OpenWebUI/helm-charts
1
0
Fork 0
mirror of https://github.com/open-webui/helm-charts synced 2025-06-26 18:16:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
e6c33ca07c
helm-charts/charts/open-webui/templates/workload-manager.yaml
Mario Trangoni e6c33ca07c feat(open-webui): Make it possible to configure Azure Storage credentials via k8s secrets 
Signed-off-by: Mario Trangoni <mjtrangoni@gmail.com>
2025-05-06 16:18:48 +02:00

353 lines
14 KiB
YAML
Raw Blame History

apiVersion: apps/v1
{{- if and .Values.persistence.enabled (eq .Values.persistence.provider "local") }}
kind: StatefulSet
{{- else }}
kind: Deployment
{{- end }}
metadata:
name: {{ include "open-webui.name" . }}
namespace: {{ include "open-webui.namespace" . }}
labels:
{{- include "open-webui.labels" . | nindent 4 }}
{{- with .Values.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicaCount }}
{{- if and .Values.persistence.enabled (eq .Values.persistence.provider "local") }}
serviceName: {{ include "open-webui.name" . }}
{{- end }}
selector:
matchLabels:
{{- include "open-webui.selectorLabels" . | nindent 6 }}
{{- if .Values.strategy }}
{{- if and .Values.persistence.enabled (eq .Values.persistence.provider "local") }}
updateStrategy:
{{- toYaml .Values.strategy | nindent 4 }}
{{- else }}
strategy:
{{- toYaml .Values.strategy | nindent 4 }}
{{- end }}
{{- end }}
template:
metadata:
labels:
{{- include "open-webui.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
initContainers:
- name: copy-app-data
{{- with .Values.image }}
image: {{ .repository }}:{{ .tag | default $.Chart.AppVersion }}
imagePullPolicy: {{ .pullPolicy }}
{{- end }}
command: ['sh', '-c', 'cp -R -n /app/backend/data/* /tmp/app-data/']
{{- with .Values.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.copyAppData.resources }}
resources: {{- toYaml . | nindent 10 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /tmp/app-data
{{- if .Values.persistence.subPath }}
subPath: {{ .Values.persistence.subPath }}
{{- end }}
{{- with .Values.volumeMounts.initContainer }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.extraInitContainers }}
{{- toYaml . | nindent 6 }}
{{- end }}
enableServiceLinks: false
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- if .Values.runtimeClassName }}
runtimeClassName: {{ .Values.runtimeClassName | quote }}
{{- end }}
{{- if .Values.serviceAccount.enable }}
serviceAccountName: {{ .Values.serviceAccount.name | default (include "open-webui.name" .) }}
{{- end }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- with .Values.image }}
image: {{ .repository }}:{{ .tag | default $.Chart.AppVersion }}
imagePullPolicy: {{ .pullPolicy }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.service.containerPort }}
{{- with .Values.livenessProbe }}
livenessProbe: {{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.readinessProbe }}
readinessProbe: {{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.startupProbe }}
startupProbe: {{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.resources }}
resources: {{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /app/backend/data
{{- if .Values.persistence.subPath }}
subPath: {{ .Values.persistence.subPath }}
{{- end }}
{{- with .Values.volumeMounts.container }}
{{- toYaml . | nindent 8 }}
{{- end }}
env:
{{- if .Values.ollamaUrlsFromExtraEnv}}
{{- else if or .Values.ollamaUrls .Values.ollama.enabled }}
- name: "OLLAMA_BASE_URLS"
value: {{ include "ollamaBaseUrls" . | quote }}
{{- else }}
- name: "ENABLE_OLLAMA_API"
value: "False"
{{- end }}
{{- if and .Values.enableOpenaiApi .Values.openaiBaseApiUrl (not .Values.openaiBaseApiUrls) (not .Values.pipelines.enabled) }}
# If only an OpenAI API value is set, set it to OPENAI_API_BASE_URL
- name: "OPENAI_API_BASE_URL"
value: {{ .Values.openaiBaseApiUrl | quote }}
