OpenWebUI/helm-charts
1
0
Fork 0
mirror of https://github.com/open-webui/helm-charts synced 2025-06-26 18:16:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #226 from mjtrangoni/feature-secrets-oauth
Some checks are pending
Release Open WebUI Helm Charts / release (push) Waiting to run
Details
Check Open WebUI Helm Charts (open-webui) / Lint Helm Chart (push) Waiting to run
Details
Check Open WebUI Helm Charts (open-webui) / Test Chart Deployment (push) Blocked by required conditions
Details

Browse Source 
feat(open-webui): Make it possible to define SSO OAuth secrets from Kubernetes Secrets
This commit is contained in:
James W. 2025-05-06 06:20:30 -07:00 committed by GitHub
commit ea67916135
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 85 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
charts/open-webui/Chart.yaml
View File

@ -1,6 +1,6 @@
apiVersion: v2 apiVersion: v2
name: open-webui name: open-webui
version: 6.6.0 version: 6.7.0
appVersion: 0.6.6 appVersion: 0.6.6
home: https://www.openwebui.com/ home: https://www.openwebui.com/
icon: >- icon: >-

18
charts/open-webui/README.md
View File

@ -1,6 +1,6 @@
# open-webui # open-webui
![Version: 6.6.0](https://img.shields.io/badge/Version-6.6.0-informational?style=flat-square) ![AppVersion: 0.6.6](https://img.shields.io/badge/AppVersion-0.6.6-informational?style=flat-square) ![Version: 6.7.0](https://img.shields.io/badge/Version-6.7.0-informational?style=flat-square) ![AppVersion: 0.6.6](https://img.shields.io/badge/AppVersion-0.6.6-informational?style=flat-square)
Open WebUI: A User-Friendly Web Interface for Chat Interactions 👋 Open WebUI: A User-Friendly Web Interface for Chat Interactions 👋
@ -57,24 +57,30 @@ helm upgrade --install open-webui open-webui/open-webui
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| sso.github.clientExistingSecret | string | `""` | GitHub OAuth client secret from existing secret |
| sso.github.clientExistingSecretKey | string | `""` | GitHub OAuth client secret key from existing secret |
| sso.github.clientId | string | `""` | GitHub OAuth client ID | | sso.github.clientId | string | `""` | GitHub OAuth client ID |
| sso.github.clientSecret | string | `""` | GitHub OAuth client secret | | sso.github.clientSecret | string | `""` | GitHub OAuth client secret (ignored if clientExistingSecret is set) |
| sso.github.enabled | bool | `false` | Enable GitHub OAuth | | sso.github.enabled | bool | `false` | Enable GitHub OAuth |
### Google OAuth configuration ### Google OAuth configuration
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| sso.google.clientExistingSecret | string | `""` | Google OAuth client secret from existing secret |
| sso.google.clientExistingSecretKey | string | `""` | Google OAuth client secret key from existing secret |
| sso.google.clientId | string | `""` | Google OAuth client ID | | sso.google.clientId | string | `""` | Google OAuth client ID |
| sso.google.clientSecret | string | `""` | Google OAuth client secret | | sso.google.clientSecret | string | `""` | Google OAuth client secret (ignored if clientExistingSecret is set) |
| sso.google.enabled | bool | `false` | Enable Google OAuth | | sso.google.enabled | bool | `false` | Enable Google OAuth |
### Microsoft OAuth configuration ### Microsoft OAuth configuration
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| sso.microsoft.clientExistingSecret | string | `""` | Microsoft OAuth client secret from existing secret |
| sso.microsoft.clientExistingSecretKey | string | `""` | Microsoft OAuth client secret key from existing secret |
| sso.microsoft.clientId | string | `""` | Microsoft OAuth client ID | | sso.microsoft.clientId | string | `""` | Microsoft OAuth client ID |
| sso.microsoft.clientSecret | string | `""` | Microsoft OAuth client secret | | sso.microsoft.clientSecret | string | `""` | Microsoft OAuth client secret (ignored if clientExistingSecret is set) |
| sso.microsoft.enabled | bool | `false` | Enable Microsoft OAuth | | sso.microsoft.enabled | bool | `false` | Enable Microsoft OAuth |
| sso.microsoft.tenantId | string | `""` | Microsoft tenant ID - use 9188040d-6c67-4c5b-b112-36a304b66dad for personal accounts | | sso.microsoft.tenantId | string | `""` | Microsoft tenant ID - use 9188040d-6c67-4c5b-b112-36a304b66dad for personal accounts |
@ -82,8 +88,10 @@ helm upgrade --install open-webui open-webui/open-webui
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| sso.oidc.clientExistingSecret | string | `""` | OICD client secret from existing secret |
| sso.oidc.clientExistingSecretKey | string | `""` | OIDC client secret key from existing secret |
| sso.oidc.clientId | string | `""` | OIDC client ID | | sso.oidc.clientId | string | `""` | OIDC client ID |
| sso.oidc.clientSecret | string | `""` | OIDC client secret | | sso.oidc.clientSecret | string | `""` | OIDC client secret (ignored if clientExistingSecret is set) |
| sso.oidc.enabled | bool | `false` | Enable OIDC authentication | | sso.oidc.enabled | bool | `false` | Enable OIDC authentication |
| sso.oidc.providerName | string | `"SSO"` | Name of the provider to show on the UI | | sso.oidc.providerName | string | `"SSO"` | Name of the provider to show on the UI |
| sso.oidc.providerUrl | string | `""` | OIDC provider well known URL | | sso.oidc.providerUrl | string | `""` | OIDC provider well known URL |

