3d85105afd
- Switch from SQLite/PVC to CNPG PostgreSQL (3 instances, low-resource) with a transaction-mode PgBouncer pooler (2 instances) - Raise open-webui replicas to 3 with priorityClassName: power - Add PodDisruptionBudget (minAvailable: 1) - Add Gateway API sessionPersistence (cookie) on the HTTPS HTTPRoute so WebSocket connections stick to the same backend pod - Add postgres-credentials VaultStaticSecret; DATABASE_URL must be added to kv/kubernetes/namespace/open-webui/default/open-webui-credentials
35 lines
772 B
YAML
35 lines
772 B
YAML
---
|
|
apiVersion: secrets.hashicorp.com/v1beta1
|
|
kind: VaultStaticSecret
|
|
metadata:
|
|
name: postgres-credentials
|
|
namespace: open-webui
|
|
spec:
|
|
destination:
|
|
create: true
|
|
name: postgres-credentials
|
|
overwrite: true
|
|
hmacSecretData: true
|
|
mount: kv
|
|
path: kubernetes/namespace/open-webui/default/postgres-credentials
|
|
refreshAfter: 5m
|
|
type: kv-v2
|
|
vaultAuthRef: default
|
|
---
|
|
apiVersion: secrets.hashicorp.com/v1beta1
|
|
kind: VaultStaticSecret
|
|
metadata:
|
|
name: open-webui-credentials
|
|
namespace: open-webui
|
|
spec:
|
|
destination:
|
|
create: true
|
|
name: open-webui-credentials
|
|
overwrite: true
|
|
hmacSecretData: true
|
|
mount: kv
|
|
path: kubernetes/namespace/open-webui/default/open-webui-credentials
|
|
refreshAfter: 5m
|
|
type: kv-v2
|
|
vaultAuthRef: default
|