ivanwu/helm-charts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: support open-webui charts

Browse Source
This commit is contained in:
Ivan087
2025-11-21 10:45:23 +08:00
parent 30dd26120a
commit fc2a155ded
84 changed files with 13039 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
charts.list
View File

@ -1,3 +1,4 @@
# List each Helm chart directory to package and push (one per line)
vllm-serve
code-server-chart
# vllm-serve
# code-server-chart
open-webui

25
open-webui/.helmignore Normal file
View File

@ -0,0 +1,25 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
.drone.yml
*.tmproj
.vscode/
values-minikube.yaml

12
open-webui/Chart.lock Normal file
View File

@ -0,0 +1,12 @@
dependencies:
- name: ollama
repository: https://otwld.github.io/ollama-helm/
version: 1.27.0
- name: pipelines
repository: https://helm.openwebui.com
version: 0.7.0
- name: tika
repository: https://apache.jfrog.io/artifactory/tika
version: 3.2.2
digest: sha256:1c6e5d6a38dc8ebb4e15b1945fb222fa57b10e8882d5c79ba430648f3c5af372
generated: "2025-08-22T15:22:03.150693+02:00"

38
open-webui/Chart.yaml Normal file
View File

@ -0,0 +1,38 @@
annotations:
licenses: MIT
apiVersion: v2
appVersion: 0.6.26
dependencies:
- condition: ollama.enabled
import-values:
- child: service
parent: ollama.service
name: ollama
repository: https://otwld.github.io/ollama-helm/
version: '>=0.24.0'
- condition: pipelines.enabled
import-values:
- child: service
parent: pipelines.service
name: pipelines
repository: https://helm.openwebui.com
version: '>=0.0.1'
- condition: tika.enabled
name: tika
repository: https://apache.jfrog.io/artifactory/tika
version: '>=2.9.0'
description: "Open WebUI: A User-Friendly Web Interface for Chat Interactions \U0001F44B"
home: https://www.openwebui.com/
icon: https://raw.githubusercontent.com/open-webui/open-webui/main/static/favicon.png
keywords:
- llm
- chat
- web-ui
- open-webui
name: open-webui
sources:
- https://github.com/open-webui/helm-charts
- https://github.com/open-webui/open-webui/pkgs/container/open-webui
- https://github.com/otwld/ollama-helm/
- https://hub.docker.com/r/ollama/ollama
version: 7.7.0

270
open-webui/README.md Normal file
View File

@ -0,0 +1,270 @@
# open-webui
![Version: 7.7.0](https://img.shields.io/badge/Version-7.7.0-informational?style=flat-square) ![AppVersion: 0.6.26](https://img.shields.io/badge/AppVersion-0.6.26-informational?style=flat-square)
Open WebUI: A User-Friendly Web Interface for Chat Interactions 👋
**Homepage:** <https://www.openwebui.com/>
## Source Code
* <https://github.com/open-webui/helm-charts>
* <https://github.com/open-webui/open-webui/pkgs/container/open-webui>
* <https://github.com/otwld/ollama-helm/>
* <https://hub.docker.com/r/ollama/ollama>
## Installing
Before you can install, you need to add the `open-webui` repo to [Helm](https://helm.sh)
```shell
helm repo add open-webui https://helm.openwebui.com/
helm repo update
```
Now you can install the chart:
```shell
helm upgrade --install open-webui open-webui/open-webui
```
## Requirements
| Repository | Name | Version |
|------------|------|---------|
| https://apache.jfrog.io/artifactory/tika | tika | >=2.9.0 |
| https://helm.openwebui.com | pipelines | >=0.0.1 |
| https://otwld.github.io/ollama-helm/ | ollama | >=0.24.0 |
## Values
### Logging configuration
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| logging.components.audio | string | `""` | Set the log level for the Audio processing component |
| logging.components.comfyui | string | `""` | Set the log level for the ComfyUI Integration component |
| logging.components.config | string | `""` | Set the log level for the Configuration Management component |
| logging.components.db | string | `""` | Set the log level for the Database Operations (Peewee) component |
| logging.components.images | string | `""` | Set the log level for the Image Generation component |
| logging.components.main | string | `""` | Set the log level for the Main Application Execution component |
| logging.components.models | string | `""` | Set the log level for the Model Management component |
| logging.components.ollama | string | `""` | Set the log level for the Ollama Backend Integration component |
| logging.components.openai | string | `""` | Set the log level for the OpenAI API Integration component |
| logging.components.rag | string | `""` | Set the log level for the Retrieval-Augmented Generation (RAG) component |
| logging.components.webhook | string | `""` | Set the log level for the Authentication Webhook component |
| logging.level | string | `""` | Set the global log level ["notset", "debug", "info" (default), "warning", "error", "critical"] |
### Azure Storage configuration
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| persistence.azure.container | string | `""` | Sets the container name for Azure Storage |
| persistence.azure.endpointUrl | string | `""` | Sets the endpoint URL for Azure Storage |
| persistence.azure.key | string | `""` | Set the access key for Azure Storage (ignored if keyExistingSecret is set). Optional - if not provided, credentials will be taken from the environment. User credentials if run locally and Managed Identity if run in Azure services |
| persistence.azure.keyExistingSecret | string | `""` | Set the access key for Azure Storage from existing secret |
| persistence.azure.keyExistingSecretKey | string | `""` | Set the access key for Azure Storage from existing secret key |
### Google Cloud Storage configuration
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| persistence.gcs.appCredentialsJson | string | `""` | Contents of Google Application Credentials JSON file (ignored if appCredentialsJsonExistingSecret is set). Optional - if not provided, credentials will be taken from the environment. User credentials if run locally and Google Metadata server if run on a Google Compute Engine. File can be generated for a service account following this guide: https://developers.google.com/workspace/guides/create-credentials#service-account |
| persistence.gcs.appCredentialsJsonExistingSecret | string | `""` | Set the Google Application Credentials JSON file for Google Cloud Storage from existing secret |
| persistence.gcs.appCredentialsJsonExistingSecretKey | string | `""` | Set the Google Application Credentials JSON file for Google Cloud Storage from existing secret key |
| persistence.gcs.bucket | string | `""` | Sets the bucket name for Google Cloud Storage. Bucket must already exist |
### Amazon S3 Storage configuration
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| persistence.s3.accessKey | string | `""` | Sets the access key ID for S3 storage |
| persistence.s3.accessKeyExistingAccessKey | string | `""` | Set the secret access key for S3 storage from existing k8s secret key |
| persistence.s3.accessKeyExistingSecret | string | `""` | Set the secret access key for S3 storage from existing k8s secret |
| persistence.s3.bucket | string | `""` | Sets the bucket name for S3 storage |
| persistence.s3.endpointUrl | string | `""` | Sets the endpoint url for S3 storage |
| persistence.s3.keyPrefix | string | `""` | Sets the key prefix for a S3 object |
| persistence.s3.region | string | `""` | Sets the region name for S3 storage |
| persistence.s3.secretKey | string | `""` | Sets the secret access key for S3 storage (ignored if secretKeyExistingSecret is set) |
| persistence.s3.secretKeyExistingSecret | string | `""` | Set the secret key for S3 storage from existing k8s secret |
| persistence.s3.secretKeyExistingSecretKey | string | `""` | Set the secret key for S3 storage from existing k8s secret key |
### SSO Configuration
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| sso.enableGroupManagement | bool | `false` | Enable OAuth group management through access token groups claim |
| sso.enableRoleManagement | bool | `false` | Enable OAuth role management through access token roles claim |
| sso.enableSignup | bool | `false` | Enable account creation when logging in with OAuth (distinct from regular signup) |
| sso.enabled | bool | `false` | **Enable SSO authentication globally** must enable to use SSO authentication |
| sso.groupManagement.groupsClaim | string | `"groups"` | The claim that contains the groups (can be nested, e.g., user.memberOf) |
| sso.mergeAccountsByEmail | bool | `false` | Allow logging into accounts that match email from OAuth provider (considered insecure) |
### GitHub OAuth configuration
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| sso.github.clientExistingSecret | string | `""` | GitHub OAuth client secret from existing secret |
| sso.github.clientExistingSecretKey | string | `""` | GitHub OAuth client secret key from existing secret |
| sso.github.clientId | string | `""` | GitHub OAuth client ID |
| sso.github.clientSecret | string | `""` | GitHub OAuth client secret (ignored if clientExistingSecret is set) |
| sso.github.enabled | bool | `false` | Enable GitHub OAuth |
### Google OAuth configuration
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| sso.google.clientExistingSecret | string | `""` | Google OAuth client secret from existing secret |
| sso.google.clientExistingSecretKey | string | `""` | Google OAuth client secret key from existing secret |
| sso.google.clientId | string | `""` | Google OAuth client ID |
| sso.google.clientSecret | string | `""` | Google OAuth client secret (ignored if clientExistingSecret is set) |
| sso.google.enabled | bool | `false` | Enable Google OAuth |
### Microsoft OAuth configuration
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| sso.microsoft.clientExistingSecret | string | `""` | Microsoft OAuth client secret from existing secret |
| sso.microsoft.clientExistingSecretKey | string | `""` | Microsoft OAuth client secret key from existing secret |
| sso.microsoft.clientId | string | `""` | Microsoft OAuth client ID |
| sso.microsoft.clientSecret | string | `""` | Microsoft OAuth client secret (ignored if clientExistingSecret is set) |
| sso.microsoft.enabled | bool | `false` | Enable Microsoft OAuth |
| sso.microsoft.tenantId | string | `""` | Microsoft tenant ID - use 9188040d-6c67-4c5b-b112-36a304b66dad for personal accounts |
### OIDC configuration
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| sso.oidc.clientExistingSecret | string | `""` | OICD client secret from existing secret |
| sso.oidc.clientExistingSecretKey | string | `""` | OIDC client secret key from existing secret |
| sso.oidc.clientId | string | `""` | OIDC client ID |
| sso.oidc.clientSecret | string | `""` | OIDC client secret (ignored if clientExistingSecret is set) |
| sso.oidc.enabled | bool | `false` | Enable OIDC authentication |
| sso.oidc.providerName | string | `"SSO"` | Name of the provider to show on the UI |
| sso.oidc.providerUrl | string | `""` | OIDC provider well known URL |
| sso.oidc.scopes | string | `"openid email profile"` | Scopes to request (space-separated). |
### Role management configuration
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| sso.roleManagement.adminRoles | string | `""` | Comma-separated list of roles allowed to log in as admin (receive open webui role admin) |
| sso.roleManagement.allowedRoles | string | `""` | Comma-separated list of roles allowed to log in (receive open webui role user) |
| sso.roleManagement.rolesClaim | string | `"roles"` | The claim that contains the roles (can be nested, e.g., user.roles) |
### SSO trusted header authentication
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| sso.trustedHeader.emailHeader | string | `""` | Header containing the user's email address |
| sso.trustedHeader.enabled | bool | `false` | Enable trusted header authentication |
| sso.trustedHeader.nameHeader | string | `""` | Header containing the user's name (optional, used for new user creation) |
### Other Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | Affinity for pod assignment |
| annotations | object | `{}` | |
| args | list | `[]` | Open WebUI container arguments (overrides default) |
| clusterDomain | string | `"cluster.local"` | Value of cluster domain |
| command | list | `[]` | Open WebUI container command (overrides default entrypoint) |
| commonEnvVars | list | `[]` | Env vars added to the Open WebUI deployment, common across environments. Most up-to-date environment variables can be found here: https://docs.openwebui.com/getting-started/env-configuration/ (caution: environment variables defined in both `extraEnvVars` and `commonEnvVars` will result in a conflict. Avoid duplicates) |
| containerSecurityContext | object | `{}` | Configure container security context ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-containe> |
| copyAppData.args | list | `[]` | Open WebUI copy-app-data init container arguments (overrides default) |
| copyAppData.command | list | `[]` | Open WebUI copy-app-data init container command (overrides default) |
| copyAppData.resources | object | `{}` | |
| databaseUrl | string | `""` | Configure database URL, needed to work with Postgres (example: `postgresql://<user>:<password>@<service>:<port>/<database>`), leave empty to use the default sqlite database |
| enableOpenaiApi | bool | `true` | Enables the use of OpenAI APIs |
| extraEnvFrom | list | `[]` | Env vars added from configmap or secret to the Open WebUI deployment. Most up-to-date environment variables can be found here: https://docs.openwebui.com/getting-started/env-configuration/ (caution: `extraEnvVars` will take precedence over the value from `extraEnvFrom`) |
| extraEnvVars | list | `[{"name":"OPENAI_API_KEY","value":"0p3n-w3bu!"}]` | Env vars added to the Open WebUI deployment. Most up-to-date environment variables can be found here: https://docs.openwebui.com/getting-started/env-configuration/ |
| extraEnvVars[0] | object | `{"name":"OPENAI_API_KEY","value":"0p3n-w3bu!"}` | Default API key value for Pipelines. Should be updated in a production deployment, or be changed to the required API key if not using Pipelines |
| extraInitContainers | list | `[]` | Additional init containers to add to the deployment/statefulset ref: <https://kubernetes.io/docs/concepts/workloads/pods/init-containers/> |
| extraResources | list | `[]` | Extra resources to deploy with Open WebUI |
| hostAliases | list | `[]` | HostAliases to be added to hosts-file of each container |
| image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/open-webui/open-webui","tag":""}` | Open WebUI image tags can be found here: https://github.com/open-webui/open-webui |
| imagePullSecrets | list | `[]` | Configure imagePullSecrets to use private registry ref: <https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry> |
| ingress.additionalHosts | list | `[]` | |
| ingress.annotations | object | `{}` | Use appropriate annotations for your Ingress controller, e.g., for NGINX: |
| ingress.class | string | `""` | |
| ingress.enabled | bool | `false` | |
| ingress.existingSecret | string | `""` | |
| ingress.extraLabels | object | `{}` | Additional custom labels to add to the Ingress metadata Useful for tagging, selecting, or applying policies to the Ingress via labels. |
| ingress.host | string | `"chat.example.com"` | |
| ingress.tls | bool | `false` | |
| livenessProbe | object | `{}` | Probe for liveness of the Open WebUI container ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes> |
| managedCertificate.domains[0] | string | `"chat.example.com"` | |
| managedCertificate.enabled | bool | `false` | |
| managedCertificate.name | string | `"mydomain-chat-cert"` | |
| nameOverride | string | `""` | |
| namespaceOverride | string | `""` | |
| nodeSelector | object | `{}` | Node labels for pod assignment. |
| ollama.enabled | bool | `true` | Automatically install Ollama Helm chart from https://otwld.github.io/ollama-helm/. Use [Helm Values](https://github.com/otwld/ollama-helm/#helm-values) to configure |
| ollama.fullnameOverride | string | `"open-webui-ollama"` | If enabling embedded Ollama, update fullnameOverride to your desired Ollama name value, or else it will use the default ollama.name value from the Ollama chart |
| ollamaUrls | list | `[]` | A list of Ollama API endpoints. These can be added in lieu of automatically installing the Ollama Helm chart, or in addition to it. |
| ollamaUrlsFromExtraEnv | bool | `false` | Disables taking Ollama Urls from `ollamaUrls` list |
| openaiBaseApiUrl | string | `"https://api.openai.com/v1"` | OpenAI base API URL to use. Defaults to the Pipelines service endpoint when Pipelines are enabled, and "https://api.openai.com/v1" if Pipelines are not enabled and this value is blank |
| openaiBaseApiUrls | list | `[]` | OpenAI base API URLs to use. Overwrites the value in openaiBaseApiUrl if set |
| persistence.accessModes | list | `["ReadWriteOnce"]` | If using multiple replicas, you must update accessModes to ReadWriteMany |
| persistence.annotations | object | `{}` | |
| persistence.enabled | bool | `true` | |
| persistence.existingClaim | string | `""` | Use existingClaim if you want to re-use an existing Open WebUI PVC instead of creating a new one |
| persistence.provider | string | `"local"` | Sets the storage provider, availables values are `local`, `s3`, `gcs` or `azure` |
| persistence.selector | object | `{}` | |
| persistence.size | string | `"2Gi"` | |
| persistence.storageClass | string | `""` | |
| persistence.subPath | string | `""` | Subdirectory of Open WebUI PVC to mount. Useful if root directory is not empty. |
| pipelines.enabled | bool | `true` | Automatically install Pipelines chart to extend Open WebUI functionality using Pipelines: https://github.com/open-webui/pipelines |
| pipelines.extraEnvVars | list | `[]` | This section can be used to pass required environment variables to your pipelines (e.g. Langfuse hostname) |
| podAnnotations | object | `{}` | |
| podLabels | object | `{}` | |
| podSecurityContext | object | `{}` | Configure pod security context ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container> |
| priorityClassName | string | `""` | Priority class name for the Open WebUI pods |
| readinessProbe | object | `{}` | Probe for readiness of the Open WebUI container ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes> |
| replicaCount | int | `1` | |
| resources | object | `{}` | |
| revisionHistoryLimit | int | `10` | Revision history limit for the workload manager (deployment). |
| runtimeClassName | string | `""` | Configure runtime class ref: <https://kubernetes.io/docs/concepts/containers/runtime-class/> |
| service | object | `{"annotations":{},"containerPort":8080,"labels":{},"loadBalancerClass":"","nodePort":"","port":80,"type":"ClusterIP"}` | Service values to expose Open WebUI pods to cluster |
| serviceAccount.annotations | object | `{}` | |
| serviceAccount.automountServiceAccountToken | bool | `false` | |
| serviceAccount.enable | bool | `true` | |
| serviceAccount.name | string | `""` | |
| startupProbe | object | `{}` | Probe for startup of the Open WebUI container ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes> |
| strategy | object | `{}` | Strategy for updating the workload manager: deployment or statefulset |
| tika.enabled | bool | `false` | Automatically install Apache Tika to extend Open WebUI |
| tolerations | list | `[]` | Tolerations for pod assignment |
| topologySpreadConstraints | list | `[]` | Topology Spread Constraints for pod assignment |
| volumeMounts | object | `{"container":[],"initContainer":[]}` | Configure container volume mounts ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-volume-storage/> |
| volumes | list | `[]` | Configure pod volumes ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-volume-storage/> |
| websocket.enabled | bool | `false` | Enables websocket support in Open WebUI with env `ENABLE_WEBSOCKET_SUPPORT` |
| websocket.manager | string | `"redis"` | Specifies the websocket manager to use with env `WEBSOCKET_MANAGER`: redis (default) |
| websocket.nodeSelector | object | `{}` | Node selector for websocket pods |
| websocket.redis | object | `{"affinity":{},"annotations":{},"args":[],"command":[],"enabled":true,"image":{"pullPolicy":"IfNotPresent","repository":"redis","tag":"7.4.2-alpine3.21"},"labels":{},"name":"open-webui-redis","pods":{"annotations":{},"labels":{}},"resources":{},"securityContext":{},"service":{"annotations":{},"containerPort":6379,"labels":{},"nodePort":"","port":6379,"portName":"http","type":"ClusterIP"},"tolerations":[]}` | Deploys a redis |
| websocket.redis.affinity | object | `{}` | Redis affinity for pod assignment |
| websocket.redis.annotations | object | `{}` | Redis annotations |
| websocket.redis.args | list | `[]` | Redis arguments (overrides default) |
| websocket.redis.command | list | `[]` | Redis command (overrides default) |
| websocket.redis.enabled | bool | `true` | Enable redis installation |
| websocket.redis.image | object | `{"pullPolicy":"IfNotPresent","repository":"redis","tag":"7.4.2-alpine3.21"}` | Redis image |
| websocket.redis.labels | object | `{}` | Redis labels |
| websocket.redis.name | string | `"open-webui-redis"` | Redis name |
| websocket.redis.pods | object | `{"annotations":{},"labels":{}}` | Redis pod |
| websocket.redis.pods.annotations | object | `{}` | Redis pod annotations |
| websocket.redis.pods.labels | object | `{}` | Redis pod labels |
| websocket.redis.resources | object | `{}` | Redis resources |
| websocket.redis.securityContext | object | `{}` | Redis security context |
| websocket.redis.service | object | `{"annotations":{},"containerPort":6379,"labels":{},"nodePort":"","port":6379,"portName":"http","type":"ClusterIP"}` | Redis service |
| websocket.redis.service.annotations | object | `{}` | Redis service annotations |
| websocket.redis.service.containerPort | int | `6379` | Redis container/target port |
| websocket.redis.service.labels | object | `{}` | Redis service labels |
| websocket.redis.service.nodePort | string | `""` | Redis service node port. Valid only when type is `NodePort` |
| websocket.redis.service.port | int | `6379` | Redis service port |
| websocket.redis.service.portName | string | `"http"` | Redis service port name. Istio needs this to be something like `tcp-redis` |
| websocket.redis.service.type | string | `"ClusterIP"` | Redis service type |
| websocket.redis.tolerations | list | `[]` | Redis tolerations for pod assignment |
| websocket.url | string | `"redis://open-webui-redis:6379/0"` | Specifies the URL of the Redis instance for websocket communication. Template with `redis://[:<password>@]<hostname>:<port>/<db>` |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/).

36
open-webui/README.md.gotmpl Normal file
View File

@ -0,0 +1,36 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.badgesSection" . }}
{{ template "chart.description" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
## Installing
Before you can install, you need to add the `open-webui` repo to [Helm](https://helm.sh)
```shell
helm repo add open-webui https://helm.openwebui.com/
helm repo update
```
Now you can install the chart:
```shell
helm upgrade --install open-webui open-webui/open-webui
```
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
----------------------------------------------
Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/).

30
open-webui/charts/ollama/.helmignore Normal file
View File

@ -0,0 +1,30 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
.drone.yml
*.tmproj
.vscode/
#others
.github
kind-config.yml
ci/

30
open-webui/charts/ollama/.ollama-helm/.helmignore Normal file
View File

@ -0,0 +1,30 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
.drone.yml
*.tmproj
.vscode/
#others
.github
kind-config.yml
ci/

33
open-webui/charts/ollama/.ollama-helm/Chart.yaml Normal file
View File

@ -0,0 +1,33 @@
apiVersion: v2
name: ollama
description: Get up and running with large language models locally.
type: application
version: 1.27.0
appVersion: "0.11.4"
annotations:
artifacthub.io/category: ai-machine-learning
artifacthub.io/changes: |
- kind: changed
description: upgrade app version to 0.11.4
links:
- name: Ollama release v0.11.4
url: https://github.com/ollama/ollama/releases/tag/v0.11.4
kubeVersion: "^1.16.0-0"
home: https://ollama.ai/
icon: https://ollama.ai/public/ollama.png
keywords:
- ai
- llm
- llama
- mistral
sources:
- https://github.com/ollama/ollama
- https://github.com/otwld/ollama-helm
maintainers:
- name: OTWLD
email: contact@otwld.com

21
open-webui/charts/ollama/.ollama-helm/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2024 OTWLD
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

