--- apiVersion: v1 kind: Namespace metadata: name: open-webui --- apiVersion: onepassword.com/v1 kind: OnePasswordItem metadata: name: open-webui-oidc-client-secret namespace: open-webui spec: itemPath: "vaults/cluster/items/open-webui-oidc-client-secret" --- apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: open-webui-repo namespace: flux-system spec: interval: 15m0s url: https://helm.openwebui.com --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: open-webui namespace: open-webui spec: chart: spec: chart: open-webui reconcileStrategy: ChartVersion sourceRef: kind: HelmRepository name: open-webui-repo namespace: flux-system version: 8.x.x interval: 1m0s values: ollama: enabled: true fullnameOverride: open-webui-ollama ollama: gpu: enabled: true type: nvidia nvidiaResource: "nvidia.com/gpu-all" number: 1 persistentVolume: enabled: true size: 100Gi resources: requests: memory: 4Gi limits: memory: 55Gi pipelines: enabled: false # Ingress via Traefik ingress: enabled: true class: traefik host: chat.yadunut.dev tls: true existingSecret: wildcard-cert-yadunut.dev-prod # Use built-in sqlite persistence (PVC) persistence: enabled: true size: 10Gi accessModes: ["ReadWriteOnce"] # commonEnvVars: # - name: ENABLE_OAUTH_PERSISTENT_CONFIG # value: "false" # - name: ENABLE_LOGIN_FORM # value: "true" # - name: OPENID_REDIRECT_URI # value: "https://chat.yadunut.dev/oauth/oidc/callback" # OIDC via Authentik sso: enabled: true enableSignup: true mergeAccountsByEmail: true oidc: enabled: true providerName: "Authentik" providerUrl: "https://authentik.yadunut.dev/application/o/open-webui/.well-known/openid-configuration" clientId: "Z37HQwWBYxax4vwN047B8PWr3JxT6qMAOtCAyJ4Z" clientExistingSecret: open-webui-oidc-client-secret clientExistingSecretKey: password scopes: "openid email profile"