mirror of
https://github.com/open-webui/helm-charts
synced 2025-06-26 18:16:14 +00:00
feat(open-webui): Make it possible to define SSO OAuth secrets from k8s secrets
Signed-off-by: Mario Trangoni <mjtrangoni@gmail.com>
This commit is contained in:
Mario Trangoni
parent
bfca2d950b
commit
f8ae1e036e
@ -1,6 +1,6 @@
|
||||
apiVersion: v2
|
||||
name: open-webui
|
||||
version: 6.6.0
|
||||
version: 6.7.0
|
||||
appVersion: 0.6.6
|
||||
home: https://www.openwebui.com/
|
||||
icon: >-
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# open-webui
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
Open WebUI: A User-Friendly Web Interface for Chat Interactions 👋
|
||||
|
||||
@ -57,24 +57,30 @@ helm upgrade --install open-webui open-webui/open-webui
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| sso.github.clientExistingSecret | string | `""` | GitHub OAuth client secret from existing secret |
|
||||
| sso.github.clientExistingSecretKey | string | `""` | GitHub OAuth client secret key from existing secret |
|
||||
| sso.github.clientId | string | `""` | GitHub OAuth client ID |
|
||||
| sso.github.clientSecret | string | `""` | GitHub OAuth client secret |
|
||||
| sso.github.clientSecret | string | `""` | GitHub OAuth client secret (ignored if clientExistingSecret is set) |
|
||||
| sso.github.enabled | bool | `false` | Enable GitHub OAuth |
|
||||
|
||||
### Google OAuth configuration
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| sso.google.clientExistingSecret | string | `""` | Google OAuth client secret from existing secret |
|
||||
| sso.google.clientExistingSecretKey | string | `""` | Google OAuth client secret key from existing secret |
|
||||
| sso.google.clientId | string | `""` | Google OAuth client ID |
|
||||
| sso.google.clientSecret | string | `""` | Google OAuth client secret |
|
||||
| sso.google.clientSecret | string | `""` | Google OAuth client secret (ignored if clientExistingSecret is set) |
|
||||
| sso.google.enabled | bool | `false` | Enable Google OAuth |
|
||||
|
||||
### Microsoft OAuth configuration
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| sso.microsoft.clientExistingSecret | string | `""` | Microsoft OAuth client secret from existing secret |
|
||||
| sso.microsoft.clientExistingSecretKey | string | `""` | Microsoft OAuth client secret key from existing secret |
|
||||
| sso.microsoft.clientId | string | `""` | Microsoft OAuth client ID |
|
||||
| sso.microsoft.clientSecret | string | `""` | Microsoft OAuth client secret |
|
||||
| sso.microsoft.clientSecret | string | `""` | Microsoft OAuth client secret (ignored if clientExistingSecret is set) |
|
||||
| sso.microsoft.enabled | bool | `false` | Enable Microsoft OAuth |
|
||||
| sso.microsoft.tenantId | string | `""` | Microsoft tenant ID - use 9188040d-6c67-4c5b-b112-36a304b66dad for personal accounts |
|
||||
|
||||
@ -82,8 +88,10 @@ helm upgrade --install open-webui open-webui/open-webui
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| sso.oidc.clientExistingSecret | string | `""` | OICD client secret from existing secret |
|
||||
| sso.oidc.clientExistingSecretKey | string | `""` | OIDC client secret key from existing secret |
|
||||
| sso.oidc.clientId | string | `""` | OIDC client ID |
|
||||
| sso.oidc.clientSecret | string | `""` | OIDC client secret |
|
||||
| sso.oidc.clientSecret | string | `""` | OIDC client secret (ignored if clientExistingSecret is set) |
|
||||
| sso.oidc.enabled | bool | `false` | Enable OIDC authentication |
|
||||
| sso.oidc.providerName | string | `"SSO"` | Name of the provider to show on the UI |
|
||||
| sso.oidc.providerUrl | string | `""` | OIDC provider well known URL |
|
||||
|
||||
@ -169,3 +169,14 @@ Create labels to include on chart all websocket resources
|
||||
{{ include "base.labels" . }}
|
||||
{{ include "websocket.redis.selectorLabels" . }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Validate SSO ClientSecret to be set literally or via Secret
|
||||
*/}}
|
||||
{{- define "sso.validateClientSecret" -}}
|
||||
{{- $provider := .provider }}
|
||||
{{- $values := .values }}
|
||||
{{- if and (empty (index $values $provider "clientSecret")) (empty (index $values $provider "clientExistingSecret")) }}
|
||||
{{- fail (printf "You must provide either .Values.sso.%s.clientSecret or .Values.sso.%s.clientExistingSecret" $provider $provider) }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@ -209,28 +209,60 @@ spec:
|
||||
{{- if .Values.sso.google.enabled }}
|
||||
- name: "GOOGLE_CLIENT_ID"
|
||||
value: {{ .Values.sso.google.clientId | quote }}
|
||||
{{- include "sso.validateClientSecret" (dict "provider" "google" "values" .Values.sso) }}
|
||||
- name: "GOOGLE_CLIENT_SECRET"
|
||||
{{- if .Values.sso.google.clientExistingSecret }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.sso.google.clientExistingSecret | quote }}
|
||||
key: {{ .Values.sso.google.clientExistingSecretKey | quote }}
|
||||
{{- else }}
