apiVersion: apps/v1 kind: Deployment metadata: name: open-webui spec: replicas: 1 strategy: type: Recreate selector: matchLabels: component: web template: metadata: labels: component: web spec: securityContext: seccompProfile: type: RuntimeDefault containers: - name: open-webui image: ghcr.io/open-webui/open-webui:v0.9.5 imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: false ports: - name: http containerPort: 8080 env: - name: WEBUI_AUTH value: "true" - name: ENABLE_SIGNUP value: "false" - name: OPENAI_API_BASE_URL value: "{{ .vllmApiUrl }}" - name: OPENAI_API_KEY value: "sk-placeholder" # Required but not used with vLLM - name: WEBUI_SECRET_KEY valueFrom: secretKeyRef: name: open-webui-secrets key: secretKey - name: WEBUI_ADMIN_EMAIL value: "{{ .adminEmail }}" - name: WEBUI_ADMIN_PASSWORD valueFrom: secretKeyRef: name: open-webui-secrets key: adminPassword volumeMounts: - name: data mountPath: /app/backend/data resources: requests: cpu: 100m memory: 512Mi limits: cpu: 1 memory: 2Gi startupProbe: httpGet: path: /health port: http initialDelaySeconds: 30 periodSeconds: 10 failureThreshold: 18 readinessProbe: httpGet: path: /ready port: http periodSeconds: 10 timeoutSeconds: 5 livenessProbe: httpGet: path: /health port: http periodSeconds: 30 timeoutSeconds: 5 volumes: - name: data persistentVolumeClaim: claimName: open-webui-data