OpenWebUI/helm-charts
1
0
Fork 0
mirror of https://github.com/open-webui/helm-charts synced 2025-06-26 18:16:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #51 from chgl/make-security-context-configurable

Browse Source 
feat: configure pod and container security context settings
This commit is contained in:
0xThresh 2024-07-20 17:39:03 -06:00 committed by GitHub
commit dd918f0216
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 39 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
charts/open-webui/Chart.yaml
View File

@ -1,6 +1,6 @@
apiVersion: v2 apiVersion: v2
name: open-webui name: open-webui
version: 3.0.9 version: 3.0.10
appVersion: "v0.3.8" appVersion: "v0.3.8"
home: https://www.openwebui.com/ home: https://www.openwebui.com/

4
charts/open-webui/README.md
View File

@ -1,6 +1,6 @@
# open-webui # open-webui
![Version: 3.0.9](https://img.shields.io/badge/Version-3.0.9-informational?style=flat-square) ![AppVersion: v0.3.8](https://img.shields.io/badge/AppVersion-v0.3.8-informational?style=flat-square) ![Version: 3.0.10](https://img.shields.io/badge/Version-3.0.10-informational?style=flat-square) ![AppVersion: v0.3.8](https://img.shields.io/badge/AppVersion-v0.3.8-informational?style=flat-square)
Open WebUI: A User-Friendly Web Interface for Chat Interactions 👋 Open WebUI: A User-Friendly Web Interface for Chat Interactions 👋
@ -42,6 +42,7 @@ helm upgrade --install open-webui open-webui/open-webui
| affinity | object | `{}` | Affinity for pod assignment | | affinity | object | `{}` | Affinity for pod assignment |
| annotations | object | `{}` | | | annotations | object | `{}` | |
| clusterDomain | string | `"cluster.local"` | Value of cluster domain | | clusterDomain | string | `"cluster.local"` | Value of cluster domain |
| containerSecurityContext | object | `{}` | Configure container security context ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-containe> |
| extraEnvVars | list | `[{"name":"OPENAI_API_KEY","value":"0p3n-w3bu!"}]` | Additional environments variables on the output Deployment definition. Most up-to-date environment variables can be found here: https://docs.openwebui.com/getting-started/env-configuration/ | | extraEnvVars | list | `[{"name":"OPENAI_API_KEY","value":"0p3n-w3bu!"}]` | Additional environments variables on the output Deployment definition. Most up-to-date environment variables can be found here: https://docs.openwebui.com/getting-started/env-configuration/ |
| extraEnvVars[0] | object | `{"name":"OPENAI_API_KEY","value":"0p3n-w3bu!"}` | Default API key value for Pipelines. Should be updated in a production deployment, or be changed to the required API key if not using Pipelines | | extraEnvVars[0] | object | `{"name":"OPENAI_API_KEY","value":"0p3n-w3bu!"}` | Default API key value for Pipelines. Should be updated in a production deployment, or be changed to the required API key if not using Pipelines |
| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/open-webui/open-webui","tag":"latest"}` | Open WebUI image tags can be found here: https://github.com/open-webui/open-webui/pkgs/container/open-webui | | image | object | `{"pullPolicy":"Always","repository":"ghcr.io/open-webui/open-webui","tag":"latest"}` | Open WebUI image tags can be found here: https://github.com/open-webui/open-webui/pkgs/container/open-webui |
@ -67,6 +68,7 @@ helm upgrade --install open-webui open-webui/open-webui
| pipelines.enabled | bool | `true` | Automatically install Pipelines chart to extend Open WebUI functionality using Pipelines: https://github.com/open-webui/pipelines | | pipelines.enabled | bool | `true` | Automatically install Pipelines chart to extend Open WebUI functionality using Pipelines: https://github.com/open-webui/pipelines |
| pipelines.extraEnvVars | list | `[]` | This section can be used to pass required environment variables to your pipelines (e.g. Langfuse hostname) | | pipelines.extraEnvVars | list | `[]` | This section can be used to pass required environment variables to your pipelines (e.g. Langfuse hostname) |
| podAnnotations | object | `{}` | | | podAnnotations | object | `{}` | |
| podSecurityContext | object | `{}` | Configure pod security context ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-containe> |
| replicaCount | int | `1` | | | replicaCount | int | `1` | |
| resources | object | `{}` | | | resources | object | `{}` | |
| service | object | `{"annotations":{},"containerPort":8080,"labels":{},"loadBalancerClass":"","nodePort":"","port":80,"type":"ClusterIP"}` | Service values to expose Open WebUI pods to cluster | | service | object | `{"annotations":{},"containerPort":8080,"labels":{},"loadBalancerClass":"","nodePort":"","port":80,"type":"ClusterIP"}` | Service values to expose Open WebUI pods to cluster |

10
charts/open-webui/templates/workload-manager.yaml
View File

@ -31,6 +31,10 @@ spec:
spec: spec:
enableServiceLinks: false enableServiceLinks: false
automountServiceAccountToken: false automountServiceAccountToken: false
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers: containers:
- name: {{ .Chart.Name }} - name: {{ .Chart.Name }}
{{- with .Values.image }} {{- with .Values.image }}
@ -43,6 +47,10 @@ spec:
{{- with .Values.resources }} {{- with .Values.resources }}
resources: {{- toYaml . | nindent 10 }} resources: {{- toYaml . | nindent 10 }}
{{- end }} {{- end }}
{{- with .Values.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
volumeMounts: volumeMounts:
- name: data - name: data
mountPath: /app/backend/data mountPath: /app/backend/data
@ -87,4 +95,4 @@ spec:
- name: data - name: data
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ include "open-webui.name" . }} claimName: {{ include "open-webui.name" . }}
{{- end }} {{- end }}

27
charts/open-webui/values.yaml
View File

@ -19,7 +19,7 @@ ollama:
pipelines: pipelines:
# -- Automatically install Pipelines chart to extend Open WebUI functionality using Pipelines: https://github.com/open-webui/pipelines # -- Automatically install Pipelines chart to extend Open WebUI functionality using Pipelines: https://github.com/open-webui/pipelines
enabled: true enabled: true
# -- This section can be used to pass required environment variables to your pipelines (e.g. Langfuse hostname) # -- This section can be used to pass required environment variables to your pipelines (e.g. Langfuse hostname)
extraEnvVars: [] extraEnvVars: []
@ -97,3 +97,28 @@ extraEnvVars:
# key: api-key # key: api-key
# - name: OLLAMA_DEBUG # - name: OLLAMA_DEBUG
# value: "1" # value: "1"
# -- Configure pod security context
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-containe>
podSecurityContext:
{}
# fsGroupChangePolicy: Always
# sysctls: []
# supplementalGroups: []
# fsGroup: 1001
# -- Configure container security context
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-containe>
containerSecurityContext:
{}
# runAsUser: 1001
# runAsGroup: 1001
# runAsNonRoot: true
# privileged: false
# allowPrivilegeEscalation: false
# readOnlyRootFilesystem: false
# capabilities:
# drop:
# - ALL
# seccompProfile:
# type: "RuntimeDefault"