{{- else if and .Values.enableOpenaiApi .Values.openaiBaseApiUrl .Values.pipelines.enabled (not .Values.openaiBaseApiUrls) }}
# If Pipelines is enabled and OpenAI API value is set, use OPENAI_API_BASE_URLS with combined values
- name: "OPENAI_API_BASE_URLS"
value: "{{ include "pipelines.serviceEndpoint" . }};{{ .Values.openaiBaseApiUrl }}"
{{- else if and .Values.enableOpenaiApi .Values.pipelines.enabled (not .Values.openaiBaseApiUrl) (not .Values.openaiBaseApiUrls) }}
# If Pipelines is enabled and no OpenAI API values are set, set OPENAI_API_BASE_URL to the Pipelines server endpoint
- name: "OPENAI_API_BASE_URL"
value: {{ include "pipelines.serviceEndpoint" . | quote }}
{{- else if and .Values.enableOpenaiApi .Values.openaiBaseApiUrls .Values.pipelines.enabled }}
# If OpenAI API value(s) set and Pipelines is enabled, use OPENAI_API_BASE_URLS to support all the endpoints in the chart
- name: "OPENAI_API_BASE_URLS"
value: "{{ include "pipelines.serviceEndpoint" . }};{{ join ";" .Values.openaiBaseApiUrls }}"
{{- else if not .Values.enableOpenaiApi }}
- name: "ENABLE_OPENAI_API"
value: "False"
{{- end }}
{{- if .Values.tika.enabled }}
- name: "CONTENT_EXTRACTION_ENGINE"
value: "Tika"
- name: "TIKA_SERVER_URL"
value: http://{{ .Chart.Name }}-tika:9998
{{- end }}
{{- if eq .Values.persistence.provider "s3" }}
- name: "STORAGE_PROVIDER"
value: {{ .Values.persistence.provider }}
- name: "S3_ACCESS_KEY_ID"
value: {{ .Values.persistence.s3.accessKey }}
- name: "S3_SECRET_ACCESS_KEY"
value: {{ .Values.persistence.s3.secretKey }}
- name: "S3_ENDPOINT_URL"
value: {{ .Values.persistence.s3.endpointUrl }}
- name: "S3_BUCKET_NAME"
value: {{ .Values.persistence.s3.bucket }}
- name: "S3_REGION_NAME"
value: {{ .Values.persistence.s3.region }}
- name: "S3_KEY_PREFIX"
value: {{ .Values.persistence.s3.keyPrefix }}
{{- else if eq .Values.persistence.provider "gcs" }}
- name: "STORAGE_PROVIDER"
value: {{ .Values.persistence.provider }}
- name: "GOOGLE_APPLICATION_CREDENTIALS_JSON"
value: {{ .Values.persistence.gcs.appCredentialsJson }}
- name: "GCS_BUCKET_NAME"
value: {{ .Values.persistence.gcs.bucket }}
{{- else if eq .Values.persistence.provider "azure" }}
- name: "STORAGE_PROVIDER"
value: {{ .Values.persistence.provider }}
- name: "AZURE_STORAGE_ENDPOINT"
value: {{ .Values.persistence.azure.endpointUrl }}
- name: "AZURE_STORAGE_CONTAINER_NAME"
value: {{ .Values.persistence.azure.container }}
- name: "AZURE_STORAGE_KEY"
{{- if .Values.persistence.azure.keyExistingSecret }}
valueFrom:
secretKeyRef:
name: {{ .Values.persistence.azure.keyExistingSecret }}
key: {{ .Values.persistence.azure.keyExistingSecretKey }}
{{- else }}
value: {{ .Values.persistence.azure.key }}
{{- end }}
{{- end }}
{{- if .Values.websocket.enabled }}
- name: "ENABLE_WEBSOCKET_SUPPORT"
value: "True"
- name: "WEBSOCKET_MANAGER"
value: {{ .Values.websocket.manager | default "redis" | quote }}
- name: "WEBSOCKET_REDIS_URL"
value: {{ .Values.websocket.url | quote }}
{{- end }}
{{- if or .Values.postgresql.enabled .Values.databaseUrl }}
- name: "DATABASE_URL"
value: {{ .Values.databaseUrl | default (printf "postgresql://%s:%s@%s:%s/%s" .Values.postgresql.auth.username .Values.postgresql.auth.password .Values.postgresql.fullnameOverride "5432" .Values.postgresql.auth.database) }}
{{- end }}
{{- if .Values.sso.enabled }}
{{- if .Values.sso.enableSignup }}
- name: "ENABLE_OAUTH_SIGNUP"
value: "True"
{{- end }}
{{- if .Values.sso.mergeAccountsByEmail }}
- name: "OAUTH_MERGE_ACCOUNTS_BY_EMAIL"
value: "True"
{{- end }}
{{- if .Values.sso.google.enabled }}
- name: "GOOGLE_CLIENT_ID"
value: {{ .Values.sso.google.clientId | quote }}
{{- include "sso.validateClientSecret" (dict "provider" "google" "values" .Values.sso) }}
- name: "GOOGLE_CLIENT_SECRET"
{{- if .Values.sso.google.clientExistingSecret }}
