diff --git a/apps/charts/openwebui/Chart.yaml b/apps/charts/openwebui/Chart.yaml index 5b46cef..2ddf948 100644 --- a/apps/charts/openwebui/Chart.yaml +++ b/apps/charts/openwebui/Chart.yaml @@ -1,3 +1,7 @@ apiVersion: v2 version: 1.0.0 name: openwebui +dependencies: + - name: common + version: 1.0.0 + repository: file://../../common diff --git a/apps/charts/openwebui/templates/client.yaml b/apps/charts/openwebui/templates/client.yaml index 8299b34..c13745f 100644 --- a/apps/charts/openwebui/templates/client.yaml +++ b/apps/charts/openwebui/templates/client.yaml @@ -1,10 +1 @@ -apiVersion: homelab.mortenolsen.pro/v1 -kind: OidcClient -metadata: - name: '{{ .Release.Name }}' -spec: - environment: '{{ .Values.globals.environment }}' - redirectUris: - - path: /oauth/oidc/callback - subdomain: '{{ .Values.subdomain }}' - matchingMode: strict +{{ include "common.oidc" . }} diff --git a/apps/charts/openwebui/templates/deployment.yaml b/apps/charts/openwebui/templates/deployment.yaml index 0896df2..4508e33 100644 --- a/apps/charts/openwebui/templates/deployment.yaml +++ b/apps/charts/openwebui/templates/deployment.yaml @@ -1,71 +1 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: "{{ .Release.Name }}" -spec: - strategy: - type: Recreate - replicas: 1 - revisionHistoryLimit: 0 - selector: - matchLabels: - app: "{{ .Release.Name }}" - template: - metadata: - labels: - app: "{{ .Release.Name }}" - spec: - containers: - - name: "{{ .Release.Name }}" - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - ports: - - name: http - containerPort: 8080 - protocol: TCP - livenessProbe: - tcpSocket: - port: http - readinessProbe: - tcpSocket: - port: http - volumeMounts: - - mountPath: /app/backend/data - name: data - env: - - name: ENABLE_SIGNUP - value: "false" - - name: WEBUI_URL # TODO: remove - value: https://openwebui.olsen.cloud - - name: ENABLE_OAUTH_PERSISTENT_CONFIG - value: "false" - - name: ENABLE_OAUTH_SIGNUP - value: "true" - - name: OAUTH_MERGE_ACCOUNTS_BY_EMAIL - value: "true" - - name: OAUTH_PROVIDER_NAME - value: authentik - - name: OPENID_PROVIDER_URL - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-client" - key: configuration - - name: OAUTH_CLIENT_ID - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-client" - key: clientId - - name: OAUTH_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-client" - key: clientSecret - - name: ENABLE_LOGIN_FORM - value: "false" - - name: OPENID_REDIRECT - value: https://openwebui.olsen.cloud/oauth/oidc/callback - - volumes: - - name: data - persistentVolumeClaim: - claimName: "{{ .Release.Name }}-data" +{{ include "common.deployment" . }} diff --git a/apps/charts/openwebui/templates/pvc.yaml b/apps/charts/openwebui/templates/pvc.yaml index bc1d0a6..379bad9 100644 --- a/apps/charts/openwebui/templates/pvc.yaml +++ b/apps/charts/openwebui/templates/pvc.yaml @@ -1,11 +1 @@ -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: '{{ .Release.Name }}-data' -spec: - accessModes: - - 'ReadWriteOnce' - resources: - requests: - storage: '1Gi' - storageClassName: '{{ .Values.globals.environment }}' +{{ include "common.pvc" . }} diff --git a/apps/charts/openwebui/templates/service.yaml b/apps/charts/openwebui/templates/service.yaml index 501e92a..f024c64 100644 --- a/apps/charts/openwebui/templates/service.yaml +++ b/apps/charts/openwebui/templates/service.yaml @@ -1,15 +1 @@ -apiVersion: v1 -kind: Service -metadata: - name: '{{ .Release.Name }}' - labels: - app: '{{ .Release.Name }}' -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: 8080 - protocol: TCP - name: http - selector: - app: '{{ .Release.Name }}' +{{ include "common.service" . }} diff --git a/apps/charts/openwebui/templates/virtual-service.yaml b/apps/charts/openwebui/templates/virtual-service.yaml index 36e9d43..766f6b9 100644 --- a/apps/charts/openwebui/templates/virtual-service.yaml +++ b/apps/charts/openwebui/templates/virtual-service.yaml @@ -1,39 +1 @@ -apiVersion: networking.istio.io/v1 -kind: VirtualService -metadata: - name: "{{ .Release.Name }}-public" - namespace: "{{ .Release.Namespace }}" -spec: - gateways: - - "{{ .Values.globals.istio.gateways.public }}" - - mesh - hosts: - - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}" - - mesh - http: - - route: - - destination: - host: "{{ .Release.Name }}" - port: - number: 80 - ---- -apiVersion: networking.istio.io/v1 -kind: VirtualService -metadata: - name: "{{ .Release.Name }}-private" - namespace: "{{ .Release.Namespace }}" -spec: - gateways: - - "{{ .Values.globals.istio.gateways.private }}" - - mesh - hosts: - - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}" - - mesh - http: - - route: - - destination: - host: "{{ .Release.Name }}" - port: - number: 80 - +{{ include "common.virtualService" . }} diff --git a/apps/charts/openwebui/values.yaml b/apps/charts/openwebui/values.yaml index e63a1fc..03e952d 100644 --- a/apps/charts/openwebui/values.yaml +++ b/apps/charts/openwebui/values.yaml @@ -2,4 +2,72 @@ image: repository: ghcr.io/open-webui/open-webui tag: 0.6.43@sha256:9cb724e0bc84f05ba2f81a3da5f53f5add07e1001065d83f3b6b70b9a9eeef19 pullPolicy: IfNotPresent + subdomain: openwebui + +# Deployment configuration +deployment: + strategy: Recreate + replicas: 1 + revisionHistoryLimit: 0 + +# Container configuration +container: + port: 8080 + healthProbe: + type: tcpSocket + port: http # Use named port + +# Service configuration +service: + port: 80 + type: ClusterIP + +# Volume configuration +volumes: + - name: data + mountPath: /app/backend/data + persistentVolumeClaim: data + +# Persistent volume claims +persistentVolumeClaims: + - name: data + size: 1Gi + +# VirtualService configuration +virtualService: + enabled: true + gateways: + public: true + private: true + +# OIDC client configuration +oidc: + enabled: true + redirectUris: + - "/oauth/oidc/callback" + subjectMode: user_username + +# Environment variables +env: + ENABLE_SIGNUP: "false" + WEBUI_URL: + value: "https://{subdomain}.{domain}" + ENABLE_OAUTH_PERSISTENT_CONFIG: "false" + ENABLE_OAUTH_SIGNUP: "true" + OAUTH_MERGE_ACCOUNTS_BY_EMAIL: "true" + OAUTH_PROVIDER_NAME: authentik + OPENID_PROVIDER_URL: "https://auth.{domain}/application/o/{namespace}-{release}/.well-known/openid-configuration" # TODO: fix! + OAUTH_CLIENT_ID: + valueFrom: + secretKeyRef: + name: "{release}-oidc-credentials" + key: clientId + OAUTH_CLIENT_SECRET: + valueFrom: + secretKeyRef: + name: "{release}-oidc-credentials" + key: clientSecret + ENABLE_LOGIN_FORM: "false" + OPENID_REDIRECT: + value: "https://{subdomain}.{domain}/oauth/oidc/callback"