11
charts/open-webui/templates/_helpers.tpl
View File

@ -169,3 +169,14 @@ Create labels to include on chart all websocket resources
{{ include "base.labels" . }} {{ include "base.labels" . }}
{{ include "websocket.redis.selectorLabels" . }} {{ include "websocket.redis.selectorLabels" . }}
{{- end }} {{- end }}
{{/*
Validate SSO ClientSecret to be set literally or via Secret
*/}}
{{- define "sso.validateClientSecret" -}}
{{- $provider := .provider }}
{{- $values := .values }}
{{- if and (empty (index $values $provider "clientSecret")) (empty (index $values $provider "clientExistingSecret")) }}
{{- fail (printf "You must provide either .Values.sso.%s.clientSecret or .Values.sso.%s.clientExistingSecret" $provider $provider) }}
{{- end }}
{{- end }}

32
charts/open-webui/templates/workload-manager.yaml
View File

@ -209,28 +209,60 @@ spec:
{{- if .Values.sso.google.enabled }} {{- if .Values.sso.google.enabled }}
- name: "GOOGLE_CLIENT_ID" - name: "GOOGLE_CLIENT_ID"
value: {{ .Values.sso.google.clientId | quote }} value: {{ .Values.sso.google.clientId | quote }}
{{- include "sso.validateClientSecret" (dict "provider" "google" "values" .Values.sso) }}
- name: "GOOGLE_CLIENT_SECRET" - name: "GOOGLE_CLIENT_SECRET"
{{- if .Values.sso.google.clientExistingSecret }}
valueFrom:
secretKeyRef:
name: {{ .Values.sso.google.clientExistingSecret | quote }}
key: {{ .Values.sso.google.clientExistingSecretKey | quote }}
{{- else }}
value: {{ .Values.sso.google.clientSecret | quote }} value: {{ .Values.sso.google.clientSecret | quote }}
{{- end }} {{- end }}
{{- end }}
{{- if .Values.sso.microsoft.enabled }} {{- if .Values.sso.microsoft.enabled }}
- name: "MICROSOFT_CLIENT_ID" - name: "MICROSOFT_CLIENT_ID"
value: {{ .Values.sso.microsoft.clientId | quote }} value: {{ .Values.sso.microsoft.clientId | quote }}
{{- include "sso.validateClientSecret" (dict "provider" "microsoft" "values" .Values.sso) }}
- name: "MICROSOFT_CLIENT_SECRET" - name: "MICROSOFT_CLIENT_SECRET"
{{- if .Values.sso.microsoft.clientExistingSecret }}
valueFrom:
secretKeyRef:
name: {{ .Values.sso.microsoft.clientExistingSecret | quote }}
key: {{ .Values.sso.microsoft.clientExistingSecretKey | quote }}
{{- else }}
value: {{ .Values.sso.microsoft.clientSecret | quote }} value: {{ .Values.sso.microsoft.clientSecret | quote }}
{{- end }}
- name: "MICROSOFT_CLIENT_TENANT_ID" - name: "MICROSOFT_CLIENT_TENANT_ID"
value: {{ .Values.sso.microsoft.tenantId | quote }} value: {{ .Values.sso.microsoft.tenantId | quote }}
{{- end }} {{- end }}
{{- if .Values.sso.github.enabled }} {{- if .Values.sso.github.enabled }}
- name: "GITHUB_CLIENT_ID" - name: "GITHUB_CLIENT_ID"
value: {{ .Values.sso.github.clientId | quote }} value: {{ .Values.sso.github.clientId | quote }}
{{- include "sso.validateClientSecret" (dict "provider" "github" "values" .Values.sso) }}
- name: "GITHUB_CLIENT_SECRET" - name: "GITHUB_CLIENT_SECRET"
{{- if .Values.sso.github.clientExistingSecret }}
valueFrom:
secretKeyRef:
name: {{ .Values.sso.github.clientExistingSecret | quote }}
key: {{ .Values.sso.github.clientExistingSecretKey | quote }}
{{- else }}
value: {{ .Values.sso.github.clientSecret | quote }} value: {{ .Values.sso.github.clientSecret | quote }}
{{- end }} {{- end }}
{{- end }}
{{- if .Values.sso.oidc.enabled }} {{- if .Values.sso.oidc.enabled }}
- name: "OAUTH_CLIENT_ID" - name: "OAUTH_CLIENT_ID"
value: {{ .Values.sso.oidc.clientId | quote }} value: {{ .Values.sso.oidc.clientId | quote }}
{{- include "sso.validateClientSecret" (dict "provider" "oidc" "values" .Values.sso) }}
- name: "OAUTH_CLIENT_SECRET" - name: "OAUTH_CLIENT_SECRET"
{{- if .Values.sso.oidc.clientExistingSecret }}
valueFrom:
secretKeyRef:
name: {{ .Values.sso.oidc.clientExistingSecret | quote }}
key: {{ .Values.sso.oidc.clientExistingSecretKey | quote }}
{{- else }}
value: {{ .Values.sso.oidc.clientSecret | quote }} value: {{ .Values.sso.oidc.clientSecret | quote }}
{{- end }}
- name: "OPENID_PROVIDER_URL" - name: "OPENID_PROVIDER_URL"
value: {{ .Values.sso.oidc.providerUrl | quote }} value: {{ .Values.sso.oidc.providerUrl | quote }}
- name: "OAUTH_PROVIDER_NAME" - name: "OAUTH_PROVIDER_NAME"

