-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to configure the helm chart include TLS termination (https) into OWUI pod #70
Comments
Hey @brokedba, these are the relevant lines of the Helm chart for TLS: https://github.com/open-webui/helm-charts/blob/main/charts/open-webui/templates/ingress.yaml#L17-L21 If you have a TLS secret to use created on your cluster already, it looks like you need to set the If you need to try a different approach, I see Oracle has a guide to set up an Nginx ingress controller on their Kubernetes service, so this might be worth the read: https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengsettingupingresscontroller.htm. I'm doing something similar to this approach on my clusters using the AWS ALB Ingress Controller. Please let me know if you find a fix, or any further issues with the chart while trying to implement one! |
Hi @0xThresh , the ingress controller was actually the default nginx.
ingress-controller has the same external IP
Regarding tls secret ingress cofig
|
If you check the chart's I think these values will work better:
|
You are right , somehow I use the syntax with hosts without knowing how it ended there . Probably a copy paste gone wrong (from another helm chart , ollama ?) . I have to remove the tls config again and see if I can recover the TLS termination with that same IP.
|
@0xThresh
This fixed it and I could use the IP of the nginx controller to access openwebui service (via redirection). |
Thanks for reporting back. We can look at re-working the ingress in the template to only define the host if it's included as a value to help any future OCI users. |
What I noticed in other addon helm based installation in OCI is that there if the microservice is expecting a path i.e /webui resource "helm_release" "grafana" {
name = "grafana"
repository = local.helm_repository.grafana
chart = "grafana"
version = local.helm_repository.grafana_version
namespace = kubernetes_namespace.cluster_tools.0.id
wait = false
set {
name = "grafana\\.ini.server.root_url"
value = "%(protocol)s://%(domain)s:%(http_port)s/grafana" <------------------------ path
type = "string"
} I found this in their kubernetes terraform module.
resource "kubernetes_ingress_v1" "grafana" {
wait_for_load_balancer = true
metadata {
name = "grafana"
namespace = kubernetes_namespace.cluster_tools.0.id
annotations = local.ingress_nginx_annotations
}
spec {
ingress_class_name = "nginx"
rule {
http {
path {
path = "/grafana(/|$)(.*)" <-------------path
path_type = "Prefix"
backend {
service {
name = "grafana"
port {
number = 80
} }}}}
}
dynamic "rule" {
for_each = local.ingress_hosts <--------------the host FQDN k8sapp.28e9459d.nip.io
content {
host = rule.value
http {
path {
path = "/grafana(/|$)(.*)"
path_type = "Prefix"
backend {
service {
name = "grafana"
port {
number = 80
} } } } } } }
tls {
secret_name = "grafana-${var.ingress_cluster_issuer}-tls"
hosts = local.ingress_hosts <---------------hotsname k8sapp.28e9459d.nip.io
}
} |
I want to expose my open web ui in the cloud using TLS termination (since the Ip address is not localhost it is not recognized as safe so no mic or device can accessed from the browser).
I have the below values for the OpnWebUI helm chart and I think I secrewed it up a bit between the ingress and the loadbalancer service. I want to add a tsl secret and get the https termination accessible. I assume I need to keep the service
clusterIP
and add a TLS secret to the ingress to forward http traffic to https but really benefit from your help.My K8 is in Oracle cloud OCI btw.
The text was updated successfully, but these errors were encountered: