---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: open-webui
  namespace: openwebui
spec:
  interval: 24h
  url: https://open-webui.github.io/helm-charts
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: openwebui
  namespace: openwebui
spec:
  interval: 30m
  chart:
    spec:
      chart: open-webui
      version: 13.0.1
      sourceRef:
        kind: HelmRepository
        name: open-webui
  values:
    # Disable built in ingress, service is broken in chart
    # They have hard coded wrong target port
    # Reimplementing that in ingress.yaml
    ingress:
      enabled: false

    persistence:
      enabled: true
      existingClaim: openwebui-lvmhdd

    enableOpenaiApi: true
    openaiBaseApiUrl: "http://llama.llama.svc.cluster.local:11434/v1"

    ollama:
      enabled: false

    pipelines:
      enabled: true
      persistence:
        enabled: true
        existingClaim: openwebui-pipelines-lvmhdd

    # SSO with Authentik
    extraEnvVars:
      - name: WEBUI_URL
        value: "https://openwebui.lumpiasty.xyz"
      - name: OAUTH_CLIENT_ID
        valueFrom:
          secretKeyRef:
            name: openwebui-authentik
            key: client_id
      - name: OAUTH_CLIENT_SECRET
        valueFrom:
          secretKeyRef:
            name: openwebui-authentik
            key: client_secret
      - name: OAUTH_PROVIDER_NAME
        value: "authentik"
      - name: OPENID_PROVIDER_URL
        value: "https://authentik.lumpiasty.xyz/application/o/open-web-ui/.well-known/openid-configuration"
      - name: OPENID_REDIRECT_URI
        value: "https://openwebui.lumpiasty.xyz/oauth/oidc/callback"
      - name: ENABLE_OAUTH_SIGNUP
        value: "true"
      - name: ENABLE_LOGIN_FORM
        value: "false"
      - name: OAUTH_MERGE_ACCOUNTS_BY_EMAIL
        value: "true"