Merge pull request #221 from this-is-tobi/feat/improve-open-webui-whart

Feat/improve open webui chart

.github/workflows/helm-test-open-webui.yml

@@ -20,20 +20,21 @@ jobs:
       - name: Set up Helm
         uses: azure/setup-helm@v4
 
-      - name: Lint open-webui Helm Chart
-        run: |
-          helm lint ./charts/open-webui
-
       - name: Add Dependency Repos
         run: |
           helm repo add ollama https://otwld.github.io/ollama-helm/
           helm repo add open-webui https://helm.openwebui.com/
           helm repo add tika https://apache.jfrog.io/artifactory/tika/
-          helm repo add redis https://charts.bitnami.com/bitnami
+          helm repo add bitnami https://charts.bitnami.com/bitnami
+
       - name: Build open-webui Helm dependencies
         run: |
           helm dependency build ./charts/open-webui
 
+      - name: Lint open-webui Helm Chart
+        run: |
+          helm lint ./charts/open-webui
+
   test-deploy:
     name: Test Chart Deployment
     runs-on: ubuntu-latest
@@ -52,6 +53,17 @@ jobs:
       - name: Set up KinD Cluster
         uses: helm/kind-action@v1
 
+      - name: Add Dependency Repos
+        run: |
+          helm repo add ollama https://otwld.github.io/ollama-helm/
+          helm repo add open-webui https://helm.openwebui.com/
+          helm repo add tika https://apache.jfrog.io/artifactory/tika/
+          helm repo add bitnami https://charts.bitnami.com/bitnami
+
+      - name: Build open-webui Helm dependencies
+        run: |
+          helm dependency build ./charts/open-webui
+
       - name: Template open-webui Helm Chart
         run: |
           helm template open-webui ./charts/open-webui \

.gitignore

@@ -122,4 +122,8 @@ Temporary Items
 # iCloud generated files
 *.icloud
 
+### Helm ###
+# Chart dependencies
+**/charts/*.tgz
+
 # End of https://www.toptal.com/developers/gitignore/api/macos,intellij+all,helm

charts/open-webui/Chart.lock

@@ -11,5 +11,8 @@ dependencies:
 - name: redis
   repository: https://charts.bitnami.com/bitnami
   version: 20.11.5
-digest: sha256:e056d54c822caf7601281777f54d88f32818982d52b7e81fbf811b8e4661265e
-generated: "2025-04-13T21:46:37.771856+09:00"
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 16.6.3
+digest: sha256:6da6a7bae03aba138c247775a786c0f459bdd9360db8980b0a5ffdea0fb88a5d
+generated: "2025-04-13T03:03:27.462575+02:00"

charts/open-webui/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: open-webui
-version: 6.2.0
+version: 6.3.0
 appVersion: 0.6.4
 home: https://www.openwebui.com/
 icon: >-
@@ -43,3 +43,8 @@ dependencies:
     version: '>=20.6.2'
     alias: redis-cluster
     condition: redis-cluster.enabled
+  - name: postgresql
+    repository: https://charts.bitnami.com/bitnami
+    version: '>=15.5.38'
+    alias: postgresql
+    condition: postgresql.enabled

charts/open-webui/README.md

@@ -1,6 +1,6 @@
 # open-webui
 
-![Version: 6.2.0](https://img.shields.io/badge/Version-6.2.0-informational?style=flat-square) ![AppVersion: 0.6.4](https://img.shields.io/badge/AppVersion-0.6.4-informational?style=flat-square)
+![Version: 6.3.0](https://img.shields.io/badge/Version-6.3.0-informational?style=flat-square) ![AppVersion: 0.6.4](https://img.shields.io/badge/AppVersion-0.6.4-informational?style=flat-square)
 
