librechat

OpenShift Exclusive Red Hat UBI 9 LiteLLM Proxy

Multi-Model AI Chat
for OpenShift

A community Helm chart that deploys LibreChat v0.8.5-rc1 as a unified chat interface for your existing inference services — Granite, Qwen, Nemotron, or any vLLM model — on Red Hat UBI 9.

Get Started View on GitHub Artifact Hub

Built for OpenShift

Enterprise-ready AI chat platform with Red Hat certified components

🏗️

Red Hat UBI 9 Runtime

Container image built on ubi9/nodejs-20-minimal from the official Red Hat registry. Compliant with restricted Security Context Constraints.

🤖

OpenShift AI Integration

Built-in LiteLLM proxy connects to vLLM/KServe InferenceServices. Access Granite, Qwen, Nemotron and any model served in your cluster.

🔒

Restricted SCC Compatible

Runs with restricted SCC out of the box. No privilege escalation, random UIDs, dropped capabilities. Developer Sandbox ready.

🔌

MCP, Agents & Admin Panel

MCP with 3-tier architecture and OAuth, AI agents with context compaction, admin panel with per-principal config overrides, custom roles and groups.

📦

Complete Stack

Includes MongoDB, PostgreSQL (pgvector), Meilisearch, RAG API, and optional Ollama. All subcharts configurable via values.

✅

Chart Verifier Compliant

Passes Red Hat Community Helm Chart verification. CI pipeline validates every release with the official chart-verifier tool.

Architecture

How LibreChat connects to your OpenShift AI models

graph LR subgraph OpenShift Cluster A["LibreChat
(UBI 9 · 3080)"] -->|API| B["LiteLLM
Proxy · 4000"] B -->|SA Token| C["vLLM / KServe
Models · 8443"] A --> D["MongoDB
27017"] A --> E["Meilisearch
7700"] F["PostgreSQL
pgvector · 5432"] --> G["RAG API
8000"] A --> G end style A fill:#ee0000,stroke:#a60000,color:#fff style B fill:#5e40be,stroke:#3d2a7c,color:#fff style C fill:#009596,stroke:#006d6e,color:#fff style D fill:#3e8635,stroke:#2d6327,color:#fff style E fill:#0066cc,stroke:#004080,color:#fff style F fill:#3e8635,stroke:#2d6327,color:#fff style G fill:#0066cc,stroke:#004080,color:#fff

Quick Start

Deploy LibreChat on your OpenShift cluster in minutes

1

Add the Helm repository

helm repo add librechat https://maximilianopizarro.github.io/librechat/
helm repo update

2

Install on OpenShift

helm install librechat librechat/librechat

This deploys LibreChat with MongoDB, PostgreSQL, Meilisearch, and RAG API. LiteLLM is disabled by default.

3

Enable LiteLLM proxy (optional)

To connect LibreChat with vLLM/KServe inference services in your cluster:

helm upgrade librechat librechat/librechat \
  --set litellm.enabled=true \
  --set litellm.useServiceAccountToken=true \
  --set litellm.models[0].name=my-model \
  --set litellm.models[0].modelId=my-isvc-name \
  --set litellm.models[0].apiBase=https://my-isvc-predictor.ns.svc.cluster.local:8443/v1

4

Access LibreChat

oc get route librechat-librechat -o jsonpath='{.spec.host}'

Open the URL in your browser. Register a new account and start chatting.

Developer Sandbox

Free hosted OpenShift environment — no cluster required

🚀

One-command deploy

The values-sandbox.yaml file pre-configures everything for the Developer Sandbox: restricted SCC, gp3-csi storage, service links disabled, and LiteLLM enabled with the sandbox shared models.

🧠

Pre-configured AI models

Connects automatically to IBM Granite 3.1 8B, Qwen 3 8B, and NVIDIA Nemotron Nano 9B v2 via LiteLLM proxy. All models run as shared vLLM InferenceServices in the sandbox.

Deploy on Developer Sandbox

1

Get a free sandbox

Sign up at developers.redhat.com/developer-sandbox and copy your oc login command.

2

Login and install

oc login --token=sha256~YOUR_TOKEN --server=https://api.YOUR_CLUSTER:6443

helm repo add librechat https://maximilianopizarro.github.io/librechat/
helm install librechat librechat/librechat -f values-sandbox.yaml

3

Automatic model authentication

The sandbox uses useServiceAccountToken: true by default — the pod's ServiceAccount token authenticates to the shared models automatically. No manual token management needed.