32
charts/open-webui/values.yaml
View File

@ -415,9 +415,15 @@ sso:
# -- Google OAuth client ID # -- Google OAuth client ID
# @section -- Google OAuth configuration # @section -- Google OAuth configuration
clientId: "" clientId: ""
# -- Google OAuth client secret # -- Google OAuth client secret (ignored if clientExistingSecret is set)
# @section -- Google OAuth configuration # @section -- Google OAuth configuration
clientSecret: "" clientSecret: ""
# -- Google OAuth client secret from existing secret
# @section -- Google OAuth configuration
clientExistingSecret: ""
# -- Google OAuth client secret key from existing secret
# @section -- Google OAuth configuration
clientExistingSecretKey: ""
microsoft: microsoft:
# -- Enable Microsoft OAuth # -- Enable Microsoft OAuth
@ -426,9 +432,15 @@ sso:
# -- Microsoft OAuth client ID # -- Microsoft OAuth client ID
# @section -- Microsoft OAuth configuration # @section -- Microsoft OAuth configuration
clientId: "" clientId: ""
# -- Microsoft OAuth client secret # -- Microsoft OAuth client secret (ignored if clientExistingSecret is set)
# @section -- Microsoft OAuth configuration # @section -- Microsoft OAuth configuration
clientSecret: "" clientSecret: ""
# -- Microsoft OAuth client secret from existing secret
# @section -- Microsoft OAuth configuration
clientExistingSecret: ""
# -- Microsoft OAuth client secret key from existing secret
# @section -- Microsoft OAuth configuration
clientExistingSecretKey: ""
# -- Microsoft tenant ID - use 9188040d-6c67-4c5b-b112-36a304b66dad for personal accounts # -- Microsoft tenant ID - use 9188040d-6c67-4c5b-b112-36a304b66dad for personal accounts
# @section -- Microsoft OAuth configuration # @section -- Microsoft OAuth configuration
tenantId: "" tenantId: ""
@ -440,9 +452,15 @@ sso:
# -- GitHub OAuth client ID # -- GitHub OAuth client ID
# @section -- GitHub OAuth configuration # @section -- GitHub OAuth configuration
clientId: "" clientId: ""
# -- GitHub OAuth client secret # -- GitHub OAuth client secret (ignored if clientExistingSecret is set)
# @section -- GitHub OAuth configuration # @section -- GitHub OAuth configuration
clientSecret: "" clientSecret: ""
# -- GitHub OAuth client secret from existing secret
# @section -- GitHub OAuth configuration
clientExistingSecret: ""
# -- GitHub OAuth client secret key from existing secret
# @section -- GitHub OAuth configuration
clientExistingSecretKey: ""
oidc: oidc:
# -- Enable OIDC authentication # -- Enable OIDC authentication
@ -451,9 +469,15 @@ sso:
# -- OIDC client ID # -- OIDC client ID
# @section -- OIDC configuration # @section -- OIDC configuration
clientId: "" clientId: ""
# -- OIDC client secret # -- OIDC client secret (ignored if clientExistingSecret is set)
# @section -- OIDC configuration # @section -- OIDC configuration
clientSecret: "" clientSecret: ""
# -- OICD client secret from existing secret
# @section -- OIDC configuration
clientExistingSecret: ""
# -- OIDC client secret key from existing secret
# @section -- OIDC configuration
clientExistingSecretKey: ""
# -- OIDC provider well known URL # -- OIDC provider well known URL
# @section -- OIDC configuration # @section -- OIDC configuration
providerUrl: "" providerUrl: ""