Compare commits
No commits in common. "7060126ca7fec0ae48a4506d211b974e78a9d103" and "f7f3daac801c923d1cc2ef4a6b689f0d84ef7dcf" have entirely different histories.
7060126ca7
...
f7f3daac80
|
@ -26,8 +26,8 @@ spec:
|
|||
hostPort: 58846
|
||||
containerPort: 58846
|
||||
- name: torrent
|
||||
hostPort: 6881
|
||||
containerPort: 6881
|
||||
hostPort: 6881
|
||||
resources:
|
||||
requests:
|
||||
cpu: 1500m
|
||||
|
@ -97,5 +97,5 @@ spec:
|
|||
app.kubernetes.io/name: deluge
|
||||
ports:
|
||||
- port: 6881
|
||||
targetPort: torrent
|
||||
targetPort: deluge-daemon
|
||||
nodePort: 31001
|
|
@ -0,0 +1,99 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: drone-runner
|
||||
labels:
|
||||
app.kubernetes.io/name: drone
|
||||
app.kubernetes.io/component: runner
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: drone
|
||||
app.kubernetes.io/component: runner
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: drone
|
||||
app.kubernetes.io/component: runner
|
||||
spec:
|
||||
containers:
|
||||
- name: drone
|
||||
image: drone/drone-runner-kube
|
||||
env:
|
||||
- name: DRONE_NAMESPACE_DEFAULT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: DRONE_RPC_HOST
|
||||
value: drone-server.gitea.svc.cluster.local # TODO: not hardcode
|
||||
- name: DRONE_RPC_PROTO
|
||||
value: http
|
||||
- name: DRONE_RPC_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: drone-secret
|
||||
key: rpc_secret
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 3000
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 100Mi
|
||||
limits:
|
||||
cpu: 100m
|
||||
memory: 100Mi
|
||||
---
|
||||
kind: Role
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: drone-runner-role
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
- pods/log
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
- delete
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
---
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: drone-runner-rolebinding
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: default
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: drone-runner-role
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: drone-runner
|
||||
labels:
|
||||
app.kubernetes.io/name: drone
|
||||
app.kubernetes.io/component: runner
|
||||
# monitor: prometheus
|
||||
spec:
|
||||
selector:
|
||||
app.kubernetes.io/name: drone
|
||||
app.kubernetes.io/component: runner
|
||||
ports:
|
||||
- name: http
|
||||
port: 3000
|
||||
targetPort: http
|
|
@ -0,0 +1,6 @@
|
|||
resources:
|
||||
- drone-runner-deployment.yaml
|
||||
|
||||
commonLabels:
|
||||
app.kubernetes.io/name: drone
|
||||
app.kubernetes.io/component: runner
|
|
@ -0,0 +1,98 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: drone-server
|
||||
labels:
|
||||
app.kubernetes.io/name: drone
|
||||
app.kubernetes.io/component: server
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: drone
|
||||
app.kubernetes.io/component: server
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: drone
|
||||
app.kubernetes.io/component: server
|
||||
spec:
|
||||
containers:
|
||||
- name: drone
|
||||
image: drone/drone
|
||||
env:
|
||||
- name: DRONE_GITEA_SERVER
|
||||
value: https://${GITEA_EXTERNAL_HOST}
|
||||
- name: DRONE_SERVER_HOST
|
||||
value: ${DRONE_EXTERNAL_HOST}
|
||||
- name: DRONE_SERVER_PORT
|
||||
value: ":80"
|
||||
- name: DRONE_SERVER_PROTO
|
||||
value: https
|
||||
- name: DRONE_GITEA_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: drone-gitea-oauth-secret
|
||||
key: client_id
|
||||
- name: DRONE_GITEA_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: drone-gitea-oauth-secret
|
||||
key: client_secret
|
||||
- name: DRONE_RPC_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: drone-secret
|
||||
key: rpc_secret
|
||||
- name: DRONE_DATABASE_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: drone-secret
|
||||
key: database_secret
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 80
|
||||
resources:
|
||||
requests:
|
||||
cpu: 250m
|
||||
memory: 100Mi
|
||||
limits:
|
||||
cpu: 250m
|
||||
memory: 100Mi
|
||||
volumeMounts:
|
||||
- mountPath: /data
|
||||
