From 9c9cd8f97ff45695002a7daa8db23facc9baaca8 Mon Sep 17 00:00:00 2001 From: JJGadgets Date: Sun, 6 Oct 2024 19:55:34 +0800 Subject: [PATCH] fix(open-webui): lax cookies, netpols --- kube/deploy/apps/mlc-llm/app/hr.yaml | 13 +++++++++++-- kube/deploy/apps/open-webui/app/hr.yaml | 5 ++--- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/kube/deploy/apps/mlc-llm/app/hr.yaml b/kube/deploy/apps/mlc-llm/app/hr.yaml index eb0eb3b7..b13a21fe 100644 --- a/kube/deploy/apps/mlc-llm/app/hr.yaml +++ b/kube/deploy/apps/mlc-llm/app/hr.yaml @@ -72,7 +72,7 @@ spec: main: &pull image: *img command: ["tini", "-g", "--", "/bin/bash", "-c"] - args: ["echo '/exit' | mlc_llm chat HF://mlc-ai/$(MODEL) || true"] + args: ["rm -rf /tmp/* && echo '/exit' | mlc_llm chat HF://mlc-ai/$(MODEL) || true; rm -rf /tmp/*"] env: &envPull TZ: "${CONFIG_TZ}" MLC_JIT_POLICY: "OFF" # do on runtime @@ -85,7 +85,6 @@ spec: limits: cpu: "1000m" memory: "2Gi" - gpu.intel.com/i915: "1" codellama: <<: *deploy containers: @@ -184,3 +183,13 @@ spec: - matchExpressions: - key: fuckoff.home.arpa/mlc-llm operator: DoesNotExist + networkpolicies: + from-open-webui: + podSelector: {} + policyTypes: [Ingress, Egress] + rules: + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: open-webui diff --git a/kube/deploy/apps/open-webui/app/hr.yaml b/kube/deploy/apps/open-webui/app/hr.yaml index 3e721004..807284f9 100644 --- a/kube/deploy/apps/open-webui/app/hr.yaml +++ b/kube/deploy/apps/open-webui/app/hr.yaml @@ -39,7 +39,7 @@ spec: OPENAI_API_BASE_URLS: "http://mlc-llm-llama3.mlc-llm.svc.cluster.local:8080/v1" RAG_EMBEDDING_ENGINE: "openai" # Security - WEBUI_SESSION_COOKIE_SAME_SITE: "strict" + WEBUI_SESSION_COOKIE_SAME_SITE: "lax" # OIDC needs lax WEBUI_SESSION_COOKIE_SECURE: "True" # Auth ENABLE_LOGIN_FORM: "False" @@ -130,8 +130,7 @@ spec: - key: fuckoff.home.arpa/open-webui operator: DoesNotExist networkpolicies: - same-ns: - controller: open-webui + to-llm: podSelector: {} policyTypes: [Ingress, Egress] rules: