Update renovate/renovate Docker tag to v39.233.4

apps/gitea.yaml

@@ -1,3 +1,9 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gitea
+---
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
@@ -102,3 +108,37 @@ spec:
       resources:
         requests:
           cpu: 0
+---
+apiVersion: k8up.io/v1
+kind: Schedule
+metadata:
+  name: gitea-backup
+  namespace: gitea
+spec:
+  backend:
+    # Manually adding secrets for now
+    repoPasswordSecretRef:
+      name: restic-repo
+      key: password
+    s3:
+      endpoint: https://s3.eu-central-003.backblazeb2.com
+      bucket: lumpiasty-backups
+      accessKeyIDSecretRef:
+        name: backblaze
+        key: keyid
+      secretAccessKeySecretRef:
+        name: backblaze
+        key: secret
+  backup:
+    schedule: "@daily-random"
+    failedJobsHistoryLimit: 2
+    successfulJobsHistoryLimit: 2
+  check:
+    schedule: "@daily-random"
+  prune:
+    schedule: "@daily-random"
+    retention:
+      keepLast: 14
+      keepDaily: 14
+      keepWeekly: 50
+      keepYearly: 10

apps/gitea/backups.yaml

@@ -1,33 +0,0 @@
-apiVersion: k8up.io/v1
-kind: Schedule
-metadata:
-  name: gitea-backup
-  namespace: gitea
-spec:
-  backend:
-    # Manually adding secrets for now
-    repoPasswordSecretRef:
-      name: restic-repo
-      key: password
-    s3:
-      endpoint: https://s3.eu-central-003.backblazeb2.com
-      bucket: lumpiasty-backups
-      accessKeyIDSecretRef:
-        name: backblaze
-        key: keyid
-      secretAccessKeySecretRef:
-        name: backblaze
-        key: secret
-  backup:
-    schedule: "@daily-random"
-    failedJobsHistoryLimit: 2
-    successfulJobsHistoryLimit: 2
-  check:
-    schedule: "@daily-random"
-  prune:
-    schedule: "@daily-random"
-    retention:
-      keepLast: 14
-      keepDaily: 14
-      keepWeekly: 50
-      keepYearly: 10

apps/gitea/kustomization.yaml

@@ -1,7 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - namespace.yaml
-  - release.yaml
-  - backups.yaml
-  - postgres-cluster.yaml

apps/gitea/namespace.yaml

@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: gitea

apps/gitea/postgres-cluster.yaml

@@ -1,12 +0,0 @@
----
-apiVersion: postgresql.cnpg.io/v1
-kind: Cluster
-metadata:
-  name: gitea-postgresql-cluster
-  namespace: gitea
-spec:
-  instances: 1
-
-  storage:
-    size: 10Gi
-    storageClass: mayastor-single-hdd

apps/kustomization.yaml

@@ -1,7 +1,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - gitea
+  - gitea.yaml
-  - renovate
+  - renovate.yaml
-  - ollama
+  - ollama.yaml
-  - librechat
+  - librechat.yaml

apps/librechat.yaml

@@ -1,4 +1,9 @@
 ---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: librechat
+---
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
@@ -38,6 +43,12 @@ spec:
         version: 1.0.3
 
         endpoints:
+          agents:
+            capabilities:
+              - "file_search"
+              - "actions"
+              - "tools"
+              - "chain"
           custom:
             - name: "Ollama"
               apiKey: "ollama"

apps/librechat/kustomization.yaml

@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - namespace.yaml
-  - release.yaml

apps/librechat/namespace.yaml

@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: librechat

apps/ollama.yaml

@@ -0,0 +1,157 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ollama
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: ollama-helm
+  namespace: ollama
+spec:
+  interval: 24h
+  url: https://otwld.github.io/ollama-helm/
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: ollama
+  namespace: ollama
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: ollama
+      version: 1.13.0
+      sourceRef:
+        kind: HelmRepository
+        name: ollama-helm
+        namespace: ollama
+      interval: 12h
+  values:
+    ollama:
+      gpu:
+        enabled: false
+    persistentVolume:
+      enabled: true
+      storageClass: mayastor-single-hdd
+      size: 200Gi
+    # GPU support
+    # Rewrite of options in
+    # https://hub.docker.com/r/grinco/ollama-amd-apu
+    image:
+      repository: grinco/ollama-amd-apu
+      tag: vulkan
+    securityContext:
+      # Not ideal
+      privileged: true
+      capabilities:
+        add:
+          - PERFMON
+    volumeMounts:
+      - name: kfd
+        mountPath: /dev/kfd
+      - name: dri
+        mountPath: /dev/dri
+    volumes:
+      - name: kfd
+        hostPath:
+          path: /dev/kfd
+          type: CharDevice
+      - name: dri
+        hostPath:
+          path: /dev/dri
+          type: Directory
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ollama-proxy
+  namespace: ollama
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: ollama-proxy
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: ollama-proxy
+    spec:
+      containers:
+        - name: caddy
+          image: caddy:2.9.1-alpine
+          imagePullPolicy: IfNotPresent
+          volumeMounts:
+            - mountPath: /etc/caddy
+              name: proxy-config
+          env:
+            - name: API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: ollama-api-key
+                  key: API_KEY
+      volumes:
+        - name: proxy-config
+          configMap:
+            name: ollama-proxy-config
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: ollama
+  name: ollama-proxy-config
+data:
+  Caddyfile: |
+    http://ollama.lumpiasty.xyz {
+
+      @requireAuth {
+        not header Authorization "Bearer {env.API_KEY}"
+      }
+
+      respond @requireAuth "Unauthorized" 401
+
+      reverse_proxy ollama:11434
+    }
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: ollama
+  name: ollama-proxy
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: ollama-proxy
+  ports:
+    - name: http
+      port: 80
+      targetPort: 80
+      protocol: TCP
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  namespace: ollama
+  name: ollama
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    acme.cert-manager.io/http01-edit-in-place: "true"
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: ollama.lumpiasty.xyz
+      http:
+        paths:
+          - backend:
+              service:
+                name: ollama-proxy
+                port:
+                  number: 80
+            path: /
+            pathType: Prefix
+  tls:
+    - hosts:
+        - ollama.lumpiasty.xyz
+      secretName: ollama-ingress

