From 9a9c1a45db889e71f2247ec7168dba4226cabfda Mon Sep 17 00:00:00 2001 From: Lumpiasty Date: Sat, 5 Apr 2025 22:08:02 +0200 Subject: [PATCH] split ollama deployment to files --- apps/kustomization.yaml | 2 +- apps/ollama.yaml | 157 --------------------------------- apps/ollama/auth-proxy.yaml | 66 ++++++++++++++ apps/ollama/ingress.yaml | 26 ++++++ apps/ollama/kustomization.yaml | 7 ++ apps/ollama/namespace.yaml | 5 ++ apps/ollama/release.yaml | 60 +++++++++++++ 7 files changed, 165 insertions(+), 158 deletions(-) delete mode 100644 apps/ollama.yaml create mode 100644 apps/ollama/auth-proxy.yaml create mode 100644 apps/ollama/ingress.yaml create mode 100644 apps/ollama/kustomization.yaml create mode 100644 apps/ollama/namespace.yaml create mode 100644 apps/ollama/release.yaml diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml index bb37042..37c2a23 100644 --- a/apps/kustomization.yaml +++ b/apps/kustomization.yaml @@ -3,5 +3,5 @@ kind: Kustomization resources: - gitea - renovate.yaml - - ollama.yaml + - ollama - librechat.yaml diff --git a/apps/ollama.yaml b/apps/ollama.yaml deleted file mode 100644 index 3e50d98..0000000 --- a/apps/ollama.yaml +++ /dev/null @@ -1,157 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: ollama ---- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: ollama-helm - namespace: ollama -spec: - interval: 24h - url: https://otwld.github.io/ollama-helm/ ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: ollama - namespace: ollama -spec: - interval: 30m - chart: - spec: - chart: ollama - version: 1.13.0 - sourceRef: - kind: HelmRepository - name: ollama-helm - namespace: ollama - interval: 12h - values: - ollama: - gpu: - enabled: false - persistentVolume: - enabled: true - storageClass: mayastor-single-hdd - size: 200Gi - # GPU support - # Rewrite of options in - # https://hub.docker.com/r/grinco/ollama-amd-apu - image: - repository: grinco/ollama-amd-apu - tag: vulkan - securityContext: - # Not ideal - privileged: true - capabilities: - add: - - PERFMON - volumeMounts: - - name: kfd - mountPath: /dev/kfd - - name: dri - mountPath: /dev/dri - volumes: - - name: kfd - hostPath: - path: /dev/kfd - type: CharDevice - - name: dri - hostPath: - path: /dev/dri - type: Directory ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ollama-proxy - namespace: ollama -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: ollama-proxy - template: - metadata: - labels: - app.kubernetes.io/name: ollama-proxy - spec: - containers: - - name: caddy - image: caddy:2.9.1-alpine - imagePullPolicy: IfNotPresent - volumeMounts: - - mountPath: /etc/caddy - name: proxy-config - env: - - name: API_KEY - valueFrom: - secretKeyRef: - name: ollama-api-key - key: API_KEY - volumes: - - name: proxy-config - configMap: - name: ollama-proxy-config ---- -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: ollama - name: ollama-proxy-config -data: - Caddyfile: | - http://ollama.lumpiasty.xyz { - - @requireAuth { - not header Authorization "Bearer {env.API_KEY}" - } - - respond @requireAuth "Unauthorized" 401 - - reverse_proxy ollama:11434 - } ---- -apiVersion: v1 -kind: Service -metadata: - namespace: ollama - name: ollama-proxy -spec: - type: ClusterIP - selector: - app.kubernetes.io/name: ollama-proxy - ports: - - name: http - port: 80 - targetPort: 80 - protocol: TCP ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - namespace: ollama - name: ollama - annotations: - cert-manager.io/cluster-issuer: letsencrypt - acme.cert-manager.io/http01-edit-in-place: "true" -spec: - ingressClassName: nginx - rules: - - host: ollama.lumpiasty.xyz - http: - paths: - - backend: - service: - name: ollama-proxy - port: - number: 80 - path: / - pathType: Prefix - tls: - - hosts: - - ollama.lumpiasty.xyz - secretName: ollama-ingress diff --git a/apps/ollama/auth-proxy.yaml b/apps/ollama/auth-proxy.yaml new file mode 100644 index 0000000..8277905 --- /dev/null +++ b/apps/ollama/auth-proxy.yaml @@ -0,0 +1,66 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ollama-proxy + namespace: ollama +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: ollama-proxy + template: + metadata: + labels: + app.kubernetes.io/name: ollama-proxy + spec: + containers: + - name: caddy + image: caddy:2.9.1-alpine + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /etc/caddy + name: proxy-config + env: + - name: API_KEY + valueFrom: + secretKeyRef: + name: ollama-api-key + key: API_KEY + volumes: + - name: proxy-config + configMap: + name: ollama-proxy-config +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: ollama + name: ollama-proxy-config +data: + Caddyfile: | + http://ollama.lumpiasty.xyz { + + @requireAuth { + not header Authorization "Bearer {env.API_KEY}" + } + + respond @requireAuth "Unauthorized" 401 + + reverse_proxy ollama:11434 + } +--- +apiVersion: v1 +kind: Service +metadata: + namespace: ollama + name: ollama-proxy +spec: + type: ClusterIP + selector: + app.kubernetes.io/name: ollama-proxy + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/ollama/ingress.yaml b/apps/ollama/ingress.yaml new file mode 100644 index 0000000..16d2aef --- /dev/null +++ b/apps/ollama/ingress.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + namespace: ollama + name: ollama + annotations: + cert-manager.io/cluster-issuer: letsencrypt + acme.cert-manager.io/http01-edit-in-place: "true" +spec: + ingressClassName: nginx + rules: + - host: ollama.lumpiasty.xyz + http: + paths: + - backend: + service: + name: ollama-proxy + port: + number: 80 + path: / + pathType: Prefix + tls: + - hosts: + - ollama.lumpiasty.xyz + secretName: ollama-ingress diff --git a/apps/ollama/kustomization.yaml b/apps/ollama/kustomization.yaml new file mode 100644 index 0000000..143a5b6 --- /dev/null +++ b/apps/ollama/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml + - release.yaml + - auth-proxy.yaml + - ingress.yaml diff --git a/apps/ollama/namespace.yaml b/apps/ollama/namespace.yaml new file mode 100644 index 0000000..1568ec2 --- /dev/null +++ b/apps/ollama/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: ollama diff --git a/apps/ollama/release.yaml b/apps/ollama/release.yaml new file mode 100644 index 0000000..3074542 --- /dev/null +++ b/apps/ollama/release.yaml @@ -0,0 +1,60 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: ollama-helm + namespace: ollama +spec: + interval: 24h + url: https://otwld.github.io/ollama-helm/ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: ollama + namespace: ollama +spec: + interval: 30m + chart: + spec: + chart: ollama + version: 1.13.0 + sourceRef: + kind: HelmRepository + name: ollama-helm + namespace: ollama + interval: 12h + values: + ollama: + gpu: + enabled: false + persistentVolume: + enabled: true + storageClass: mayastor-single-hdd + size: 200Gi + # GPU support + # Rewrite of options in + # https://hub.docker.com/r/grinco/ollama-amd-apu + image: + repository: grinco/ollama-amd-apu + tag: vulkan + securityContext: + # Not ideal + privileged: true + capabilities: + add: + - PERFMON + volumeMounts: + - name: kfd + mountPath: /dev/kfd + - name: dri + mountPath: /dev/dri + volumes: + - name: kfd + hostPath: + path: /dev/kfd + type: CharDevice + - name: dri + hostPath: + path: /dev/dri + type: Directory