331
open-webui/charts/ollama/.ollama-helm/README.md Normal file
View File

@ -0,0 +1,331 @@
![otwld ollama helm chart banner](./banner.png)
![GitHub License](https://img.shields.io/github/license/otwld/ollama-helm)
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/ollama-helm)](https://artifacthub.io/packages/helm/ollama-helm/ollama)
[![Helm Lint and Test](https://github.com/otwld/ollama-helm/actions/workflows/ci.yaml/badge.svg?branch=main)](https://github.com/otwld/ollama-helm/actions/workflows/ci.yaml)
[![Discord](https://img.shields.io/badge/Discord-OTWLD-blue?logo=discord&logoColor=white)](https://discord.gg/U24mpqTynB)
[Ollama](https://ollama.ai/), get up and running with large language models, locally.
This Community Chart is for deploying [Ollama](https://github.com/ollama/ollama).
## Requirements
- Kubernetes: `>= 1.16.0-0` for **CPU only**
- Kubernetes: `>= 1.26.0-0` for **GPU** stable support (NVIDIA and AMD)
*Not all GPUs are currently supported with ollama (especially with AMD)*
## Deploying Ollama chart
To install the `ollama` chart in the `ollama` namespace:
> [!IMPORTANT]
> We are migrating the registry from https://otwld.github.io/ollama-helm/ url to OTWLD Helm central
> registry https://helm.otwld.com/
> Please update your Helm registry accordingly.
```console
helm repo add otwld https://helm.otwld.com/
helm repo update
helm install ollama otwld/ollama --namespace ollama --create-namespace
```
## Upgrading Ollama chart
First please read the [release notes](https://github.com/ollama/ollama/releases) of Ollama to make sure there are no
backwards incompatible changes.
Make adjustments to your values as needed, then run `helm upgrade`:
```console
# -- This pulls the latest version of the ollama chart from the repo.
helm repo update
helm upgrade ollama otwld/ollama --namespace ollama --values values.yaml
```
## Uninstalling Ollama chart
To uninstall/delete the `ollama` deployment in the `ollama` namespace:
```console
helm delete ollama --namespace ollama
```
Substitute your values if they differ from the examples. See `helm delete --help` for a full reference on `delete`
parameters and flags.
## Interact with Ollama
- **Ollama documentation can be found [HERE](https://github.com/ollama/ollama/tree/main/docs)**
- Interact with RESTful API: [Ollama API](https://github.com/ollama/ollama/blob/main/docs/api.md)
- Interact with official clients libraries: [ollama-js](https://github.com/ollama/ollama-js#custom-client)
and [ollama-python](https://github.com/ollama/ollama-python#custom-client)
- Interact with langchain: [langchain-js](https://github.com/ollama/ollama/blob/main/docs/tutorials/langchainjs.md)
and [langchain-python](https://github.com/ollama/ollama/blob/main/docs/tutorials/langchainpy.md)
## Examples
- **It's highly recommended to run an updated version of Kubernetes for deploying ollama with GPU**
### Basic values.yaml example with GPU and two models pulled at startup
```
ollama:
gpu:
# -- Enable GPU integration
enabled: true
# -- GPU type: 'nvidia' or 'amd'
type: 'nvidia'
# -- Specify the number of GPU to 1
number: 1
# -- List of models to pull at container startup
models:
pull:
- mistral
- llama2
```
---
### Basic values.yaml example with Ingress
```
ollama:
models:
pull:
- llama2
ingress:
enabled: true
hosts:
- host: ollama.domain.lan
paths:
- path: /
pathType: Prefix
```
- *API is now reachable at `ollama.domain.lan`*
---
### Create and run model from template
```
ollama:
models:
create:
- name: llama3.1-ctx32768
template: |
FROM llama3.1
PARAMETER num_ctx 32768
run:
- llama3.1-ctx32768
```
## Upgrading from 0.X.X to 1.X.X
The version 1.X.X introduces the ability to load models in memory at startup, the values have been changed.
Please change `ollama.models` to `ollama.models.pull` to avoid errors before upgrading:
```yaml
ollama:
models:
- mistral
- llama2
```
To:
```yaml
ollama:
models:
pull:
- mistral
- llama2
```
## Helm Values
- See [values.yaml](values.yaml) to see the Chart's default values.
| Key | Type | Default | Description |
|--------------------------------------------|--------|---------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| affinity | object | `{}` | Affinity for pod assignment |
| autoscaling.enabled | bool | `false` | Enable autoscaling |
| autoscaling.maxReplicas | int | `100` | Number of maximum replicas |
| autoscaling.minReplicas | int | `1` | Number of minimum replicas |
| autoscaling.targetCPUUtilizationPercentage | int | `80` | CPU usage to target replica |
| deployment.labels | object | `{}` | Labels to add to the deployment |
| extraArgs | list | `[]` | Additional arguments on the output Deployment definition. |
| extraEnv | list | `[]` | Additional environments variables on the output Deployment definition. For extra OLLAMA env, please refer to https://github.com/ollama/ollama/blob/main/envconfig/config.go |
| extraEnvFrom | list | `[]` | Additionl environment variables from external sources (like ConfigMap) |
| extraObjects | list | `[]` | Extra K8s manifests to deploy |
| fullnameOverride | string | `""` | String to fully override template |
| hostIPC | bool | `false` | Use the hosts ipc namespace. |
| hostNetwork | bool | `false` | Use the host's network namespace. |
| hostPID | bool | `false` | Use the hosts pid namespace |
| image.pullPolicy | string | `"IfNotPresent"` | Docker pull policy |
| image.repository | string | `"ollama/ollama"` | Docker image registry |
| image.tag | string | `""` | Docker image tag, overrides the image tag whose default is the chart appVersion. |
| imagePullSecrets | list | `[]` | Docker registry secret names as an array |
| ingress.annotations | object | `{}` | Additional annotations for the Ingress resource. |
| ingress.className | string | `""` | IngressClass that will be used to implement the Ingress (Kubernetes 1.18+) |
| ingress.enabled | bool | `false` | Enable ingress controller resource |
| ingress.hosts[0].host | string | `"ollama.local"` | |
| ingress.hosts[0].paths[0].path | string | `"/"` | |
| ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | |
| ingress.tls | list | `[]` | The tls configuration for hostnames to be covered with this ingress record. |
| initContainers | list | `[]` | Init containers to add to the pod |
| knative.annotations | object | `{}` | Knative service annotations |
| knative.containerConcurrency | int | `0` | Knative service container concurrency |
| knative.enabled | bool | `false` | Enable Knative integration |
| knative.idleTimeoutSeconds | int | `300` | Knative service idle timeout seconds |
| knative.responseStartTimeoutSeconds | int | `300` | Knative service response start timeout seconds |
| knative.timeoutSeconds | int | `300` | Knative service timeout seconds |
| lifecycle | object | `{}` | Lifecycle for pod assignment (override ollama.models startup pull/run) |
| livenessProbe.enabled | bool | `true` | Enable livenessProbe |
| livenessProbe.failureThreshold | int | `6` | Failure threshold for livenessProbe |
| livenessProbe.initialDelaySeconds | int | `60` | Initial delay seconds for livenessProbe |
| livenessProbe.path | string | `"/"` | Request path for livenessProbe |
| livenessProbe.periodSeconds | int | `10` | Period seconds for livenessProbe |
| livenessProbe.successThreshold | int | `1` | Success threshold for livenessProbe |
| livenessProbe.timeoutSeconds | int | `5` | Timeout seconds for livenessProbe |
| nameOverride | string | `""` | String to partially override template (will maintain the release name) |
| namespaceOverride | string | `""` | String to fully override namespace |
| nodeSelector | object | `{}` | Node labels for pod assignment. |
| ollama.gpu.draDriverClass | string | `"gpu.nvidia.com"` | DRA GPU DriverClass |
| ollama.gpu.draEnabled | bool | `false` | Enable DRA GPU integration If enabled, it will use DRA instead of Device Driver Plugin and create a ResourceClaim and GpuClaimParameters |
| ollama.gpu.draExistingClaimTemplate | string | `""` | Existing DRA GPU ResourceClaim Template |
| ollama.gpu.enabled | bool | `false` | Enable GPU integration |
| ollama.gpu.mig.devices | object | `{}` | Specify the mig devices and the corresponding number |
| ollama.gpu.mig.enabled | bool | `false` | Enable multiple mig devices If enabled you will have to specify the mig devices If enabled is set to false this section is ignored |
| ollama.gpu.number | int | `1` | Specify the number of GPU If you use MIG section below then this parameter is ignored |
| ollama.gpu.nvidiaResource | string | `"nvidia.com/gpu"` | only for nvidia cards; change to (example) 'nvidia.com/mig-1g.10gb' to use MIG slice |
| ollama.gpu.type | string | `"nvidia"` | GPU type: 'nvidia' or 'amd' If 'ollama.gpu.enabled', default value is nvidia If set to 'amd', this will add 'rocm' suffix to image tag if 'image.tag' is not override This is due cause AMD and CPU/CUDA are different images |
| ollama.insecure | bool | `false` | Add insecure flag for pulling at container startup |
| ollama.models.clean | bool | `false` | Automatically remove models present on the disk but not specified in the values file |
| ollama.models.create | list | `[]` | List of models to create at container startup, there are two options 1. Create a raw model 2. Load a model from configMaps, configMaps must be created before and are loaded as volume in "/models" directory. create: - name: llama3.1-ctx32768 configMapRef: my-configmap configMapKeyRef: configmap-key - name: llama3.1-ctx32768 template: | FROM llama3.1 PARAMETER num_ctx 32768 |
| ollama.models.pull | list | `[]` | List of models to pull at container startup The more you add, the longer the container will take to start if models are not present pull: - llama2 - mistral |
| ollama.models.run | list | `[]` | List of models to load in memory at container startup run: - llama2 - mistral |
| ollama.mountPath | string | `""` | Override ollama-data volume mount path, default: "/root/.ollama" |
| ollama.port | int | `11434` | |
| persistentVolume.accessModes | list | `["ReadWriteOnce"]` | Ollama server data Persistent Volume access modes Must match those of existing PV or dynamic provisioner Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ |
| persistentVolume.annotations | object | `{}` | Ollama server data Persistent Volume annotations |
| persistentVolume.enabled | bool | `false` | Enable persistence using PVC |
| persistentVolume.existingClaim | string | `""` | If you'd like to bring your own PVC for persisting Ollama state, pass the name of the created + ready PVC here. If set, this Chart will not create the default PVC. Requires server.persistentVolume.enabled: true |
| persistentVolume.size | string | `"30Gi"` | Ollama server data Persistent Volume size |
| persistentVolume.storageClass | string | `""` | Ollama server data Persistent Volume Storage Class If defined, storageClassName: <storageClass> If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) |
| persistentVolume.subPath | string | `""` | Subdirectory of Ollama server data Persistent Volume to mount Useful if the volume's root directory is not empty |
| persistentVolume.volumeMode | string | `""` | Ollama server data Persistent Volume Binding Mode If defined, volumeMode: <volumeMode> If empty (the default) or set to null, no volumeBindingMode spec is set, choosing the default mode. |
| persistentVolume.volumeName | string | `""` | Pre-existing PV to attach this claim to Useful if a CSI auto-provisions a PV for you and you want to always reference the PV moving forward |
| podAnnotations | object | `{}` | Map of annotations to add to the pods |
| podLabels | object | `{}` | Map of labels to add to the pods |
| podSecurityContext | object | `{}` | Pod Security Context |
| priorityClassName | string | `""` | Priority Class Name |
| readinessProbe.enabled | bool | `true` | Enable readinessProbe |
| readinessProbe.failureThreshold | int | `6` | Failure threshold for readinessProbe |
| readinessProbe.initialDelaySeconds | int | `30` | Initial delay seconds for readinessProbe |
| readinessProbe.path | string | `"/"` | Request path for readinessProbe |
| readinessProbe.periodSeconds | int | `5` | Period seconds for readinessProbe |
| readinessProbe.successThreshold | int | `1` | Success threshold for readinessProbe |
| readinessProbe.timeoutSeconds | int | `3` | Timeout seconds for readinessProbe |
| replicaCount | int | `1` | Number of replicas |
| resources.limits | object | `{}` | Pod limit |
| resources.requests | object | `{}` | Pod requests |
| runtimeClassName | string | `""` | Specify runtime class |
| securityContext | object | `{}` | Container Security Context |
| service.annotations | object | `{}` | Annotations to add to the service |
| service.labels | object | `{}` | Labels to add to the service |
| service.loadBalancerIP | string | `nil` | Load Balancer IP address |
| service.nodePort | int | `31434` | Service node port when service type is 'NodePort' |
| service.port | int | `11434` | Service port |
| service.type | string | `"ClusterIP"` | Service type |
| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
| serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? |
| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
| terminationGracePeriodSeconds | int | `120` | Wait for a grace period |
| tests.annotations | object | `{}` | Annotations to add to the tests |
| tests.enabled | bool | `true` | |
| tests.labels | object | `{}` | Labels to add to the tests |
| tolerations | list | `[]` | Tolerations for pod assignment |
| topologySpreadConstraints | object | `{}` | Topology Spread Constraints for pod assignment |
| updateStrategy.type | string | `"Recreate"` | Deployment strategy can be "Recreate" or "RollingUpdate". Default is Recreate |
| volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. |
| volumes | list | `[]` | Additional volumes on the output Deployment definition. |
----------------------------------------------
## Core team
<table>
<tr>
<td align="center">
<a href="https://github.com/jdetroyes"
><img
src="https://github.com/jdetroyes.png?size=200"
width="50"
style="margin-bottom: -4px; border-radius: 8px;"
alt="Jean Baptiste Detroyes"
/><br /><b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Jean Baptiste&nbsp;Detroyes&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</b></a
>
<div style="margin-top: 4px">
<a href="https://github.com/jdetroyes" title="Github"
><img
width="16"
src="https://raw.githubusercontent.com/MarsiBarsi/readme-icons/main/github.svg"
/></a>
<a
href="mailto:jdetroyes@otwld.com"
title="Email"
><img
width="16"
src="https://raw.githubusercontent.com/MarsiBarsi/readme-icons/main/send.svg"
/></a>
</div>
</td>
<td align="center">
<a href="https://github.com/ntrehout"
><img
src="https://github.com/ntrehout.png?size=200"
width="50"
style="margin-bottom: -4px; border-radius: 8px;"
alt="Jean Baptiste Detroyes"
/><br /><b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Nathan&nbsp;Tréhout&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</b></a
>
<div style="margin-top: 4px">
<a href="https://x.com/n_trehout" title="Twitter"
><img
width="16"
src="https://raw.githubusercontent.com/MarsiBarsi/readme-icons/main/twitter.svg"
/></a>
<a href="https://github.com/ntrehout" title="Github"
><img
width="16"
src="https://raw.githubusercontent.com/MarsiBarsi/readme-icons/main/github.svg"
/></a>
<a
href="mailto:ntrehout@otwld.com"
title="Email"
><img
width="16"
src="https://raw.githubusercontent.com/MarsiBarsi/readme-icons/main/send.svg"
/></a>
</div>
</td>
</tr>
</table>
## Support
- For questions, suggestions, and discussion about Ollama please refer to
the [Ollama issue page](https://github.com/ollama/ollama/issues)
- For questions, suggestions, and discussion about this chart please
visit [Ollama-Helm issue page](https://github.com/otwld/ollama-helm/issues) or join
our [OTWLD Discord](https://discord.gg/U24mpqTynB)

25
open-webui/charts/ollama/.ollama-helm/templates/NOTES.txt Normal file
View File

@ -0,0 +1,25 @@
1. Get the application URL by running these commands:
{{- if .Values.knative.enabled }}
export KSERVICE_URL=$(kubectl get ksvc --namespace {{ .Release.Namespace }} {{ include "ollama.fullname" . }} -o jsonpath={.status.url})
echo "Visit $KSERVICE_URL to use your application"
{{- else if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ollama.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "ollama.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "ollama.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ollama.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
{{- end }}

80
open-webui/charts/ollama/.ollama-helm/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,80 @@
{{/*
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
*/}}
{{- define "ollama.namespace" -}}
{{- if .Values.namespaceOverride -}}
{{- .Values.namespaceOverride -}}
{{- else -}}
{{- .Release.Namespace -}}
{{- end -}}
{{- end -}}
{{/*
Expand the name of the chart.
*/}}
{{- define "ollama.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "ollama.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "ollama.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "ollama.labels" -}}
helm.sh/chart: {{ include "ollama.chart" . }}
{{ include "ollama.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "ollama.selectorLabels" -}}
app.kubernetes.io/name: {{ include "ollama.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "ollama.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "ollama.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Models mount path
*/}}
{{- define "ollama.modelsMountPath" -}}
{{- printf "%s/models" (((.Values).ollama).mountPath | default "/root/.ollama") }}
{{- end -}}

293
open-webui/charts/ollama/.ollama-helm/templates/deployment.yaml Normal file
View File

@ -0,0 +1,293 @@
---
{{- if not .Values.knative.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "ollama.fullname" . }}
namespace: {{ include "ollama.namespace" . }}
labels:
{{- include "ollama.labels" . | nindent 4 }}
{{- with .Values.deployment.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
{{- if or .Values.updateStrategy.type .Values.updateStrategy.rollingUpdate }}
strategy: {{ .Values.updateStrategy | toYaml | nindent 4 }}
{{- end }}
selector:
matchLabels:
{{- include "ollama.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "ollama.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if .Values.hostIPC }}
hostIPC: {{ .Values.hostIPC }}
{{- end }}
{{- if .Values.hostPID }}
hostPID: {{ .Values.hostPID }}
{{- end }}
{{- if .Values.hostNetwork }}
hostNetwork: {{ .Values.hostNetwork }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "ollama.serviceAccountName" . }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- end }}
{{- if .Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- if .Values.runtimeClassName }}
runtimeClassName: {{ .Values.runtimeClassName | quote }}
{{- end }}
{{- with .Values.initContainers }}
initContainers:
{{- tpl (toYaml . ) $ | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (ternary (printf "%s-rocm" .Chart.AppVersion) (.Chart.AppVersion) (and (.Values.ollama.gpu.enabled) (eq .Values.ollama.gpu.type "amd"))) }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.ollama.port }}
protocol: TCP
env:
- name: OLLAMA_HOST
value: "0.0.0.0:{{ .Values.ollama.port }}"
{{- if and .Values.ollama.gpu.enabled (or (eq .Values.ollama.gpu.type "nvidia") (not .Values.ollama.gpu.type))}}
- name: PATH
value: /usr/local/nvidia/bin:/usr/local/cuda/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
{{- end}}
{{- with .Values.extraEnv }}
{{- toYaml . | nindent 12 }}
{{- end }}
envFrom:
{{- with .Values.extraEnvFrom }}
{{- toYaml . | nindent 12 }}
{{- end }}
args:
{{- with .Values.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.resources }}
resources:
{{- $limits := default dict .Values.resources.limits }}
{{- if .Values.ollama.gpu.enabled }}
{{- if .Values.ollama.gpu.draEnabled}}
claims:
- name: gpu
{{- else }}
# If gpu is enabled, it can either be a NVIDIA card or a AMD card
{{- if or (eq .Values.ollama.gpu.type "nvidia") (not .Values.ollama.gpu.type) }}
# NVIDIA is assumed by default if no value is set and GPU is enabled
# NVIDIA cards can have mig enabled (i.e., the card is sliced into parts
# Therefore, the first case is no migs enabled
{{- if or (not .Values.ollama.gpu.mig) (not .Values.ollama.gpu.mig.enabled ) }}
{{- $gpuLimit := dict (.Values.ollama.gpu.nvidiaResource | default "nvidia.com/gpu") (.Values.ollama.gpu.number | default 1) }}
{{- $limits = merge $limits $gpuLimit }}
# Second case is mig is enabled
{{- else if or (.Values.ollama.gpu.mig.enabled) }}
# Initialize empty dictionary
{{- $migDevices := dict -}}
# Loop over the entries in the mig devices
{{- range $key, $value := .Values.ollama.gpu.mig.devices }}
{{- $migKey := printf "nvidia.com/mig-%s" $key -}}
{{- $migDevices = merge $migDevices (dict $migKey $value) -}}
{{- end }}
{{- $limits = merge $limits $migDevices}}
{{- end }}
{{- end }}
{{- if eq .Values.ollama.gpu.type "amd" }}
{{- $gpuLimit := dict "amd.com/gpu" (.Values.ollama.gpu.number | default 1) }}
{{- $limits = merge $limits $gpuLimit }}
{{- end }}
{{- end }}
{{- end }}
{{- $ressources := deepCopy (dict "limits" $limits) | mergeOverwrite .Values.resources }}
{{- toYaml $ressources | nindent 12 }}
{{- end}}
volumeMounts:
- name: ollama-data
mountPath: {{ .Values.ollama.mountPath | default "/root/.ollama" }}
{{- if .Values.persistentVolume.subPath }}
subPath: {{ .Values.persistentVolume.subPath }}
{{- end }}
{{- range .Values.ollama.models.create }}
{{- if .configMapRef }}
- name: {{ .name }}-config-model-volume
mountPath: /models
{{- end }}
{{- end }}
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.livenessProbe.path }}
port: http
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.readinessProbe.path }}
port: http
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
{{- end }}
{{- with .Values.lifecycle}}
lifecycle:
{{- toYaml . | nindent 12 }}
{{- else }}
{{- if or .Values.ollama.models.pull .Values.ollama.models.run .Values.ollama.models.create }}
lifecycle:
postStart:
exec:
command:
- /bin/sh
- -c
- |
while ! /bin/ollama ps > /dev/null 2>&1; do
sleep 5
done
{{- $allModels := list -}}
{{- if .Values.ollama.models.pull }}
{{- range .Values.ollama.models.pull }}
{{- if contains ":" . }}
{{- $allModels = append $allModels . }}
{{- else }}
{{- $allModels = append $allModels (printf "%s:latest" .) }}
{{- end }}
/bin/ollama pull {{ternary "--insecure" "" $.Values.ollama.insecure | toString }} {{ . }}
{{- end }}
{{- end }}
{{- if .Values.ollama.models.create }}
{{- range .Values.ollama.models.create }}
{{- $allModels = append $allModels .name }}
{{- if .template }}
cat <<EOF > {{ include "ollama.modelsMountPath" $ }}/{{ .name }}
{{- .template | nindent 20 }}
EOF
/bin/ollama create {{ .name }} -f {{ include "ollama.modelsMountPath" $ }}/{{ .name }}
{{- end }}
{{- if .configMapRef }}
/bin/ollama create {{ .name }} -f /models/{{ .name }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.ollama.models.run }}
{{- range .Values.ollama.models.run }}
{{- if contains ":" . }}
{{- $allModels = append $allModels . }}
{{- else }}
{{- $allModels = append $allModels (printf "%s:latest" .) }}
{{- end }}
/bin/ollama run {{ . }}
{{- end }}
{{- end }}
{{- if .Values.ollama.models.clean }}
/bin/ollama list | awk 'NR>1 {print $1}' | while read model; do
echo "{{ $allModels | join " " }}" | tr ' ' '\n' | grep -Fqx "$model" || /bin/ollama rm "$model"
done
{{- end }}
{{- end }}
{{- end }}
{{- if and .Values.ollama.gpu.enabled .Values.ollama.gpu.draEnabled }}
resourceClaims:
- name: gpu
resourceClaimTemplateName: {{ .Values.ollama.gpu.draExistingClaimTemplate | default (printf "%s" (include "ollama.fullname" .)) }}
{{- end }}
volumes:
- name: ollama-data
{{- if .Values.persistentVolume.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistentVolume.existingClaim | default (printf "%s" (include "ollama.fullname" .)) }}
{{- else }}
emptyDir: { }
{{- end }}
{{- range .Values.ollama.models.create }}
{{- if .configMapRef }}
- name: {{ .name }}-config-model-volume
configMap:
name: {{ .configMapRef }}
items:
- key: {{ .configMapKeyRef }}
path: {{ .name }}
{{- end }}
{{- end }}
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if or .Values.ollama.gpu.enabled .Values.tolerations }}
tolerations:
{{- if and .Values.ollama.gpu.enabled (and
( or (eq .Values.ollama.gpu.type "nvidia") (not .Values.ollama.gpu.type))
( or (not .Values.ollama.gpu.mig) (not .Values.ollama.gpu.mig.enabled))
) }}
- key: "{{(.Values.ollama.gpu.nvidiaResource | default "nvidia.com/gpu")}}"
operator: Exists
effect: NoSchedule
{{- else if and .Values.ollama.gpu.enabled (and
( or (eq .Values.ollama.gpu.type "nvidia") (not .Values.ollama.gpu.type))
(( .Values.ollama.gpu.mig.enabled))
) }}
{{- range $key, $value := .Values.ollama.gpu.mig.devices }}
- key: nvidia.com/mig-{{ $key }}
operator: Exists
effect: NoSchedule
{{- end }}
{{- end }}
{{- with .Values.tolerations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

4
open-webui/charts/ollama/.ollama-helm/templates/extra-manifests.yaml Normal file
View File

@ -0,0 +1,4 @@
{{ range .Values.extraObjects }}
---
{{ tpl (toYaml .) $ }}
{{ end }}

34
open-webui/charts/ollama/.ollama-helm/templates/hpa.yaml Normal file
View File

@ -0,0 +1,34 @@
---
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "ollama.fullname" . }}
namespace: {{ include "ollama.namespace" . }}
labels:
{{- include "ollama.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "ollama.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

63
open-webui/charts/ollama/.ollama-helm/templates/ingress.yaml Normal file
View File

@ -0,0 +1,63 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "ollama.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className }}
{{- end }}
{{- end }}
---
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ include "ollama.namespace" . }}
labels:
{{- include "ollama.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

200
open-webui/charts/ollama/.ollama-helm/templates/knative/service.yaml Normal file
View File

@ -0,0 +1,200 @@
---
{{- if .Values.knative.enabled }}
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
name: {{ include "ollama.fullname" . }}
namespace: {{ include "ollama.namespace" . }}
labels:
{{- include "ollama.labels" . | nindent 4 }}
{{- with .Values.knative.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
template:
spec:
containerConcurrency: {{ .Values.knative.containerConcurrency }}
timeoutSeconds: {{ .Values.knative.timeoutSeconds }}
responseStartTimeoutSeconds: {{ .Values.knative.responseStartTimeoutSeconds }}
idleTimeoutSeconds: {{ .Values.knative.idleTimeoutSeconds }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "ollama.serviceAccountName" . }}
{{- if .Values.runtimeClassName }}
runtimeClassName: {{ .Values.runtimeClassName | quote }}
{{- end }}
{{- if .Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- end }}
{{- with .Values.initContainers }}
initContainers:
{{- tpl (toYaml . ) $ | nindent 8 }}
{{- end }}
containers:
- image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (ternary (printf "%s-rocm" .Chart.AppVersion) (.Chart.AppVersion) (and (.Values.ollama.gpu.enabled) (eq .Values.ollama.gpu.type "amd"))) }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
ports:
- containerPort: {{ .Values.ollama.port }}
env:
- name: OLLAMA_HOST
value: "0.0.0.0:{{ .Values.ollama.port }}"
{{- if and .Values.ollama.gpu.enabled (or (eq .Values.ollama.gpu.type "nvidia") (not .Values.ollama.gpu.type))}}
- name: PATH
value: /usr/local/nvidia/bin:/usr/local/cuda/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
{{- end}}
{{- with .Values.extraEnv }}
{{- toYaml . | nindent 12 }}
{{- end }}
envFrom:
{{- with .Values.extraEnvFrom }}
{{- toYaml . | nindent 12 }}
{{- end }}
args:
{{- with .Values.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.resources }}
resources:
{{- $limits := default dict .Values.resources.limits }}
{{- if .Values.ollama.gpu.enabled }}
{{- if or (eq .Values.ollama.gpu.type "nvidia") (not .Values.ollama.gpu.type) }}
{{- $gpuLimit := dict (.Values.ollama.gpu.nvidiaResource | default "nvidia.com/gpu") (.Values.ollama.gpu.number | default 1) }}
{{- $limits = merge $limits $gpuLimit }}
{{- end }}
{{- if eq .Values.ollama.gpu.type "amd" }}
{{- $gpuLimit := dict "amd.com/gpu" (.Values.ollama.gpu.number | default 1) }}
{{- $limits = merge $limits $gpuLimit }}
{{- end }}
{{- end }}
{{- $ressources := deepCopy (dict "limits" $limits) | mergeOverwrite .Values.resources }}
{{- toYaml $ressources | nindent 12 }}
{{- end}}
volumeMounts:
- name: ollama-data
mountPath: {{ .Values.ollama.mountPath | default "/root/.ollama" }}
{{- if .Values.persistentVolume.subPath }}
subPath: {{ .Values.persistentVolume.subPath }}
{{- end }}
{{- range .Values.ollama.models.create }}
{{- if .configMapRef }}
- name: {{ .name }}-config-model-volume
mountPath: /models
{{- end }}
{{- end }}
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.livenessProbe.path }}
port: http
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.readinessProbe.path }}
port: http
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
{{- end }}
{{- with .Values.lifecycle}}
lifecycle:
{{- toYaml . | nindent 12 }}
{{- else }}
{{- if or .Values.ollama.models.pull .Values.ollama.models.run .Values.ollama.models.create }}
lifecycle:
postStart:
exec:
command:
- /bin/sh
- -c
- |
while ! /bin/ollama ps > /dev/null 2>&1; do
sleep 5
done
{{- if .Values.ollama.models.pull }}
{{- range .Values.ollama.models.pull }}
/bin/ollama pull {{ternary "--insecure" "" $.Values.ollama.insecure | toString }} {{ . }}
{{- end }}
{{- end }}
{{- if .Values.ollama.models.create }}
{{- range .Values.ollama.models.create }}
{{- if .template }}
cat <<EOF > {{ include "ollama.modelsMountPath" $ }}/{{ .name }}
{{- .template | nindent 20 }}
EOF
/bin/ollama create {{ .name }} -f {{ include "ollama.modelsMountPath" . }}/{{ .name }}
{{- end }}
{{- if .configMapRef }}
/bin/ollama create {{ .name }} -f /models/{{ .name }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.ollama.models.run }}
{{- range .Values.ollama.models.run }}
/bin/ollama run {{ . }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
volumes:
- name: ollama-data
{{- if .Values.persistentVolume.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistentVolume.existingClaim | default (printf "%s" (include "ollama.fullname" .)) }}
{{- else }}
emptyDir: { }
{{- end }}
{{- range .Values.ollama.models.create }}
{{- if .configMapRef }}
- name: {{ .name }}-config-model-volume
configMap:
name: {{ .configMapRef }}
items:
- key: {{ .configMapKeyRef }}
path: {{ .name }}
{{- end }}
{{- end }}
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if or .Values.ollama.gpu.enabled .Values.tolerations }}
tolerations:
{{- if and .Values.ollama.gpu.enabled (or (eq .Values.ollama.gpu.type "nvidia") (not .Values.ollama.gpu.type)) }}
- key: "{{(.Values.ollama.gpu.nvidiaResource | default "nvidia.com/gpu")}}"
operator: Exists
effect: NoSchedule
{{- end }}
{{- with .Values.tolerations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