valueFrom:
secretKeyRef:
name: {{ .Values.sso.google.clientExistingSecret | quote }}
key: {{ .Values.sso.google.clientExistingSecretKey | quote }}
{{- else }}
value: {{ .Values.sso.google.clientSecret | quote }}
{{- end }}
{{- end }}
{{- if .Values.sso.microsoft.enabled }}
- name: "MICROSOFT_CLIENT_ID"
value: {{ .Values.sso.microsoft.clientId | quote }}
{{- include "sso.validateClientSecret" (dict "provider" "microsoft" "values" .Values.sso) }}
- name: "MICROSOFT_CLIENT_SECRET"
{{- if .Values.sso.microsoft.clientExistingSecret }}
valueFrom:
secretKeyRef:
name: {{ .Values.sso.microsoft.clientExistingSecret | quote }}
key: {{ .Values.sso.microsoft.clientExistingSecretKey | quote }}
{{- else }}
value: {{ .Values.sso.microsoft.clientSecret | quote }}
{{- end }}
- name: "MICROSOFT_CLIENT_TENANT_ID"
value: {{ .Values.sso.microsoft.tenantId | quote }}
{{- end }}
{{- if .Values.sso.github.enabled }}
- name: "GITHUB_CLIENT_ID"
value: {{ .Values.sso.github.clientId | quote }}
{{- include "sso.validateClientSecret" (dict "provider" "github" "values" .Values.sso) }}
- name: "GITHUB_CLIENT_SECRET"
{{- if .Values.sso.github.clientExistingSecret }}
valueFrom:
secretKeyRef:
name: {{ .Values.sso.github.clientExistingSecret | quote }}
key: {{ .Values.sso.github.clientExistingSecretKey | quote }}
{{- else }}
value: {{ .Values.sso.github.clientSecret | quote }}
{{- end }}
{{- end }}
{{- if .Values.sso.oidc.enabled }}
- name: "OAUTH_CLIENT_ID"
value: {{ .Values.sso.oidc.clientId | quote }}
{{- include "sso.validateClientSecret" (dict "provider" "oidc" "values" .Values.sso) }}
- name: "OAUTH_CLIENT_SECRET"
{{- if .Values.sso.oidc.clientExistingSecret }}
valueFrom:
secretKeyRef:
name: {{ .Values.sso.oidc.clientExistingSecret | quote }}
key: {{ .Values.sso.oidc.clientExistingSecretKey | quote }}
{{- else }}
value: {{ .Values.sso.oidc.clientSecret | quote }}
{{- end }}
- name: "OPENID_PROVIDER_URL"
value: {{ .Values.sso.oidc.providerUrl | quote }}
- name: "OAUTH_PROVIDER_NAME"
value: {{ .Values.sso.oidc.providerName | quote }}
- name: "OAUTH_SCOPES"
value: {{ .Values.sso.oidc.scopes | quote }}
{{- end }}
{{- if .Values.sso.enableRoleManagement }}
- name: "ENABLE_OAUTH_ROLE_MANAGEMENT"
value: "True"
- name: "OAUTH_ROLES_CLAIM"
value: {{ .Values.sso.roleManagement.rolesClaim | quote }}
{{- if .Values.sso.roleManagement.allowedRoles }}
- name: "OAUTH_ALLOWED_ROLES"
value: {{ .Values.sso.roleManagement.allowedRoles | quote }}
{{- end }}
{{- if .Values.sso.roleManagement.adminRoles }}
- name: "OAUTH_ADMIN_ROLES"
value: {{ .Values.sso.roleManagement.adminRoles | quote }}
{{- end }}
{{- end }}
{{- if .Values.sso.enableGroupManagement }}
- name: "ENABLE_OAUTH_GROUP_MANAGEMENT"
value: "True"
- name: "OAUTH_GROUP_CLAIM"
value: {{ .Values.sso.groupManagement.groupsClaim | quote }}
{{- end }}
{{- if .Values.sso.trustedHeader.enabled }}
- name: "WEBUI_AUTH_TRUSTED_EMAIL_HEADER"
value: {{ .Values.sso.trustedHeader.emailHeader | quote }}
{{- if .Values.sso.trustedHeader.nameHeader }}
- name: "WEBUI_AUTH_TRUSTED_NAME_HEADER"
value: {{ .Values.sso.trustedHeader.nameHeader | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.extraEnvVars }}
{{- toYaml .Values.extraEnvVars | nindent 8 }}
{{- end }}
{{- if .Values.extraEnvFrom }}
envFrom:
{{- toYaml .Values.extraEnvFrom | nindent 8 }}
{{- end }}
tty: true
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
- name: data
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim }}
{{- else if or (not .Values.persistence.enabled) (not (eq .Values.persistence.provider "local")) }}
- name: data
emptyDir: {}
{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
- name: data
persistentVolumeClaim:
claimName: {{ include "open-webui.name" . }}
{{- end }}
{{- with .Values.volumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink