OpenWebUI/helm-charts
1
0
Fork 0
mirror of https://github.com/open-webui/helm-charts synced 2025-06-26 18:16:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
e03a80610b
helm-charts/charts/open-webui/values.yaml

606 lines
21 KiB
YAML
Raw Blame History

nameOverride: ""
namespaceOverride: ""
ollama:
# -- Automatically install Ollama Helm chart from https://otwld.github.io/ollama-helm/. Use [Helm Values](https://github.com/otwld/ollama-helm/#helm-values) to configure
enabled: true
# -- If enabling embedded Ollama, update fullnameOverride to your desired Ollama name value, or else it will use the default ollama.name value from the Ollama chart
fullnameOverride: "open-webui-ollama"
# -- Example Ollama configuration with nvidia GPU enabled, automatically downloading a model, and deploying a PVC for model persistence
# ollama:
# gpu:
# enabled: true
# type: 'nvidia'
# number: 1
# models:
# pull:
# - llama3
# run:
# - llama3
# runtimeClassName: nvidia
# persistentVolume:
# enabled: true
# volumeName: "example-pre-existing-pv-created-by-smb-csi"
pipelines:
# -- Automatically install Pipelines chart to extend Open WebUI functionality using Pipelines: https://github.com/open-webui/pipelines
enabled: true
# -- This section can be used to pass required environment variables to your pipelines (e.g. Langfuse hostname)
extraEnvVars: []
tika:
# -- Automatically install Apache Tika to extend Open WebUI
enabled: false
# -- A list of Ollama API endpoints. These can be added in lieu of automatically installing the Ollama Helm chart, or in addition to it.
ollamaUrls: []
# -- Disables taking Ollama Urls from `ollamaUrls` list
ollamaUrlsFromExtraEnv: false
websocket:
# -- Enables websocket support in Open WebUI with env `ENABLE_WEBSOCKET_SUPPORT`
enabled: false
# -- Specifies the websocket manager to use with env `WEBSOCKET_MANAGER`: redis (default)
manager: redis
# -- Specifies the URL of the Redis instance for websocket communication. Template with `redis://[:<password>@]<hostname>:<port>/<db>`
url: redis://open-webui-redis:6379/0
# -- Node selector for websocket pods
nodeSelector: {}
# -- Deploys a redis
redis:
# -- Enable redis installation
enabled: true
# -- Redis name
name: open-webui-redis
# -- Redis labels
labels: {}
# -- Redis annotations
annotations: {}
# -- Redis pod
pods:
# -- Redis pod labels
labels: {}
# -- Redis pod annotations
annotations: {}
# -- Redis image
image:
repository: redis
tag: 7.4.2-alpine3.21
pullPolicy: IfNotPresent
# -- Redis command (overrides default)
command: []
# -- Redis arguments (overrides default)
args: []
# -- Redis resources
resources: {}
# -- Redis service
service:
# -- Redis container/target port
containerPort: 6379
# -- Redis service type
type: ClusterIP
# -- Redis service labels
labels: {}
# -- Redis service annotations
annotations: {}
# -- Redis service port
port: 6379
# -- Redis service node port. Valid only when type is `NodePort`
nodePort: ""
# -- Redis tolerations for pod assignment
tolerations: []
# -- Redis affinity for pod assignment
affinity: {}
# -- Redis security context
securityContext:
{}
# runAsUser: 999
# runAsGroup: 1000
# -- Deploys a Redis cluster with subchart 'redis' from bitnami
redis-cluster:
# -- Enable Redis installation
enabled: false
# -- Redis cluster name (recommended to be 'open-webui-redis')
# - In this case, redis url will be 'redis://open-webui-redis-master:6379/0' or 'redis://[:<password>@]open-webui-redis-master:6379/0'
fullnameOverride: open-webui-redis
# -- Redis Authentication
auth:
# -- Enable Redis authentication (disabled by default). For your security, we strongly suggest that you switch to 'auth.enabled=true'
enabled: false