33
open-webui/charts/ollama/.ollama-helm/templates/pvc.yaml Normal file
View File

@ -0,0 +1,33 @@
{{- if (and .Values.persistentVolume.enabled (not .Values.persistentVolume.existingClaim)) -}}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
{{- if .Values.persistentVolume.annotations }}
annotations:
{{ toYaml .Values.persistentVolume.annotations | indent 4 }}
{{- end }}
labels:
{{- include "ollama.labels" . | nindent 4 }}
name: {{ template "ollama.fullname" . }}
namespace: {{ include "ollama.namespace" . }}
spec:
accessModes:
{{ toYaml .Values.persistentVolume.accessModes | indent 4 }}
{{- if .Values.persistentVolume.storageClass }}
{{- if (eq "-" .Values.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistentVolume.storageClass }}"
{{- end }}
{{- end }}
{{- if .Values.persistentVolume.volumeMode }}
volumeMode: "{{ .Values.persistentVolume.volumeMode }}"
{{- end }}
{{- if .Values.persistentVolume.volumeName }}
volumeName: "{{ .Values.persistentVolume.volumeName }}"
{{- end }}
resources:
requests:
storage: "{{ .Values.persistentVolume.size }}"
{{- end -}}

19
open-webui/charts/ollama/.ollama-helm/templates/resourceclaimtemplate.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if and .Values.ollama.gpu.enabled .Values.ollama.gpu.draEnabled (not .Values.ollama.gpu.draExistingClaimTemplate) -}}
---
{{- if semverCompare ">=1.34-0" .Capabilities.KubeVersion.GitVersion }}
apiVersion: resource.k8s.io/v1
{{- else }}
apiVersion: resource.k8s.io/v1beta1
{{- end }}
kind: ResourceClaimTemplate
metadata:
name: {{ template "ollama.fullname" . }}
namespace: {{ include "ollama.namespace" . }}
spec:
spec:
devices:
requests:
- name: gpu
deviceClassName: {{ .Values.ollama.gpu.draDriverClass }}
count: {{(.Values.ollama.gpu.number | default 1)}}
{{- end -}}

32
open-webui/charts/ollama/.ollama-helm/templates/service.yaml Normal file
View File

@ -0,0 +1,32 @@
---
{{- if not .Values.knative.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "ollama.fullname" . }}
namespace: {{ include "ollama.namespace" . }}
labels:
{{- include "ollama.labels" . | nindent 4 }}
{{- with .Values.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
{{- if contains "NodePort" .Values.service.type }}
nodePort: {{ .Values.service.nodePort }}
{{- end }}
{{- if .Values.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.loadBalancerIP | quote }}
{{- end }}
selector:
{{- include "ollama.selectorLabels" . | nindent 4 }}
{{- end }}

15
open-webui/charts/ollama/.ollama-helm/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,15 @@
{{- if .Values.serviceAccount.create -}}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "ollama.serviceAccountName" . }}
namespace: {{ include "ollama.namespace" . }}
labels:
{{- include "ollama.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
{{- end }}

25
open-webui/charts/ollama/.ollama-helm/templates/tests/test-connection.yaml Normal file
View File

@ -0,0 +1,25 @@
---
{{- if .Values.tests.enabled }}
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "ollama.fullname" . }}-test-connection"
namespace: {{ include "ollama.namespace" . }}
labels:
{{- include "ollama.labels" . | nindent 4 }}
{{- with .Values.tests.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
"helm.sh/hook": test
{{- with .Values.tests.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "ollama.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never
{{ end }}

440
open-webui/charts/ollama/.ollama-helm/values.yaml Normal file
View File

@ -0,0 +1,440 @@
# Default values for ollama-helm.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# -- Number of replicas
replicaCount: 1
# Knative configuration
knative:
# -- Enable Knative integration
enabled: false
# -- Knative service container concurrency
containerConcurrency: 0
# -- Knative service timeout seconds
timeoutSeconds: 300
# -- Knative service response start timeout seconds
responseStartTimeoutSeconds: 300
# -- Knative service idle timeout seconds
idleTimeoutSeconds: 300
# -- Knative service annotations
annotations: {}
# Docker image
image:
# -- Docker image registry
repository: ollama/ollama
# -- Docker pull policy
pullPolicy: IfNotPresent
# -- Docker image tag, overrides the image tag whose default is the chart appVersion.
tag: ""
# -- Docker registry secret names as an array
imagePullSecrets: []
# -- String to partially override template (will maintain the release name)
nameOverride: ""
# -- String to fully override template
fullnameOverride: ""
# -- String to fully override namespace
namespaceOverride: ""
# Ollama parameters
ollama:
# Port Ollama is listening on
port: 11434
gpu:
# -- Enable GPU integration
enabled: false
# -- Enable DRA GPU integration
# If enabled, it will use DRA instead of Device Driver Plugin and create a ResourceClaim and GpuClaimParameters
draEnabled: false
# -- DRA GPU DriverClass
draDriverClass: "gpu.nvidia.com"
# -- Existing DRA GPU ResourceClaim Template
draExistingClaimTemplate: ""
# -- GPU type: 'nvidia' or 'amd'
# If 'ollama.gpu.enabled', default value is nvidia
# If set to 'amd', this will add 'rocm' suffix to image tag if 'image.tag' is not override
# This is due cause AMD and CPU/CUDA are different images
type: 'nvidia'
# -- Specify the number of GPU
# If you use MIG section below then this parameter is ignored
number: 1
# -- only for nvidia cards; change to (example) 'nvidia.com/mig-1g.10gb' to use MIG slice
nvidiaResource: "nvidia.com/gpu"
# nvidiaResource: "nvidia.com/mig-1g.10gb" # example
# If you want to use more than one NVIDIA MIG you can use the following syntax (then nvidiaResource is ignored and only the configuration in the following MIG section is used)
mig:
# -- Enable multiple mig devices
# If enabled you will have to specify the mig devices
# If enabled is set to false this section is ignored
enabled: false
# -- Specify the mig devices and the corresponding number
devices: {}
# 1g.10gb: 1
# 3g.40gb: 1
models:
# -- List of models to pull at container startup
# The more you add, the longer the container will take to start if models are not present
# pull:
# - llama2
# - mistral
pull: []
# -- List of models to load in memory at container startup
# run:
# - llama2
# - mistral
run: []
# -- List of models to create at container startup, there are two options
# 1. Create a raw model
# 2. Load a model from configMaps, configMaps must be created before and are loaded as volume in "/models" directory.
# create:
# - name: llama3.1-ctx32768
# configMapRef: my-configmap
# configMapKeyRef: configmap-key
# - name: llama3.1-ctx32768
# template: |
# FROM llama3.1
# PARAMETER num_ctx 32768
create: []
# -- Automatically remove models present on the disk but not specified in the values file
clean: false
# -- Add insecure flag for pulling at container startup
insecure: false
# -- Override ollama-data volume mount path, default: "/root/.ollama"
mountPath: ""
# Service account
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
serviceAccount:
# -- Specifies whether a service account should be created
create: true
# -- Automatically mount a ServiceAccount's API credentials?
automount: true
# -- Annotations to add to the service account
annotations: {}
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# -- Map of annotations to add to the pods
podAnnotations: {}
# -- Map of labels to add to the pods
podLabels: {}
# -- Pod Security Context
podSecurityContext: {}
# fsGroup: 2000
# -- Priority Class Name
priorityClassName: ""
# -- Container Security Context
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
# -- Specify runtime class
runtimeClassName: ""
# Configure Service
service:
# -- Service type
type: ClusterIP
# -- Service port
port: 11434
# -- Service node port when service type is 'NodePort'
nodePort: 31434
# -- Load Balancer IP address
loadBalancerIP:
# -- Annotations to add to the service
annotations: {}
# -- Labels to add to the service
labels: {}
# Configure Deployment
deployment:
# -- Labels to add to the deployment
labels: {}
# Configure the ingress resource that allows you to access the
ingress:
# -- Enable ingress controller resource
enabled: false
# -- IngressClass that will be used to implement the Ingress (Kubernetes 1.18+)
className: ""
# -- Additional annotations for the Ingress resource.
annotations: {}
# kubernetes.io/ingress.class: traefik
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# The list of hostnames to be covered with this ingress record.
hosts:
- host: ollama.local
paths:
- path: /
pathType: Prefix
# -- The tls configuration for hostnames to be covered with this ingress record.
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
# Configure resource requests and limits
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
resources:
# -- Pod requests
requests: {}
# Memory request
# memory: 4096Mi
# CPU request
# cpu: 2000m
# -- Pod limit
limits: {}
# Memory limit
# memory: 8192Mi
# CPU limit
# cpu: 4000m
# Configure extra options for liveness probe
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
livenessProbe:
# -- Enable livenessProbe
enabled: true
# -- Request path for livenessProbe
path: /
# -- Initial delay seconds for livenessProbe
initialDelaySeconds: 60
# -- Period seconds for livenessProbe
periodSeconds: 10
# -- Timeout seconds for livenessProbe
timeoutSeconds: 5
# -- Failure threshold for livenessProbe
failureThreshold: 6
# -- Success threshold for livenessProbe
successThreshold: 1
# Configure extra options for readiness probe
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
readinessProbe:
# -- Enable readinessProbe
enabled: true
# -- Request path for readinessProbe
path: /
# -- Initial delay seconds for readinessProbe
initialDelaySeconds: 30
# -- Period seconds for readinessProbe
periodSeconds: 5
# -- Timeout seconds for readinessProbe
timeoutSeconds: 3
# -- Failure threshold for readinessProbe
failureThreshold: 6
# -- Success threshold for readinessProbe
successThreshold: 1
# Configure autoscaling
autoscaling:
# -- Enable autoscaling
enabled: false
# -- Number of minimum replicas
minReplicas: 1
# -- Number of maximum replicas
maxReplicas: 100
# -- CPU usage to target replica
targetCPUUtilizationPercentage: 80
# -- targetMemoryUtilizationPercentage: 80
# -- Additional volumes on the output Deployment definition.
volumes: []
# -- - name: foo
# secret:
# secretName: mysecret
# optional: false
# -- Additional volumeMounts on the output Deployment definition.
volumeMounts: []
# -- - name: foo
# mountPath: "/etc/foo"
# readOnly: true
# -- Additional arguments on the output Deployment definition.
extraArgs: []
# -- Additional environments variables on the output Deployment definition.
# For extra OLLAMA env, please refer to https://github.com/ollama/ollama/blob/main/envconfig/config.go
extraEnv: []
# - name: OLLAMA_DEBUG
# value: "1"
# -- Additionl environment variables from external sources (like ConfigMap)
extraEnvFrom: []
# - configMapRef:
# name: my-env-configmap
# Enable persistence using Persistent Volume Claims
# ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
persistentVolume:
# -- Enable persistence using PVC
enabled: false
# -- Ollama server data Persistent Volume access modes
# Must match those of existing PV or dynamic provisioner
# Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
accessModes:
- ReadWriteOnce
# -- Ollama server data Persistent Volume annotations
annotations: {}
# -- If you'd like to bring your own PVC for persisting Ollama state, pass the name of the
# created + ready PVC here. If set, this Chart will not create the default PVC.
# Requires server.persistentVolume.enabled: true
existingClaim: ""
# -- Ollama server data Persistent Volume size
size: 30Gi
# -- Ollama server data Persistent Volume Storage Class
# If defined, storageClassName: <storageClass>
# If set to "-", storageClassName: "", which disables dynamic provisioning
# If undefined (the default) or set to null, no storageClassName spec is
# set, choosing the default provisioner. (gp2 on AWS, standard on
# GKE, AWS & OpenStack)
storageClass: ""
# -- Ollama server data Persistent Volume Binding Mode
# If defined, volumeMode: <volumeMode>
# If empty (the default) or set to null, no volumeBindingMode spec is
# set, choosing the default mode.
volumeMode: ""
# -- Subdirectory of Ollama server data Persistent Volume to mount
# Useful if the volume's root directory is not empty
subPath: ""
# -- Pre-existing PV to attach this claim to
# Useful if a CSI auto-provisions a PV for you and you want to always
# reference the PV moving forward
volumeName: ""
# -- Node labels for pod assignment.
nodeSelector: {}
# -- Tolerations for pod assignment
tolerations: []
# -- Affinity for pod assignment
affinity: {}
# -- Lifecycle for pod assignment (override ollama.models startup pull/run)
lifecycle: {}
# How to replace existing pods
updateStrategy:
# -- Deployment strategy can be "Recreate" or "RollingUpdate". Default is Recreate
type: "Recreate"
# -- Topology Spread Constraints for pod assignment
topologySpreadConstraints: {}
# -- Wait for a grace period
terminationGracePeriodSeconds: 120
# -- Init containers to add to the pod
initContainers: []
# - name: startup-tool
# image: alpine:3
# command: [sh, -c]
# args:
# - echo init
# -- Use the hosts ipc namespace.
hostIPC: false
# -- Use the hosts pid namespace
hostPID: false
# -- Use the host's network namespace.
hostNetwork: false
# -- Extra K8s manifests to deploy
extraObjects: []
# - apiVersion: v1
# kind: PersistentVolume
# metadata:
# name: aws-efs
# data:
# key: "value"
# - apiVersion: scheduling.k8s.io/v1
# kind: PriorityClass
# metadata:
# name: high-priority
# value: 1000000
# globalDefault: false
# description: "This priority class should be used for XYZ service pods only."
# Test connection pods
tests:
enabled: true
# -- Labels to add to the tests
labels: {}
# -- Annotations to add to the tests
annotations: {}

28
open-webui/charts/ollama/Chart.yaml Normal file
View File

@ -0,0 +1,28 @@
annotations:
artifacthub.io/category: ai-machine-learning
artifacthub.io/changes: |
- kind: changed
description: upgrade app version to 0.11.4
links:
- name: Ollama release v0.11.4
url: https://github.com/ollama/ollama/releases/tag/v0.11.4
apiVersion: v2
appVersion: 0.11.4
description: Get up and running with large language models locally.
home: https://ollama.ai/
icon: https://ollama.ai/public/ollama.png
keywords:
- ai
- llm
- llama
- mistral
kubeVersion: ^1.16.0-0
maintainers:
- email: contact@otwld.com
name: OTWLD
name: ollama
sources:
- https://github.com/ollama/ollama
- https://github.com/otwld/ollama-helm
type: application
version: 1.27.0

21
open-webui/charts/ollama/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2024 OTWLD
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

331
open-webui/charts/ollama/README.md Normal file
View File

@ -0,0 +1,331 @@
![otwld ollama helm chart banner](./banner.png)
![GitHub License](https://img.shields.io/github/license/otwld/ollama-helm)
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/ollama-helm)](https://artifacthub.io/packages/helm/ollama-helm/ollama)
[![Helm Lint and Test](https://github.com/otwld/ollama-helm/actions/workflows/ci.yaml/badge.svg?branch=main)](https://github.com/otwld/ollama-helm/actions/workflows/ci.yaml)
[![Discord](https://img.shields.io/badge/Discord-OTWLD-blue?logo=discord&logoColor=white)](https://discord.gg/U24mpqTynB)
[Ollama](https://ollama.ai/), get up and running with large language models, locally.
This Community Chart is for deploying [Ollama](https://github.com/ollama/ollama).
## Requirements
- Kubernetes: `>= 1.16.0-0` for **CPU only**
- Kubernetes: `>= 1.26.0-0` for **GPU** stable support (NVIDIA and AMD)
*Not all GPUs are currently supported with ollama (especially with AMD)*
## Deploying Ollama chart
To install the `ollama` chart in the `ollama` namespace:
> [!IMPORTANT]
> We are migrating the registry from https://otwld.github.io/ollama-helm/ url to OTWLD Helm central
> registry https://helm.otwld.com/
> Please update your Helm registry accordingly.
```console
helm repo add otwld https://helm.otwld.com/
helm repo update
helm install ollama otwld/ollama --namespace ollama --create-namespace
```
## Upgrading Ollama chart
First please read the [release notes](https://github.com/ollama/ollama/releases) of Ollama to make sure there are no
backwards incompatible changes.
Make adjustments to your values as needed, then run `helm upgrade`:
```console
# -- This pulls the latest version of the ollama chart from the repo.
helm repo update
helm upgrade ollama otwld/ollama --namespace ollama --values values.yaml
```
## Uninstalling Ollama chart
To uninstall/delete the `ollama` deployment in the `ollama` namespace:
```console
helm delete ollama --namespace ollama
```
Substitute your values if they differ from the examples. See `helm delete --help` for a full reference on `delete`
parameters and flags.
## Interact with Ollama
- **Ollama documentation can be found [HERE](https://github.com/ollama/ollama/tree/main/docs)**
- Interact with RESTful API: [Ollama API](https://github.com/ollama/ollama/blob/main/docs/api.md)
- Interact with official clients libraries: [ollama-js](https://github.com/ollama/ollama-js#custom-client)
and [ollama-python](https://github.com/ollama/ollama-python#custom-client)
- Interact with langchain: [langchain-js](https://github.com/ollama/ollama/blob/main/docs/tutorials/langchainjs.md)
and [langchain-python](https://github.com/ollama/ollama/blob/main/docs/tutorials/langchainpy.md)
## Examples
- **It's highly recommended to run an updated version of Kubernetes for deploying ollama with GPU**
### Basic values.yaml example with GPU and two models pulled at startup
```
ollama:
gpu:
# -- Enable GPU integration
enabled: true
# -- GPU type: 'nvidia' or 'amd'
type: 'nvidia'
# -- Specify the number of GPU to 1
number: 1
# -- List of models to pull at container startup
models:
pull:
- mistral
- llama2
```
---
### Basic values.yaml example with Ingress
```
ollama:
models:
pull:
- llama2
ingress:
enabled: true
hosts:
- host: ollama.domain.lan
paths:
- path: /
pathType: Prefix
```
- *API is now reachable at `ollama.domain.lan`*
---
### Create and run model from template
```
ollama:
models:
create:
- name: llama3.1-ctx32768
template: |
FROM llama3.1
PARAMETER num_ctx 32768
run:
- llama3.1-ctx32768
```
## Upgrading from 0.X.X to 1.X.X
The version 1.X.X introduces the ability to load models in memory at startup, the values have been changed.
Please change `ollama.models` to `ollama.models.pull` to avoid errors before upgrading:
```yaml
ollama:
models:
- mistral
- llama2
```
To:
```yaml
ollama:
models:
pull:
- mistral
- llama2
```
## Helm Values
- See [values.yaml](values.yaml) to see the Chart's default values.
| Key | Type | Default | Description |
|--------------------------------------------|--------|---------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| affinity | object | `{}` | Affinity for pod assignment |
| autoscaling.enabled | bool | `false` | Enable autoscaling |
| autoscaling.maxReplicas | int | `100` | Number of maximum replicas |
| autoscaling.minReplicas | int | `1` | Number of minimum replicas |
| autoscaling.targetCPUUtilizationPercentage | int | `80` | CPU usage to target replica |
| deployment.labels | object | `{}` | Labels to add to the deployment |
| extraArgs | list | `[]` | Additional arguments on the output Deployment definition. |
| extraEnv | list | `[]` | Additional environments variables on the output Deployment definition. For extra OLLAMA env, please refer to https://github.com/ollama/ollama/blob/main/envconfig/config.go |
| extraEnvFrom | list | `[]` | Additionl environment variables from external sources (like ConfigMap) |
| extraObjects | list | `[]` | Extra K8s manifests to deploy |
| fullnameOverride | string | `""` | String to fully override template |
| hostIPC | bool | `false` | Use the hosts ipc namespace. |
| hostNetwork | bool | `false` | Use the host's network namespace. |
| hostPID | bool | `false` | Use the hosts pid namespace |
| image.pullPolicy | string | `"IfNotPresent"` | Docker pull policy |
| image.repository | string | `"ollama/ollama"` | Docker image registry |
| image.tag | string | `""` | Docker image tag, overrides the image tag whose default is the chart appVersion. |
| imagePullSecrets | list | `[]` | Docker registry secret names as an array |
| ingress.annotations | object | `{}` | Additional annotations for the Ingress resource. |
| ingress.className | string | `""` | IngressClass that will be used to implement the Ingress (Kubernetes 1.18+) |
| ingress.enabled | bool | `false` | Enable ingress controller resource |
| ingress.hosts[0].host | string | `"ollama.local"` | |
| ingress.hosts[0].paths[0].path | string | `"/"` | |
| ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | |
| ingress.tls | list | `[]` | The tls configuration for hostnames to be covered with this ingress record. |
| initContainers | list | `[]` | Init containers to add to the pod |
| knative.annotations | object | `{}` | Knative service annotations |
| knative.containerConcurrency | int | `0` | Knative service container concurrency |
| knative.enabled | bool | `false` | Enable Knative integration |
| knative.idleTimeoutSeconds | int | `300` | Knative service idle timeout seconds |
| knative.responseStartTimeoutSeconds | int | `300` | Knative service response start timeout seconds |
| knative.timeoutSeconds | int | `300` | Knative service timeout seconds |
| lifecycle | object | `{}` | Lifecycle for pod assignment (override ollama.models startup pull/run) |
| livenessProbe.enabled | bool | `true` | Enable livenessProbe |
| livenessProbe.failureThreshold | int | `6` | Failure threshold for livenessProbe |
| livenessProbe.initialDelaySeconds | int | `60` | Initial delay seconds for livenessProbe |
| livenessProbe.path | string | `"/"` | Request path for livenessProbe |
| livenessProbe.periodSeconds | int | `10` | Period seconds for livenessProbe |
| livenessProbe.successThreshold | int | `1` | Success threshold for livenessProbe |
| livenessProbe.timeoutSeconds | int | `5` | Timeout seconds for livenessProbe |
| nameOverride | string | `""` | String to partially override template (will maintain the release name) |
| namespaceOverride | string | `""` | String to fully override namespace |
| nodeSelector | object | `{}` | Node labels for pod assignment. |
| ollama.gpu.draDriverClass | string | `"gpu.nvidia.com"` | DRA GPU DriverClass |
| ollama.gpu.draEnabled | bool | `false` | Enable DRA GPU integration If enabled, it will use DRA instead of Device Driver Plugin and create a ResourceClaim and GpuClaimParameters |
| ollama.gpu.draExistingClaimTemplate | string | `""` | Existing DRA GPU ResourceClaim Template |
| ollama.gpu.enabled | bool | `false` | Enable GPU integration |
| ollama.gpu.mig.devices | object | `{}` | Specify the mig devices and the corresponding number |
| ollama.gpu.mig.enabled | bool | `false` | Enable multiple mig devices If enabled you will have to specify the mig devices If enabled is set to false this section is ignored |
| ollama.gpu.number | int | `1` | Specify the number of GPU If you use MIG section below then this parameter is ignored |
| ollama.gpu.nvidiaResource | string | `"nvidia.com/gpu"` | only for nvidia cards; change to (example) 'nvidia.com/mig-1g.10gb' to use MIG slice |
| ollama.gpu.type | string | `"nvidia"` | GPU type: 'nvidia' or 'amd' If 'ollama.gpu.enabled', default value is nvidia If set to 'amd', this will add 'rocm' suffix to image tag if 'image.tag' is not override This is due cause AMD and CPU/CUDA are different images |
| ollama.insecure | bool | `false` | Add insecure flag for pulling at container startup |
| ollama.models.clean | bool | `false` | Automatically remove models present on the disk but not specified in the values file |
| ollama.models.create | list | `[]` | List of models to create at container startup, there are two options 1. Create a raw model 2. Load a model from configMaps, configMaps must be created before and are loaded as volume in "/models" directory. create: - name: llama3.1-ctx32768 configMapRef: my-configmap configMapKeyRef: configmap-key - name: llama3.1-ctx32768 template: | FROM llama3.1 PARAMETER num_ctx 32768 |
| ollama.models.pull | list | `[]` | List of models to pull at container startup The more you add, the longer the container will take to start if models are not present pull: - llama2 - mistral |
| ollama.models.run | list | `[]` | List of models to load in memory at container startup run: - llama2 - mistral |
| ollama.mountPath | string | `""` | Override ollama-data volume mount path, default: "/root/.ollama" |
| ollama.port | int | `11434` | |
| persistentVolume.accessModes | list | `["ReadWriteOnce"]` | Ollama server data Persistent Volume access modes Must match those of existing PV or dynamic provisioner Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ |
| persistentVolume.annotations | object | `{}` | Ollama server data Persistent Volume annotations |
| persistentVolume.enabled | bool | `false` | Enable persistence using PVC |
| persistentVolume.existingClaim | string | `""` | If you'd like to bring your own PVC for persisting Ollama state, pass the name of the created + ready PVC here. If set, this Chart will not create the default PVC. Requires server.persistentVolume.enabled: true |
| persistentVolume.size | string | `"30Gi"` | Ollama server data Persistent Volume size |
| persistentVolume.storageClass | string | `""` | Ollama server data Persistent Volume Storage Class If defined, storageClassName: <storageClass> If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) |
| persistentVolume.subPath | string | `""` | Subdirectory of Ollama server data Persistent Volume to mount Useful if the volume's root directory is not empty |
| persistentVolume.volumeMode | string | `""` | Ollama server data Persistent Volume Binding Mode If defined, volumeMode: <volumeMode> If empty (the default) or set to null, no volumeBindingMode spec is set, choosing the default mode. |
| persistentVolume.volumeName | string | `""` | Pre-existing PV to attach this claim to Useful if a CSI auto-provisions a PV for you and you want to always reference the PV moving forward |
| podAnnotations | object | `{}` | Map of annotations to add to the pods |
| podLabels | object | `{}` | Map of labels to add to the pods |
| podSecurityContext | object | `{}` | Pod Security Context |
| priorityClassName | string | `""` | Priority Class Name |
| readinessProbe.enabled | bool | `true` | Enable readinessProbe |
| readinessProbe.failureThreshold | int | `6` | Failure threshold for readinessProbe |
| readinessProbe.initialDelaySeconds | int | `30` | Initial delay seconds for readinessProbe |
| readinessProbe.path | string | `"/"` | Request path for readinessProbe |
| readinessProbe.periodSeconds | int | `5` | Period seconds for readinessProbe |
| readinessProbe.successThreshold | int | `1` | Success threshold for readinessProbe |
| readinessProbe.timeoutSeconds | int | `3` | Timeout seconds for readinessProbe |
| replicaCount | int | `1` | Number of replicas |
| resources.limits | object | `{}` | Pod limit |
| resources.requests | object | `{}` | Pod requests |
| runtimeClassName | string | `""` | Specify runtime class |
| securityContext | object | `{}` | Container Security Context |
| service.annotations | object | `{}` | Annotations to add to the service |
| service.labels | object | `{}` | Labels to add to the service |
| service.loadBalancerIP | string | `nil` | Load Balancer IP address |
| service.nodePort | int | `31434` | Service node port when service type is 'NodePort' |
| service.port | int | `11434` | Service port |
| service.type | string | `"ClusterIP"` | Service type |
| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
| serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? |
| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
| terminationGracePeriodSeconds | int | `120` | Wait for a grace period |
| tests.annotations | object | `{}` | Annotations to add to the tests |
| tests.enabled | bool | `true` | |
| tests.labels | object | `{}` | Labels to add to the tests |
| tolerations | list | `[]` | Tolerations for pod assignment |
| topologySpreadConstraints | object | `{}` | Topology Spread Constraints for pod assignment |
| updateStrategy.type | string | `"Recreate"` | Deployment strategy can be "Recreate" or "RollingUpdate". Default is Recreate |
| volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. |
| volumes | list | `[]` | Additional volumes on the output Deployment definition. |
----------------------------------------------
## Core team
<table>
<tr>
<td align="center">
<a href="https://github.com/jdetroyes"
><img
src="https://github.com/jdetroyes.png?size=200"
width="50"
style="margin-bottom: -4px; border-radius: 8px;"
alt="Jean Baptiste Detroyes"
/><br /><b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Jean Baptiste&nbsp;Detroyes&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</b></a
>
<div style="margin-top: 4px">
<a href="https://github.com/jdetroyes" title="Github"
><img
width="16"
src="https://raw.githubusercontent.com/MarsiBarsi/readme-icons/main/github.svg"
/></a>
<a
href="mailto:jdetroyes@otwld.com"
title="Email"
><img
width="16"
src="https://raw.githubusercontent.com/MarsiBarsi/readme-icons/main/send.svg"
/></a>
</div>
</td>
<td align="center">
<a href="https://github.com/ntrehout"
><img
src="https://github.com/ntrehout.png?size=200"
width="50"
style="margin-bottom: -4px; border-radius: 8px;"
alt="Jean Baptiste Detroyes"
/><br /><b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Nathan&nbsp;Tréhout&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</b></a
>
<div style="margin-top: 4px">
<a href="https://x.com/n_trehout" title="Twitter"
><img
width="16"
src="https://raw.githubusercontent.com/MarsiBarsi/readme-icons/main/twitter.svg"
/></a>
<a href="https://github.com/ntrehout" title="Github"
><img
width="16"
src="https://raw.githubusercontent.com/MarsiBarsi/readme-icons/main/github.svg"
/></a>
<a
href="mailto:ntrehout@otwld.com"
title="Email"
><img
width="16"
src="https://raw.githubusercontent.com/MarsiBarsi/readme-icons/main/send.svg"
/></a>
</div>
</td>
</tr>
</table>
## Support
- For questions, suggestions, and discussion about Ollama please refer to
the [Ollama issue page](https://github.com/ollama/ollama/issues)
- For questions, suggestions, and discussion about this chart please
visit [Ollama-Helm issue page](https://github.com/otwld/ollama-helm/issues) or join
our [OTWLD Discord](https://discord.gg/U24mpqTynB)

