nameOverride: "" namespaceOverride: "" ollama: # -- Automatically install Ollama Helm chart from https://otwld.github.io/ollama-helm/. Use [Helm Values](https://github.com/otwld/ollama-helm/#helm-values) to configure enabled: true # -- If enabling embedded Ollama, update fullnameOverride to your desired Ollama name value, or else it will use the default ollama.name value from the Ollama chart fullnameOverride: "open-webui-ollama" # -- Example Ollama configuration with nvidia GPU enabled, automatically downloading a model, and deploying a PVC for model persistence # ollama: # gpu: # enabled: true # type: 'nvidia' # number: 1 # models: # pull: # - llama3 # run: # - llama3 # runtimeClassName: nvidia # persistentVolume: # enabled: true # volumeName: "example-pre-existing-pv-created-by-smb-csi" pipelines: # -- Automatically install Pipelines chart to extend Open WebUI functionality using Pipelines: https://github.com/open-webui/pipelines enabled: true # -- This section can be used to pass required environment variables to your pipelines (e.g. Langfuse hostname) extraEnvVars: [] tika: # -- Automatically install Apache Tika to extend Open WebUI enabled: false # -- A list of Ollama API endpoints. These can be added in lieu of automatically installing the Ollama Helm chart, or in addition to it. ollamaUrls: [] # -- Disables taking Ollama Urls from `ollamaUrls` list ollamaUrlsFromExtraEnv: false websocket: # -- Enables websocket support in Open WebUI with env `ENABLE_WEBSOCKET_SUPPORT` enabled: false # -- Specifies the websocket manager to use with env `WEBSOCKET_MANAGER`: redis (default) manager: redis # -- Specifies the URL of the Redis instance for websocket communication. Template with `redis://[:@]:/` url: redis://open-webui-redis:6379/0 # -- Node selector for websocket pods nodeSelector: {} # -- Deploys a redis redis: # -- Enable redis installation enabled: true # -- Redis name name: open-webui-redis # -- Redis labels labels: {} # -- Redis annotations annotations: {} # -- Redis pod pods: # -- Redis pod labels labels: {} # -- Redis pod annotations annotations: {} # -- Redis image image: repository: redis tag: 7.4.2-alpine3.21 pullPolicy: IfNotPresent # -- Redis command (overrides default) command: [] # -- Redis arguments (overrides default) args: [] # -- Redis resources resources: {} # -- Redis service service: # -- Redis container/target port containerPort: 6379 # -- Redis service type type: ClusterIP # -- Redis service labels labels: {} # -- Redis service annotations annotations: {} # -- Redis service port port: 6379 # -- Redis service node port. Valid only when type is `NodePort` nodePort: "" # -- Redis tolerations for pod assignment tolerations: [] # -- Redis affinity for pod assignment affinity: {} # -- Redis security context securityContext: {} # runAsUser: 999 # runAsGroup: 1000 # -- Deploys a Redis cluster with subchart 'redis' from bitnami redis-cluster: # -- Enable Redis installation enabled: false # -- Redis cluster name (recommended to be 'open-webui-redis') # - In this case, redis url will be 'redis://open-webui-redis-master:6379/0' or 'redis://[:@]open-webui-redis-master:6379/0' fullnameOverride: open-webui-redis # -- Redis Authentication auth: # -- Enable Redis authentication (disabled by default). For your security, we strongly suggest that you switch to 'auth.enabled=true' enabled: false # -- Replica configuration for the Redis cluster replica: # -- Number of Redis replica instances replicaCount: 3 # -- Value of cluster domain clusterDomain: cluster.local annotations: {} podAnnotations: {} podLabels: {} replicaCount: 1 # -- Strategy for updating the workload manager: deployment or statefulset strategy: {} # -- Open WebUI image tags can be found here: https://github.com/open-webui/open-webui image: repository: ghcr.io/open-webui/open-webui tag: "" pullPolicy: "IfNotPresent" serviceAccount: enable: true name: "" annotations: {} automountServiceAccountToken: false # -- Configure imagePullSecrets to use private registry # ref: imagePullSecrets: [] # imagePullSecrets: # - name: myRegistryKeySecretName # -- Probe for liveness of the Open WebUI container # ref: livenessProbe: {} # livenessProbe: # httpGet: # path: /health # port: http # failureThreshold: 1 # periodSeconds: 10 # -- Probe for readiness of the Open WebUI container # ref: readinessProbe: {} # readinessProbe: # httpGet: # path: /health/db # port: http # failureThreshold: 1 # periodSeconds: 10 # -- Probe for startup of the Open WebUI container # ref: startupProbe: {} # startupProbe: # httpGet: # path: /health # port: http # initialDelaySeconds: 30 # periodSeconds: 5 # failureThreshold: 20 resources: {} copyAppData: resources: {} managedCertificate: enabled: false name: "mydomain-chat-cert" # You can override this