Files
argocd-apps/apps/base/open-webui/vaultstaticsecret.yaml
unkinben 3d85105afd
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline failed
feat(open-webui): HA deployment with CNPG, PDB, and session persistence
- Switch from SQLite/PVC to CNPG PostgreSQL (3 instances, low-resource)
  with a transaction-mode PgBouncer pooler (2 instances)
- Raise open-webui replicas to 3 with priorityClassName: power
- Add PodDisruptionBudget (minAvailable: 1)
- Add Gateway API sessionPersistence (cookie) on the HTTPS HTTPRoute
  so WebSocket connections stick to the same backend pod
- Add postgres-credentials VaultStaticSecret; DATABASE_URL must be
  added to kv/kubernetes/namespace/open-webui/default/open-webui-credentials
2026-05-26 23:37:10 +10:00

35 lines
772 B
YAML

---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: postgres-credentials
namespace: open-webui
spec:
destination:
create: true
name: postgres-credentials
overwrite: true
hmacSecretData: true
mount: kv
path: kubernetes/namespace/open-webui/default/postgres-credentials
refreshAfter: 5m
type: kv-v2
vaultAuthRef: default
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: open-webui-credentials
namespace: open-webui
spec:
destination:
create: true
name: open-webui-credentials
overwrite: true
hmacSecretData: true
mount: kv
path: kubernetes/namespace/open-webui/default/open-webui-credentials
refreshAfter: 5m
type: kv-v2
vaultAuthRef: default