--- apiVersion: v1 kind: Namespace metadata: name: ollama --- apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: ollama-helm namespace: ollama spec: interval: 24h url: https://otwld.github.io/ollama-helm/ --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: ollama namespace: ollama spec: interval: 30m chart: spec: chart: ollama version: 1.11.0 sourceRef: kind: HelmRepository name: ollama-helm namespace: ollama interval: 12h values: ollama: gpu: enabled: false persistentVolume: enabled: true storageClass: mayastor-single-hdd size: 200Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: ollama-proxy namespace: ollama spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: ollama-proxy template: metadata: labels: app.kubernetes.io/name: ollama-proxy spec: containers: - name: caddy image: caddy:2.9.1-alpine imagePullPolicy: IfNotPresent volumeMounts: - mountPath: /etc/caddy name: proxy-config env: - name: API_KEY valueFrom: secretKeyRef: name: ollama-api-key key: API_KEY volumes: - name: proxy-config configMap: name: ollama-proxy-config --- apiVersion: v1 kind: ConfigMap metadata: namespace: ollama name: ollama-proxy-config data: Caddyfile: | http://ollama.lumpiasty.xyz { @requireAuth { not header Authorization "Bearer {env.API_KEY}" } respond @requireAuth "Unauthorized" 401 reverse_proxy ollama:11434 } --- apiVersion: v1 kind: Service metadata: namespace: ollama name: ollama-proxy spec: type: ClusterIP selector: app.kubernetes.io/name: ollama-proxy ports: - name: http port: 80 targetPort: 80 protocol: TCP --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: namespace: ollama name: ollama annotations: cert-manager.io/cluster-issuer: letsencrypt acme.cert-manager.io/http01-edit-in-place: "true" spec: ingressClassName: nginx rules: - host: ollama.lumpiasty.xyz http: paths: - backend: service: name: ollama-proxy port: number: 80 path: / pathType: Prefix tls: - hosts: - ollama.lumpiasty.xyz secretName: ollama-ingress