#version: open-webui, 0.5.4
ollama:
  enabled: false
tika:
  enabled: false
websocket:
  enabled: false
redis-cluster:
  enabled: false
ingress:
  enabled: true
  annotations:
    cert-manager.io/cluster-issuer: "root-ca-issuer"
    cert-manager.io/duration: 8760h  
    cert-manager.io/renew-before: 720h
  host: "demo01-open-webui.gke.paasup.io"
  tls: true
  existingSecret: "demo01-open-webui-tls-secret"
persistence:
  enabled: true
  size: 2Gi
  existingClaim: ""
  subPath: ""
  accessModes:
    - ReadWriteOnce
  storageClass: ""
  selector: {}
  annotations: {}
extraEnvVars:
  - name: OPENAI_API_KEY
    value: "7FnDG7K3I7vv"
  - name: OAUTH_CLIENT_ID
    value: service-demo01-open-webui
  - name: OAUTH_CLIENT_SECRET
    value: 0aaea787-1bec-4783-9239-515740f95bac
  - name: OPENID_PROVIDER_URL
    value: https://keycloak.gke.paasup.io/realms/paasup/.well-known/openid-configuration
  - name: OAUTH_PROVIDER_NAME
    value: paasup
  - name: OAUTH_SCOPES
    value: 'openid email profile'
  - name: ENABLE_LOGIN_FORM
    value: 'true'
  - name: SSL_CERT_FILE
    value: '/etc/ssl/certs/keycloak/ca.crt'
  - name: ENABLE_OAUTH_SIGNUP
    value: 'true'
  - name: OAUTH_MERGE_ACCOUNTS_BY_EMAIL
    value: 'true'
  - name: DEFAULT_USER_ROLE
    value: user
  - name: ENV
    value: prod

volumeMounts:
  initContainer: []
  container:
  - name: "keycloak-tls"
    mountPath: "/etc/ssl/certs/keycloak"

volumes:
- name: "keycloak-tls"
  secret:
    secretName: keycloak-tls