Compare commits
38 Commits
fresh-star
...
8f1b0c42a6
| Author | SHA1 | Date | |
|---|---|---|---|
| 8f1b0c42a6 | |||
| 37b78f079e | |||
| 0d17825eab | |||
| ffeecf65f6 | |||
| fea49ae167 | |||
| 6b6e7937c1 | |||
| 487baa2813 | |||
| fe2f79d13c | |||
| c3a747c03c | |||
| f1f6ffb9a0 | |||
| e851f6ab8c | |||
| 2ecd20c9d7 | |||
| bdb3bd3234 | |||
| 47e957e444 | |||
| b2dfb2dc0b | |||
| 6ccc964c87 | |||
| 5c7b258ccf | |||
| 351426f055 | |||
| ca598f9750 | |||
| 0cb93ce8a1 | |||
| 6fde991ba9 | |||
| 5f3840cc02 | |||
| d9a22723ef | |||
| f97a655ad5 | |||
| c2aacd0ef4 | |||
| f36ce88026 | |||
| d19d332b59 | |||
| 5cf9de7997 | |||
| 3c84632a2d | |||
| 14bcc8546c | |||
| ca8a63fdbe | |||
| 3a46d17f02 | |||
| add851ee9e | |||
| edbfd26bde | |||
| dea0dfb7cc | |||
| 874fc826cd | |||
| 33cb5c72c7 | |||
| 31df54fcf0 |
@@ -23,7 +23,7 @@ spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: gitea
|
||||
version: 10.6.0
|
||||
version: 11.0.1
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: gitea-charts
|
||||
@@ -60,9 +60,6 @@ spec:
|
||||
enabled: true
|
||||
storageClass: mayastor-single-hdd
|
||||
|
||||
image:
|
||||
tag: 1.23.3
|
||||
|
||||
gitea:
|
||||
config:
|
||||
database:
|
||||
|
||||
@@ -3,3 +3,5 @@ kind: Kustomization
|
||||
resources:
|
||||
- gitea.yaml
|
||||
- renovate.yaml
|
||||
- ollama.yaml
|
||||
- librechat.yaml
|
||||
|
||||
141
apps/librechat.yaml
Normal file
141
apps/librechat.yaml
Normal file
@@ -0,0 +1,141 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: librechat
|
||||
---
|
||||
# Manually create database serviceaccount
|
||||
# https://github.com/mongodb/helm-charts/blob/01e50752b84de90607f12b1bd8d32c2d3493f1d2/charts/community-operator/templates/database_roles.yaml
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: mongodb-database
|
||||
namespace: librechat
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: mongodb-database
|
||||
namespace: librechat
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
verbs:
|
||||
- patch
|
||||
- delete
|
||||
- get
|
||||
---
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: mongodb-database
|
||||
namespace: librechat
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: mongodb-database
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: mongodb-database
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: mongodbcommunity.mongodb.com/v1
|
||||
kind: MongoDBCommunity
|
||||
metadata:
|
||||
name: librechat
|
||||
namespace: librechat
|
||||
spec:
|
||||
members: 1
|
||||
type: ReplicaSet
|
||||
version: "6.0.5"
|
||||
security:
|
||||
authentication:
|
||||
modes: ["SCRAM"]
|
||||
users:
|
||||
- name: librechat
|
||||
db: LibreChat
|
||||
passwordSecretRef: # a reference to the secret that will be used to generate the user's password
|
||||
name: librechat-mongodb-secret
|
||||
roles:
|
||||
- name: clusterAdmin
|
||||
db: admin
|
||||
- name: userAdminAnyDatabase
|
||||
db: admin
|
||||
- name: readWriteAnyDatabase
|
||||
db: admin
|
||||
scramCredentialsSecretName: my-scram
|
||||
additionalMongodConfig:
|
||||
storage.wiredTiger.engineConfig.journalCompressor: zlib
|
||||
statefulSet:
|
||||
spec:
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: data-volume
|
||||
spec:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
storageClassName: openebs-single-replica
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
- metadata:
|
||||
name: logs-volume
|
||||
spec:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
storageClassName: openebs-single-replica
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: GitRepository
|
||||
metadata:
|
||||
name: librechat
|
||||
namespace: librechat
|
||||