 Open WebUI: A User-Friendly Web Interface for Chat Interactions 👋
 
@@ -34,6 +34,7 @@ helm upgrade --install open-webui open-webui/open-webui
 | Repository | Name | Version |
 |------------|------|---------|
 | https://apache.jfrog.io/artifactory/tika | tika | >=2.9.0 |
+| https://charts.bitnami.com/bitnami | postgresql(postgresql) | >=15.5.38 |
 | https://charts.bitnami.com/bitnami | redis-cluster(redis) | >=20.6.2 |
 | https://helm.openwebui.com | pipelines | >=0.0.1 |
 | https://otwld.github.io/ollama-helm/ | ollama | >=0.24.0 |
@@ -112,6 +113,7 @@ helm upgrade --install open-webui open-webui/open-webui
 | clusterDomain | string | `"cluster.local"` | Value of cluster domain |
 | containerSecurityContext | object | `{}` | Configure container security context ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-containe> |
 | copyAppData.resources | object | `{}` |  |
+| databaseUrl | string | `""` | Configure database URL, needed to work with Postgres (example: `postgresql://<user>:<password>@<service>:<port>/<database>`), leave empty to use the default sqlite database |
 | enableOpenaiApi | bool | `true` | Enables the use of OpenAI APIs |
 | extraEnvVars | list | `[{"name":"OPENAI_API_KEY","value":"0p3n-w3bu!"}]` | Env vars added to the Open WebUI deployment. Most up-to-date environment variables can be found here: https://docs.openwebui.com/getting-started/env-configuration/ |
 | extraEnvVars[0] | object | `{"name":"OPENAI_API_KEY","value":"0p3n-w3bu!"}` | Default API key value for Pipelines. Should be updated in a production deployment, or be changed to the required API key if not using Pipelines |
@@ -142,8 +144,20 @@ helm upgrade --install open-webui open-webui/open-webui
 | openaiBaseApiUrls | list | `[]` | OpenAI base API URLs to use. Overwrites the value in openaiBaseApiUrl if set |
 | persistence.accessModes | list | `["ReadWriteOnce"]` | If using multiple replicas, you must update accessModes to ReadWriteMany |
 | persistence.annotations | object | `{}` |  |
+| persistence.azure.container | string | `""` | Sets the container name for Azure Storage |
+| persistence.azure.endpointUrl | string | `nil` | Sets the endpoint URL for Azure Storage |
+| persistence.azure.key | string | `""` | Set the access key for Azure Storage. Optional - if not provided, credentials will be taken from the environment. User credentials if run locally and Managed Identity if run in Azure services |
 | persistence.enabled | bool | `true` |  |
 | persistence.existingClaim | string | `""` | Use existingClaim if you want to re-use an existing Open WebUI PVC instead of creating a new one |
+| persistence.gcs.appCredentialsJson | string | `""` | Contents of Google Application Credentials JSON file. Optional - if not provided, credentials will be taken from the environment. User credentials if run locally and Google Metadata server if run on a Google Compute Engine. File can be generated for a service account following this guide: https://developers.google.com/workspace/guides/create-credentials#service-account |
+| persistence.gcs.bucket | string | `""` | Sets the bucket name for Google Cloud Storage. Bucket must already exist |
+| persistence.provider | string | `"local"` | Sets the storage provider, availables values are `local`, `s3`, `gcs` or `azure` |
+| persistence.s3.accessKey | string | `""` | Sets the access key ID for S3 storage |
+| persistence.s3.bucket | string | `""` | Sets the bucket name for S3 storage |
+| persistence.s3.endpointUrl | string | `""` | Sets the endpoint url for S3 storage |
+| persistence.s3.keyPrefix | string | `""` | Sets the key prefix for a S3 object |
+| persistence.s3.region | string | `""` | Sets the region name for S3 storage |
+| persistence.s3.secretKey | string | `""` | Sets the secret access key for S3 storage |
 | persistence.selector | object | `{}` |  |
 | persistence.size | string | `"2Gi"` |  |
 | persistence.storageClass | string | `""` |  |
@@ -153,6 +167,7 @@ helm upgrade --install open-webui open-webui/open-webui
 | podAnnotations | object | `{}` |  |
 | podLabels | object | `{}` |  |
 | podSecurityContext | object | `{}` | Configure pod security context ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container> |
+| postgresql | object | `{"architecture":"standalone","auth":{"database":"open-webui","password":"0p3n-w3bu!","postgresPassword":"0p3n-w3bu!","username":"open-webui"},"enabled":false,"fullnameOverride":"open-webui-postgres","primary":{"persistence":{"size":"1Gi"},"resources":{"limits":{"cpu":"500m","memory":"512Mi"},"requests":{"cpu":"250m","memory":"256Mi"}}}}` | Postgresql configuration (see. https://artifacthub.io/packages/helm/bitnami/postgresql) |
 | readinessProbe | object | `{}` | Probe for readiness of the Open WebUI container ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes> |
 | redis-cluster | object | `{"auth":{"enabled":false},"enabled":false,"fullnameOverride":"open-webui-redis","replica":{"replicaCount":3}}` | Deploys a Redis cluster with subchart 'redis' from bitnami |
 | redis-cluster.auth | object | `{"enabled":false}` | Redis Authentication |