# -- Replica configuration for the Redis cluster
replica:
# -- Number of Redis replica instances
replicaCount: 3
# -- Value of cluster domain
clusterDomain: cluster.local
annotations: {}
podAnnotations: {}
podLabels: {}
replicaCount: 1
# -- Strategy for updating the workload manager: deployment or statefulset
strategy: {}
# -- Open WebUI image tags can be found here: https://github.com/open-webui/open-webui
image:
repository: ghcr.io/open-webui/open-webui
tag: ""
pullPolicy: "IfNotPresent"
serviceAccount:
enable: true
name: ""
annotations: {}
automountServiceAccountToken: false
# -- Configure imagePullSecrets to use private registry
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry>
imagePullSecrets: []
# imagePullSecrets:
# - name: myRegistryKeySecretName
# -- Probe for liveness of the Open WebUI container
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes>
livenessProbe: {}
# livenessProbe:
# httpGet:
# path: /health
# port: http
# failureThreshold: 1
# periodSeconds: 10
# -- Probe for readiness of the Open WebUI container
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes>
readinessProbe: {}
# readinessProbe:
# httpGet:
# path: /health/db
# port: http
# failureThreshold: 1
# periodSeconds: 10
# -- Probe for startup of the Open WebUI container
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes>
startupProbe: {}
# startupProbe:
# httpGet:
# path: /health
# port: http
# initialDelaySeconds: 30
# periodSeconds: 5
# failureThreshold: 20
resources: {}
copyAppData:
resources: {}
managedCertificate:
enabled: false
name: "mydomain-chat-cert" # You can override this name if needed
domains:
- chat.example.com # update to your real domain
ingress:
enabled: false
class: ""
# -- Use appropriate annotations for your Ingress controller, e.g., for NGINX:
annotations: {}
# # Example for GKE Ingress
# kubernetes.io/ingress.class: "gce"
# kubernetes.io/ingress.global-static-ip-name: "open-webui-external-ip" # you need to create this address in GCP console
# # Force HTTP to redirect to HTTPS
# nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
# nginx.ingress.kubernetes.io/permanent-redirect: "https://chat.example.com"
# networking.gke.io/managed-certificates: "mydomain-chat-cert"
# # nginx.ingress.kubernetes.io/rewrite-target: /
host: "chat.example.com" # update to your real domain
additionalHosts: []
tls: false
existingSecret: ""
# -- Additional custom labels to add to the Ingress metadata
# Useful for tagging, selecting, or applying policies to the Ingress via labels.
extraLabels: {}
# extraLabels:
# app.kubernetes.io/environment: "staging"
persistence:
enabled: true
size: 2Gi
# -- Use existingClaim if you want to re-use an existing Open WebUI PVC instead of creating a new one
existingClaim: ""
# -- Subdirectory of Open WebUI PVC to mount. Useful if root directory is not empty.
subPath: ""
# -- If using multiple replicas, you must update accessModes to ReadWriteMany
accessModes:
- ReadWriteOnce
storageClass: ""
selector: {}
annotations: {}
# -- Sets the storage provider, availables values are `local`, `s3`, `gcs` or `azure`
provider: local
s3:
# -- Sets the access key ID for S3 storage
# @section -- Amazon S3 Storage configuration
accessKey: ""
# -- Sets the secret access key for S3 storage (ignored if secretKeyExistingSecret is set)
# @section -- Amazon S3 Storage configuration
secretKey: ""
# -- Set the secret access key for S3 storage from existing k8s secret
# @section -- Amazon S3 Storage configuration
secretKeyExistingSecret: ""