17
open-webui/charts/ollama/artifacthub-repo.yml Normal file
View File

@ -0,0 +1,17 @@
# Artifact Hub repository metadata file
#
# Some settings like the verified publisher flag or the ignored packages won't
# be applied until the next time the repository is processed. Please keep in
# mind that the repository won't be processed if it has not changed since the
# last time it was processed. Depending on the repository kind, this is checked
# in a different way. For Helm http based repositories, we consider it has
# changed if the `index.yaml` file changes. For git based repositories, it does
# when the hash of the last commit in the branch you set up changes. This does
# NOT apply to ownership claim operations, which are processed immediately.
#
repositoryID: 2ccfd0bd-c123-483e-96f6-eb446fa850ac
owners:
- name: OTWLD
email: tech@otwld.com
- name: Jean-Baptiste DETROYES
email: jean-baptiste@detroyes.fr

BIN
open-webui/charts/ollama/banner.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 132 KiB

25
open-webui/charts/ollama/templates/NOTES.txt Normal file
View File

@ -0,0 +1,25 @@
1. Get the application URL by running these commands:
{{- if .Values.knative.enabled }}
export KSERVICE_URL=$(kubectl get ksvc --namespace {{ .Release.Namespace }} {{ include "ollama.fullname" . }} -o jsonpath={.status.url})
echo "Visit $KSERVICE_URL to use your application"
{{- else if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ollama.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "ollama.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "ollama.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ollama.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
{{- end }}

80
open-webui/charts/ollama/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,80 @@
{{/*
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
*/}}
{{- define "ollama.namespace" -}}
{{- if .Values.namespaceOverride -}}
{{- .Values.namespaceOverride -}}
{{- else -}}
{{- .Release.Namespace -}}
{{- end -}}
{{- end -}}
{{/*
Expand the name of the chart.
*/}}
{{- define "ollama.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "ollama.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "ollama.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "ollama.labels" -}}
helm.sh/chart: {{ include "ollama.chart" . }}
{{ include "ollama.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "ollama.selectorLabels" -}}
app.kubernetes.io/name: {{ include "ollama.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "ollama.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "ollama.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Models mount path
*/}}
{{- define "ollama.modelsMountPath" -}}
{{- printf "%s/models" (((.Values).ollama).mountPath | default "/root/.ollama") }}
{{- end -}}

293
open-webui/charts/ollama/templates/deployment.yaml Normal file
View File

@ -0,0 +1,293 @@
---
{{- if not .Values.knative.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "ollama.fullname" . }}
namespace: {{ include "ollama.namespace" . }}
labels:
{{- include "ollama.labels" . | nindent 4 }}
{{- with .Values.deployment.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
{{- if or .Values.updateStrategy.type .Values.updateStrategy.rollingUpdate }}
strategy: {{ .Values.updateStrategy | toYaml | nindent 4 }}
{{- end }}
selector:
matchLabels:
{{- include "ollama.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "ollama.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if .Values.hostIPC }}
hostIPC: {{ .Values.hostIPC }}
{{- end }}
{{- if .Values.hostPID }}
hostPID: {{ .Values.hostPID }}
{{- end }}
{{- if .Values.hostNetwork }}
hostNetwork: {{ .Values.hostNetwork }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "ollama.serviceAccountName" . }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- end }}
{{- if .Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- if .Values.runtimeClassName }}
runtimeClassName: {{ .Values.runtimeClassName | quote }}
{{- end }}
{{- with .Values.initContainers }}
initContainers:
{{- tpl (toYaml . ) $ | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (ternary (printf "%s-rocm" .Chart.AppVersion) (.Chart.AppVersion) (and (.Values.ollama.gpu.enabled) (eq .Values.ollama.gpu.type "amd"))) }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.ollama.port }}
protocol: TCP
env:
- name: OLLAMA_HOST
value: "0.0.0.0:{{ .Values.ollama.port }}"
{{- if and .Values.ollama.gpu.enabled (or (eq .Values.ollama.gpu.type "nvidia") (not .Values.ollama.gpu.type))}}
- name: PATH
value: /usr/local/nvidia/bin:/usr/local/cuda/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
{{- end}}
{{- with .Values.extraEnv }}
{{- toYaml . | nindent 12 }}
{{- end }}
envFrom:
{{- with .Values.extraEnvFrom }}
{{- toYaml . | nindent 12 }}
{{- end }}
args:
{{- with .Values.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.resources }}
resources:
{{- $limits := default dict .Values.resources.limits }}
{{- if .Values.ollama.gpu.enabled }}
{{- if .Values.ollama.gpu.draEnabled}}
claims:
- name: gpu
{{- else }}
# If gpu is enabled, it can either be a NVIDIA card or a AMD card
{{- if or (eq .Values.ollama.gpu.type "nvidia") (not .Values.ollama.gpu.type) }}
# NVIDIA is assumed by default if no value is set and GPU is enabled
# NVIDIA cards can have mig enabled (i.e., the card is sliced into parts
# Therefore, the first case is no migs enabled
{{- if or (not .Values.ollama.gpu.mig) (not .Values.ollama.gpu.mig.enabled ) }}
{{- $gpuLimit := dict (.Values.ollama.gpu.nvidiaResource | default "nvidia.com/gpu") (.Values.ollama.gpu.number | default 1) }}
{{- $limits = merge $limits $gpuLimit }}
# Second case is mig is enabled
{{- else if or (.Values.ollama.gpu.mig.enabled) }}
# Initialize empty dictionary
{{- $migDevices := dict -}}
# Loop over the entries in the mig devices
{{- range $key, $value := .Values.ollama.gpu.mig.devices }}
{{- $migKey := printf "nvidia.com/mig-%s" $key -}}
{{- $migDevices = merge $migDevices (dict $migKey $value) -}}
{{- end }}
{{- $limits = merge $limits $migDevices}}
{{- end }}
{{- end }}
{{- if eq .Values.ollama.gpu.type "amd" }}
{{- $gpuLimit := dict "amd.com/gpu" (.Values.ollama.gpu.number | default 1) }}
{{- $limits = merge $limits $gpuLimit }}
{{- end }}
{{- end }}
{{- end }}
{{- $ressources := deepCopy (dict "limits" $limits) | mergeOverwrite .Values.resources }}
{{- toYaml $ressources | nindent 12 }}
{{- end}}
volumeMounts:
- name: ollama-data
mountPath: {{ .Values.ollama.mountPath | default "/root/.ollama" }}
{{- if .Values.persistentVolume.subPath }}
subPath: {{ .Values.persistentVolume.subPath }}
{{- end }}
{{- range .Values.ollama.models.create }}
{{- if .configMapRef }}
- name: {{ .name }}-config-model-volume
mountPath: /models
{{- end }}
{{- end }}
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.livenessProbe.path }}
port: http
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.readinessProbe.path }}
port: http
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
{{- end }}
{{- with .Values.lifecycle}}
lifecycle:
{{- toYaml . | nindent 12 }}
{{- else }}
{{- if or .Values.ollama.models.pull .Values.ollama.models.run .Values.ollama.models.create }}
lifecycle:
postStart:
exec:
command:
- /bin/sh
- -c
- |
while ! /bin/ollama ps > /dev/null 2>&1; do
sleep 5
done
{{- $allModels := list -}}
{{- if .Values.ollama.models.pull }}
{{- range .Values.ollama.models.pull }}
{{- if contains ":" . }}
{{- $allModels = append $allModels . }}
{{- else }}
{{- $allModels = append $allModels (printf "%s:latest" .) }}
{{- end }}
/bin/ollama pull {{ternary "--insecure" "" $.Values.ollama.insecure | toString }} {{ . }}
{{- end }}
{{- end }}
{{- if .Values.ollama.models.create }}
{{- range .Values.ollama.models.create }}
{{- $allModels = append $allModels .name }}
{{- if .template }}
cat <<EOF > {{ include "ollama.modelsMountPath" $ }}/{{ .name }}
{{- .template | nindent 20 }}
EOF
/bin/ollama create {{ .name }} -f {{ include "ollama.modelsMountPath" $ }}/{{ .name }}
{{- end }}
{{- if .configMapRef }}
/bin/ollama create {{ .name }} -f /models/{{ .name }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.ollama.models.run }}
{{- range .Values.ollama.models.run }}
{{- if contains ":" . }}
{{- $allModels = append $allModels . }}
{{- else }}
{{- $allModels = append $allModels (printf "%s:latest" .) }}
{{- end }}
/bin/ollama run {{ . }}
{{- end }}
{{- end }}
{{- if .Values.ollama.models.clean }}
/bin/ollama list | awk 'NR>1 {print $1}' | while read model; do
echo "{{ $allModels | join " " }}" | tr ' ' '\n' | grep -Fqx "$model" || /bin/ollama rm "$model"
done
{{- end }}
{{- end }}
{{- end }}
{{- if and .Values.ollama.gpu.enabled .Values.ollama.gpu.draEnabled }}
resourceClaims:
- name: gpu
resourceClaimTemplateName: {{ .Values.ollama.gpu.draExistingClaimTemplate | default (printf "%s" (include "ollama.fullname" .)) }}
{{- end }}
volumes:
- name: ollama-data
{{- if .Values.persistentVolume.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistentVolume.existingClaim | default (printf "%s" (include "ollama.fullname" .)) }}
{{- else }}
emptyDir: { }
{{- end }}
{{- range .Values.ollama.models.create }}
{{- if .configMapRef }}
- name: {{ .name }}-config-model-volume
configMap:
name: {{ .configMapRef }}
items:
- key: {{ .configMapKeyRef }}
path: {{ .name }}
{{- end }}
{{- end }}
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if or .Values.ollama.gpu.enabled .Values.tolerations }}
tolerations:
{{- if and .Values.ollama.gpu.enabled (and
( or (eq .Values.ollama.gpu.type "nvidia") (not .Values.ollama.gpu.type))
( or (not .Values.ollama.gpu.mig) (not .Values.ollama.gpu.mig.enabled))
) }}
- key: "{{(.Values.ollama.gpu.nvidiaResource | default "nvidia.com/gpu")}}"
operator: Exists
effect: NoSchedule
{{- else if and .Values.ollama.gpu.enabled (and
( or (eq .Values.ollama.gpu.type "nvidia") (not .Values.ollama.gpu.type))
(( .Values.ollama.gpu.mig.enabled))
) }}
{{- range $key, $value := .Values.ollama.gpu.mig.devices }}
- key: nvidia.com/mig-{{ $key }}
operator: Exists
effect: NoSchedule
{{- end }}
{{- end }}
{{- with .Values.tolerations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

4
open-webui/charts/ollama/templates/extra-manifests.yaml Normal file
View File

@ -0,0 +1,4 @@
{{ range .Values.extraObjects }}
---
{{ tpl (toYaml .) $ }}
{{ end }}

34
open-webui/charts/ollama/templates/hpa.yaml Normal file
View File

@ -0,0 +1,34 @@
---
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "ollama.fullname" . }}
namespace: {{ include "ollama.namespace" . }}
labels:
{{- include "ollama.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "ollama.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

63
open-webui/charts/ollama/templates/ingress.yaml Normal file
View File

@ -0,0 +1,63 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "ollama.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className }}
{{- end }}
{{- end }}
---
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ include "ollama.namespace" . }}
labels:
{{- include "ollama.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

200
open-webui/charts/ollama/templates/knative/service.yaml Normal file
View File

@ -0,0 +1,200 @@
---
{{- if .Values.knative.enabled }}
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
name: {{ include "ollama.fullname" . }}
namespace: {{ include "ollama.namespace" . }}
labels:
{{- include "ollama.labels" . | nindent 4 }}
{{- with .Values.knative.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
template:
spec:
containerConcurrency: {{ .Values.knative.containerConcurrency }}
timeoutSeconds: {{ .Values.knative.timeoutSeconds }}
responseStartTimeoutSeconds: {{ .Values.knative.responseStartTimeoutSeconds }}
idleTimeoutSeconds: {{ .Values.knative.idleTimeoutSeconds }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "ollama.serviceAccountName" . }}
{{- if .Values.runtimeClassName }}
runtimeClassName: {{ .Values.runtimeClassName | quote }}
{{- end }}
{{- if .Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- end }}
{{- with .Values.initContainers }}
initContainers:
{{- tpl (toYaml . ) $ | nindent 8 }}
{{- end }}
containers:
- image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (ternary (printf "%s-rocm" .Chart.AppVersion) (.Chart.AppVersion) (and (.Values.ollama.gpu.enabled) (eq .Values.ollama.gpu.type "amd"))) }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
ports:
- containerPort: {{ .Values.ollama.port }}
env:
- name: OLLAMA_HOST
value: "0.0.0.0:{{ .Values.ollama.port }}"
{{- if and .Values.ollama.gpu.enabled (or (eq .Values.ollama.gpu.type "nvidia") (not .Values.ollama.gpu.type))}}
- name: PATH
value: /usr/local/nvidia/bin:/usr/local/cuda/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
{{- end}}
{{- with .Values.extraEnv }}
{{- toYaml . | nindent 12 }}
{{- end }}
envFrom:
{{- with .Values.extraEnvFrom }}
{{- toYaml . | nindent 12 }}
{{- end }}
args:
{{- with .Values.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.resources }}
resources:
{{- $limits := default dict .Values.resources.limits }}
{{- if .Values.ollama.gpu.enabled }}
{{- if or (eq .Values.ollama.gpu.type "nvidia") (not .Values.ollama.gpu.type) }}
{{- $gpuLimit := dict (.Values.ollama.gpu.nvidiaResource | default "nvidia.com/gpu") (.Values.ollama.gpu.number | default 1) }}
{{- $limits = merge $limits $gpuLimit }}
{{- end }}
{{- if eq .Values.ollama.gpu.type "amd" }}
{{- $gpuLimit := dict "amd.com/gpu" (.Values.ollama.gpu.number | default 1) }}
{{- $limits = merge $limits $gpuLimit }}
{{- end }}
{{- end }}
{{- $ressources := deepCopy (dict "limits" $limits) | mergeOverwrite .Values.resources }}
{{- toYaml $ressources | nindent 12 }}
{{- end}}
volumeMounts:
- name: ollama-data
mountPath: {{ .Values.ollama.mountPath | default "/root/.ollama" }}
{{- if .Values.persistentVolume.subPath }}
subPath: {{ .Values.persistentVolume.subPath }}
{{- end }}
{{- range .Values.ollama.models.create }}
{{- if .configMapRef }}
- name: {{ .name }}-config-model-volume
mountPath: /models
{{- end }}
{{- end }}
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.livenessProbe.path }}
port: http
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.readinessProbe.path }}
port: http
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
{{- end }}
{{- with .Values.lifecycle}}
lifecycle:
{{- toYaml . | nindent 12 }}
{{- else }}
{{- if or .Values.ollama.models.pull .Values.ollama.models.run .Values.ollama.models.create }}
lifecycle:
postStart:
exec:
command:
- /bin/sh
- -c
- |
while ! /bin/ollama ps > /dev/null 2>&1; do
sleep 5
done
{{- if .Values.ollama.models.pull }}
{{- range .Values.ollama.models.pull }}
/bin/ollama pull {{ternary "--insecure" "" $.Values.ollama.insecure | toString }} {{ . }}
{{- end }}
{{- end }}
{{- if .Values.ollama.models.create }}
{{- range .Values.ollama.models.create }}
{{- if .template }}
cat <<EOF > {{ include "ollama.modelsMountPath" $ }}/{{ .name }}
{{- .template | nindent 20 }}
EOF
/bin/ollama create {{ .name }} -f {{ include "ollama.modelsMountPath" . }}/{{ .name }}
{{- end }}
{{- if .configMapRef }}
/bin/ollama create {{ .name }} -f /models/{{ .name }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.ollama.models.run }}
{{- range .Values.ollama.models.run }}
/bin/ollama run {{ . }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
volumes:
- name: ollama-data
{{- if .Values.persistentVolume.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistentVolume.existingClaim | default (printf "%s" (include "ollama.fullname" .)) }}
{{- else }}
emptyDir: { }
{{- end }}
{{- range .Values.ollama.models.create }}
{{- if .configMapRef }}
- name: {{ .name }}-config-model-volume
configMap:
name: {{ .configMapRef }}
items:
- key: {{ .configMapKeyRef }}
path: {{ .name }}
{{- end }}
{{- end }}
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if or .Values.ollama.gpu.enabled .Values.tolerations }}
tolerations:
{{- if and .Values.ollama.gpu.enabled (or (eq .Values.ollama.gpu.type "nvidia") (not .Values.ollama.gpu.type)) }}
- key: "{{(.Values.ollama.gpu.nvidiaResource | default "nvidia.com/gpu")}}"
operator: Exists
effect: NoSchedule
{{- end }}
{{- with .Values.tolerations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

33
open-webui/charts/ollama/templates/pvc.yaml Normal file
View File

@ -0,0 +1,33 @@
{{- if (and .Values.persistentVolume.enabled (not .Values.persistentVolume.existingClaim)) -}}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
{{- if .Values.persistentVolume.annotations }}
annotations:
{{ toYaml .Values.persistentVolume.annotations | indent 4 }}
{{- end }}
labels:
{{- include "ollama.labels" . | nindent 4 }}
name: {{ template "ollama.fullname" . }}
namespace: {{ include "ollama.namespace" . }}
spec:
accessModes:
{{ toYaml .Values.persistentVolume.accessModes | indent 4 }}
{{- if .Values.persistentVolume.storageClass }}
{{- if (eq "-" .Values.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistentVolume.storageClass }}"
{{- end }}
{{- end }}
{{- if .Values.persistentVolume.volumeMode }}
volumeMode: "{{ .Values.persistentVolume.volumeMode }}"
{{- end }}
{{- if .Values.persistentVolume.volumeName }}
volumeName: "{{ .Values.persistentVolume.volumeName }}"
{{- end }}
resources:
requests:
storage: "{{ .Values.persistentVolume.size }}"
{{- end -}}

19
open-webui/charts/ollama/templates/resourceclaimtemplate.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if and .Values.ollama.gpu.enabled .Values.ollama.gpu.draEnabled (not .Values.ollama.gpu.draExistingClaimTemplate) -}}
---
{{- if semverCompare ">=1.34-0" .Capabilities.KubeVersion.GitVersion }}
apiVersion: resource.k8s.io/v1
{{- else }}
apiVersion: resource.k8s.io/v1beta1
{{- end }}
kind: ResourceClaimTemplate
metadata:
name: {{ template "ollama.fullname" . }}
namespace: {{ include "ollama.namespace" . }}
spec:
spec:
devices:
requests:
- name: gpu
deviceClassName: {{ .Values.ollama.gpu.draDriverClass }}
count: {{(.Values.ollama.gpu.number | default 1)}}
{{- end -}}

32
open-webui/charts/ollama/templates/service.yaml Normal file
View File

@ -0,0 +1,32 @@
---
{{- if not .Values.knative.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "ollama.fullname" . }}
namespace: {{ include "ollama.namespace" . }}
labels:
{{- include "ollama.labels" . | nindent 4 }}
{{- with .Values.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
{{- if contains "NodePort" .Values.service.type }}
nodePort: {{ .Values.service.nodePort }}
{{- end }}
{{- if .Values.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.loadBalancerIP | quote }}
{{- end }}
selector:
{{- include "ollama.selectorLabels" . | nindent 4 }}
{{- end }}

15
open-webui/charts/ollama/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,15 @@
{{- if .Values.serviceAccount.create -}}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "ollama.serviceAccountName" . }}
namespace: {{ include "ollama.namespace" . }}
labels:
{{- include "ollama.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
{{- end }}

25
open-webui/charts/ollama/templates/tests/test-connection.yaml Normal file
View File

@ -0,0 +1,25 @@
---
{{- if .Values.tests.enabled }}
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "ollama.fullname" . }}-test-connection"
namespace: {{ include "ollama.namespace" . }}
labels:
{{- include "ollama.labels" . | nindent 4 }}
{{- with .Values.tests.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
"helm.sh/hook": test
{{- with .Values.tests.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "ollama.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never
{{ end }}