charts/open-webui/templates/pvc.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.provider "local") }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:

charts/open-webui/templates/workload-manager.yaml

@@ -1,5 +1,5 @@
 apiVersion: apps/v1
-{{- if .Values.persistence.enabled }}
+{{- if and .Values.persistence.enabled (eq .Values.persistence.provider "local") }}
 kind: StatefulSet
 {{- else }}
 kind: Deployment
@@ -15,14 +15,14 @@ metadata:
   {{- end }}
 spec:
   replicas: {{ .Values.replicaCount }}
-  {{- if .Values.persistence.enabled }}
+  {{- if and .Values.persistence.enabled (eq .Values.persistence.provider "local") }}
   serviceName: {{ include "open-webui.name" . }}
   {{- end }}
   selector:
     matchLabels:
       {{- include "open-webui.selectorLabels" . | nindent 6 }}
   {{- if .Values.strategy }}
-  {{- if .Values.persistence.enabled }}
+  {{- if and .Values.persistence.enabled (eq .Values.persistence.provider "local") }}
   updateStrategy:
     {{- toYaml .Values.strategy | nindent 4 }}
   {{- else }}
@@ -147,15 +147,44 @@ spec:
         - name: "ENABLE_OPENAI_API"
           value: "False"
         {{- end }}
-        {{- if .Values.extraEnvVars }}
-          {{- toYaml .Values.extraEnvVars | nindent 8 }}
-        {{- end }}
         {{- if .Values.tika.enabled }}
         - name: "CONTENT_EXTRACTION_ENGINE"
           value: "Tika"
         - name: "TIKA_SERVER_URL"
           value: http://{{ .Chart.Name }}-tika:9998
         {{- end }}
+        {{- if eq .Values.persistence.provider "s3" }}
+        - name: "STORAGE_PROVIDER"
+          value: {{ .Values.persistence.provider }}
+        - name: "S3_ACCESS_KEY_ID"
+          value: {{ .Values.persistence.s3.accessKey }}
+        - name: "S3_SECRET_ACCESS_KEY"
+          value: {{ .Values.persistence.s3.secretKey }}
+        - name: "S3_ENDPOINT_URL"
+          value: {{ .Values.persistence.s3.endpointUrl }}
+        - name: "S3_BUCKET_NAME"
+          value: {{ .Values.persistence.s3.bucket }}
+        - name: "S3_REGION_NAME"
+          value: {{ .Values.persistence.s3.region }}
+        - name: "S3_KEY_PREFIX"
+          value: {{ .Values.persistence.s3.keyPrefix }}
+        {{- else if eq .Values.persistence.provider "gcs" }}
+        - name: "STORAGE_PROVIDER"
+          value: {{ .Values.persistence.provider }}
+        - name: "GOOGLE_APPLICATION_CREDENTIALS_JSON"
+          value: {{ .Values.persistence.gcs.appCredentialsJson }}
+        - name: "GCS_BUCKET_NAME"
+          value: {{ .Values.persistence.gcs.bucket }}
+        {{- else if eq .Values.persistence.provider "azure" }}
+        - name: "STORAGE_PROVIDER"
+          value: {{ .Values.persistence.provider }}
+        - name: "AZURE_STORAGE_ENDPOINT"
+          value: {{ .Values.persistence.azure.endpointUrl }}
+        - name: "AZURE_STORAGE_CONTAINER_NAME"
+          value: {{ .Values.persistence.azure.container }}
+        - name: "AZURE_STORAGE_KEY"
+          value: {{ .Values.persistence.azure.key }}
+        {{- end }}
         {{- if .Values.websocket.enabled }}
         - name: "ENABLE_WEBSOCKET_SUPPORT"
           value: "True"
@@ -164,6 +193,10 @@ spec:
         - name: "WEBSOCKET_REDIS_URL"
           value: {{ .Values.websocket.url | quote }}
         {{- end }}
+        {{- if or .Values.postgresql.enabled .Values.databaseUrl }}
+        - name: "DATABASE_URL"
+          value: {{ .Values.databaseUrl | default (printf "postgresql://%s:%s@%s:%s/%s" .Values.postgresql.auth.username .Values.postgresql.auth.password .Values.postgresql.fullnameOverride "5432" .Values.postgresql.auth.database) }}
+        {{- end }}
         {{- if .Values.sso.enabled }}
         {{- if .Values.sso.enableSignup }}
         - name: "ENABLE_OAUTH_SIGNUP"
@@ -234,6 +267,9 @@ spec:
         {{- end }}
         {{- end }}
         {{- end }}
+        {{- if .Values.extraEnvVars }}
+          {{- toYaml .Values.extraEnvVars | nindent 8 }}
+        {{- end }}
         tty: true
       {{- with .Values.nodeSelector }}
       nodeSelector:
@@ -260,7 +296,7 @@ spec:
       - name: data
         persistentVolumeClaim:
           claimName: {{ .Values.persistence.existingClaim }}
-      {{- else if not .Values.persistence.enabled }}
+      {{- else if or (not .Values.persistence.enabled) (not (eq .Values.persistence.provider "local")) }}
       - name: data
         emptyDir: {}
       {{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}

charts/open-webui/values.yaml

@@ -211,6 +211,33 @@ persistence:
   storageClass: ""
   selector: {}
   annotations: {}
+  # -- Sets the storage provider, availables values are `local`, `s3`, `gcs` or `azure`
+  provider: local
+  s3:
+    # -- Sets the access key ID for S3 storage
+    accessKey: ""
+    # -- Sets the secret access key for S3 storage
+    secretKey: ""
+    # -- Sets the endpoint url for S3 storage
+    endpointUrl: ""
+    # -- Sets the region name for S3 storage
+    region:	""
+    # -- Sets the bucket name for S3 storage
+    bucket:	""
+    # -- Sets the key prefix for a S3 object
+    keyPrefix: ""
+  gcs:
+    # -- Contents of Google Application Credentials JSON file. Optional - if not provided, credentials will be taken from the environment. User credentials if run locally and Google Metadata server if run on a Google Compute Engine. File can be generated for a service account following this guide: https://developers.google.com/workspace/guides/create-credentials#service-account
+    appCredentialsJson: ""
+    # -- Sets the bucket name for Google Cloud Storage. Bucket must already exist
+    bucket: ""
+  azure:
+    # -- Sets the endpoint URL for Azure Storage
+    endpointUrl:
+    # -- Sets the container name for Azure Storage
+    container: ""
+    # -- Set the access key for Azure Storage. Optional - if not provided, credentials will be taken from the environment. User credentials if run locally and Managed Identity if run in Azure services
+    key: ""
 
 # -- Node labels for pod assignment.
 nodeSelector: {}
@@ -433,3 +460,27 @@ extraResources:
   #     name: example-configmap
   #   data:
   #     example-key: example-value
+
+# -- Configure database URL, needed to work with Postgres (example: `postgresql://<user>:<password>@<service>:<port>/<database>`), leave empty to use the default sqlite database
+databaseUrl: ""
+
+# -- Postgresql configuration (see. https://artifacthub.io/packages/helm/bitnami/postgresql)
+postgresql:
+  enabled: false
+  fullnameOverride: open-webui-postgres
+  architecture: standalone
+  auth:
+    database: open-webui
+    postgresPassword: 0p3n-w3bu!
+    username: open-webui
+    password: 0p3n-w3bu!
+  primary:
+    persistence:
+      size: 1Gi
+    resources:
+      requests:
+        memory: 256Mi
+        cpu: 250m
+      limits:
+        memory: 512Mi
+        cpu: 500m