# -- Set the secret access key for S3 storage from existing k8s secret key
# @section -- Amazon S3 Storage configuration
secretKeyExistingSecretKey: ""
# -- Sets the endpoint url for S3 storage
# @section -- Amazon S3 Storage configuration
endpointUrl: ""
# -- Sets the region name for S3 storage
# @section -- Amazon S3 Storage configuration
region: ""
# -- Sets the bucket name for S3 storage
# @section -- Amazon S3 Storage configuration
bucket: ""
# -- Sets the key prefix for a S3 object
# @section -- Amazon S3 Storage configuration
keyPrefix: ""
gcs:
# -- Contents of Google Application Credentials JSON file (ignored if appCredentialsJsonExistingSecret is set). Optional - if not provided, credentials will be taken from the environment. User credentials if run locally and Google Metadata server if run on a Google Compute Engine. File can be generated for a service account following this guide: https://developers.google.com/workspace/guides/create-credentials#service-account
# @section -- Google Cloud Storage configuration
appCredentialsJson: ""
# -- Set the Google Application Credentials JSON file for Google Cloud Storage from existing secret
# @section -- Google Cloud Storage configuration
appCredentialsJsonExistingSecret: ""
# -- Set the Google Application Credentials JSON file for Google Cloud Storage from existing secret key
# @section -- Google Cloud Storage configuration
appCredentialsJsonExistingSecretKey: ""
# -- Sets the bucket name for Google Cloud Storage. Bucket must already exist
# @section -- Google Cloud Storage configuration
bucket: ""
azure:
# -- Sets the endpoint URL for Azure Storage
# @section -- Azure Storage configuration
endpointUrl: ""
# -- Sets the container name for Azure Storage
# @section -- Azure Storage configuration
container: ""
# -- Set the access key for Azure Storage (ignored if keyExistingSecret is set). Optional - if not provided, credentials will be taken from the environment. User credentials if run locally and Managed Identity if run in Azure services
# @section -- Azure Storage configuration
key: ""
# -- Set the access key for Azure Storage from existing secret
# @section -- Azure Storage configuration
keyExistingSecret: ""
# -- Set the access key for Azure Storage from existing secret key
# @section -- Azure Storage configuration
keyExistingSecretKey: ""
# -- Node labels for pod assignment.
nodeSelector: {}
# -- Tolerations for pod assignment
tolerations: []
# -- Affinity for pod assignment
affinity: {}
# -- Topology Spread Constraints for pod assignment
topologySpreadConstraints: []
# -- HostAliases to be added to hosts-file of each container
hostAliases: []
# -- Service values to expose Open WebUI pods to cluster
service:
type: ClusterIP
annotations: {}
port: 80
containerPort: 8080
nodePort: ""
labels: {}
loadBalancerClass: ""
# -- Enables the use of OpenAI APIs
enableOpenaiApi: true
# -- OpenAI base API URL to use. Defaults to the Pipelines service endpoint when Pipelines are enabled, and "https://api.openai.com/v1" if Pipelines are not enabled and this value is blank
openaiBaseApiUrl: "https://api.openai.com/v1"
# -- OpenAI base API URLs to use. Overwrites the value in openaiBaseApiUrl if set
openaiBaseApiUrls:
[]
# - "https://api.openai.com/v1"
# - "https://api.company.openai.com/v1"
# -- Env vars added to the Open WebUI deployment. Most up-to-date environment variables can be found here: https://docs.openwebui.com/getting-started/env-configuration/
extraEnvVars:
# -- Default API key value for Pipelines. Should be updated in a production deployment, or be changed to the required API key if not using Pipelines
- name: OPENAI_API_KEY
value: "0p3n-w3bu!"