440
open-webui/charts/ollama/values.yaml Normal file
View File

@ -0,0 +1,440 @@
# Default values for ollama-helm.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# -- Number of replicas
replicaCount: 1
# Knative configuration
knative:
# -- Enable Knative integration
enabled: false
# -- Knative service container concurrency
containerConcurrency: 0
# -- Knative service timeout seconds
timeoutSeconds: 300
# -- Knative service response start timeout seconds
responseStartTimeoutSeconds: 300
# -- Knative service idle timeout seconds
idleTimeoutSeconds: 300
# -- Knative service annotations
annotations: {}
# Docker image
image:
# -- Docker image registry
repository: ollama/ollama
# -- Docker pull policy
pullPolicy: IfNotPresent
# -- Docker image tag, overrides the image tag whose default is the chart appVersion.
tag: ""
# -- Docker registry secret names as an array
imagePullSecrets: []
# -- String to partially override template (will maintain the release name)
nameOverride: ""
# -- String to fully override template
fullnameOverride: ""
# -- String to fully override namespace
namespaceOverride: ""
# Ollama parameters
ollama:
# Port Ollama is listening on
port: 11434
gpu:
# -- Enable GPU integration
enabled: false
# -- Enable DRA GPU integration
# If enabled, it will use DRA instead of Device Driver Plugin and create a ResourceClaim and GpuClaimParameters
draEnabled: false
# -- DRA GPU DriverClass
draDriverClass: "gpu.nvidia.com"
# -- Existing DRA GPU ResourceClaim Template
draExistingClaimTemplate: ""
# -- GPU type: 'nvidia' or 'amd'
# If 'ollama.gpu.enabled', default value is nvidia
# If set to 'amd', this will add 'rocm' suffix to image tag if 'image.tag' is not override
# This is due cause AMD and CPU/CUDA are different images
type: 'nvidia'
# -- Specify the number of GPU
# If you use MIG section below then this parameter is ignored
number: 1
# -- only for nvidia cards; change to (example) 'nvidia.com/mig-1g.10gb' to use MIG slice
nvidiaResource: "nvidia.com/gpu"
# nvidiaResource: "nvidia.com/mig-1g.10gb" # example
# If you want to use more than one NVIDIA MIG you can use the following syntax (then nvidiaResource is ignored and only the configuration in the following MIG section is used)
mig:
# -- Enable multiple mig devices
# If enabled you will have to specify the mig devices
# If enabled is set to false this section is ignored
enabled: false
# -- Specify the mig devices and the corresponding number
devices: {}
# 1g.10gb: 1
# 3g.40gb: 1
models:
# -- List of models to pull at container startup
# The more you add, the longer the container will take to start if models are not present
# pull:
# - llama2
# - mistral
pull: []
# -- List of models to load in memory at container startup
# run:
# - llama2
# - mistral
run: []
# -- List of models to create at container startup, there are two options
# 1. Create a raw model
# 2. Load a model from configMaps, configMaps must be created before and are loaded as volume in "/models" directory.
# create:
# - name: llama3.1-ctx32768
# configMapRef: my-configmap
# configMapKeyRef: configmap-key
# - name: llama3.1-ctx32768
# template: |
# FROM llama3.1
# PARAMETER num_ctx 32768
create: []
# -- Automatically remove models present on the disk but not specified in the values file
clean: false
# -- Add insecure flag for pulling at container startup
insecure: false
# -- Override ollama-data volume mount path, default: "/root/.ollama"
mountPath: ""
# Service account
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
serviceAccount:
# -- Specifies whether a service account should be created
create: true
# -- Automatically mount a ServiceAccount's API credentials?
automount: true
# -- Annotations to add to the service account
annotations: {}
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# -- Map of annotations to add to the pods
podAnnotations: {}
# -- Map of labels to add to the pods
podLabels: {}
# -- Pod Security Context
podSecurityContext: {}
# fsGroup: 2000
# -- Priority Class Name
priorityClassName: ""
# -- Container Security Context
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
# -- Specify runtime class
runtimeClassName: ""
# Configure Service
service:
# -- Service type
type: ClusterIP
# -- Service port
port: 11434
# -- Service node port when service type is 'NodePort'
nodePort: 31434
# -- Load Balancer IP address
loadBalancerIP:
# -- Annotations to add to the service
annotations: {}
# -- Labels to add to the service
labels: {}
# Configure Deployment
deployment:
# -- Labels to add to the deployment
labels: {}
# Configure the ingress resource that allows you to access the
ingress:
# -- Enable ingress controller resource
enabled: false
# -- IngressClass that will be used to implement the Ingress (Kubernetes 1.18+)
className: ""
# -- Additional annotations for the Ingress resource.
annotations: {}
# kubernetes.io/ingress.class: traefik
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# The list of hostnames to be covered with this ingress record.
hosts:
- host: ollama.local
paths:
- path: /
pathType: Prefix
# -- The tls configuration for hostnames to be covered with this ingress record.
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
# Configure resource requests and limits
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
resources:
# -- Pod requests
requests: {}
# Memory request
# memory: 4096Mi
# CPU request
# cpu: 2000m
# -- Pod limit
limits: {}
# Memory limit
# memory: 8192Mi
# CPU limit
# cpu: 4000m
# Configure extra options for liveness probe
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
livenessProbe:
# -- Enable livenessProbe
enabled: true
# -- Request path for livenessProbe
path: /
# -- Initial delay seconds for livenessProbe
initialDelaySeconds: 60
# -- Period seconds for livenessProbe
periodSeconds: 10
# -- Timeout seconds for livenessProbe
timeoutSeconds: 5
# -- Failure threshold for livenessProbe
failureThreshold: 6
# -- Success threshold for livenessProbe
successThreshold: 1
# Configure extra options for readiness probe
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
readinessProbe:
# -- Enable readinessProbe
enabled: true
# -- Request path for readinessProbe
path: /
# -- Initial delay seconds for readinessProbe
initialDelaySeconds: 30
# -- Period seconds for readinessProbe
periodSeconds: 5
# -- Timeout seconds for readinessProbe
timeoutSeconds: 3
# -- Failure threshold for readinessProbe
failureThreshold: 6
# -- Success threshold for readinessProbe
successThreshold: 1
# Configure autoscaling
autoscaling:
# -- Enable autoscaling
enabled: false
# -- Number of minimum replicas
minReplicas: 1
# -- Number of maximum replicas
maxReplicas: 100
# -- CPU usage to target replica
targetCPUUtilizationPercentage: 80
# -- targetMemoryUtilizationPercentage: 80
# -- Additional volumes on the output Deployment definition.
volumes: []
# -- - name: foo
# secret:
# secretName: mysecret
# optional: false
# -- Additional volumeMounts on the output Deployment definition.
volumeMounts: []
# -- - name: foo
# mountPath: "/etc/foo"
# readOnly: true
# -- Additional arguments on the output Deployment definition.
extraArgs: []
# -- Additional environments variables on the output Deployment definition.
# For extra OLLAMA env, please refer to https://github.com/ollama/ollama/blob/main/envconfig/config.go
extraEnv: []
# - name: OLLAMA_DEBUG
# value: "1"
# -- Additionl environment variables from external sources (like ConfigMap)
extraEnvFrom: []
# - configMapRef:
# name: my-env-configmap
# Enable persistence using Persistent Volume Claims
# ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
persistentVolume:
# -- Enable persistence using PVC
enabled: false
# -- Ollama server data Persistent Volume access modes
# Must match those of existing PV or dynamic provisioner
# Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
accessModes:
- ReadWriteOnce
# -- Ollama server data Persistent Volume annotations
annotations: {}
# -- If you'd like to bring your own PVC for persisting Ollama state, pass the name of the
# created + ready PVC here. If set, this Chart will not create the default PVC.
# Requires server.persistentVolume.enabled: true
existingClaim: ""
# -- Ollama server data Persistent Volume size
size: 30Gi
# -- Ollama server data Persistent Volume Storage Class
# If defined, storageClassName: <storageClass>
# If set to "-", storageClassName: "", which disables dynamic provisioning
# If undefined (the default) or set to null, no storageClassName spec is
# set, choosing the default provisioner. (gp2 on AWS, standard on
# GKE, AWS & OpenStack)
storageClass: ""
# -- Ollama server data Persistent Volume Binding Mode
# If defined, volumeMode: <volumeMode>
# If empty (the default) or set to null, no volumeBindingMode spec is
# set, choosing the default mode.
volumeMode: ""
# -- Subdirectory of Ollama server data Persistent Volume to mount
# Useful if the volume's root directory is not empty
subPath: ""
# -- Pre-existing PV to attach this claim to
# Useful if a CSI auto-provisions a PV for you and you want to always
# reference the PV moving forward
volumeName: ""
# -- Node labels for pod assignment.
nodeSelector: {}
# -- Tolerations for pod assignment
tolerations: []
# -- Affinity for pod assignment
affinity: {}
# -- Lifecycle for pod assignment (override ollama.models startup pull/run)
lifecycle: {}
# How to replace existing pods
updateStrategy:
# -- Deployment strategy can be "Recreate" or "RollingUpdate". Default is Recreate
type: "Recreate"
# -- Topology Spread Constraints for pod assignment
topologySpreadConstraints: {}
# -- Wait for a grace period
terminationGracePeriodSeconds: 120
# -- Init containers to add to the pod
initContainers: []
# - name: startup-tool
# image: alpine:3
# command: [sh, -c]
# args:
# - echo init
# -- Use the hosts ipc namespace.
hostIPC: false
# -- Use the hosts pid namespace
hostPID: false
# -- Use the host's network namespace.
hostNetwork: false
# -- Extra K8s manifests to deploy
extraObjects: []
# - apiVersion: v1
# kind: PersistentVolume
# metadata:
# name: aws-efs
# data:
# key: "value"
# - apiVersion: scheduling.k8s.io/v1
# kind: PriorityClass
# metadata:
# name: high-priority
# value: 1000000
# globalDefault: false
# description: "This priority class should be used for XYZ service pods only."
# Test connection pods
tests:
enabled: true
# -- Labels to add to the tests
labels: {}
# -- Annotations to add to the tests
annotations: {}

24
open-webui/charts/pipelines/.helmignore Normal file
View File

@ -0,0 +1,24 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
.drone.yml
*.tmproj
.vscode/

16
open-webui/charts/pipelines/Chart.yaml Normal file
View File

@ -0,0 +1,16 @@
annotations:
licenses: MIT
apiVersion: v2
appVersion: alpha
description: 'Pipelines: UI-Agnostic OpenAI API Plugin Framework'
home: https://github.com/open-webui/pipelines
icon: https://github.com/open-webui/pipelines/raw/main/header.png
keywords:
- llm
- chat
- web-ui
name: pipelines
sources:
- https://github.com/open-webui/helm-charts
- https://github.com/open-webui/pipelines/pkgs/container/pipelines
version: 0.7.0

84
open-webui/charts/pipelines/README.md Normal file
View File

@ -0,0 +1,84 @@
# pipelines
![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![AppVersion: alpha](https://img.shields.io/badge/AppVersion-alpha-informational?style=flat-square)
Pipelines: UI-Agnostic OpenAI API Plugin Framework
**Homepage:** <https://github.com/open-webui/pipelines>
## Source Code
* <https://github.com/open-webui/helm-charts>
* <https://github.com/open-webui/pipelines/pkgs/container/pipelines>
## Installing
Before you can install, you need to add the `open-webui` repo to [Helm](https://helm.sh)
```shell
helm repo add open-webui https://helm.openwebui.com/
helm repo update
```
Now you can install the chart:
```shell
helm upgrade --install open-webui open-webui/pipelines
```
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | Affinity for pod assignment |
| annotations | object | `{}` | |
| clusterDomain | string | `"cluster.local"` | Value of cluster domain |
| commonEnvVars | list | `[]` | Additional environments variables on the output Deployment definition, common across environments |
| containerSecurityContext | object | `{}` | Configure container security context ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-containe> |
| extraEnvVars | list | `[{"name":"PIPELINES_URLS","value":"https://github.com/open-webui/pipelines/blob/main/examples/filters/detoxify_filter_pipeline.py"}]` | Additional environments variables on the output Deployment definition. These are used to pull initial Pipeline files, and help configure Pipelines with required values (e.g. Langfuse API keys) |
| extraEnvVars[0] | object | `{"name":"PIPELINES_URLS","value":"https://github.com/open-webui/pipelines/blob/main/examples/filters/detoxify_filter_pipeline.py"}` | Example pipeline to pull and load on deployment startup, see current pipelines here: https://github.com/open-webui/pipelines/blob/main/examples |
| extraInitContainers | list | `[]` | Additional init containers to add to the deployment ref: <https://kubernetes.io/docs/concepts/workloads/pods/init-containers/> |
| extraResources | list | `[]` | Extra resources to deploy with Open WebUI Pipelines |
| hostAliases | list | `[]` | HostAliases to be added to hosts-file of each container |
| image.pullPolicy | string | `"Always"` | |
| image.repository | string | `"ghcr.io/open-webui/pipelines"` | |
| image.tag | string | `"main"` | |
| imagePullSecrets | list | `[]` | Configure imagePullSecrets to use private registry ref: <https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry> |
| ingress.annotations | object | `{}` | Use appropriate annotations for your Ingress controller, e.g., for NGINX: nginx.ingress.kubernetes.io/rewrite-target: / |
| ingress.class | string | `""` | |
| ingress.enabled | bool | `true` | |
| ingress.existingSecret | string | `""` | |
| ingress.host | string | `""` | |
| ingress.tls | bool | `false` | |
| nameOverride | string | `""` | |
| namespaceOverride | string | `""` | |
| nodeSelector | object | `{}` | Node labels for pod assignment. |
| persistence.accessModes | list | `["ReadWriteOnce"]` | If using multiple replicas, you must update accessModes to ReadWriteMany |
| persistence.annotations | object | `{}` | |
| persistence.enabled | bool | `true` | |
| persistence.existingClaim | string | `""` | |
| persistence.selector | object | `{}` | |
| persistence.size | string | `"2Gi"` | |
| persistence.storageClass | string | `""` | |
| podAnnotations | object | `{}` | |
| podLabels | object | `{}` | |
| podSecurityContext | object | `{}` | Configure pod security context ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container> |
| replicaCount | int | `1` | |
| resources | object | `{}` | |
| service.annotations | object | `{}` | |
| service.containerPort | int | `9099` | |
| service.labels | object | `{}` | |
| service.loadBalancerClass | string | `""` | |
| service.nodePort | string | `""` | |
| service.port | int | `9099` | |
| service.type | string | `"ClusterIP"` | |
| serviceAccount.automountServiceAccountToken | bool | `false` | |
| serviceAccount.enable | bool | `true` | |
| strategy | object | `{}` | Strategy for updating the deployment |
| tolerations | list | `[]` | Tolerations for pod assignment |
| volumeMounts | list | `[]` | Configure container volume mounts ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-volume-storage/> |
| volumes | list | `[]` | Configure pod volumes ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-volume-storage/> |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/).

36
open-webui/charts/pipelines/README.md.gotmpl Normal file
View File

@ -0,0 +1,36 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.badgesSection" . }}
{{ template "chart.description" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
## Installing
Before you can install, you need to add the `open-webui` repo to [Helm](https://helm.sh)
```shell
helm repo add open-webui https://helm.openwebui.com/
helm repo update
```
Now you can install the chart:
```shell
helm upgrade --install open-webui open-webui/pipelines
```
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
----------------------------------------------
Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/).

65
open-webui/charts/pipelines/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,65 @@
{{/*
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
*/}}
{{- define "pipelines.namespace" -}}
{{- if .Values.namespaceOverride -}}
{{- .Values.namespaceOverride -}}
{{- else -}}
{{- .Release.Namespace -}}
{{- end -}}
{{- end -}}
{{/*
Set the name of the Pipelines resources
*/}}
{{- define "pipelines.name" -}}
{{- default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end -}}
{{/*
Create the chart name and version for the chart label
*/}}
{{- define "chart.name" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create the base labels to include on chart resources
*/}}
{{- define "base.labels" -}}
helm.sh/chart: {{ include "chart.name" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Create selector labels to include on all resources
*/}}
{{- define "base.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{/*
Create selector labels to include on all Pipelines resources
*/}}
{{- define "pipelines.selectorLabels" -}}
{{ include "base.selectorLabels" . }}
app.kubernetes.io/component: {{ .Chart.Name }}
{{- end }}
{{/*
Create labels to include on all Pipelines resources
*/}}
{{- define "pipelines.labels" -}}
{{ include "base.labels" . }}
{{ include "pipelines.selectorLabels" . }}
{{- end }}
{{/*
Create the default port to use on the service if none is defined in values
*/}}
{{- define "pipelines.servicePort" -}}
{{- .Values.service.port | default 9099 }}
{{- end }}

111
open-webui/charts/pipelines/templates/deployment.yaml Normal file
View File

@ -0,0 +1,111 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "pipelines.name" . }}
namespace: {{ include "pipelines.namespace" . }}
labels:
{{- include "pipelines.labels" . | nindent 4 }}
{{- with .Values.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "pipelines.selectorLabels" . | nindent 6 }}
{{- with .Values.strategy }}
strategy:
{{- toYaml . | nindent 4 }}
{{- end }}
template:
metadata:
labels:
{{- include "pipelines.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.extraInitContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- end }}
enableServiceLinks: false
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken | default false }}
{{- if .Values.serviceAccount.enable }}
serviceAccountName: {{ .Values.serviceAccount.name | default (include "pipelines.name" .) }}
{{- end }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- with .Values.image }}
image: {{ .repository }}:{{ .tag | default $.Chart.AppVersion }}
imagePullPolicy: {{ .pullPolicy }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.service.containerPort }}
{{- with .Values.resources }}
resources: {{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /app/pipelines
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
env:
{{- if .Values.extraEnvVars }}
{{- toYaml .Values.extraEnvVars | nindent 8 }}
{{- end }}
{{- if .Values.commonEnvVars }}
{{- toYaml .Values.commonEnvVars | nindent 8 }}
{{- end }}
tty: true
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
- name: data
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim }}
{{- else if not .Values.persistence.enabled }}
- name: data
emptyDir: {}
{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
- name: data
persistentVolumeClaim:
claimName: {{ include "pipelines.name" . }}
{{- end }}
{{- with .Values.volumes }}
{{- toYaml . | nindent 6 }}
{{- end }}

6
open-webui/charts/pipelines/templates/extra-resources.yaml Normal file
View File

@ -0,0 +1,6 @@
{{- if .Values.extraResources }}
{{- range .Values.extraResources }}
---
{{ toYaml . | nindent 0 }}
{{- end }}
{{- end }}

28
open-webui/charts/pipelines/templates/pvc.yaml Normal file
View File

@ -0,0 +1,28 @@
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "pipelines.name" . }}
namespace: {{ include "pipelines.namespace" . }}
labels:
{{- include "pipelines.selectorLabels" . | nindent 4 }}
{{- with .Values.persistence.annotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size }}
{{- if .Values.persistence.storageClass }}
storageClassName: {{ .Values.persistence.storageClass }}
{{- end }}
{{- with .Values.persistence.selector }}
selector:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

13
open-webui/charts/pipelines/templates/service-account.yaml Normal file
View File

@ -0,0 +1,13 @@
{{- if .Values.serviceAccount.enable }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.serviceAccount.name | default (include "pipelines.name" .) }}
namespace: {{ include "pipelines.namespace" . }}
labels:
{{- include "pipelines.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

30
open-webui/charts/pipelines/templates/service.yaml Normal file
View File

@ -0,0 +1,30 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "pipelines.name" . }}
namespace: {{ include "pipelines.namespace" . }}
labels:
{{- include "pipelines.labels" . | nindent 4 }}
{{- with .Values.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
{{- include "pipelines.selectorLabels" . | nindent 4 }}
type: {{ .Values.service.type | default "ClusterIP" }}
ports:
- protocol: TCP
name: http
port: {{ .Values.service.port }}
targetPort: http
{{- if .Values.service.nodePort }}
nodePort: {{ .Values.service.nodePort | int }}
{{- end }}
{{- if .Values.service.loadBalancerClass }}
loadBalancerClass: {{ .Values.service.loadBalancerClass | quote }}
{{- end }}

160
open-webui/charts/pipelines/values.yaml Normal file
View File

@ -0,0 +1,160 @@
nameOverride: ""
namespaceOverride: ""
# -- Value of cluster domain
clusterDomain: cluster.local
annotations: {}
podAnnotations: {}
podLabels: {}
replicaCount: 1
# -- Strategy for updating the deployment
strategy: {}
image:
repository: ghcr.io/open-webui/pipelines
tag: main
pullPolicy: Always
# -- Configure imagePullSecrets to use private registry
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry>
imagePullSecrets: []
# imagePullSecrets:
# - name: myRegistryKeySecretName
resources: {}
ingress:
enabled: true
class: ""
# -- Use appropriate annotations for your Ingress controller, e.g., for NGINX:
# nginx.ingress.kubernetes.io/rewrite-target: /
annotations: {}
host: ""
tls: false
existingSecret: ""
persistence:
enabled: true
size: 2Gi
existingClaim: ""
# -- If using multiple replicas, you must update accessModes to ReadWriteMany
accessModes:
- ReadWriteOnce
storageClass: ""
selector: {}
annotations: {}
serviceAccount:
enable: true
automountServiceAccountToken: false
# -- Configure pod security context
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container>
podSecurityContext:
{}
# fsGroupChangePolicy: Always
# sysctls: []
# supplementalGroups: []
# fsGroup: 1001
# -- Configure container security context
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-containe>
containerSecurityContext:
{}
# runAsUser: 1001
# runAsGroup: 1001
# runAsNonRoot: true
# privileged: false
# allowPrivilegeEscalation: false
# readOnlyRootFilesystem: false
# capabilities:
# drop:
# - ALL
# seccompProfile:
# type: "RuntimeDefault"
# -- Node labels for pod assignment.
nodeSelector: {}
# -- Tolerations for pod assignment
tolerations: []
# -- Affinity for pod assignment
affinity: {}
# -- HostAliases to be added to hosts-file of each container
hostAliases: []
service:
type: ClusterIP
annotations: {}
port: 9099
containerPort: 9099
nodePort: ""
labels: {}
loadBalancerClass: ""
# -- Additional environments variables on the output Deployment definition. These are used to pull initial Pipeline files, and help configure Pipelines with required values (e.g. Langfuse API keys)
extraEnvVars:
# -- Example pipeline to pull and load on deployment startup, see current pipelines here: https://github.com/open-webui/pipelines/blob/main/examples
- name: PIPELINES_URLS
value: "https://github.com/open-webui/pipelines/blob/main/examples/filters/detoxify_filter_pipeline.py"
# - name: PIPELINES_API_KEY
# valueFrom:
# secretKeyRef:
# name: pipelines-keys
# key: pipelines-api-key
# -- Langfuse example, including values used in Langfuse filter to connect
# - name: PIPELINES_URLS
# value: "https://github.com/open-webui/pipelines/blob/main/examples/filters/langfuse_filter_pipeline.py"
# - name: LANGFUSE_PUBLIC_KEY
# valueFrom:
# secretKeyRef:
# name: langfuse-keys
# key: public-key
# - name: LANGFUSE_SECRET_KEY
# valueFrom:
# secretKeyRef:
# name: langfuse-keys
# key: secret-key
# - name: LANGFUSE_HOST
# value: https://us.cloud.langfuse.com
# -- Additional environments variables on the output Deployment definition, common across environments.
commonEnvVars: []
# -- Configure container volume mounts
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-volume-storage/>
volumeMounts: []
# - name: ""
# mountPath: ""
# -- Additional init containers to add to the deployment
# ref: <https://kubernetes.io/docs/concepts/workloads/pods/init-containers/>
extraInitContainers: []
# - name: custom-init
# image: busybox:latest
# command: ['sh', '-c', 'echo "Custom init container running"']
# volumeMounts:
# - name: data
# mountPath: /data
# -- Configure pod volumes
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-volume-storage/>
volumes: []
# - name: ""
# configMap:
# name: ""
# - name: ""
# secret:
# name: ""
# - name: ""
# emptyDir: {}
# -- Extra resources to deploy with Open WebUI Pipelines
extraResources:
[]
# - apiVersion: v1
# kind: ConfigMap
# metadata:
# name: example-configmap
# data:
# example-key: example-value

26
open-webui/charts/tika/.asf.yaml Normal file
View File

@ -0,0 +1,26 @@
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
github:
description: "A Helm chart to deploy Apache Tika on Kubernetes."
homepage: https://tika.apache.org/
labels:
- helm
- chart
- tika
notifications:
commits: commits@tika.apache.org
issues: dev@tika.apache.org
pullrequests: dev@tika.apache.org
jira_options: link label comment

83
open-webui/charts/tika/.github/workflows/lint-test.yaml vendored Normal file
View File

@ -0,0 +1,83 @@
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Lint and Test Charts
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
types: [opened, synchronize, reopened]
jobs:
lint-test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4.1.5
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@v4.2.0
- uses: actions/setup-python@v5.1.0
with:
python-version: '3.x'
check-latest: true
- name: Set up chart-testing
uses: helm/chart-testing-action@v2.6.1
- name: Run chart-testing (list-changed)
id: list-changed
run: |
changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
if [[ -n "$changed" ]]; then
echo "::set-output name=changed::true"
fi
shell: bash
- name: Run chart-testing (lint)
run: ct lint --target-branch ${{ github.event.repository.default_branch }} --charts .
shell: bash
- name: Create kind cluster
uses: helm/kind-action@v1.10.0
if: steps.list-changed.outputs.changed == 'true'
- name: Uninstall helm-unittest if present
run: |
helm plugin uninstall unittest >/dev/null 2>/dev/null \
|| echo "Failed to uninstall plugin, assuming it's not present."
shell: bash
- name: Install latest helm-unittest
run: |
echo "Installing latest version of helm-unittest"
helm plugin install https://github.com/helm-unittest/helm-unittest >/dev/null 2>/dev/null
shell: bash
- name: Assemble list of chart directories to test
run: |
tr ' ' '\n' <<< . | grep -v '^$' > charts-to-test || true
find . -type f -name 'Chart.yaml' -exec dirname {} \; > all-charts
[ -z . ] && mv all-charts charts-to-test || true
shell: bash
- name: Fetch chart dependencies
run: |
for chart in $(cat charts-to-test); do
helm dependency update "$chart" >/dev/null
done
shell: bash
- name: Run unit tests
run: helm unittest --color $(cat charts-to-test)
shell: bash
- name: Run chart-testing (install)
if: steps.list-changed.outputs.changed == 'true'
run: ct install --target-branch ${{ github.event.repository.default_branch }} --charts .
shell: bash