spec:
|
||||
interval: 1h
|
||||
url: https://github.com/danny-avila/LibreChat.git
|
||||
ref:
|
||||
tag: v0.7.7
|
||||
ignore: |
|
||||
# exclude all
|
||||
/*
|
||||
# include charts
|
||||
!/charts/
|
||||
---
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: librechat
|
||||
namespace: librechat
|
||||
spec:
|
||||
interval: 10m
|
||||
chart:
|
||||
spec:
|
||||
chart: ./charts/librechat
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: librechat
|
||||
namespace: librechat
|
||||
interval: 10m
|
||||
values:
|
||||
replicaCount: 1
|
||||
# image:
|
||||
# tag: v0.7.7 # Not pinned in chart for some reason
|
||||
config:
|
||||
envSecrets:
|
||||
secretRef: librechat
|
||||
secretKeyRef:
|
||||
- name: MONGO_URI
|
||||
secretName: librechat-librechat-librechat
|
||||
secretKey: connectionString.standardSrv
|
||||
env:
|
||||
TRUST_PROXY: 1
|
||||
DOMAIN_CLIENT: https://librechat.lumpiasty.xyz
|
||||
ALLOW_REGISTRATION: false
|
||||
157
apps/ollama.yaml
Normal file
157
apps/ollama.yaml
Normal file
@@ -0,0 +1,157 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: ollama
|
||||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: ollama-helm
|
||||
namespace: ollama
|
||||
spec:
|
||||
interval: 24h
|
||||
url: https://otwld.github.io/ollama-helm/
|
||||
---
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: ollama
|
||||
namespace: ollama
|
||||
spec:
|
||||
interval: 30m
|
||||
chart:
|
||||
spec:
|
||||
chart: ollama
|
||||
version: 1.12.0
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: ollama-helm
|
||||
namespace: ollama
|
||||
interval: 12h
|
||||
values:
|
||||
ollama:
|
||||
gpu:
|
||||
enabled: false
|
||||
persistentVolume:
|
||||
enabled: true
|
||||
storageClass: mayastor-single-hdd
|
||||
size: 200Gi
|
||||
# GPU support
|
||||
# Rewrite of options in
|
||||
# https://hub.docker.com/r/grinco/ollama-amd-apu
|
||||
image:
|
||||
repository: grinco/ollama-amd-apu
|
||||
tag: vulkan
|
||||
securityContext:
|
||||
# Not ideal
|
||||
privileged: true
|
||||
capabilities:
|
||||
add:
|
||||
- PERFMON
|
||||
volumeMounts:
|
||||
- name: kfd
|
||||
mountPath: /dev/kfd
|
||||
- name: dri
|
||||
mountPath: /dev/dri
|
||||
volumes:
|
||||
- name: kfd
|
||||
hostPath:
|
||||
path: /dev/kfd
|
||||
type: CharDevice
|
||||
- name: dri
|
||||
hostPath:
|
||||
path: /dev/dri
|
||||
type: Directory
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: ollama-proxy
|
||||
namespace: ollama
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: ollama-proxy
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ollama-proxy
|
||||
spec:
|
||||
containers:
|
||||
- name: caddy
|
||||
image: caddy:2.9.1-alpine
|
||||
imagePullPolicy: IfNotPresent
|
||||
volumeMounts:
|
||||
- mountPath: /etc/caddy
|
||||
name: proxy-config
|
||||
env:
|
||||
- name: API_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ollama-api-key
|
||||
key: API_KEY
|
||||
volumes:
|
||||
- name: proxy-config
|
||||
configMap:
|
||||
name: ollama-proxy-config
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
namespace: ollama
|
||||
name: ollama-proxy-config
|
||||
data:
|
||||
Caddyfile: |
|
||||
http://ollama.lumpiasty.xyz {
|
||||
|
||||
@requireAuth {
|
||||
not header Authorization "Bearer {env.API_KEY}"
|
||||
}
|
||||
|
||||
respond @requireAuth "Unauthorized" 401
|
||||
|
||||
reverse_proxy ollama:11434
|
||||
}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
namespace: ollama
|
||||
name: ollama-proxy
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app.kubernetes.io/name: ollama-proxy
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
targetPort: 80
|
||||
protocol: TCP