# valueFrom:
# secretKeyRef:
# name: pipelines-api-key
# key: api-key
# - name: OPENAI_API_KEY
# valueFrom:
# secretKeyRef:
# name: openai-api-key
# key: api-key
# - name: OLLAMA_DEBUG
# value: "1"
# -- Env vars added to the Open WebUI deployment, common across environments. Most up-to-date environment variables can be found here: https://docs.openwebui.com/getting-started/env-configuration/ (caution: environment variables defined in both `extraEnvVars` and `commonEnvVars` will result in a conflict. Avoid duplicates)
commonEnvVars: []
# - name: RAG_EMBEDDING_ENGINE
# value: "openai"
# -- Env vars added from configmap or secret to the Open WebUI deployment. Most up-to-date environment variables can be found here: https://docs.openwebui.com/getting-started/env-configuration/ (caution: `extraEnvVars` will take precedence over the value from `extraEnvFrom`)
extraEnvFrom: []
# - configMapRef:
# name: my-config
# - secretRef:
# name: my-secret
# -- Configure runtime class
# ref: <https://kubernetes.io/docs/concepts/containers/runtime-class/>
runtimeClassName: ""
# -- Configure container volume mounts
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-volume-storage/>
volumeMounts:
initContainer: []
# - name: ""
# mountPath: ""
container: []
# - name: ""
# mountPath: ""
# -- Additional init containers to add to the deployment/statefulset
# ref: <https://kubernetes.io/docs/concepts/workloads/pods/init-containers/>
extraInitContainers: []
# - name: custom-init
# image: busybox:latest
# command: ['sh', '-c', 'echo "Custom init container running"']
# volumeMounts:
# - name: data
# mountPath: /data
# -- Configure pod volumes
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-volume-storage/>
volumes: []
# - name: ""
# configMap:
# name: ""
# - name: ""
# emptyDir: {}
# -- Configure pod security context
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container>
podSecurityContext:
{}
# fsGroupChangePolicy: Always
# sysctls: []
# supplementalGroups: []
# fsGroup: 1001
# -- Configure container security context
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-containe>
containerSecurityContext:
{}
# runAsUser: 1001
# runAsGroup: 1001
# runAsNonRoot: true
# privileged: false
# allowPrivilegeEscalation: false
# readOnlyRootFilesystem: false
# capabilities:
# drop:
# - ALL
# seccompProfile:
# type: "RuntimeDefault"
sso:
# -- **Enable SSO authentication globally** must enable to use SSO authentication
# @section -- SSO Configuration
enabled: false
# -- Enable account creation when logging in with OAuth (distinct from regular signup)
# @section -- SSO Configuration
enableSignup: false
# -- Allow logging into accounts that match email from OAuth provider (considered insecure)
# @section -- SSO Configuration
mergeAccountsByEmail: false
# -- Enable OAuth role management through access token roles claim
# @section -- SSO Configuration
enableRoleManagement: false
# -- Enable OAuth group management through access token groups claim
# @section -- SSO Configuration
enableGroupManagement: false
google:
# -- Enable Google OAuth
# @section -- Google OAuth configuration
enabled: false
# -- Google OAuth client ID
# @section -- Google OAuth configuration
clientId: ""
# -- Google OAuth client secret (ignored if clientExistingSecret is set)
# @section -- Google OAuth configuration
clientSecret: ""
# -- Google OAuth client secret from existing secret
# @section -- Google OAuth configuration
clientExistingSecret: ""
# -- Google OAuth client secret key from existing secret
# @section -- Google OAuth configuration
clientExistingSecretKey: ""
microsoft:
# -- Enable Microsoft OAuth
# @section -- Microsoft OAuth configuration
enabled: false
# -- Microsoft OAuth client ID
# @section -- Microsoft OAuth configuration
clientId: ""
# -- Microsoft OAuth client secret (ignored if clientExistingSecret is set)
# @section -- Microsoft OAuth configuration
clientSecret: ""
# -- Microsoft OAuth client secret from existing secret
# @section -- Microsoft OAuth configuration
clientExistingSecret: ""
# -- Microsoft OAuth client secret key from existing secret
# @section -- Microsoft OAuth configuration
clientExistingSecretKey: ""
# -- Microsoft tenant ID - use 9188040d-6c67-4c5b-b112-36a304b66dad for personal accounts
# @section -- Microsoft OAuth configuration
tenantId: ""
github:
# -- Enable GitHub OAuth
# @section -- GitHub OAuth configuration
enabled: false
# -- GitHub OAuth client ID
# @section -- GitHub OAuth configuration
clientId: ""
# -- GitHub OAuth client secret (ignored if clientExistingSecret is set)
# @section -- GitHub OAuth configuration
clientSecret: ""
# -- GitHub OAuth client secret from existing secret
# @section -- GitHub OAuth configuration
clientExistingSecret: ""
# -- GitHub OAuth client secret key from existing secret
# @section -- GitHub OAuth configuration
clientExistingSecretKey: ""
oidc:
# -- Enable OIDC authentication
# @section -- OIDC configuration
enabled: false
# -- OIDC client ID
# @section -- OIDC configuration
clientId: ""
# -- OIDC client secret (ignored if clientExistingSecret is set)
# @section -- OIDC configuration
clientSecret: ""
# -- OICD client secret from existing secret
# @section -- OIDC configuration
clientExistingSecret: ""
# -- OIDC client secret key from existing secret
# @section -- OIDC configuration
clientExistingSecretKey: ""
# -- OIDC provider well known URL
# @section -- OIDC configuration
providerUrl: ""
# -- Name of the provider to show on the UI
# @section -- OIDC configuration
providerName: "SSO"
