diff --git a/demo01-open-webui/values.yaml b/demo01-open-webui/values.yaml
new file mode 100644
index 0000000..97c3443
--- /dev/null
+++ b/demo01-open-webui/values.yaml
@@ -0,0 +1,64 @@
+#version: open-webui, 0.5.4
+ollama:
+  enabled: false
+tika:
+  enabled: false
+websocket:
+  enabled: false
+redis-cluster:
+  enabled: false
+ingress:
+  enabled: true
+  annotations:
+    cert-manager.io/cluster-issuer: "root-ca-issuer"
+    cert-manager.io/duration: 8760h  
+    cert-manager.io/renew-before: 720h
+  host: "demo01-open-webui.gke.paasup.io"
+  tls: true
+  existingSecret: "demo01-open-webui-tls-secret"
+persistence:
+  enabled: true
+  size: 2Gi
+  existingClaim: ""
+  subPath: ""
+  accessModes:
+    - ReadWriteOnce
+  storageClass: ""
+  selector: {}
+  annotations: {}
+extraEnvVars:
+  - name: OPENAI_API_KEY
+    value: "HsxE7yagpydP"
+  - name: OAUTH_CLIENT_ID
+    value: service-demo01-open-webui
+  - name: OAUTH_CLIENT_SECRET
+    value: 6603a23b-ecb6-48fb-8ef2-4af58ee8d7db
+  - name: OPENID_PROVIDER_URL
+    value: https://keycloak.gke.paasup.io/realms/paasup/.well-known/openid-configuration
+  - name: OAUTH_PROVIDER_NAME
+    value: paasup
+  - name: OAUTH_SCOPES
+    value: 'openid email profile'
+  - name: ENABLE_LOGIN_FORM
+    value: 'true'
+  - name: SSL_CERT_FILE
+    value: '/etc/ssl/certs/keycloak/ca.crt'
+  - name: ENABLE_OAUTH_SIGNUP
+    value: 'true'
+  - name: OAUTH_MERGE_ACCOUNTS_BY_EMAIL
+    value: 'true'
+  - name: DEFAULT_USER_ROLE
+    value: user
+  - name: ENV
+    value: prod
+
+volumeMounts:
+  initContainer: []
+  container:
+  - name: "keycloak-tls"
+    mountPath: "/etc/ssl/certs/keycloak"
+
+volumes:
+- name: "keycloak-tls"
+  secret:
+    secretName: keycloak-tls
\ No newline at end of file