name if needed domains: - chat.example.com # update to your real domain ingress: enabled: false class: "" # -- Use appropriate annotations for your Ingress controller, e.g., for NGINX: annotations: {} # # Example for GKE Ingress # kubernetes.io/ingress.class: "gce" # kubernetes.io/ingress.global-static-ip-name: "open-webui-external-ip" # you need to create this address in GCP console # # Force HTTP to redirect to HTTPS # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" # nginx.ingress.kubernetes.io/ssl-redirect: "true" # nginx.ingress.kubernetes.io/permanent-redirect: "https://chat.example.com" # networking.gke.io/managed-certificates: "mydomain-chat-cert" # # nginx.ingress.kubernetes.io/rewrite-target: / host: "chat.example.com" # update to your real domain additionalHosts: [] tls: false existingSecret: "" # -- Additional custom labels to add to the Ingress metadata # Useful for tagging, selecting, or applying policies to the Ingress via labels. extraLabels: {} # extraLabels: # app.kubernetes.io/environment: "staging" persistence: enabled: true size: 2Gi # -- Use existingClaim if you want to re-use an existing Open WebUI PVC instead of creating a new one existingClaim: "" # -- Subdirectory of Open WebUI PVC to mount. Useful if root directory is not empty. subPath: "" # -- If using multiple replicas, you must update accessModes to ReadWriteMany accessModes: - ReadWriteOnce storageClass: "" selector: {} annotations: {} # -- Sets the storage provider, availables values are `local`, `s3`, `gcs` or `azure` provider: local s3: # -- Sets the access key ID for S3 storage # @section -- Amazon S3 Storage configuration accessKey: "" # -- Sets the secret access key for S3 storage (ignored if secretKeyExistingSecret is set) # @section -- Amazon S3 Storage configuration secretKey: "" # -- Set the secret access key for S3 storage from existing k8s secret # @section -- Amazon S3 Storage configuration secretKeyExistingSecret: "" # -- Set the secret access key for S3 storage from existing k8s secret key # @section -- Amazon S3 Storage configuration secretKeyExistingSecretKey: "" # -- Sets the endpoint url for S3 storage # @section -- Amazon S3 Storage configuration endpointUrl: "" # -- Sets the region name for S3 storage # @section -- Amazon S3 Storage configuration region: "" # -- Sets the bucket name for S3 storage # @section -- Amazon S3 Storage configuration bucket: "" # -- Sets the key prefix for a S3 object # @section -- Amazon S3 Storage configuration keyPrefix: "" gcs: # -- Contents of Google Application Credentials JSON file (ignored if appCredentialsJsonExistingSecret is set). Optional - if not provided, credentials will be taken from the environment. User credentials if run locally and Google Metadata server if run on a Google Compute Engine. File can be generated for a service account following this guide: https://developers.google.com/workspace/guides/create-credentials#service-account # @section -- Google Cloud Storage configuration appCredentialsJson: "" # -- Set the Google Application Credentials JSON file for Google Cloud Storage from existing secret # @section -- Google Cloud Storage configuration appCredentialsJsonExistingSecret: "" # -- Set the Google Application Credentials JSON file for Google Cloud Storage from existing secret key # @section -- Google Cloud Storage configuration appCredentialsJsonExistingSecretKey: "" # -- Sets the bucket name for Google Cloud Storage. Bucket must already exist # @section -- Google Cloud Storage configuration bucket: "" azure: # -- Sets the endpoint URL for Azure Storage # @section -- Azure Storage configuration endpointUrl: "" # -- Sets the container name for Azure Storage # @section -- Azure Storage configuration container: "" # -- Set the access key for Azure Storage (ignored if keyExistingSecret is set). Optional - if not provided, credentials will be taken from the environment. User credentials if run locally and Managed Identity if run in Azure services # @section -- Azure Storage configuration key: "" # -- Set the access key for Azure Storage from existing secret # @section -- Azure Storage configuration keyExistingSecret: "" # -- Set the access key for Azure Storage from existing secret key # @section -- Azure Storage configuration keyExistingSecretKey: "" # -- Node labels for pod assignment. nodeSelector: {} # -- Tolerations for pod assignment tolerations: [] # -- Affinity for pod assignment affinity: {} # -- Topology Spread Constraints for pod assignment topologySpreadConstraints: [] # -- HostAliases to be added to hosts-file of each container hostAliases: [] # -- Service values to expose Open WebUI pods to cluster service: type: ClusterIP annotations: {} port: 80 containerPort: 8080 nodePort: "" labels: {} loadBalancerClass: "" # -- Enables the use of OpenAI APIs enableOpenaiApi: true # -- OpenAI base API URL to use. Defaults to the Pipelines service endpoint when Pipelines are enabled, and "https://api.openai.com/v1" if Pipelines are not enabled and this value is blank openaiBaseApiUrl: "https://api.openai.com/v1" # -- OpenAI base API URLs to use. Overwrites the value in openaiBaseApiUrl if set openaiBaseApiUrls: [] # - "https://api.openai.com/v1" # - "https://api.company.openai.com/v1" # -- Env vars added to the Open WebUI deployment. Most up-to-date environment variables can be found here: https://docs.openwebui.com/getting-started/env-configuration/ extraEnvVars: # -- Default API key value for Pipelines. Should be updated in a production deployment, or be changed to the required API key if not using Pipelines - name: OPENAI_API_KEY value: "0p3n-w3bu!" # valueFrom: # secretKeyRef: # name: pipelines-api-key # key: api-key # - name: OPENAI_API_KEY # valueFrom: # secretKeyRef: # name: openai-api-key # key: api-key # - name: OLLAMA_DEBUG # value: "1" # -- Env vars added to the Open WebUI deployment, common across environments. Most up-to-date environment variables can be found here: https://docs.openwebui.com/getting-started/env-configuration/ (caution: environment variables defined in both `extraEnvVars` and `commonEnvVars` will result in a conflict. Avoid duplicates) commonEnvVars: [] # - name: RAG_EMBEDDING_ENGINE # value: "openai" # -- Env vars added from configmap or secret to the Open WebUI deployment. Most up-to-date environment variables can be found here: https://docs.openwebui.com/getting-started/env-configuration/ (caution: `extraEnvVars` will take precedence over the value from `extraEnvFrom`) extraEnvFrom: [] # - configMapRef: # name: my-config # - secretRef: # name: my-secret # -- Configure runtime class # ref: runtimeClassName: "" # -- Configure container volume mounts # ref: volumeMounts: initContainer: [] # - name: "" # mountPath: "" container: [] # - name: "" # mountPath: "" # -- Additional init containers to add to the deployment/statefulset # ref: extraInitContainers: [] # - name: custom-init # image: busybox:latest # command: ['sh', '-c', 'echo "Custom init container running"'] # volumeMounts: # - name: data # mountPath: /data # -- Configure pod volumes # ref: volumes: [] # - name: "" # configMap: # name: "" # - name: "" # emptyDir: {} # -- Configure pod security context # ref: podSecurityContext: {} # fsGroupChangePolicy: Always # sysctls: [] # supplementalGroups: [] # fsGroup: 1001 # -- Configure container security context # ref: containerSecurityContext: {} # runAsUser: 1001 # runAsGroup: 1001 # runAsNonRoot: true # privileged: false # allowPrivilegeEscalation: false # readOnlyRootFilesystem: false # capabilities: # drop: # - ALL # seccompProfile: # type: "RuntimeDefault" sso: # -- **Enable SSO authentication globally** must enable to use SSO authentication # @section -- SSO Configuration enabled: false # -- Enable account creation when logging in with OAuth (distinct from regular signup) # @section -- SSO Configuration enableSignup: false # -- Allow logging into accounts that match email from OAuth provider (considered insecure) # @section -- SSO Configuration mergeAccountsByEmail: false # -- Enable OAuth role management through access token roles claim # @section -- SSO Configuration enableRoleManagement: false # -- Enable OAuth group management through access token groups claim # @section -- SSO Configuration enableGroupManagement: false google: # -- Enable Google OAuth # @section -- Google OAuth configuration enabled: false # -- Google OAuth client ID # @section -- Google OAuth configuration clientId: "" # -- Google OAuth client secret (ignored if clientExistingSecret is set) # @section -- Google OAuth configuration clientSecret: "" # -- Google OAuth client secret from existing secret # @section -- Google OAuth configuration clientExistingSecret: "" # -- Google OAuth client secret key from existing secret # @section -- Google OAuth configuration clientExistingSecretKey: "" microsoft: # -- Enable Microsoft OAuth # @section -- Microsoft OAuth configuration enabled: false # -- Microsoft OAuth client ID # @section -- Microsoft OAuth configuration clientId: "" # -- Microsoft OAuth client secret (ignored if clientExistingSecret is set) # @section -- Microsoft OAuth configuration clientSecret: "" # -- Microsoft OAuth client secret from existing secret # @section -- Microsoft OAuth configuration clientExistingSecret: "" # -- Microsoft OAuth client secret key from existing secret # @section -- Microsoft OAuth configuration clientExistingSecretKey: "" # -- Microsoft tenant ID - use 9188040d-6c67-4c5b-b112-36a304b66dad for personal accounts # @section -- Microsoft OAuth configuration tenantId: "" github: # -- Enable GitHub OAuth # @section -- GitHub OAuth configuration enabled: false # -- GitHub OAuth client ID # @section -- GitHub OAuth configuration clientId: "" # -- GitHub OAuth client secret (ignored if clientExistingSecret is set) # @section -- GitHub OAuth configuration clientSecret: "" # -- GitHub OAuth client secret from existing secret # @section -- GitHub OAuth configuration clientExistingSecret: "" # -- GitHub OAuth client secret key from existing secret # @section -- GitHub OAuth configuration clientExistingSecretKey: "" oidc: # -- Enable OIDC authentication # @section -- OIDC configuration enabled: false # -- OIDC client ID # @section -- OIDC configuration clientId: "" # -- OIDC client secret (ignored if clientExistingSecret is set) # @section -- OIDC configuration clientSecret: "" # -- OICD client secret from existing secret # @section -- OIDC configuration clientExistingSecret: "" # -- OIDC client secret key from existing secret # @section -- OIDC configuration clientExistingSecretKey: "" # -- OIDC provider well known URL # @section -- OIDC configuration providerUrl: "" # -- Name of the provider to show on the UI # @section -- OIDC configuration providerName: "SSO" # -- Scopes to request (space-separated). # @section -- OIDC configuration scopes: "openid email profile" roleManagement: # -- The claim that contains the roles (can be nested, e.g., user.roles) # @section -- Role management configuration rolesClaim: "roles" # -- Comma-separated list of roles allowed to log in (receive open webui role user) # @section -- Role management configuration allowedRoles: "" # -- Comma-separated list of roles allowed to log in as admin (receive open webui role admin) # @section -- Role management configuration adminRoles: "" groupManagement: # -- The claim that contains the groups (can be nested, e.g., user.memberOf) # @section -- SSO Configuration groupsClaim: "groups" trustedHeader: # -- Enable trusted header authentication # @section -- SSO trusted header authentication enabled: false # -- Header containing the user's email address # @section -- SSO trusted header authentication emailHeader: "" # -- Header containing the user's name (optional, used for new user creation) # @section -- SSO trusted header authentication nameHeader: "" # -- Extra resources to deploy with Open WebUI extraResources: [] # - apiVersion: v1 # kind: ConfigMap # metadata: # name: example-configmap # data: # example-key: example-value # -- Configure database URL, needed to work with Postgres (example: `postgresql://:@:/`), leave empty to use the default sqlite database databaseUrl: "" # -- Postgresql configuration (see. https://artifacthub.io/packages/helm/bitnami/postgresql) postgresql: enabled: false fullnameOverride: open-webui-postgres architecture: standalone auth: database: open-webui postgresPassword: 0p3n-w3bu! username: open-webui password: 0p3n-w3bu! primary: persistence: size: 1Gi resources: requests: memory: 256Mi cpu: 250m limits: memory: 512Mi cpu: 500m # Configure Application logging levels (see. https://docs.openwebui.com/getting-started/advanced-topics/logging#-logging-levels-explained) logging: # -- Set the global log level ["notset", "debug", "info" (default), "warning", "error", "critical"] # @section -- Logging configuration level: "" # Optional granularity: override log levels per subsystem/component # if not set, it will use the global level (see. https://docs.openwebui.com/getting-started/advanced-topics/logging#%EF%B8%8F-appbackend-specific-logging-levels) components: # -- Set the log level for the Audio processing component # @section -- Logging configuration audio: "" # -- Set the log level for the ComfyUI Integration component # @section -- Logging configuration comfyui: "" # -- Set the log level for the Configuration Management component # @section -- Logging configuration config: "" # -- Set the log level for the Database Operations (Peewee) component # @section -- Logging configuration db: "" # -- Set the log level for the Image Generation component # @section -- Logging configuration images: "" # -- Set the log level for the Main Application Execution component # @section -- Logging configuration main: "" # -- Set the log level for the Model Management component # @section -- Logging configuration models: "" # -- Set the log level for the Ollama Backend Integration component # @section -- Logging configuration ollama: "" # -- Set the log level for the OpenAI API Integration component # @section -- Logging configuration openai: "" # -- Set the log level for the Retrieval-Augmented Generation (RAG) component # @section -- Logging configuration rag: "" # -- Set the log level for the Authentication Webhook component # @section -- Logging configuration webhook: ""