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
namespace: ollama
|
||||
name: ollama
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
acme.cert-manager.io/http01-edit-in-place: "true"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
rules:
|
||||
- host: ollama.lumpiasty.xyz
|
||||
http:
|
||||
paths:
|
||||
- backend:
|
||||
service:
|
||||
name: ollama-proxy
|
||||
port:
|
||||
number: 80
|
||||
path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- hosts:
|
||||
- ollama.lumpiasty.xyz
|
||||
secretName: ollama-ingress
|
||||
@@ -20,7 +20,7 @@ spec:
|
||||
- name: renovate
|
||||
# Update this to the latest available and then enable Renovate on
|
||||
# the manifest
|
||||
image: renovate/renovate:39.215.2-full
|
||||
image: renovate/renovate:39.232.3-full
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: renovate-env
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -23,7 +23,7 @@ spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: cert-manager
|
||||
version: 1.17.0
|
||||
version: v1.17.1
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cert-manager
|
||||
|
||||
@@ -23,7 +23,7 @@ spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: k8up
|
||||
version: 4.8.3
|
||||
version: 4.8.4
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: k8up-io
|
||||
|
||||
33
infra/controllers/mongodb-operator.yaml
Normal file
33
infra/controllers/mongodb-operator.yaml
Normal file
@@ -0,0 +1,33 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: mongodb
|
||||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: mongodb
|
||||
namespace: mongodb
|
||||
spec:
|
||||
interval: 24h
|
||||
url: https://mongodb.github.io/helm-charts
|
||||
---
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: mongodb-operator
|
||||
namespace: mongodb
|
||||
spec:
|
||||
interval: 30m
|
||||
chart:
|
||||
spec:
|
||||
chart: community-operator
|
||||
version: 0.12.0
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: mongodb
|
||||
namespace: mongodb
|
||||
values:
|
||||
operator:
|
||||
watchNamespace: "*"
|
||||
@@ -23,7 +23,7 @@ spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: openbao
|
||||
version: 0.8.1
|
||||
version: 0.10.1
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: openbao
|
||||
|
||||
@@ -23,7 +23,7 @@ spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: openebs
|
||||
version: 4.1.3
|
||||
version: 4.2.0
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: openebs
|
||||
|
||||
@@ -10,6 +10,7 @@ resources:
|
||||
- controllers/openebs.yaml
|
||||
- controllers/k8up.yaml
|
||||
- controllers/openbao.yaml
|
||||
- controllers/mongodb-operator.yaml
|
||||
- diskpools/anapistula-delrosalae-hdd.yaml
|
||||
- configs/bgp-cluster-config.yaml
|
||||
- configs/loadbalancer-ippool.yaml
|
||||
|
||||
@@ -1,10 +1,14 @@
|
||||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"kubernetes": {
|
||||
"fileMatch": ["\\.yaml$"]
|
||||
"fileMatch": ["infra/.+\\.yaml$", "apps/.+\\.yaml$"]
|
||||
},
|
||||
"flux": {
|
||||
"fileMatch": ["infra/.+\\.yaml$", "apps/.+\\.yaml$"]
|
||||
"fileMatch": [
|
||||
"infra/.+\\.yaml$",
|
||||
"apps/.+\\.yaml$",
|
||||
"gotk-components\\.ya?ml$"
|
||||
]
|
||||
},
|
||||
"prHourlyLimit": 9
|
||||
}
|
||||
|
||||
11
talos/patches/ollama.patch
Normal file
11
talos/patches/ollama.patch
Normal file
@@ -0,0 +1,11 @@
|
||||
# CSI driver requirement
|
||||
cluster:
|
||||
apiServer:
|
||||
admissionControl:
|
||||
- name: PodSecurity
|
||||
configuration:
|
||||
apiVersion: pod-security.admission.config.k8s.io/v1beta1
|
||||
kind: PodSecurityConfiguration
|
||||
exemptions:
|
||||
namespaces:
|
||||
- ollama
|
||||
Reference in New Issue
Block a user