# -- Scopes to request (space-separated).
# @section -- OIDC configuration
scopes: "openid email profile"
roleManagement:
# -- The claim that contains the roles (can be nested, e.g., user.roles)
# @section -- Role management configuration
rolesClaim: "roles"
# -- Comma-separated list of roles allowed to log in (receive open webui role user)
# @section -- Role management configuration
allowedRoles: ""
# -- Comma-separated list of roles allowed to log in as admin (receive open webui role admin)
# @section -- Role management configuration
adminRoles: ""
groupManagement:
# -- The claim that contains the groups (can be nested, e.g., user.memberOf)
# @section -- SSO Configuration
groupsClaim: "groups"
trustedHeader:
# -- Enable trusted header authentication
# @section -- SSO trusted header authentication
enabled: false
# -- Header containing the user's email address
# @section -- SSO trusted header authentication
emailHeader: ""
# -- Header containing the user's name (optional, used for new user creation)
# @section -- SSO trusted header authentication
nameHeader: ""
# -- Extra resources to deploy with Open WebUI
extraResources:
[]
# - apiVersion: v1
# kind: ConfigMap
# metadata:
# name: example-configmap
# data:
# example-key: example-value
# -- Configure database URL, needed to work with Postgres (example: `postgresql://<user>:<password>@<service>:<port>/<database>`), leave empty to use the default sqlite database
databaseUrl: ""
# -- Postgresql configuration (see. https://artifacthub.io/packages/helm/bitnami/postgresql)
postgresql:
enabled: false
fullnameOverride: open-webui-postgres
architecture: standalone
auth:
database: open-webui
postgresPassword: 0p3n-w3bu!
username: open-webui
password: 0p3n-w3bu!
primary:
persistence:
size: 1Gi
resources:
requests:
memory: 256Mi
cpu: 250m
limits:
memory: 512Mi
cpu: 500m
# Configure Application logging levels (see. https://docs.openwebui.com/getting-started/advanced-topics/logging#-logging-levels-explained)
logging:
# -- Set the global log level ["notset", "debug", "info" (default), "warning", "error", "critical"]
# @section -- Logging configuration
level: ""
# Optional granularity: override log levels per subsystem/component
# if not set, it will use the global level (see. https://docs.openwebui.com/getting-started/advanced-topics/logging#%EF%B8%8F-appbackend-specific-logging-levels)
components:
# -- Set the log level for the Audio processing component
# @section -- Logging configuration
audio: ""
# -- Set the log level for the ComfyUI Integration component
# @section -- Logging configuration
comfyui: ""
# -- Set the log level for the Configuration Management component
# @section -- Logging configuration
config: ""
# -- Set the log level for the Database Operations (Peewee) component
# @section -- Logging configuration
db: ""
# -- Set the log level for the Image Generation component
# @section -- Logging configuration
images: ""
# -- Set the log level for the Main Application Execution component
# @section -- Logging configuration
main: ""
# -- Set the log level for the Model Management component
# @section -- Logging configuration
models: ""
# -- Set the log level for the Ollama Backend Integration component
# @section -- Logging configuration
ollama: ""
# -- Set the log level for the OpenAI API Integration component
# @section -- Logging configuration
openai: ""
# -- Set the log level for the Retrieval-Augmented Generation (RAG) component
# @section -- Logging configuration
rag: ""
# -- Set the log level for the Authentication Webhook component
# @section -- Logging configuration
webhook: ""
Reference in New Issue View Git Blame Copy Permalink