apps/ollama/auth-proxy.yaml

@@ -1,66 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: ollama-proxy
-  namespace: ollama
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: ollama-proxy
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: ollama-proxy
-    spec:
-      containers:
-        - name: caddy
-          image: caddy:2.9.1-alpine
-          imagePullPolicy: IfNotPresent
-          volumeMounts:
-            - mountPath: /etc/caddy
-              name: proxy-config
-          env:
-            - name: API_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: ollama-api-key
-                  key: API_KEY
-      volumes:
-        - name: proxy-config
-          configMap:
-            name: ollama-proxy-config
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  namespace: ollama
-  name: ollama-proxy-config
-data:
-  Caddyfile: |
-    http://ollama.lumpiasty.xyz {
-
-      @requireAuth {
-        not header Authorization "Bearer {env.API_KEY}"
-      }
-
-      respond @requireAuth "Unauthorized" 401
-
-      reverse_proxy ollama:11434
-    }
----
-apiVersion: v1
-kind: Service
-metadata:
-  namespace: ollama
-  name: ollama-proxy
-spec:
-  type: ClusterIP
-  selector:
-    app.kubernetes.io/name: ollama-proxy
-  ports:
-    - name: http
-      port: 80
-      targetPort: 80
-      protocol: TCP

apps/ollama/ingress.yaml

@@ -1,26 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  namespace: ollama
-  name: ollama
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-    acme.cert-manager.io/http01-edit-in-place: "true"
-spec:
-  ingressClassName: nginx
-  rules:
-    - host: ollama.lumpiasty.xyz
-      http:
-        paths:
-          - backend:
-              service:
-                name: ollama-proxy
-                port:
-                  number: 80
-            path: /
-            pathType: Prefix
-  tls:
-    - hosts:
-        - ollama.lumpiasty.xyz
-      secretName: ollama-ingress

apps/ollama/kustomization.yaml

@@ -1,7 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - namespace.yaml
-  - release.yaml
-  - auth-proxy.yaml
-  - ingress.yaml

apps/ollama/namespace.yaml

@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: ollama

apps/ollama/release.yaml

@@ -1,60 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: ollama-helm
-  namespace: ollama
-spec:
-  interval: 24h
-  url: https://otwld.github.io/ollama-helm/
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: ollama
-  namespace: ollama
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: ollama
-      version: 1.13.0
-      sourceRef:
-        kind: HelmRepository
-        name: ollama-helm
-        namespace: ollama
-      interval: 12h
-  values:
-    ollama:
-      gpu:
-        enabled: false
-    persistentVolume:
-      enabled: true
-      storageClass: mayastor-single-hdd
-      size: 200Gi
-    # GPU support
-    # Rewrite of options in
-    # https://hub.docker.com/r/grinco/ollama-amd-apu
-    image:
-      repository: grinco/ollama-amd-apu
-      tag: vulkan
-    securityContext:
-      # Not ideal
-      privileged: true
-      capabilities:
-        add:
-          - PERFMON
-    volumeMounts:
-      - name: kfd
-        mountPath: /dev/kfd
-      - name: dri
-        mountPath: /dev/dri
-    volumes:
-      - name: kfd
-        hostPath:
-          path: /dev/kfd
-          type: CharDevice
-      - name: dri
-        hostPath:
-          path: /dev/dri
-          type: Directory

apps/renovate.yaml

@@ -1,4 +1,9 @@
 ---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: renovate
+---
 apiVersion: batch/v1
 kind: CronJob
 metadata:

apps/renovate/kustomization.yaml

@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - namespace.yaml
-  - cronjob.yaml

apps/renovate/namespace.yaml

@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: renovate

infra/controllers/cloudnative-pg.yaml

@@ -1,31 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: cnpg-system
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: cnpg
-  namespace: cnpg-system
-spec:
-  interval: 24h
-  url: https://cloudnative-pg.github.io/charts
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: cnpg
-  namespace: cnpg-system
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: cloudnative-pg
-      version: 0.23.2
-      sourceRef:
-        kind: HelmRepository
-        name: cnpg
-        namespace: cnpg-system
-      interval: 12h

infra/kustomization.yaml

@@ -11,7 +11,6 @@ resources:
   - controllers/k8up.yaml
   - controllers/openbao.yaml
   - controllers/mongodb-operator.yaml
-  - controllers/cloudnative-pg.yaml
   - diskpools/anapistula-delrosalae-hdd.yaml
   - configs/bgp-cluster-config.yaml
   - configs/loadbalancer-ippool.yaml