44
open-webui/charts/tika/.github/workflows/pluto.yaml vendored Normal file
View File

@ -0,0 +1,44 @@
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Use Pluto to check helm chart for resources using deprecated k8s APIs
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
types: [opened, synchronize, reopened]
jobs:
pluto_detect:
runs-on: ubuntu-latest
env:
PLUTO_VERSION: 5.19.1
steps:
- name: Checkout
uses: actions/checkout@v4.1.5
- name: Download Pluto
run: |
wget https://github.com/FairwindsOps/pluto/releases/download/v${{ env.PLUTO_VERSION }}/pluto_${{ env.PLUTO_VERSION }}_linux_amd64.tar.gz -O - | tar -xz
mv pluto /usr/local/bin/pluto
chmod +x /usr/local/bin/pluto
shell: bash
- name: Set up Helm
uses: azure/setup-helm@v4.2.0
- name: verify helm chart
run: |
helm template . | pluto detect -omarkdown - >> $GITHUB_STEP_SUMMARY
shell: bash

24
open-webui/charts/tika/.helmignore Normal file
View File

@ -0,0 +1,24 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
tests

52
open-webui/charts/tika/Chart.yaml Normal file
View File

@ -0,0 +1,52 @@
annotations:
artifacthub.io/category: integration-delivery
artifacthub.io/containsSecurityUpdates: "false"
artifacthub.io/license: Apache-2.0
artifacthub.io/links: |
- name: support
url: https://issues.apache.org/jira/browse/TIKA
artifacthub.io/prerelease: "false"
artifacthub.io/recommendations: |
- url: https://artifacthub.io/packages/helm/apache-solr/solr
- url: https://artifacthub.io/packages/helm/apache-airflow/airflow
apiVersion: v2
appVersion: 3.2.2.0-full
description: The official Helm chart for Apache Tika
home: https://tika.apache.org
icon: https://tika.apache.org/tika.png
keywords:
- apache
- tika
- apache-tika
- tika-helm
maintainers:
- email: lewismc@apache.org
name: lewismc
url: https://github.com/lewismc
- name: stijnbrouwers
url: https://github.com/stijnbrouwers
- name: philipsoutham
url: https://github.com/philipsoutham
- name: frascu
url: https://github.com/frascu
- name: euven
url: https://github.com/euven
- name: ps0uth
url: https://github.com/ps0uth
- name: ahilmathew
url: https://github.com/ahilmathew
- name: aidanthewiz
url: https://github.com/aidanthewiz
- name: bartek
url: https://github.com/bartek
- name: CiraciNicolo
url: https://github.com/CiraciNicolo
- name: amalucelli
url: https://github.com/amalucelli
- name: thatmlopsguy
url: https://github.com/thatmlopsguy
name: tika
sources:
- https://github.com/apache/tika-helm
type: application
version: 3.2.2

5737
open-webui/charts/tika/LICENSE.txt Normal file
View File

File diff suppressed because it is too large Load Diff

159
open-webui/charts/tika/README.md Normal file
View File

@ -0,0 +1,159 @@
tika-helm
=========
[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/apache-tika)](https://artifacthub.io/packages/search?repo=apache-tika)
<div class="artifacthub-widget" data-url="https://artifacthub.io/packages/helm/apache-tika/tika" data-theme="light" data-header="true" data-stars="true" data-responsive="false"><blockquote><p lang="en" dir="ltr"><b>tika</b>: The official Helm chart to deploy Apache Tika on Kubernetes</p>&mdash; Open in <a href="https://artifacthub.io/packages/helm/apache-tika/tika">Artifact Hub</a></blockquote></div><script async src="https://artifacthub.io/artifacthub-widget.js"></script>
A [Helm chart][] to deploy [Apache Tika][] on [Kubernetes][].
<img src="https://tika.apache.org/tika.png" width="300" />
This Helm chart is a lightweight way to configure and run the official [apache/tika][] Docker image.
We recommend that the Helm chart version is aligned to the version Tika (and subsequently the
version of the [Tika Docker image][]) you want to deploy.
This will ensure that you using a chart version that has been tested against the corresponding
production version. This will also ensure that the documentation and examples for the chart
will work with the version of Tika you are installing.
<!-- development warning placeholder -->
**Warning**: This branch is used for development, please use the [latest release][] for released version.
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
- [tika-helm](#tika-helm)
- [Requirements](#requirements)
- [Installing](#installing)
- [Install released version using Helm repository](#install-released-version-using-helm-repository)
- [Install development version using master branch](#install-development-version-using-master-branch)
- [Custom configuration for tika](#custom-configuration-for-tika)
- [Upgrading](#upgrading)
- [Configuration](#configuration)
- [Deprecated](#deprecated)
- [Contributing](#contributing)
- [More Information](#more-information)
- [Authors](#authors)
- [License](#license)
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
<!-- Use this to update TOC: -->
<!-- docker run --rm -it -v $(pwd):/usr/src jorgeandrada/doctoc --github -->
## Requirements
* Kubernetes >= 1.14
* [Helm][] >= v3.4.2
## Installing
### Install released version using Helm repository
**N.B.** You may or may not need/wish to install the chart into a specific **namespace**,
in which case you may need to augment the commands below.
* Add the Tika Helm charts repo:
`helm repo add tika https://apache.jfrog.io/artifactory/tika`
* Install it:
- with Helm 3: `helm install tika tika/tika --set image.tag=${release.version} -n tika-test`, you will see something like
```
helm install tika tika/tika --set image.tag=latest-full -n tika-test
...
NAME: tika
LAST DEPLOYED: Mon Jan 24 13:38:01 2022
NAMESPACE: tika-test
STATUS: deployed
REVISION: 1
NOTES:
1. Get the application URL by running these commands:
export POD_NAME=$(kubectl get pods --namespace tika-test -l "app.kubernetes.io/name=tika,app.kubernetes.io/instance=tika" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace tika-test $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:9998 to use your application"
kubectl --namespace tika-test port-forward $POD_NAME 9998:$CONTAINER_PORT
```
You may notice that the _kubectl port forwarding_ experiences a _timeout issue_ which ultimately kills the app. In this case you can run port formarding in a loop
```
while true; do kubectl --namespace tika-test port-forward $POD_NAME 9998:$CONTAINER_PORT ; done
```
... this should keep `kubectl` reconnecting on connection lost.
### Install development version using master branch
* Clone the git repo: `git clone git@github.com:apache/tika-helm.git`
* Install it:
- with Helm 3: `helm install tika . --set image.tag=latest-full`
### Custom configuration for tika
To use custom [configuration]( https://tika.apache.org/2.9.1/configuring.html) values for apache tika, use the `tikaConfig` key in the `values.yaml`.
Example:
```
tikaConfig: |
<?xml version="1.0" encoding="UTF-8"?>
<properties>
<parsers>
<!-- Default Parser for most things, except for 2 mime types -->
<parser class="org.apache.tika.parser.DefaultParser">
<mime-exclude>image/jpeg</mime-exclude>
<mime-exclude>application/pdf</mime-exclude>
</parser>
</parsers>
</properties>
```
## Upgrading
Please check `artifacthub.io/changes` in `Chart.yaml` before upgrading.
## Configuration
| Parameter | Description | Default |
| --------- | ----------- | ------- |
| `...` | ... | ... |
## Testing
```
helm plugin install https://github.com/helm-unittest/helm-unittest.git
helm unittest .
```
See [helm-unittest][] for canonical documentation.
## Contributing
Please check [CONTRIBUTING][] before any contribution or for any questions
about our development and testing process.
## More Information
For more infomation on Apache Tika Server, go to the [Apache Tika Server documentation][].
For more information on Apache Tika, go to the official [Apache Tika][] project website.
For more information on the Apache Software Foundation, go to the [Apache Software Foundation][] website.
## Authors
Apache Tika Dev Team (dev@tika.apache.org)
# License
The code is licensed permissively under the [Apache License v2.0][].
[Apache License v2.0]: https://www.apache.org/licenses/LICENSE-2.0.html
[Apache Software Foundation]: http://apache.org
[Apache Tika]: https://tika.apache.org
[Apache Tika Server documentation]: https://cwiki.apache.org/confluence/display/TIKA/TikaServer
[BREAKING_CHANGES.md]: https://github.com/apache/tika-helm/blob/master/BREAKING_CHANGES.md
[CHANGELOG.md]: https://github.com/apache/tika-helm/blob/master/CHANGELOG.md
[CONTRIBUTING]: https://github.com/apache/tika#contributing-via-github
[apache/tika]: https://github.com/apache/tika-docker
[helm-unittest]: https://github.com/helm-unittest/helm-unittest
[Helm chart]: https://helm.sh/docs/topics/charts/
[Kubernetes]: https://kubernetes.io/
[Tika Docker image]: https://hub.docker.com/r/apache/tika/tags?page=1&ordering=last_updated
[helm]: https://helm.sh
[latest release]: https://github.com/apache/tika-helm/releases

32
open-webui/charts/tika/artifacthub-repo.yml Normal file
View File

@ -0,0 +1,32 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Artifact Hub repository metadata file
#
# Some settings like the verified publisher flag or the ignored packages won't
# be applied until the next time the repository is processed. Please keep in
# mind that the repository won't be processed if it has not changed since the
# last time it was processed. Depending on the repository kind, this is checked
# in a different way. For Helm http based repositories, we consider it has
# changed if the `index.yaml` file changes. For git based repositories, it does
# when the hash of the last commit in the branch you set up changes. This does
# NOT apply to ownership claim operations, which are processed immediately.
#
repositoryID: 01c1e88b-cba6-4430-9e05-05f02d3f805b
owners:
- name: Apache Tika Committers
email: dev@tika.apache.org

22
open-webui/charts/tika/templates/NOTES.txt Normal file
View File

@ -0,0 +1,22 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "tika-helm.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "tika-helm.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "tika-helm.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "tika-helm.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:9998 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9998:$CONTAINER_PORT
{{- end }}

74
open-webui/charts/tika/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,74 @@
{{/*
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
*/}}
{{- define "tika-helm.namespace" -}}
{{- if .Values.namespaceOverride -}}
{{- .Values.namespaceOverride -}}
{{- else -}}
{{- .Release.Namespace -}}
{{- end -}}
{{- end -}}
{{/*
Expand the name of the chart.
*/}}
{{- define "tika-helm.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "tika-helm.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "tika-helm.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "tika-helm.labels" -}}
helm.sh/chart: {{ include "tika-helm.chart" . }}
{{ include "tika-helm.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "tika-helm.selectorLabels" -}}
app.kubernetes.io/name: {{ include "tika-helm.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "tika-helm.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "tika-helm.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

28
open-webui/charts/tika/templates/configmap.yaml Normal file
View File

@ -0,0 +1,28 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
---
{{- if .Values.tikaConfig }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Chart.Name }}-config
namespace: {{ include "tika-helm.namespace" . }}
data:
tika-config.xml: |-
{{ .Values.tikaConfig | indent 4 }}
{{- end }}

127
open-webui/charts/tika/templates/deployment.yaml Normal file
View File

@ -0,0 +1,127 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "tika-helm.fullname" . }}
namespace: {{ include "tika-helm.namespace" . }}
labels:
{{- include "tika-helm.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "tika-helm.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "tika-helm.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "tika-helm.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
volumes:
- name: sec-ctx-vol
emptyDir: {}
{{- if .Values.tikaConfig }}
- name: tika-config
configMap:
name: {{ .Chart.Name }}-config
defaultMode: 0777
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- if .Values.tikaConfig }}
args: ["-c" , "/tika-config/tika-config.xml"]
{{- end }}
{{- with .Values.env }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
volumeMounts:
- name: sec-ctx-vol
mountPath: /tmp
{{- if .Values.tikaConfig }}
- name: tika-config
mountPath: /tika-config
{{- end }}
ports:
- name: http
containerPort: {{ .Values.service.port }}
protocol: TCP
livenessProbe:
{{- if eq (lower .Values.livenessProbe.scheme) "tcp" }}
tcpSocket:
port: {{ .Values.service.port }}
{{- else }}
httpGet:
path: {{if .Values.config.base_url }}{{- with urlParse (tpl .Values.config.base_url .) }}{{ .path }}{{end}}{{else}}/{{end}}
port: {{ .Values.service.port }}
scheme: {{ .Values.livenessProbe.scheme | default "http" }}
{{- end }}
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds | default 15 }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds | default 30 }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold | default 20 }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds | default 5 }}
readinessProbe:
{{- if eq (lower .Values.readinessProbe.scheme) "tcp" }}
tcpSocket:
port: {{ .Values.service.port }}
{{- else }}
httpGet:
path: {{if .Values.config.base_url }}{{- with urlParse (tpl .Values.config.base_url .) }}{{ .path }}{{end}}{{else}}/{{end}}
port: {{ .Values.service.port }}
scheme: {{ .Values.readinessProbe.scheme | default "http" }}
{{- end }}
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds | default 15 }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds | default 30 }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold | default 20 }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds | default 5 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}

66
open-webui/charts/tika/templates/hpa.yaml Normal file
View File

@ -0,0 +1,66 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
---
{{- if .Values.autoscaling.enabled }}
apiVersion: {{ .Values.autoscaling.apiVersion }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "tika-helm.fullname" . }}
namespace: {{ include "tika-helm.namespace" . }}
labels:
{{- include "tika-helm.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "tika-helm.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if eq .Values.autoscaling.apiVersion "autoscaling/v2" }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- else }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- end }}
{{- end }}

80
open-webui/charts/tika/templates/ingress.yaml Normal file
View File

@ -0,0 +1,80 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
---
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "tika-helm.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ include "tika-helm.namespace" . }}
labels:
{{- include "tika-helm.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

42
open-webui/charts/tika/templates/networkpolicy.yaml Normal file
View File

@ -0,0 +1,42 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
---
{{- if .Values.networkPolicy.enabled }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ template "tika-helm.fullname" . }}
namespace: {{ include "tika-helm.namespace" . }}
labels:
{{- include "tika-helm.labels" . | nindent 4 }}
spec:
podSelector:
matchLabels:
{{- include "tika-helm.selectorLabels" . | nindent 6 }}
egress:
- {}
ingress:
- ports:
- port: {{ .Values.service.port }}
{{- if not .Values.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels:
{{ template "tika-helm.fullname" . }}-client: "true"
{{- end }}
{{- end }}

38
open-webui/charts/tika/templates/service.yaml Normal file
View File

@ -0,0 +1,38 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "tika-helm.fullname" . }}
namespace: {{ include "tika-helm.namespace" . }}
labels:
{{- include "tika-helm.labels" . | nindent 4 }}
annotations:
{{- with .Values.service.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "tika-helm.selectorLabels" . | nindent 4 }}

31
open-webui/charts/tika/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,31 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
---
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "tika-helm.serviceAccountName" . }}
namespace: {{ include "tika-helm.namespace" . }}
labels:
{{- include "tika-helm.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

69
open-webui/charts/tika/values.yaml Normal file
View File

@ -0,0 +1,69 @@
affinity: {}
autoscaling:
apiVersion: autoscaling/v2
enabled: false
maxReplicas: 100
minReplicas: 1
targetCPUUtilizationPercentage: 80
targetMemoryUtilizationPercentage: 80
config:
base_url: http://localhost/
fullnameOverride: ""
image:
pullPolicy: IfNotPresent
repository: apache/tika
tag: 3.2.2.0-full
imagePullSecrets: []
ingress:
annotations: {}
enabled: false
hosts:
- host: chart-example.local
paths: []
tls: []
livenessProbe:
failureThreshold: 20
initialDelaySeconds: 15
periodSeconds: 5
scheme: HTTP
timeoutSeconds: 30
nameOverride: ""
namespaceOverride: ""
networkPolicy:
allowExternal: false
enabled: false
nodeSelector: {}
podAnnotations: {}
podSecurityContext: {}
readinessProbe:
failureThreshold: 20
initialDelaySeconds: 15
periodSeconds: 5
scheme: HTTP
timeoutSeconds: 30
replicaCount: 1
resources:
limits:
cpu: "2"
memory: 2000Mi
requests:
cpu: "1"
memory: 1500Mi
securityContext:
allowPrivilegeEscalation: true
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 35002
runAsNonRoot: true
runAsUser: 35002
service:
port: 9998
type: ClusterIP
serviceAccount:
annotations: {}
create: true
name: ""
tolerations: []
topologySpreadConstraints: []

77
open-webui/templates/NOTES.txt Normal file
View File

@ -0,0 +1,77 @@
{{- `
🎉 Welcome to Open WebUI!!
██████╗ ██████╗ ███████╗███╗ ██╗ ██╗ ██╗███████╗██████╗ ██╗ ██╗██╗
██╔═══██╗██╔══██╗██╔════╝████╗ ██║ ██║ ██║██╔════╝██╔══██╗██║ ██║██║
██║ ██║██████╔╝█████╗ ██╔██╗ ██║ ██║ █╗ ██║█████╗ ██████╔╝██║ ██║██║
██║ ██║██╔═══╝ ██╔══╝ ██║╚██╗██║ ██║███╗██║██╔══╝ ██╔══██╗██║ ██║██║
╚██████╔╝██║ ███████╗██║ ╚████║ ╚███╔███╔╝███████╗██████╔╝╚██████╔╝██║
╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═══╝ ╚══╝╚══╝ ╚══════╝╚═════╝ ╚═════╝ ╚═╝
` }}
v{{ .Chart.AppVersion }} - building the best open-source AI user interface.
- Chart Version: v{{ .Chart.Version }}
- Project URL 1: {{ .Chart.Home }}
- Project URL 2: https://github.com/open-webui/open-webui
- Documentation: https://docs.openwebui.com/
- Chart URL: https://github.com/open-webui/helm-charts
Open WebUI is a web-based user interface that works with Ollama, OpenAI, Claude 3, Gemini and more.
This interface allows you to easily interact with local AI models.
1. Deployment Information:
- Chart Name: {{ .Chart.Name }}
- Release Name: {{ .Release.Name }}
- Namespace: {{ .Release.Namespace }}
2. Access the Application:
{{- if contains "ClusterIP" .Values.service.type }}
Access via ClusterIP service:
export LOCAL_PORT=8080
export POD_NAME=$(kubectl get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/component={{ include "open-webui.name" . }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod -n {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME $LOCAL_PORT:$CONTAINER_PORT
echo "Visit http://127.0.0.1:$LOCAL_PORT to use your application"
Then, access the application at: http://127.0.0.1:$LOCAL_PORT or http://localhost:8080
{{- else if contains "NodePort" .Values.service.type }}
Access via NodePort service:
export NODE_PORT=$(kubectl get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "open-webui.name" . }})
export NODE_IP=$(kubectl get nodes -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
Access via LoadBalancer service:
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
NOTE: The external address format depends on your cloud provider:
- AWS: Will return a hostname (e.g., xxx.elb.amazonaws.com)
- GCP/Azure: Will return an IP address
You can watch the status by running:
kubectl get -n {{ .Release.Namespace }} svc {{ include "open-webui.name" . }} --watch
export EXTERNAL_IP=$(kubectl get -n {{ .Release.Namespace }} svc {{ include "open-webui.name" . }} -o jsonpath="{.status.loadBalancer.ingress[0].hostname:-.status.loadBalancer.ingress[0].ip}")
echo http://$EXTERNAL_IP:{{ .Values.service.port }}
{{- end }}
{{- if .Values.ingress.enabled }}
Ingress is enabled. Access the application at: http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.host }}
{{- end }}
3. Useful Commands:
- Check deployment status:
helm status {{ .Release.Name }} -n {{ .Release.Namespace }}
- Get detailed information:
helm get all {{ .Release.Name }} -n {{ .Release.Namespace }}
- View logs:
{{- if .Values.persistence.enabled }}
kubectl logs -f statefulset/{{ include "open-webui.name" . }} -n {{ .Release.Namespace }}
{{- else }}
kubectl logs -f deployment/{{ include "open-webui.name" . }} -n {{ .Release.Namespace }}
{{- end }}
4. Cleanup:
- Uninstall the deployment:
helm uninstall {{ .Release.Name }} -n {{ .Release.Namespace }}

256
open-webui/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,256 @@
{{/*
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
*/}}
{{- define "open-webui.namespace" -}}
{{- if .Values.namespaceOverride -}}
{{- .Values.namespaceOverride -}}
{{- else -}}
{{- .Release.Namespace -}}
{{- end -}}
{{- end -}}
{{/*
Set the name of the Open WebUI resources
*/}}
{{- define "open-webui.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end -}}
{{/*
Set the name of the integrated Ollama resources
*/}}
{{- define "ollama.name" -}}
open-webui-ollama
{{- end -}}
{{/*
Set the name of the integrated Pipelines resources
*/}}
{{- define "pipelines.name" -}}
open-webui-pipelines
{{- end -}}
{{/*
Constructs a semicolon-separated string of Ollama API endpoint URLs from the ollamaUrls list
defined in the values.yaml file
*/}}
{{- define "ollamaUrls" -}}
{{- if .Values.ollamaUrls }}
{{- join ";" .Values.ollamaUrls | trimSuffix "/" }}
{{- end }}
{{- end }}
{{/*
Generates the URL for accessing the Ollama service within the Kubernetes cluster when the
ollama.enabled value is set to true, which means that the Ollama Helm chart is being installed
as a dependency of the Open WebUI chart
*/}}
{{- define "ollamaLocalUrl" -}}
{{- if .Values.ollama.enabled -}}
{{- $clusterDomain := .Values.clusterDomain }}
{{- $ollamaServicePort := .Values.ollama.service.port | toString }}
{{- printf "http://%s.%s.svc.%s:%s" (default .Values.ollama.name .Values.ollama.fullnameOverride) (.Release.Namespace) $clusterDomain $ollamaServicePort }}
{{- end }}
{{- end }}
{{/*
Constructs a string containing the URLs of the Ollama API endpoints that the Open WebUI
application should use based on which values are set for Ollama/ whether the Ollama
subchart is in use
*/}}
{{- define "ollamaBaseUrls" -}}
{{- $ollamaLocalUrl := include "ollamaLocalUrl" . }}
{{- $ollamaUrls := include "ollamaUrls" . }}
{{- if and .Values.ollama.enabled .Values.ollamaUrls }}
{{- printf "%s;%s" $ollamaUrls $ollamaLocalUrl }}
{{- else if .Values.ollama.enabled }}
{{- printf "%s" $ollamaLocalUrl }}
{{- else if .Values.ollamaUrls }}
{{- printf "%s" $ollamaUrls }}
{{- end }}
{{- end }}
{{/*
Create the chart name and version for the chart label
*/}}
{{- define "chart.name" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create the base labels to include on chart resources
*/}}
{{- define "base.labels" -}}
helm.sh/chart: {{ include "chart.name" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Create selector labels to include on all resources
*/}}
{{- define "base.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{/*
Create selector labels to include on all Open WebUI resources
*/}}
{{- define "open-webui.selectorLabels" -}}
{{ include "base.selectorLabels" . }}
app.kubernetes.io/component: {{ .Chart.Name }}
{{- end }}
{{/*
Create labels to include on chart all Open WebUI resources
*/}}
{{- define "open-webui.labels" -}}
{{ include "base.labels" . }}
{{ include "open-webui.selectorLabels" . }}
{{- end }}
{{/*
Create selector labels to include on chart all Ollama resources
*/}}
{{- define "ollama.selectorLabels" -}}
{{ include "base.selectorLabels" . }}
app.kubernetes.io/component: {{ include "ollama.name" . }}
{{- end }}
{{/*
Create labels to include on chart all Ollama resources
*/}}
{{- define "ollama.labels" -}}
{{ include "base.labels" . }}
{{ include "ollama.selectorLabels" . }}
{{- end }}
{{/*
Create selector labels to include on chart all Pipelines resources
*/}}
{{- define "pipelines.selectorLabels" -}}
{{ include "base.selectorLabels" . }}
app.kubernetes.io/component: {{ include "pipelines.name" . }}
{{- end }}
{{/*
Create labels to include on chart all Pipelines resources
*/}}
{{- define "pipelines.labels" -}}
{{ include "base.labels" . }}
{{ include "pipelines.selectorLabels" . }}
{{- end }}
{{/*
Create the service endpoint to use for Pipelines if the subchart is used
*/}}
{{- define "pipelines.serviceEndpoint" -}}
{{- if .Values.pipelines.enabled -}}
{{- $clusterDomain := .Values.clusterDomain }}
{{- $pipelinesServicePort := .Values.pipelines.service.port | toString }}
{{- printf "http://%s.%s.svc.%s:%s" (include "pipelines.name" .) (.Release.Namespace) $clusterDomain $pipelinesServicePort }}
{{- end }}
{{- end }}
{{/*
Create selector labels to include on chart all websocket resources
*/}}
{{- define "websocket.redis.selectorLabels" -}}
{{ include "base.selectorLabels" . }}
app.kubernetes.io/component: {{ .Values.websocket.redis.name }}
{{- end }}
{{/*
Create labels to include on chart all websocket resources
*/}}
{{- define "websocket.redis.labels" -}}
{{ include "base.labels" . }}
{{ include "websocket.redis.selectorLabels" . }}
{{- end }}
{{/*
Validate SSO ClientSecret to be set literally or via Secret
*/}}
{{- define "sso.validateClientSecret" -}}
{{- $provider := .provider }}
{{- $values := .values }}
{{- if and (empty (index $values $provider "clientSecret")) (empty (index $values $provider "clientExistingSecret")) }}
{{- fail (printf "You must provide either .Values.sso.%s.clientSecret or .Values.sso.%s.clientExistingSecret" $provider $provider) }}
{{- end }}
{{- end }}
{{- /*
Fail template rendering if invalid log component
*/ -}}
{{- define "logging.isValidComponent" -}}
{{- $component := . | lower -}}
{{- $validComponents := dict
"audio" true
"comfyui" true
"config" true
"db" true
"images" true
"main" true
"models" true
"ollama" true
"openai" true
"rag" true
"webhook" true
-}}
{{- hasKey $validComponents $component -}}
{{- end }}
{{- define "logging.assertValidComponent" -}}
{{- $component := lower . -}}
{{- $res := include "logging.isValidComponent" $component }}
{{- if ne $res "true" }}
{{- fail (printf "Invalid logging component name: '%s'. Valid names: audio, comfyui, config, db, images, main, models, ollama, openai, rag, webhook" $component) }}
{{- end }}
{{- end }}
{{- /*
Fail template rendering if invalid log level
*/ -}}
{{- define "logging.assertValidLevel" -}}
{{- $level := lower . }}
{{- $validLevels := dict "notset" true "debug" true "info" true "warning" true "error" true "critical" true }}
{{- if not (hasKey $validLevels $level) }}
{{- fail (printf "Invalid log level: '%s'. Valid values are: notset, debug, info, warning, error, critical" $level) }}
{{- end }}
{{- end }}
{{- /*
Render a logging env var for a component, validating value
*/ -}}
{{- define "logging.componentEnvVar" -}}
{{- $name := .componentName }}
{{- $level := .logLevel }}
{{- include "logging.assertValidComponent" $name -}}
{{- include "logging.assertValidLevel" $level }}
- name: {{ printf "%s_LOG_LEVEL" (upper $name) | quote }}
value: {{ $level | quote | trim }}
{{- end }}
{{- /*
Constructs a string containing the URLs of the Open WebUI based on the ingress configuration
used to populate the variable WEBUI_URL
*/ -}}
{{- define "open-webui.url" -}}
{{- $url := "" -}}
{{- range .Values.extraEnvVars }}
{{- if and (eq .name "WEBUI_URL") .value }}
{{- $url = .value }}
{{- end }}
{{- end }}
{{- if not $url }}
{{- $proto := "http" -}}
{{- if .Values.ingress.tls }}
{{- $proto = "https" -}}
{{- end }}
{{- $url = printf "%s://%s" $proto .Values.ingress.host }}
{{- end }}
{{- $url }}
{{- end }}

