis replica instances + replicaCount: 3 + +# -- Value of cluster domain +clusterDomain: cluster.local + +annotations: {} +podAnnotations: {} +podLabels: {} +replicaCount: 1 +# -- Strategy for updating the workload manager: deployment or statefulset +strategy: {} +# -- Open WebUI image tags can be found here: https://github.com/open-webui/open-webui +image: + repository: ghcr.io/open-webui/open-webui + tag: "" + pullPolicy: "IfNotPresent" + +serviceAccount: + enable: true + name: "" + annotations: {} + automountServiceAccountToken: false + +# -- Configure imagePullSecrets to use private registry +# ref: +imagePullSecrets: [] +# imagePullSecrets: +# - name: myRegistryKeySecretName + +# -- Probe for liveness of the Open WebUI container +# ref: +livenessProbe: {} +# livenessProbe: +# httpGet: +# path: /health +# port: http +# failureThreshold: 1 +# periodSeconds: 10 + +# -- Probe for readiness of the Open WebUI container +# ref: +readinessProbe: {} +# readinessProbe: +# httpGet: +# path: /health/db +# port: http +# failureThreshold: 1 +# periodSeconds: 10 + +# -- Probe for startup of the Open WebUI container +# ref: +startupProbe: {} +# startupProbe: +# httpGet: +# path: /health +# port: http +# initialDelaySeconds: 30 +# periodSeconds: 5 +# failureThreshold: 20 + +resources: {} + +copyAppData: + resources: {} + +managedCertificate: + enabled: true + name: "mydomain-chat-cert" # You can override this name if needed + domains: + - chat.example.com # update to your real domain + +ingress: + enabled: true + class: "" + # -- Use appropriate annotations for your Ingress controller, e.g., for NGINX: + annotations: + # Example for GKE Ingress + kubernetes.io/ingress.class: "gce" + kubernetes.io/ingress.global-static-ip-name: "open-webui-external-ip" # you need to create this address in GCP console + # Force HTTP to redirect to HTTPS + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/permanent-redirect: "https://chat.example.com" + networking.gke.io/managed-certificates: "mydomain-chat-cert" + # nginx.ingress.kubernetes.io/rewrite-target: / + host: "chat.example.com" # update to your real domain + additionalHosts: [] + tls: false + existingSecret: "" +persistence: + enabled: true + size: 2Gi + # -- Use existingClaim if you want to re-use an existing Open WebUI PVC instead of creating a new one + existingClaim: "" + # -- Subdirectory of Open WebUI PVC to mount. Useful if root directory is not empty. + subPath: "" + # -- If using multiple replicas, you must update accessModes to ReadWriteMany + accessModes: + - ReadWriteOnce + storageClass: "" + selector: {} + annotations: {} + +# -- Node labels for pod assignment. +nodeSelector: {} + +# -- Tolerations for pod assignment +tolerations: [] + +# -- Affinity for pod assignment +affinity: {} + +# -- Topology Spread Constraints for pod assignment +topologySpreadConstraints: [] + +# -- Service values to expose Open WebUI pods to cluster +service: + type: LoadBalancer # changed from ClusterIP to LoadBalancer for external access on GKE + annotations: {} + port: 80 + containerPort: 8080 + nodePort: "" + labels: {} + loadBalancerClass: "" + +# -- OpenAI base API URL to use. Defaults to the Pipelines service endpoint when Pipelines are enabled, and "https://api.openai.com/v1" if Pipelines are not enabled and this value is blank +openaiBaseApiUrl: "" + +# -- Env vars added to the Open WebUI deployment. Most up-to-date environment variables can be found here: https://docs.openwebui.com/getting-started/env-configuration/ +extraEnvVars: + # -- Default API key value for Pipelines. Should be updated in a production deployment, or be changed to the required API key if not using Pipelines + - name: OPENAI_API_KEY + value: "0p3n-w3bu!" + # valueFrom: + # secretKeyRef: + # name: pipelines-api-key + # key: api-key + # - name: OPENAI_API_KEY + # valueFrom: + # secretKeyRef: + # name: openai-api-key + # key: api-key + # - name: OLLAMA_DEBUG + # value: "1" + +# -- Configure container volume mounts +# ref: +volumeMounts: + initContainer: [] + # - name: "" + # mountPath: "" + container: [] + # - name: "" + # mountPath: "" + +# -- Configure pod volumes +# ref: +volumes: [] +# - name: "" +# configMap: +# name: "" +# - name: "" +# emptyDir: {} + +# -- Configure pod security context +# ref: +podSecurityContext: + {} + # fsGroupChangePolicy: Always + # sysctls: [] + # supplementalGroups: [] + # fsGroup: 1001 + + +# -- Configure container security context +# ref: +containerSecurityContext: + {} + # runAsUser: 1001 + # runAsGroup: 1001 + # runAsNonRoot: true + # privileged: false + # allowPrivilegeEscalation: false + # readOnlyRootFilesystem: false + # capabilities: + # drop: + # - ALL + # seccompProfile: + # type: "RuntimeDefault" + +# -- Extra resources to deploy with Open WebUI +extraResources: + [] + # - apiVersion: v1 + # kind: ConfigMap + # metadata: + # name: example-configmap + # data: + # example-key: example-value diff --git a/charts/open-webui/values.yaml b/charts/open-webui/values.yaml index 77bc2e6..728fdf9 100644 --- a/charts/open-webui/values.yaml +++ b/charts/open-webui/values.yaml @@ -154,13 +154,27 @@ resources: {} copyAppData: resources: {} +managedCertificate: + enabled: false + name: "mydomain-chat-cert" # You can override this name if needed + domains: + - chat.example.com # update to your real domain + ingress: enabled: false class: "" - # -- Use appropriate annotations for your Ingress controller, e.g., for NGINX: - # nginx.ingress.kubernetes.io/rewrite-target: / + # -- Use appropriate annotations for your Ingress controller, e.g., for NGINX: annotations: {} - host: "" + # # Example for GKE Ingress + # kubernetes.io/ingress.class: "gce" + # kubernetes.io/ingress.global-static-ip-name: "open-webui-external-ip" # you need to create this address in GCP console + # # Force HTTP to redirect to HTTPS + # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + # nginx.ingress.kubernetes.io/ssl-redirect: "true" + # nginx.ingress.kubernetes.io/permanent-redirect: "https://chat.example.com" + # networking.gke.io/managed-certificates: "mydomain-chat-cert" + # # nginx.ingress.kubernetes.io/rewrite-target: / + host: "chat.example.com" # update to your real domain additionalHosts: [] tls: false existingSecret: ""