|
||||
value: {{ .Values.sso.google.clientSecret | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.sso.microsoft.enabled }}
|
||||
- name: "MICROSOFT_CLIENT_ID"
|
||||
value: {{ .Values.sso.microsoft.clientId | quote }}
|
||||
{{- include "sso.validateClientSecret" (dict "provider" "microsoft" "values" .Values.sso) }}
|
||||
- name: "MICROSOFT_CLIENT_SECRET"
|
||||
{{- if .Values.sso.microsoft.clientExistingSecret }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.sso.microsoft.clientExistingSecret | quote }}
|
||||
key: {{ .Values.sso.microsoft.clientExistingSecretKey | quote }}
|
||||
{{- else }}
|
||||
value: {{ .Values.sso.microsoft.clientSecret | quote }}
|
||||
{{- end }}
|
||||
- name: "MICROSOFT_CLIENT_TENANT_ID"
|
||||
value: {{ .Values.sso.microsoft.tenantId | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.sso.github.enabled }}
|
||||
- name: "GITHUB_CLIENT_ID"
|
||||
value: {{ .Values.sso.github.clientId | quote }}
|
||||
{{- include "sso.validateClientSecret" (dict "provider" "github" "values" .Values.sso) }}
|
||||
- name: "GITHUB_CLIENT_SECRET"
|
||||
{{- if .Values.sso.github.clientExistingSecret }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.sso.github.clientExistingSecret | quote }}
|
||||
key: {{ .Values.sso.github.clientExistingSecretKey | quote }}
|
||||
{{- else }}
|
||||
value: {{ .Values.sso.github.clientSecret | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.sso.oidc.enabled }}
|
||||
- name: "OAUTH_CLIENT_ID"
|
||||
value: {{ .Values.sso.oidc.clientId | quote }}
|
||||
{{- include "sso.validateClientSecret" (dict "provider" "oidc" "values" .Values.sso) }}
|
||||
- name: "OAUTH_CLIENT_SECRET"
|
||||
{{- if .Values.sso.oidc.clientExistingSecret }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.sso.oidc.clientExistingSecret | quote }}
|
||||
key: {{ .Values.sso.oidc.clientExistingSecretKey | quote }}
|
||||
{{- else }}
|
||||
value: {{ .Values.sso.oidc.clientSecret | quote }}
|
||||
{{- end }}
|
||||
- name: "OPENID_PROVIDER_URL"
|
||||
value: {{ .Values.sso.oidc.providerUrl | quote }}
|
||||
- name: "OAUTH_PROVIDER_NAME"
|
||||
|
||||
@ -415,9 +415,15 @@ sso:
|
||||
# -- Google OAuth client ID
|
||||
# @section -- Google OAuth configuration
|
||||
clientId: ""
|
||||
# -- Google OAuth client secret
|
||||
# -- Google OAuth client secret (ignored if clientExistingSecret is set)
|
||||
# @section -- Google OAuth configuration
|
||||
clientSecret: ""
|
||||
# -- Google OAuth client secret from existing secret
|
||||
# @section -- Google OAuth configuration
|
||||
clientExistingSecret: ""
|
||||
# -- Google OAuth client secret key from existing secret
|
||||
# @section -- Google OAuth configuration
|
||||
clientExistingSecretKey: ""
|
||||
|
||||
microsoft:
|
||||
# -- Enable Microsoft OAuth
|
||||
@ -426,9 +432,15 @@ sso:
|
||||
# -- Microsoft OAuth client ID
|
||||
# @section -- Microsoft OAuth configuration
|
||||
clientId: ""
|
||||
# -- Microsoft OAuth client secret
|
||||
# -- Microsoft OAuth client secret (ignored if clientExistingSecret is set)
|
||||
# @section -- Microsoft OAuth configuration
|
||||
clientSecret: ""
|
||||
# -- Microsoft OAuth client secret from existing secret
|
||||
# @section -- Microsoft OAuth configuration
|
||||
clientExistingSecret: ""
|
||||
# -- Microsoft OAuth client secret key from existing secret
|
||||
# @section -- Microsoft OAuth configuration
|
||||
clientExistingSecretKey: ""
|
||||
# -- Microsoft tenant ID - use 9188040d-6c67-4c5b-b112-36a304b66dad for personal accounts
|
||||
# @section -- Microsoft OAuth configuration
|
||||
tenantId: ""
|
||||
@ -440,9 +452,15 @@ sso:
|
||||
# -- GitHub OAuth client ID
|
||||
# @section -- GitHub OAuth configuration
|
||||
clientId: ""
|
||||
# -- GitHub OAuth client secret
|
||||
# -- GitHub OAuth client secret (ignored if clientExistingSecret is set)
|
||||
# @section -- GitHub OAuth configuration
|
||||
clientSecret: ""
|
||||
# -- GitHub OAuth client secret from existing secret
|
||||
# @section -- GitHub OAuth configuration
|
||||
clientExistingSecret: ""
|
||||
# -- GitHub OAuth client secret key from existing secret
|
||||
# @section -- GitHub OAuth configuration
|
||||
clientExistingSecretKey: ""
|
||||
|
||||
oidc:
|
||||
# -- Enable OIDC authentication
|
||||
@ -451,9 +469,15 @@ sso:
|
||||
# -- OIDC client ID
|
||||
# @section -- OIDC configuration
|
||||
clientId: ""
|
||||
# -- OIDC client secret
|
||||
# -- OIDC client secret (ignored if clientExistingSecret is set)
|
||||
# @section -- OIDC configuration
|
||||
clientSecret: ""
|
||||
# -- OICD client secret from existing secret
|
||||
# @section -- OIDC configuration
|
||||
clientExistingSecret: ""
|
||||
# -- OIDC client secret key from existing secret
|
||||
# @section -- OIDC configuration
|
||||
clientExistingSecretKey: ""
|
||||
# -- OIDC provider well known URL
|
||||
# @section -- OIDC configuration
|
||||
providerUrl: ""
|
||||
|
||||
Loading…
Reference in New Issue
Block a user