6
open-webui/templates/extra-resources.yaml Normal file
View File

@ -0,0 +1,6 @@
{{- if .Values.extraResources }}
{{- range .Values.extraResources }}
---
{{ toYaml . | nindent 0 }}
{{- end }}
{{- end }}

52
open-webui/templates/ingress.yaml Normal file
View File

@ -0,0 +1,52 @@
{{- if .Values.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "open-webui.name" . }}
namespace: {{ include "open-webui.namespace" . }}
labels:
{{- include "open-webui.labels" . | nindent 4 }}
{{- with .Values.ingress.extraLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.ingress.annotations }}
annotations:
{{- tpl (toYaml .Values.ingress.annotations | nindent 4) . }}
{{- end }}
spec:
{{- with .Values.ingress.class }}
ingressClassName: {{ . }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
- hosts:
- {{ .Values.ingress.host | quote }}
{{- range .Values.ingress.additionalHosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ default (printf "%s-tls" .Release.Name) .Values.ingress.existingSecret }}
{{- end }}
rules:
- host: {{ .Values.ingress.host }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "open-webui.name" . }}
port:
name: http
{{- range .Values.ingress.additionalHosts }}
- host: {{ . | quote }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "open-webui.name" $ }}
port:
name: http
{{- end }}
{{- end }}

11
open-webui/templates/managed-cert.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- if .Values.managedCertificate.enabled }}
apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
name: {{ .Values.managedCertificate.name | default "mydomain-cert" }}
spec:
domains:
{{- range .Values.managedCertificate.domains }}
- {{ . | quote }}
{{- end }}
{{- end }}

28
open-webui/templates/pvc.yaml Normal file
View File

@ -0,0 +1,28 @@
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.provider "local") }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "open-webui.name" . }}
namespace: {{ include "open-webui.namespace" . }}
labels:
{{- include "open-webui.selectorLabels" . | nindent 4 }}
{{- with .Values.persistence.annotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size }}
{{- if .Values.persistence.storageClass }}
storageClassName: {{ .Values.persistence.storageClass }}
{{- end }}
{{- with .Values.persistence.selector }}
selector:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

14
open-webui/templates/service-account.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- if .Values.serviceAccount.enable }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.serviceAccount.name | default (include "open-webui.name" .) }}
namespace: {{ include "open-webui.namespace" . }}
labels:
{{- include "open-webui.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- end }}

36
open-webui/templates/service.yaml Normal file
View File

@ -0,0 +1,36 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "open-webui.name" . }}
namespace: {{ include "open-webui.namespace" . }}
labels:
{{- include "open-webui.labels" . | nindent 4 }}
{{- with .Values.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
{{- include "open-webui.selectorLabels" . | nindent 4 }}
type: {{ .Values.service.type | default "ClusterIP" }}
ports:
- protocol: TCP
name: http
port: {{ .Values.service.port }}
targetPort: http
{{- if .Values.service.nodePort }}
nodePort: {{ .Values.service.nodePort | int }}
{{- end }}
{{- if .Values.service.loadBalancerClass }}
loadBalancerClass: {{ .Values.service.loadBalancerClass | quote }}
{{- end }}
{{- if and (eq .Values.service.type "ClusterIP") (.Values.service.clusterIP) }}
clusterIP: {{ .Values.service.clusterIP }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") (.Values.service.loadBalancerIP) }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}

98
open-webui/templates/websocket-redis.yaml Normal file
View File

@ -0,0 +1,98 @@
{{- if and .Values.websocket.enabled .Values.websocket.redis.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.websocket.redis.name }}
namespace: {{ include "open-webui.namespace" . }}
labels:
{{- include "websocket.redis.labels" . | nindent 4 }}
{{- with .Values.websocket.redis.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with .Values.websocket.redis.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "websocket.redis.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "websocket.redis.labels" . | nindent 8 }}
{{- with .Values.websocket.redis.pods.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
annotations:
{{- with .Values.websocket.redis.pods.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if .Values.websocket.redis.image.pullSecretName }}
imagePullSecrets:
- name: {{ .Values.websocket.redis.image.pullSecretName }}
{{- end }}
containers:
- name: {{ .Values.websocket.redis.name }}
image: "{{ .Values.websocket.redis.image.repository }}:{{ .Values.websocket.redis.image.tag }}"
imagePullPolicy: {{ .Values.websocket.redis.image.pullPolicy }}
{{- with .Values.websocket.redis.command }}
command:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.websocket.redis.args }}
args:
{{- toYaml . | nindent 10 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.websocket.redis.service.containerPort }}
{{- with .Values.websocket.redis.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.websocket.redis.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.websocket.redis.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.websocket.redis.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.websocket.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.websocket.redis.name }}
namespace: {{ include "open-webui.namespace" . }}
labels:
{{- include "websocket.redis.labels" . | nindent 4 }}
{{- with .Values.websocket.redis.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with .Values.websocket.redis.service.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
{{- include "websocket.redis.selectorLabels" . | nindent 4 }}
type: {{ .Values.websocket.redis.service.type | default "ClusterIP" }}
ports:
- protocol: TCP
name: {{ .Values.websocket.redis.service.portName | default "http" }}
port: {{ .Values.websocket.redis.service.port }}
targetPort: http
{{- if .Values.websocket.redis.service.nodePort }}
nodePort: {{ .Values.websocket.redis.service.nodePort | int }}
{{- end }}
{{- end }}

418
open-webui/templates/workload-manager.yaml Normal file
View File

@ -0,0 +1,418 @@
apiVersion: apps/v1
{{- if and .Values.persistence.enabled (eq .Values.persistence.provider "local") }}
kind: StatefulSet
{{- else }}
kind: Deployment
{{- end }}
metadata:
name: {{ include "open-webui.name" . }}
namespace: {{ include "open-webui.namespace" . }}
labels:
{{- include "open-webui.labels" . | nindent 4 }}
{{- with .Values.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicaCount }}
{{- if or (not .Values.persistence.enabled) (not (eq .Values.persistence.provider "local")) }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
{{- end }}
{{- if and .Values.persistence.enabled (eq .Values.persistence.provider "local") }}
serviceName: {{ include "open-webui.name" . }}
{{- end }}
selector:
matchLabels:
{{- include "open-webui.selectorLabels" . | nindent 6 }}
{{- if .Values.strategy }}
{{- if and .Values.persistence.enabled (eq .Values.persistence.provider "local") }}
updateStrategy:
{{- toYaml .Values.strategy | nindent 4 }}
{{- else }}
strategy:
{{- toYaml .Values.strategy | nindent 4 }}
{{- end }}
{{- end }}
template:
metadata:
labels:
{{- include "open-webui.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
initContainers:
- name: copy-app-data
{{- with .Values.image }}
image: {{ .repository }}:{{ .tag | default $.Chart.AppVersion }}
imagePullPolicy: {{ .pullPolicy }}
{{- end }}
command:
{{- toYaml (.Values.copyAppData.command | default (list "sh" "-c" "cp -R -n /app/backend/data/* /tmp/app-data/")) | nindent 10 }}
{{- with .Values.copyAppData.args }}
args:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.copyAppData.resources }}
resources: {{- toYaml . | nindent 10 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /tmp/app-data
{{- if .Values.persistence.subPath }}
subPath: {{ .Values.persistence.subPath }}
{{- end }}
{{- with .Values.volumeMounts.initContainer }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.extraInitContainers }}
{{- toYaml . | nindent 6 }}
{{- end }}
enableServiceLinks: false
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- if .Values.runtimeClassName }}
runtimeClassName: {{ .Values.runtimeClassName | quote }}
{{- end }}
{{- if .Values.serviceAccount.enable }}
serviceAccountName: {{ .Values.serviceAccount.name | default (include "open-webui.name" .) }}
{{- end }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- with .Values.image }}
image: {{ .repository }}:{{ .tag | default $.Chart.AppVersion }}
imagePullPolicy: {{ .pullPolicy }}
{{- end }}
{{- with .Values.command }}
command:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.args }}
args:
{{- toYaml . | nindent 10 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.service.containerPort }}
{{- with .Values.livenessProbe }}
livenessProbe: {{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.readinessProbe }}
readinessProbe: {{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.startupProbe }}
startupProbe: {{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.resources }}
resources: {{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /app/backend/data
{{- if .Values.persistence.subPath }}
subPath: {{ .Values.persistence.subPath }}
{{- end }}
{{- with .Values.volumeMounts.container }}
{{- toYaml . | nindent 8 }}
{{- end }}
env:
{{- $hasCustomWebUIUrl := false }}
{{- range .Values.extraEnvVars }}
{{- if eq .name "WEBUI_URL" }}
{{- $hasCustomWebUIUrl = true }}
{{- end }}
{{- end }}
{{- if and .Values.ingress.enabled (not $hasCustomWebUIUrl) }}
- name: WEBUI_URL
value: {{ include "open-webui.url" . | quote }}
{{- end }}
{{- if .Values.ollamaUrlsFromExtraEnv}}
{{- else if or .Values.ollamaUrls .Values.ollama.enabled }}
- name: "OLLAMA_BASE_URLS"
value: {{ include "ollamaBaseUrls" . | quote }}
{{- else }}
- name: "ENABLE_OLLAMA_API"
value: "False"
{{- end }}
{{- if and .Values.enableOpenaiApi .Values.openaiBaseApiUrl (not .Values.openaiBaseApiUrls) (not .Values.pipelines.enabled) }}
# If only an OpenAI API value is set, set it to OPENAI_API_BASE_URL
- name: "OPENAI_API_BASE_URL"
value: {{ .Values.openaiBaseApiUrl | quote }}
{{- else if and .Values.enableOpenaiApi .Values.openaiBaseApiUrl .Values.pipelines.enabled (not .Values.openaiBaseApiUrls) }}
# If Pipelines is enabled and OpenAI API value is set, use OPENAI_API_BASE_URLS with combined values
- name: "OPENAI_API_BASE_URLS"
value: "{{ include "pipelines.serviceEndpoint" . }};{{ .Values.openaiBaseApiUrl }}"
{{- else if and .Values.enableOpenaiApi .Values.pipelines.enabled (not .Values.openaiBaseApiUrl) (not .Values.openaiBaseApiUrls) }}
# If Pipelines is enabled and no OpenAI API values are set, set OPENAI_API_BASE_URL to the Pipelines server endpoint
- name: "OPENAI_API_BASE_URL"
value: {{ include "pipelines.serviceEndpoint" . | quote }}
{{- else if and .Values.enableOpenaiApi .Values.openaiBaseApiUrls .Values.pipelines.enabled }}
# If OpenAI API value(s) set and Pipelines is enabled, use OPENAI_API_BASE_URLS to support all the endpoints in the chart
- name: "OPENAI_API_BASE_URLS"
value: "{{ include "pipelines.serviceEndpoint" . }};{{ join ";" .Values.openaiBaseApiUrls }}"
{{- else if not .Values.enableOpenaiApi }}
- name: "ENABLE_OPENAI_API"
value: "False"
{{- end }}
{{- if .Values.tika.enabled }}
- name: "CONTENT_EXTRACTION_ENGINE"
value: "Tika"
- name: "TIKA_SERVER_URL"
value: http://{{ .Chart.Name }}-tika:9998
{{- end }}
{{- if eq .Values.persistence.provider "s3" }}
- name: "STORAGE_PROVIDER"
value: {{ .Values.persistence.provider }}
- name: "S3_ACCESS_KEY_ID"
{{- if .Values.persistence.s3.accessKeyExistingSecret }}
valueFrom:
secretKeyRef:
name: {{ .Values.persistence.s3.accessKeyExistingSecret }}
key: {{ .Values.persistence.s3.accessKeyExistingAccessKey }}
{{- else }}
value: {{ .Values.persistence.s3.accessKey }}
{{- end }}
- name: "S3_SECRET_ACCESS_KEY"
{{- if .Values.persistence.s3.secretKeyExistingSecret }}
valueFrom:
secretKeyRef:
name: {{ .Values.persistence.s3.secretKeyExistingSecret }}
key: {{ .Values.persistence.s3.secretKeyExistingSecretKey }}
{{- else }}
value: {{ .Values.persistence.s3.secretKey }}
{{- end }}
- name: "S3_ENDPOINT_URL"
value: {{ .Values.persistence.s3.endpointUrl }}
- name: "S3_BUCKET_NAME"
value: {{ .Values.persistence.s3.bucket }}
- name: "S3_REGION_NAME"
value: {{ .Values.persistence.s3.region }}
- name: "S3_KEY_PREFIX"
value: {{ .Values.persistence.s3.keyPrefix }}
{{- else if eq .Values.persistence.provider "gcs" }}
- name: "STORAGE_PROVIDER"
value: {{ .Values.persistence.provider }}
- name: "GOOGLE_APPLICATION_CREDENTIALS_JSON"
{{- if .Values.persistence.gcs.appCredentialsJsonExistingSecret }}
valueFrom:
secretKeyRef:
name: {{ .Values.persistence.gcs.appCredentialsJsonExistingSecret }}
key: {{ .Values.persistence.gcs.appCredentialsJsonExistingSecretKey }}
{{- else }}
value: {{ .Values.persistence.gcs.appCredentialsJson }}
{{- end }}
- name: "GCS_BUCKET_NAME"
value: {{ .Values.persistence.gcs.bucket }}
{{- else if eq .Values.persistence.provider "azure" }}
- name: "STORAGE_PROVIDER"
value: {{ .Values.persistence.provider }}
- name: "AZURE_STORAGE_ENDPOINT"
value: {{ .Values.persistence.azure.endpointUrl }}
- name: "AZURE_STORAGE_CONTAINER_NAME"
value: {{ .Values.persistence.azure.container }}
- name: "AZURE_STORAGE_KEY"
{{- if .Values.persistence.azure.keyExistingSecret }}
valueFrom:
secretKeyRef:
name: {{ .Values.persistence.azure.keyExistingSecret }}
key: {{ .Values.persistence.azure.keyExistingSecretKey }}
{{- else }}
value: {{ .Values.persistence.azure.key }}
{{- end }}
{{- end }}
{{- if .Values.websocket.enabled }}
- name: "ENABLE_WEBSOCKET_SUPPORT"
value: "True"
- name: "WEBSOCKET_MANAGER"
value: {{ .Values.websocket.manager | default "redis" | quote }}
- name: "WEBSOCKET_REDIS_URL"
value: {{ .Values.websocket.url | quote }}
{{- end }}
{{- if .Values.databaseUrl }}
- name: "DATABASE_URL"
value: {{ .Values.databaseUrl | quote }}
{{- end }}
{{- if .Values.sso.enabled }}
{{- if .Values.sso.enableSignup }}
- name: "ENABLE_OAUTH_SIGNUP"
value: "True"
{{- end }}
{{- if .Values.sso.mergeAccountsByEmail }}
- name: "OAUTH_MERGE_ACCOUNTS_BY_EMAIL"
value: "True"
{{- end }}
{{- if .Values.sso.google.enabled }}
- name: "GOOGLE_CLIENT_ID"
value: {{ .Values.sso.google.clientId | quote }}
{{- include "sso.validateClientSecret" (dict "provider" "google" "values" .Values.sso) }}
- name: "GOOGLE_CLIENT_SECRET"
{{- if .Values.sso.google.clientExistingSecret }}
valueFrom:
secretKeyRef:
name: {{ .Values.sso.google.clientExistingSecret | quote }}
key: {{ .Values.sso.google.clientExistingSecretKey | quote }}
{{- else }}
value: {{ .Values.sso.google.clientSecret | quote }}
{{- end }}
{{- end }}
{{- if .Values.sso.microsoft.enabled }}
- name: "MICROSOFT_CLIENT_ID"
value: {{ .Values.sso.microsoft.clientId | quote }}
{{- include "sso.validateClientSecret" (dict "provider" "microsoft" "values" .Values.sso) }}
- name: "MICROSOFT_CLIENT_SECRET"
{{- if .Values.sso.microsoft.clientExistingSecret }}
valueFrom:
secretKeyRef:
name: {{ .Values.sso.microsoft.clientExistingSecret | quote }}
key: {{ .Values.sso.microsoft.clientExistingSecretKey | quote }}
{{- else }}
value: {{ .Values.sso.microsoft.clientSecret | quote }}
{{- end }}
- name: "MICROSOFT_CLIENT_TENANT_ID"
value: {{ .Values.sso.microsoft.tenantId | quote }}
{{- end }}
{{- if .Values.sso.github.enabled }}
- name: "GITHUB_CLIENT_ID"
value: {{ .Values.sso.github.clientId | quote }}
{{- include "sso.validateClientSecret" (dict "provider" "github" "values" .Values.sso) }}
- name: "GITHUB_CLIENT_SECRET"
{{- if .Values.sso.github.clientExistingSecret }}
valueFrom:
secretKeyRef:
name: {{ .Values.sso.github.clientExistingSecret | quote }}
key: {{ .Values.sso.github.clientExistingSecretKey | quote }}
{{- else }}
value: {{ .Values.sso.github.clientSecret | quote }}
{{- end }}
{{- end }}
{{- if .Values.sso.oidc.enabled }}
- name: "OAUTH_CLIENT_ID"
value: {{ .Values.sso.oidc.clientId | quote }}
{{- include "sso.validateClientSecret" (dict "provider" "oidc" "values" .Values.sso) }}
- name: "OAUTH_CLIENT_SECRET"
{{- if .Values.sso.oidc.clientExistingSecret }}
valueFrom:
secretKeyRef:
name: {{ .Values.sso.oidc.clientExistingSecret | quote }}
key: {{ .Values.sso.oidc.clientExistingSecretKey | quote }}
{{- else }}
value: {{ .Values.sso.oidc.clientSecret | quote }}
{{- end }}
- name: "OPENID_PROVIDER_URL"
value: {{ .Values.sso.oidc.providerUrl | quote }}
- name: "OAUTH_PROVIDER_NAME"
value: {{ .Values.sso.oidc.providerName | quote }}
- name: "OAUTH_SCOPES"
value: {{ .Values.sso.oidc.scopes | quote }}
{{- end }}
{{- if .Values.sso.enableRoleManagement }}
- name: "ENABLE_OAUTH_ROLE_MANAGEMENT"
value: "True"
- name: "OAUTH_ROLES_CLAIM"
value: {{ .Values.sso.roleManagement.rolesClaim | quote }}
{{- if .Values.sso.roleManagement.allowedRoles }}
- name: "OAUTH_ALLOWED_ROLES"
value: {{ .Values.sso.roleManagement.allowedRoles | quote }}
{{- end }}
{{- if .Values.sso.roleManagement.adminRoles }}
- name: "OAUTH_ADMIN_ROLES"
value: {{ .Values.sso.roleManagement.adminRoles | quote }}
{{- end }}
{{- end }}
{{- if .Values.sso.enableGroupManagement }}
- name: "ENABLE_OAUTH_GROUP_MANAGEMENT"
value: "True"
- name: "OAUTH_GROUP_CLAIM"
value: {{ .Values.sso.groupManagement.groupsClaim | quote }}
{{- end }}
{{- if .Values.sso.trustedHeader.enabled }}
- name: "WEBUI_AUTH_TRUSTED_EMAIL_HEADER"
value: {{ .Values.sso.trustedHeader.emailHeader | quote }}
{{- if .Values.sso.trustedHeader.nameHeader }}
- name: "WEBUI_AUTH_TRUSTED_NAME_HEADER"
value: {{ .Values.sso.trustedHeader.nameHeader | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.logging.level }}
{{- include "logging.assertValidLevel" .Values.logging.level }}
- name: "GLOBAL_LOG_LEVEL"
value: {{ .Values.logging.level | quote }}
{{- end }}
{{- if .Values.logging.components }}
{{- range $name, $level := .Values.logging.components }}
{{- if $level }}
{{- include "logging.componentEnvVar" (dict "componentName" $name "logLevel" $level) | indent 8 }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.extraEnvVars }}
{{- toYaml .Values.extraEnvVars | nindent 8 }}
{{- end }}
{{- if .Values.commonEnvVars }}
{{- toYaml .Values.commonEnvVars | nindent 8 }}
{{- end }}
{{- if .Values.extraEnvFrom }}
envFrom:
{{- toYaml .Values.extraEnvFrom | nindent 8 }}
{{- end }}
tty: true
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
- name: data
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim }}
{{- else if or (not .Values.persistence.enabled) (not (eq .Values.persistence.provider "local")) }}
- name: data
emptyDir: {}
{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
- name: data
persistentVolumeClaim:
claimName: {{ include "open-webui.name" . }}
{{- end }}
{{- with .Values.volumes }}
{{- toYaml . | nindent 6 }}
{{- end }}