Sandbox shared models

Model	ID	Endpoint
IBM Granite 3.1 8B	isvc-granite-31-8b-fp8	sandbox-shared-models.svc.cluster.local:8443
Qwen 3 8B	isvc-qwen3-8b-fp8	sandbox-shared-models.svc.cluster.local:8443
NVIDIA Nemotron Nano 9B v2	isvc-nemotron-nano-9b-v2-fp8	sandbox-shared-models.svc.cluster.local:8443

AI Model Configuration

Connect to any OpenAI-compatible model endpoint

LiteLLM Proxy (recommended for OpenShift)

LiteLLM acts as an OpenAI-compatible proxy between LibreChat and your vLLM/KServe InferenceServices. It handles authentication, SSL, and model routing. An OpenShift Route is created by default for external access to the LiteLLM admin UI.

Setting	Default	Description
litellm.masterKey	sk-litellm-1234	Master key for LiteLLM admin API. Change in production.
litellm.route.enabled	true	Creates an OpenShift Route for external access
litellm.route.host	'' (auto)	Custom hostname for the route

litellm:
  enabled: true
  route:
    enabled: true
  masterKey: "sk-litellm-1234"
  useServiceAccountToken: true
  models:
    - name: granite-3.1-8b
      modelId: isvc-granite-31-8b-fp8
      apiBase: "https://isvc-predictor.namespace.svc.cluster.local:8443/v1"

Access the LiteLLM admin UI via the route:

oc get route librechat-litellm -o jsonpath='{.spec.host}'

ServiceAccount token (recommended)

Uses the pod's auto-mounted ServiceAccount token. No manual token management — it refreshes automatically:

litellm:
  enabled: true
  useServiceAccountToken: true

For manual token override, set useServiceAccountToken: false and pass --set litellm.apiKey=$(oc whoami -t).

Ollama (optional, local models)

For running local models with Ollama. Disabled by default to save resources.

ollama:
  enabled: true
# Add to librechat.configYamlContent endpoints.custom:
#   - name: "Ollama"
#     apiKey: "${OPENAI_API_KEY}"
#     baseURL: "http://librechat-ollama:11434/v1"
#     models:
#       default: ["llama3.2"]
#       fetch: true

Container Image

Red Hat UBI 9 certified runtime

Property	Value
Image	quay.io/maximilianopizarro/librechat
Base	registry.access.redhat.com/ubi9/nodejs-20-minimal
Source	ghcr.io/danny-avila/librechat:v0.8.5-rc1
Build	3-stage: extract → rebuild native modules → minimal runtime
SCC	Runs as non-root (UID 1000), restricted SCC compatible
CI	GitHub Actions with redhat-actions/buildah-build

Build locally

podman build -t quay.io/maximilianopizarro/librechat:v0.8.5-rc1 \
  -f container/Containerfile \
  --build-arg LIBRECHAT_VERSION=v0.8.5-rc1 .

Run locally

podman run -d --name librechat \
  -p 3080:3080 \
  quay.io/maximilianopizarro/librechat:v0.8.5-rc1

Chart Components

Subchart dependencies and versions

Component	Version	Condition	Description
PostgreSQL	15.5.38	postgresql.enabled	Bitnami PostgreSQL with pgvector for RAG embeddings
MongoDB	16.5.45	mongodb.enabled	Bitnami MongoDB for LibreChat data storage
Ollama	1.26.0	ollama.enabled	Local LLM inference (disabled by default)
Meilisearch	0.7.0	meilisearch.enabled	Full-text search engine for messages
RAG API	0.5.1	librechat-rag-api.enabled	Retrieval Augmented Generation API
LiteLLM	v1.82.3	litellm.enabled	OpenAI-compatible proxy for vLLM/KServe models
MongoDB image	8.0.20	—	Updated from 8.0.13 matching upstream

Release Notes — v1.8.17

• 🚀 LibreChat v0.8.5-rc1 — Admin Panel, Context Compaction/Summarization, redesigned sidebar and tool call UI
• 🛡️ Admin Panel — Per-principal config overrides, custom roles and groups, system grants for access control
• 🧠 Context Compaction — Auto-summarizes long agent conversations to stay within context limits (Config v1.3.8)
• 🔌 MCP improvements — 3-tier architecture, lazy init, OAuth improvements, domain allowlisting
• 📦 MongoDB 8.0.20 — Updated from 8.0.13 matching upstream Docker Compose files
• 📌 Pinned Model Specs — Users can pin favorite model specs for quick access
• 🏗️ Red Hat UBI 9 — Container image on ubi9/nodejs-20-minimal with LiteLLM proxy and SA token auth

This site is open source. Improve this page.