gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2fb86f59304f014b20b0b7108d956c98db766e12
home-server/clusters/noble/apps/open-webui/values.yaml

66 lines
2.2 KiB
YAML
Raw Blame History

# Open WebUI — https://github.com/open-webui/helm-charts (chart **open-webui**).
# Ingress: Traefik + cert-manager (same pattern as **`clusters/noble/apps/homepage/values.yaml`**).
#
# **Secrets** (**`OPENAI_API_KEY`**, **`WEBUI_SECRET_KEY`**, **`OAUTH_CLIENT_SECRET`**) are created in-cluster by
# **`ansible-playbook … --tags authentik`** as **`open-webui/open-webui-secrets`** (see **noble_authentik** role and **`.env.sample`**).
# **OIDC** uses Authentik provider slug **`open-webui`** (issuer **`…/application/o/open-webui/`**). Do **not** put ForwardAuth on this Ingress while using native OIDC (same pattern as Headlamp).
# **Public host only** (Pangolin → Newt → Traefik): keep **ingress.host**, **OPENID_PROVIDER_URL**, **OPENID_REDIRECT_URI**, and **WEBUI_URL** in sync with **`noble_open_webui_public_host`** in Ansible **group_vars** (see **noble_authentik** README).
#
ollama:
enabled: false
pipelines:
enabled: false
ollamaUrls: []
ingress:
enabled: true
class: traefik
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
host: webui.nikflix.ca
additionalHosts: []
tls: true
existingSecret: ""
enableOpenaiApi: true
openaiBaseApiUrl: "https://api.openai.com/v1"
openaiApiKey: ""
openaiApiKeyExistingSecret: open-webui-secrets
openaiApiKeyExistingSecretKey: OPENAI_API_KEY
extraEnvVars:
- name: ENABLE_OAUTH_SIGNUP
value: "true"
- name: OAUTH_MERGE_ACCOUNTS_BY_EMAIL
value: "true"
- name: OAUTH_PROVIDER_NAME
value: "Authentik"
- name: OAUTH_CLIENT_ID
value: "open-webui"
- name: OPENID_PROVIDER_URL
value: "https://auth.nikflix.ca/application/o/open-webui/.well-known/openid-configuration"
- name: OAUTH_SCOPES
value: "openid email profile offline_access"
- name: OPENID_REDIRECT_URI
value: "https://webui.nikflix.ca/oauth/oidc/callback"
- name: WEBUI_URL
value: "https://webui.nikflix.ca"
- name: ENABLE_OAUTH_PERSISTENT_CONFIG
value: "false"
- name: WEBUI_SECRET_KEY
valueFrom:
secretKeyRef:
name: open-webui-secrets
key: WEBUI_SECRET_KEY
- name: OAUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: open-webui-secrets
key: OAUTH_CLIENT_SECRET
persistence:
enabled: true
size: 5Gi
Reference in New Issue View Git Blame Copy Permalink