276
open-webui/values-gke-min.yaml Normal file
View File

@ -0,0 +1,276 @@
nameOverride: ""
namespaceOverride: ""
ollama:
# -- Automatically install Ollama Helm chart from https://otwld.github.io/ollama-helm/. Use [Helm Values](https://github.com/otwld/ollama-helm/#helm-values) to configure
enabled: false
# -- If enabling embedded Ollama, update fullnameOverride to your desired Ollama name value, or else it will use the default ollama.name value from the Ollama chart
fullnameOverride: "open-webui-ollama"
# -- Example Ollama configuration with nvidia GPU enabled, automatically downloading a model, and deploying a PVC for model persistence
# ollama:
# gpu:
# enabled: true
# type: 'nvidia'
# number: 1
# models:
# - llama3
# runtimeClassName: nvidia
# persistentVolume:
# enabled: true
# volumeName: "example-pre-existing-pv-created-by-smb-csi"
pipelines:
# -- Automatically install Pipelines chart to extend Open WebUI functionality using Pipelines: https://github.com/open-webui/pipelines
enabled: false
# -- This section can be used to pass required environment variables to your pipelines (e.g. Langfuse hostname)
extraEnvVars: []
tika:
# -- Automatically install Apache Tika to extend Open WebUI
enabled: false
# -- A list of Ollama API endpoints. These can be added in lieu of automatically installing the Ollama Helm chart, or in addition to it.
ollamaUrls: []
websocket:
# -- Enables websocket support in Open WebUI with env `ENABLE_WEBSOCKET_SUPPORT`
enabled: false
# -- Specifies the websocket manager to use with env `WEBSOCKET_MANAGER`: redis (default)
manager: redis
# -- Specifies the URL of the Redis instance for websocket communication. Template with `redis://[:<password>@]<hostname>:<port>/<db>`
url: redis://open-webui-redis:6379/0
# -- Deploys a redis
redis:
# -- Enable redis installation
enabled: true
# -- Redis name
name: open-webui-redis
# -- Redis labels
labels: {}
# -- Redis annotations
annotations: {}
# -- Redis image
image:
repository: redis
tag: 7.4.2-alpine3.21
pullPolicy: IfNotPresent
# -- Redis command (overrides default)
command: []
# -- Redis arguments (overrides default)
args: []
# -- Redis resources
resources: {}
# -- Redis service
service:
# -- Redis container/target port
containerPort: 6379
# -- Redis service type
type: ClusterIP
# -- Redis service labels
labels: {}
# -- Redis service annotations
annotations: {}
# -- Redis service port name. Istio needs this to be something like `tcp-redis`
portName: http
# -- Redis service port
port: 6379
# -- Redis service node port. Valid only when type is `NodePort`
nodePort: ""
# -- Value of cluster domain
clusterDomain: cluster.local
annotations: {}
podAnnotations: {}
podLabels: {}
replicaCount: 1
# -- Strategy for updating the workload manager: deployment or statefulset
strategy: {}
# -- Open WebUI image tags can be found here: https://github.com/open-webui/open-webui
image:
repository: ghcr.io/open-webui/open-webui
tag: ""
pullPolicy: "IfNotPresent"
serviceAccount:
enable: true
name: ""
annotations: {}
automountServiceAccountToken: false
# -- Configure imagePullSecrets to use private registry
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry>
imagePullSecrets: []
# imagePullSecrets:
# - name: myRegistryKeySecretName
# -- Probe for liveness of the Open WebUI container
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes>
livenessProbe: {}
# livenessProbe:
# httpGet:
# path: /health
# port: http
# failureThreshold: 1
# periodSeconds: 10
# -- Probe for readiness of the Open WebUI container
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes>
readinessProbe: {}
# readinessProbe:
# httpGet:
# path: /health/db
# port: http
# failureThreshold: 1
# periodSeconds: 10
# -- Probe for startup of the Open WebUI container
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes>
startupProbe: {}
# startupProbe:
# httpGet:
# path: /health
# port: http
# initialDelaySeconds: 30
# periodSeconds: 5
# failureThreshold: 20
resources: {}
copyAppData:
resources: {}
managedCertificate:
enabled: true
name: "mydomain-chat-cert" # You can override this name if needed
domains:
- chat.example.com # update to your real domain
ingress:
enabled: true
class: ""
# -- Use appropriate annotations for your Ingress controller, e.g., for NGINX:
annotations:
# Example for GKE Ingress
kubernetes.io/ingress.class: "gce"
kubernetes.io/ingress.global-static-ip-name: "open-webui-external-ip" # you need to create this address in GCP console
# Force HTTP to redirect to HTTPS
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/permanent-redirect: "https://chat.example.com"
networking.gke.io/managed-certificates: "mydomain-chat-cert"
# nginx.ingress.kubernetes.io/rewrite-target: /
host: "chat.example.com" # update to your real domain
additionalHosts: []
tls: false
existingSecret: ""
persistence:
enabled: true
size: 2Gi
# -- Use existingClaim if you want to re-use an existing Open WebUI PVC instead of creating a new one
existingClaim: ""
# -- Subdirectory of Open WebUI PVC to mount. Useful if root directory is not empty.
subPath: ""
# -- If using multiple replicas, you must update accessModes to ReadWriteMany
accessModes:
- ReadWriteOnce
storageClass: ""
selector: {}
annotations: {}
# -- Node labels for pod assignment.
nodeSelector: {}
# -- Tolerations for pod assignment
tolerations: []
# -- Affinity for pod assignment
affinity: {}
# -- Topology Spread Constraints for pod assignment
topologySpreadConstraints: []
# -- Service values to expose Open WebUI pods to cluster
service:
type: LoadBalancer # changed from ClusterIP to LoadBalancer for external access on GKE
annotations: {}
port: 80
containerPort: 8080
nodePort: ""
labels: {}
loadBalancerClass: ""
# -- OpenAI base API URL to use. Defaults to the Pipelines service endpoint when Pipelines are enabled, and "https://api.openai.com/v1" if Pipelines are not enabled and this value is blank
openaiBaseApiUrl: ""
# -- Env vars added to the Open WebUI deployment. Most up-to-date environment variables can be found here: https://docs.openwebui.com/getting-started/env-configuration/
extraEnvVars:
# -- Default API key value for Pipelines. Should be updated in a production deployment, or be changed to the required API key if not using Pipelines
- name: OPENAI_API_KEY
value: "0p3n-w3bu!"
# valueFrom:
# secretKeyRef:
# name: pipelines-api-key
# key: api-key
# - name: OPENAI_API_KEY
# valueFrom:
# secretKeyRef:
# name: openai-api-key
# key: api-key
# - name: OLLAMA_DEBUG
# value: "1"
# -- Configure container volume mounts
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-volume-storage/>
volumeMounts:
initContainer: []
# - name: ""
# mountPath: ""
container: []
# - name: ""
# mountPath: ""
# -- Configure pod volumes
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-volume-storage/>
volumes: []
# - name: ""
# configMap:
# name: ""
# - name: ""
# emptyDir: {}
# -- Configure pod security context
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-containe>
podSecurityContext:
{}
# fsGroupChangePolicy: Always
# sysctls: []
# supplementalGroups: []
# fsGroup: 1001
# -- Configure container security context
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-containe>
containerSecurityContext:
{}
# runAsUser: 1001
# runAsGroup: 1001
# runAsNonRoot: true
# privileged: false
# allowPrivilegeEscalation: false
# readOnlyRootFilesystem: false
# capabilities:
# drop:
# - ALL
# seccompProfile:
# type: "RuntimeDefault"
# -- Extra resources to deploy with Open WebUI
extraResources:
[]
# - apiVersion: v1
# kind: ConfigMap
# metadata:
# name: example-configmap
# data:
# example-key: example-value

118
open-webui/values.schema.json Normal file
View File

@ -0,0 +1,118 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Open WebUI Helm Chart Values Schema",
"type": "object",
"properties": {
"image": {
"type": "object",
"properties": {
"repository": {
"type": "string",
"default": "ghcr.io/open-webui/open-webui"
},
"tag": {
"type": "string",
"default": "main"
},
"pullPolicy": {
"type": "string",
"enum": ["Always", "IfNotPresent", "Never"],
"default": "IfNotPresent"
}
}
},
"openaiBaseApiUrl": {
"type": "string",
"default": "https://api.openai.com/v1"
},
"replicaCount": {
"type": "integer",
"minimum": 0,
"default": 1
},
"service": {
"type": "object",
"properties": {
"type": {
"type": "string",
"enum": ["ClusterIP", "NodePort", "LoadBalancer", "ExternalName"],
"default": "LoadBalancer"
},
"port": {
"type": "integer",
"default": 80
},
"containerPort": {
"type": "integer",
"default": 8080
}
}
},
"persistence": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": true
},
"size": {
"type": "string",
"default": "2Gi"
},
"storageClass": {
"type": "string",
"default": ""
}
}
},
"ingress": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": false
},
"host": {
"type": "string",
"default": "chat.example.com"
},
"annotations": {
"type": "object",
"additionalProperties": {
"type": "string"
},
"default": {}
}
}
},
"extraEnvVars": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"value": {
"type": "string"
},
"valueFrom": {
"type": "object"
}
}
},
"default": []
},
"resources": {
"type": "object",
"default": {}
},
"ollamaUrls": {
"type": "array",
"items": {
"type": "string"
},
"default": []
}
}
}

590
open-webui/values.yaml Normal file
View File

@ -0,0 +1,590 @@
nameOverride: ""
namespaceOverride: ""
ollama:
# -- Automatically install Ollama Helm chart from https://otwld.github.io/ollama-helm/. Use [Helm Values](https://github.com/otwld/ollama-helm/#helm-values) to configure
enabled: false
# -- If enabling embedded Ollama, update fullnameOverride to your desired Ollama name value, or else it will use the default ollama.name value from the Ollama chart
fullnameOverride: "open-webui-ollama"
# -- Example Ollama configuration with nvidia GPU enabled, automatically downloading a model, and deploying a PVC for model persistence
# ollama:
# gpu:
# enabled: true
# type: 'nvidia'
# number: 1
# models:
# pull:
# - llama3
# run:
# - llama3
# runtimeClassName: nvidia
# persistentVolume:
# enabled: true
# volumeName: "example-pre-existing-pv-created-by-smb-csi"
pipelines:
# -- Automatically install Pipelines chart to extend Open WebUI functionality using Pipelines: https://github.com/open-webui/pipelines
enabled: true
# -- This section can be used to pass required environment variables to your pipelines (e.g. Langfuse hostname)
extraEnvVars: []
tika:
# -- Automatically install Apache Tika to extend Open WebUI
enabled: false
# -- A list of Ollama API endpoints. These can be added in lieu of automatically installing the Ollama Helm chart, or in addition to it.
ollamaUrls: []
# -- Disables taking Ollama Urls from `ollamaUrls` list
ollamaUrlsFromExtraEnv: false
websocket:
# -- Enables websocket support in Open WebUI with env `ENABLE_WEBSOCKET_SUPPORT`
enabled: false
# -- Specifies the websocket manager to use with env `WEBSOCKET_MANAGER`: redis (default)
manager: redis
# -- Specifies the URL of the Redis instance for websocket communication. Template with `redis://[:<password>@]<hostname>:<port>/<db>`
url: redis://open-webui-redis:6379/0
# -- Node selector for websocket pods
nodeSelector: {}
# -- Deploys a redis
redis:
# -- Enable redis installation
enabled: true
# -- Redis name
name: open-webui-redis
# -- Redis labels
labels: {}
# -- Redis annotations
annotations: {}
# -- Redis pod
pods:
# -- Redis pod labels
labels: {}
# -- Redis pod annotations
annotations: {}
# -- Redis image
image:
repository: redis
tag: 7.4.2-alpine3.21
pullPolicy: IfNotPresent
# -- Redis command (overrides default)
command: []
# -- Redis arguments (overrides default)
args: []
# -- Redis resources
resources: {}
# -- Redis service
service:
# -- Redis container/target port
containerPort: 6379
# -- Redis service type
type: ClusterIP
# -- Redis service labels
labels: {}
# -- Redis service annotations
annotations: {}
# -- Redis service port name. Istio needs this to be something like `tcp-redis`
portName: http
# -- Redis service port
port: 6379
# -- Redis service node port. Valid only when type is `NodePort`
nodePort: ""
# -- Redis tolerations for pod assignment
tolerations: []
# -- Redis affinity for pod assignment
affinity: {}
# -- Redis security context
securityContext:
{}
# runAsUser: 999
# runAsGroup: 1000
# -- Value of cluster domain
clusterDomain: cluster.local
annotations: {}
podAnnotations: {}
podLabels: {}
replicaCount: 1
# -- Revision history limit for the workload manager (deployment).
revisionHistoryLimit: 10
# -- Priority class name for the Open WebUI pods
priorityClassName: ""
# -- Strategy for updating the workload manager: deployment or statefulset
strategy: {}
# -- Open WebUI image tags can be found here: https://github.com/open-webui/open-webui
image:
repository: ghcr.io/open-webui/open-webui
tag: "main"
pullPolicy: "IfNotPresent"
# -- Open WebUI container command (overrides default entrypoint)
command: []
# -- Open WebUI container arguments (overrides default)
args: []
serviceAccount:
enable: true
name: ""
annotations: {}
automountServiceAccountToken: false
# -- Configure imagePullSecrets to use private registry
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry>
imagePullSecrets: []
# imagePullSecrets:
# - name: myRegistryKeySecretName
# -- Probe for liveness of the Open WebUI container
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes>
livenessProbe: {}
# livenessProbe:
# httpGet:
# path: /health
# port: http
# failureThreshold: 1
# periodSeconds: 10
# -- Probe for readiness of the Open WebUI container
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes>
readinessProbe: {}
# readinessProbe:
# httpGet:
# path: /health/db
# port: http
# failureThreshold: 1
# periodSeconds: 10
# -- Probe for startup of the Open WebUI container
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes>
startupProbe: {}
# startupProbe:
# httpGet:
# path: /health
# port: http
# initialDelaySeconds: 30
# periodSeconds: 5
# failureThreshold: 20
resources: {}
copyAppData:
# -- Open WebUI copy-app-data init container command (overrides default)
command: []
# -- Open WebUI copy-app-data init container arguments (overrides default)
args: []
resources: {}
managedCertificate:
enabled: false
name: "mydomain-chat-cert" # You can override this name if needed
domains:
- chat.example.com # update to your real domain
ingress:
enabled: false
class: ""
# -- Use appropriate annotations for your Ingress controller, e.g., for NGINX:
annotations: {}
# # Example for GKE Ingress
# kubernetes.io/ingress.class: "gce"
# kubernetes.io/ingress.global-static-ip-name: "open-webui-external-ip" # you need to create this address in GCP console
# # Force HTTP to redirect to HTTPS
# nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
# nginx.ingress.kubernetes.io/permanent-redirect: "https://chat.example.com"
# networking.gke.io/managed-certificates: "mydomain-chat-cert"
# # nginx.ingress.kubernetes.io/rewrite-target: /
host: "chat.example.com" # update to your real domain
additionalHosts: []
tls: false
existingSecret: ""
# -- Additional custom labels to add to the Ingress metadata
# Useful for tagging, selecting, or applying policies to the Ingress via labels.
extraLabels: {}
# extraLabels:
# app.kubernetes.io/environment: "staging"
persistence:
enabled: true
size: 2Gi
# -- Use existingClaim if you want to re-use an existing Open WebUI PVC instead of creating a new one
existingClaim: ""
# -- Subdirectory of Open WebUI PVC to mount. Useful if root directory is not empty.
subPath: ""
# -- If using multiple replicas, you must update accessModes to ReadWriteMany
accessModes:
- ReadWriteOnce
storageClass: ""
selector: {}
annotations: {}
# -- Sets the storage provider, availables values are `local`, `s3`, `gcs` or `azure`
provider: local
s3:
# -- Sets the access key ID for S3 storage
# @section -- Amazon S3 Storage configuration
accessKey: ""
# -- Sets the secret access key for S3 storage (ignored if secretKeyExistingSecret is set)
# @section -- Amazon S3 Storage configuration
secretKey: ""
# -- Set the secret access key for S3 storage from existing k8s secret
# @section -- Amazon S3 Storage configuration
accessKeyExistingSecret: ""
# -- Set the secret access key for S3 storage from existing k8s secret key
# @section -- Amazon S3 Storage configuration
accessKeyExistingAccessKey: ""
# -- Set the secret key for S3 storage from existing k8s secret
# @section -- Amazon S3 Storage configuration
secretKeyExistingSecret: ""
# -- Set the secret key for S3 storage from existing k8s secret key
# @section -- Amazon S3 Storage configuration
secretKeyExistingSecretKey: ""
# -- Sets the endpoint url for S3 storage
# @section -- Amazon S3 Storage configuration
endpointUrl: ""
# -- Sets the region name for S3 storage
# @section -- Amazon S3 Storage configuration
region: ""
# -- Sets the bucket name for S3 storage
# @section -- Amazon S3 Storage configuration
bucket: ""
# -- Sets the key prefix for a S3 object
# @section -- Amazon S3 Storage configuration
keyPrefix: ""
gcs:
# -- Contents of Google Application Credentials JSON file (ignored if appCredentialsJsonExistingSecret is set). Optional - if not provided, credentials will be taken from the environment. User credentials if run locally and Google Metadata server if run on a Google Compute Engine. File can be generated for a service account following this guide: https://developers.google.com/workspace/guides/create-credentials#service-account
# @section -- Google Cloud Storage configuration
appCredentialsJson: ""
# -- Set the Google Application Credentials JSON file for Google Cloud Storage from existing secret
# @section -- Google Cloud Storage configuration
appCredentialsJsonExistingSecret: ""
# -- Set the Google Application Credentials JSON file for Google Cloud Storage from existing secret key
# @section -- Google Cloud Storage configuration
appCredentialsJsonExistingSecretKey: ""
# -- Sets the bucket name for Google Cloud Storage. Bucket must already exist
# @section -- Google Cloud Storage configuration
bucket: ""
azure:
# -- Sets the endpoint URL for Azure Storage
# @section -- Azure Storage configuration
endpointUrl: ""
# -- Sets the container name for Azure Storage
# @section -- Azure Storage configuration
container: ""
# -- Set the access key for Azure Storage (ignored if keyExistingSecret is set). Optional - if not provided, credentials will be taken from the environment. User credentials if run locally and Managed Identity if run in Azure services
# @section -- Azure Storage configuration
key: ""
# -- Set the access key for Azure Storage from existing secret
# @section -- Azure Storage configuration
keyExistingSecret: ""
# -- Set the access key for Azure Storage from existing secret key
# @section -- Azure Storage configuration
keyExistingSecretKey: ""
# -- Node labels for pod assignment.
nodeSelector: {}
# -- Tolerations for pod assignment
tolerations: []
# -- Affinity for pod assignment
affinity: {}
# -- Topology Spread Constraints for pod assignment
topologySpreadConstraints: []
# -- HostAliases to be added to hosts-file of each container
hostAliases: []
# -- Service values to expose Open WebUI pods to cluster
service:
type: LoadBalancer
annotations: {}
port: 80
containerPort: 8080
nodePort: ""
labels: {}
loadBalancerClass: ""
# -- Enables the use of OpenAI APIs
enableOpenaiApi: true
# -- OpenAI base API URL to use. Defaults to the Pipelines service endpoint when Pipelines are enabled, and "https://api.openai.com/v1" if Pipelines are not enabled and this value is blank
openaiBaseApiUrl: "http://10.6.80.50/v1" #"https://api.openai.com/v1"
# -- OpenAI base API URLs to use. Overwrites the value in openaiBaseApiUrl if set
openaiBaseApiUrls:
[]
# - "https://api.openai.com/v1"
# - "https://api.company.openai.com/v1"
# -- Configure database URL, needed to work with Postgres (example: `postgresql://<user>:<password>@<service>:<port>/<database>`), leave empty to use the default sqlite database
databaseUrl: ""
# -- Env vars added to the Open WebUI deployment. Most up-to-date environment variables can be found here: https://docs.openwebui.com/getting-started/env-configuration/
extraEnvVars:
# -- Default API key value for Pipelines. Should be updated in a production deployment, or be changed to the required API key if not using Pipelines
- name: OPENAI_API_KEY
value: "0p3n-w3bu!"
# valueFrom:
# secretKeyRef:
# name: pipelines-api-key
# key: api-key
# - name: OPENAI_API_KEY
# valueFrom:
# secretKeyRef:
# name: openai-api-key
# key: api-key
# - name: OLLAMA_DEBUG
# value: "1"
# -- Env vars added to the Open WebUI deployment, common across environments. Most up-to-date environment variables can be found here: https://docs.openwebui.com/getting-started/env-configuration/ (caution: environment variables defined in both `extraEnvVars` and `commonEnvVars` will result in a conflict. Avoid duplicates)
commonEnvVars: []
# - name: RAG_EMBEDDING_ENGINE
# value: "openai"
# -- Env vars added from configmap or secret to the Open WebUI deployment. Most up-to-date environment variables can be found here: https://docs.openwebui.com/getting-started/env-configuration/ (caution: `extraEnvVars` will take precedence over the value from `extraEnvFrom`)
extraEnvFrom: []
# - configMapRef:
# name: my-config
# - secretRef:
# name: my-secret
# -- Configure runtime class
# ref: <https://kubernetes.io/docs/concepts/containers/runtime-class/>
runtimeClassName: ""
# -- Configure container volume mounts
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-volume-storage/>
volumeMounts:
initContainer: []
# - name: ""
# mountPath: ""
container: []
# - name: ""
# mountPath: ""
# -- Additional init containers to add to the deployment/statefulset
# ref: <https://kubernetes.io/docs/concepts/workloads/pods/init-containers/>
extraInitContainers: []
# - name: custom-init
# image: busybox:latest
# command: ['sh', '-c', 'echo "Custom init container running"']
# volumeMounts:
# - name: data
# mountPath: /data
# -- Configure pod volumes
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-volume-storage/>
volumes: []
# - name: ""
# configMap:
# name: ""
# - name: ""
# emptyDir: {}
# -- Configure pod security context
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container>
podSecurityContext:
{}
# fsGroupChangePolicy: Always
# sysctls: []
# supplementalGroups: []
# fsGroup: 1001
# -- Configure container security context
# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-containe>
containerSecurityContext:
{}
# runAsUser: 1001
# runAsGroup: 1001
# runAsNonRoot: true
# privileged: false
# allowPrivilegeEscalation: false
# readOnlyRootFilesystem: false
# capabilities:
# drop:
# - ALL
# seccompProfile:
# type: "RuntimeDefault"
sso:
# -- **Enable SSO authentication globally** must enable to use SSO authentication
# @section -- SSO Configuration
enabled: false
# -- Enable account creation when logging in with OAuth (distinct from regular signup)
# @section -- SSO Configuration
enableSignup: false
# -- Allow logging into accounts that match email from OAuth provider (considered insecure)
# @section -- SSO Configuration
mergeAccountsByEmail: false
# -- Enable OAuth role management through access token roles claim
# @section -- SSO Configuration
enableRoleManagement: false
# -- Enable OAuth group management through access token groups claim
# @section -- SSO Configuration
enableGroupManagement: false
google:
# -- Enable Google OAuth
# @section -- Google OAuth configuration
enabled: false
# -- Google OAuth client ID
# @section -- Google OAuth configuration
clientId: ""
# -- Google OAuth client secret (ignored if clientExistingSecret is set)
# @section -- Google OAuth configuration
clientSecret: ""
# -- Google OAuth client secret from existing secret
# @section -- Google OAuth configuration
clientExistingSecret: ""
# -- Google OAuth client secret key from existing secret
# @section -- Google OAuth configuration
clientExistingSecretKey: ""
microsoft:
# -- Enable Microsoft OAuth
# @section -- Microsoft OAuth configuration
enabled: false
# -- Microsoft OAuth client ID
# @section -- Microsoft OAuth configuration
clientId: ""
# -- Microsoft OAuth client secret (ignored if clientExistingSecret is set)
# @section -- Microsoft OAuth configuration
clientSecret: ""
# -- Microsoft OAuth client secret from existing secret
# @section -- Microsoft OAuth configuration
clientExistingSecret: ""
# -- Microsoft OAuth client secret key from existing secret
# @section -- Microsoft OAuth configuration
clientExistingSecretKey: ""
# -- Microsoft tenant ID - use 9188040d-6c67-4c5b-b112-36a304b66dad for personal accounts
# @section -- Microsoft OAuth configuration
tenantId: ""
github:
# -- Enable GitHub OAuth
# @section -- GitHub OAuth configuration
enabled: false
# -- GitHub OAuth client ID
# @section -- GitHub OAuth configuration
clientId: ""
# -- GitHub OAuth client secret (ignored if clientExistingSecret is set)
# @section -- GitHub OAuth configuration
clientSecret: ""
# -- GitHub OAuth client secret from existing secret
# @section -- GitHub OAuth configuration
clientExistingSecret: ""
# -- GitHub OAuth client secret key from existing secret
# @section -- GitHub OAuth configuration
clientExistingSecretKey: ""
oidc:
# -- Enable OIDC authentication
# @section -- OIDC configuration
enabled: false
# -- OIDC client ID
# @section -- OIDC configuration
clientId: ""
# -- OIDC client secret (ignored if clientExistingSecret is set)
# @section -- OIDC configuration
clientSecret: ""
# -- OICD client secret from existing secret
# @section -- OIDC configuration
clientExistingSecret: ""
# -- OIDC client secret key from existing secret
# @section -- OIDC configuration
clientExistingSecretKey: ""
# -- OIDC provider well known URL
# @section -- OIDC configuration
providerUrl: ""
# -- Name of the provider to show on the UI
# @section -- OIDC configuration
providerName: "SSO"
# -- Scopes to request (space-separated).
# @section -- OIDC configuration
scopes: "openid email profile"
roleManagement:
# -- The claim that contains the roles (can be nested, e.g., user.roles)
# @section -- Role management configuration
rolesClaim: "roles"
# -- Comma-separated list of roles allowed to log in (receive open webui role user)
# @section -- Role management configuration
allowedRoles: ""
# -- Comma-separated list of roles allowed to log in as admin (receive open webui role admin)
# @section -- Role management configuration
adminRoles: ""
groupManagement:
# -- The claim that contains the groups (can be nested, e.g., user.memberOf)
# @section -- SSO Configuration
groupsClaim: "groups"
trustedHeader:
# -- Enable trusted header authentication
# @section -- SSO trusted header authentication
enabled: false
# -- Header containing the user's email address
# @section -- SSO trusted header authentication
emailHeader: ""
# -- Header containing the user's name (optional, used for new user creation)
# @section -- SSO trusted header authentication
nameHeader: ""
# -- Extra resources to deploy with Open WebUI
extraResources:
[]
# - apiVersion: v1
# kind: ConfigMap
# metadata:
# name: example-configmap
# data:
# example-key: example-value
# Configure Application logging levels (see. https://docs.openwebui.com/getting-started/advanced-topics/logging#-logging-levels-explained)
logging:
# -- Set the global log level ["notset", "debug", "info" (default), "warning", "error", "critical"]
# @section -- Logging configuration
level: ""
# Optional granularity: override log levels per subsystem/component
# if not set, it will use the global level (see. https://docs.openwebui.com/getting-started/advanced-topics/logging#%EF%B8%8F-appbackend-specific-logging-levels)
components:
# -- Set the log level for the Audio processing component
# @section -- Logging configuration
audio: ""
# -- Set the log level for the ComfyUI Integration component
# @section -- Logging configuration
comfyui: ""
# -- Set the log level for the Configuration Management component
# @section -- Logging configuration
config: ""
# -- Set the log level for the Database Operations (Peewee) component
# @section -- Logging configuration
db: ""
# -- Set the log level for the Image Generation component
# @section -- Logging configuration
images: ""
# -- Set the log level for the Main Application Execution component
# @section -- Logging configuration
main: ""
# -- Set the log level for the Model Management component
# @section -- Logging configuration
models: ""
# -- Set the log level for the Ollama Backend Integration component
# @section -- Logging configuration
ollama: ""
# -- Set the log level for the OpenAI API Integration component
# @section -- Logging configuration
openai: ""
# -- Set the log level for the Retrieval-Augmented Generation (RAG) component
# @section -- Logging configuration
rag: ""
# -- Set the log level for the Authentication Webhook component
# @section -- Logging configuration
webhook: ""