name: drone-server-pv
|
||||
volumes:
|
||||
- name: drone-server-pv
|
||||
persistentVolumeClaim:
|
||||
claimName: drone-server-pvc
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: drone-server-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: drone-server
|
||||
labels:
|
||||
app.kubernetes.io/name: drone
|
||||
app.kubernetes.io/component: server
|
||||
# monitor: prometheus
|
||||
spec:
|
||||
selector:
|
||||
app.kubernetes.io/name: drone
|
||||
app.kubernetes.io/component: server
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
targetPort: http
|
|
@ -0,0 +1,45 @@
|
|||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: drone-secret
|
||||
spec:
|
||||
secretStoreRef:
|
||||
name: aws-parameters-store
|
||||
kind: ClusterSecretStore
|
||||
target:
|
||||
name: drone-secret
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/managed-by: external-secret
|
||||
annotations: {}
|
||||
data:
|
||||
- secretKey: rpc_secret
|
||||
remoteRef:
|
||||
key: /k3s/prod/drone/gitea/rpc_secret
|
||||
- secretKey: database_secret
|
||||
remoteRef:
|
||||
key: /k3s/prod/drone/gitea/database_secret
|
||||
---
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: drone-gitea-oauth-secret
|
||||
spec:
|
||||
secretStoreRef:
|
||||
name: aws-parameters-store
|
||||
kind: ClusterSecretStore
|
||||
target:
|
||||
name: drone-gitea-oauth-secret
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/managed-by: external-secret
|
||||
annotations: {}
|
||||
data:
|
||||
- secretKey: client_id
|
||||
remoteRef:
|
||||
key: /k3s/prod/drone/gitea/client_id
|
||||
- secretKey: client_secret
|
||||
remoteRef:
|
||||
key: /k3s/prod/drone/gitea/client_secret
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: drone
|
||||
labels:
|
||||
app.kubernetes.io/name: drone
|
||||
probe: blackbox-http
|
||||
spec:
|
||||
rules:
|
||||
- host: ${DRONE_EXTERNAL_HOST}
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: drone-server
|
||||
port:
|
||||
name: http
|
|
@ -0,0 +1,8 @@
|
|||
resources:
|
||||
- drone-server-deployment.yaml
|
||||
- drone-server-ingress.yaml
|
||||
- drone-server-externalsecret.yaml
|
||||
|
||||
commonLabels:
|
||||
app.kubernetes.io/name: drone
|
||||
app.kubernetes.io/component: server
|
|
@ -30,6 +30,8 @@ spec:
|
|||
configMapKeyRef:
|
||||
name: kustomize-generated-config
|
||||
key: GITEA_EXTERNAL_URL
|
||||
# - name: GITEA__WEBHOOK_ALLOWED_HOST_LIST
|
||||
# value: ${DRONE_EXTERNAL_HOST}
|
||||
- name: GITEA__DEFAULT__APP_NAME
|
||||
value: Badjware's code stash
|
||||
- name: GITEA__SERVICE__DISABLE_REGISTRATION
|
||||
|
@ -62,6 +64,22 @@ spec:
|
|||
- name: gitea-pv
|
||||
persistentVolumeClaim:
|
||||
claimName: server-pvc
|
||||
# ---
|
||||
# apiVersion: v1
|
||||
# kind: PersistentVolume
|
||||
# metadata:
|
||||
# name: gitea-data-nfs
|
||||
# labels:
|
||||
# app.kubernetes.io/name: gitea
|
||||
# spec:
|
||||
# accessModes:
|
||||
# - ReadWriteMany
|
||||
# capacity:
|
||||
# storage: 100Mi
|
||||
# nfs:
|
||||
# server: nfs-localhost
|
||||
# path: /gitea
|
||||
# mountOptions: ["vers=4"]
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
|
@ -70,11 +88,15 @@ metadata:
|
|||
labels:
|
||||
app.kubernetes.io/name: gitea
|
||||
spec:
|
||||
# storageClassName: ""
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 20Gi
|
||||
# selector:
|
||||
# matchLabels:
|
||||
# app.kubernetes.io/name: gitea
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
default_config:
|
||||
|
||||
frontend:
|
||||
themes: !include_dir_merge_named themes
|
||||
|
||||
automation: !include automations.yaml
|
||||
|
||||
http:
|
||||
use_x_forwarded_for: true
|
||||
trusted_proxies:
|
||||
- 10.0.0.0/8
|
|
@ -0,0 +1,97 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: server
|
||||
labels:
|
||||
app.kubernetes.io/name: home-assistant
|
||||
app.kubernetes.io/component: server
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: home-assistant
|
||||
app.kubernetes.io/component: server
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: home-assistant
|
||||
app.kubernetes.io/component: server
|
||||
spec:
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
# TODO: eviction policy
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
# need a zigbee receiver
|
||||
- key: badjware.dev/zigbee-receiver
|
||||
operator: Exists
|
||||
initContainers:
|
||||
- image: busybox:1.36.1
|
||||
name: cp-config
|
||||
command: ["cp", "/server-config/configuration.yaml", "/config"]
|
||||
volumeMounts:
|
||||
- name: home-assistant-pv
|
||||
mountPath: /config
|
||||
- name: server-config
|
||||
mountPath: /server-config
|
||||
readOnly: true
|
||||
containers:
|
||||
- image: homeassistant/home-assistant
|
||||
name: home-assistant
|
||||
securityContext:
|
||||
privileged: true
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8123
|
||||
resources:
|
||||
requests:
|
||||
cpu: 250m
|
||||
memory: 500Mi
|
||||
limits:
|
||||
cpu: 250m
|
||||
memory: 500Mi
|
||||
volumeMounts:
|
||||
- name: home-assistant-pv
|
||||
mountPath: /config
|
||||
- name: zigbee-receiver
|
||||
mountPath: /dev/ttyUSB0
|
||||
volumes:
|
||||
- name: zigbee-receiver
|
||||
hostPath:
|
||||
path: /dev/ttyUSB0
|
||||
- name: home-assistant-pv
|
||||
persistentVolumeClaim:
|
||||
claimName: server-pvc
|
||||
- name: server-config
|
||||
configMap:
|
||||
name: server-config
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: server-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: server
|
||||
labels:
|
||||
app.kubernetes.io/name: home-assistant
|
||||
app.kubernetes.io/component: server
|
||||
spec:
|
||||
selector:
|
||||
app.kubernetes.io/name: home-assistant
|
||||
app.kubernetes.io/component: server
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
targetPort: http
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: server
|
||||
labels:
|
||||
app.kubernetes.io/name: home-assistant
|
||||
probe: blackbox-http
|
||||
spec:
|
||||
rules:
|
||||
- host: ${HOMEASSISTANT_EXTERNAL_HOST}
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: server
|
||||
port:
|
||||
name: http
|
|
@ -0,0 +1,28 @@
|
|||
resources:
|
||||
- home-assistant-deployment.yaml
|
||||
- home-assistant-ingress.yaml
|
||||
|
||||
namePrefix: home-assistant-
|
||||
|
||||
commonLabels:
|
||||
app.kubernetes.io/name: home-assistant
|
||||
|
||||
configMapGenerator:
|
||||
- name: server-config
|
||||
files:
|
||||
- configuration.yaml=configurations/configuration.yaml
|
||||
- name: kustomize-generated-config
|
||||
literals:
|
||||
- HOMEASSISTANT_EXTERNAL_HOST=hass.badjware.dev
|
||||
|
||||
replacements:
|
||||
- source:
|
||||
kind: ConfigMap
|
||||
name: kustomize-generated-config
|
||||
fieldPath: data.HOMEASSISTANT_EXTERNAL_HOST
|
||||
targets:
|
||||
- select:
|
||||
kind: Ingress
|
||||
name: server
|
||||
fieldPaths:
|
||||
- spec.rules.0.host
|
|
@ -0,0 +1,16 @@
|
|||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: admin-user
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: admin-user
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: admin-user
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: kubernetes-dashboard
|
||||
labels:
|
||||
app.kubernetes.io/name: kubernetes-dashboard
|
||||
probe: blackbox-http
|
||||
spec:
|
||||
rules:
|
||||
- host: ${KUBERNETES_DASHBOARD_EXTERNAL_HOST}
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: kubernetes-dashboard
|
||||
port:
|
||||
number: 443
|
|
@ -0,0 +1,9 @@
|
|||
resources:
|
||||
- https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
|
||||
- dashboard-admin-user.yaml
|
||||
- dashboard-ingress.yaml
|
||||
|
||||
commonLabels:
|
||||
app.kubernetes.io/name: kubernetes-dashboard
|
||||
|
||||
namespace: kubernetes-dashboard
|
|
@ -0,0 +1,29 @@
|
|||
resources:
|
||||
- ../mongodb
|
||||
- ../litellm
|
||||
- librechat-deployment.yaml
|
||||
- librechat-externalsecret.yaml
|
||||
- librechat-ingress.yaml
|
||||
|
||||
namePrefix: librechat-
|
||||
|
||||
configMapGenerator:
|
||||
- name: kustomize-generated-config
|
||||
literals:
|
||||
- LIBRECHAT_EXTERNAL_HOST=chat.badjware.dev
|
||||
- LIBRECHAT_EXTERNAL_URL=https://chat.badjware.dev
|
||||
- name: server-config
|
||||
literals:
|
||||
- librechat.yaml=
|
||||
|
||||
replacements:
|
||||
- source:
|
||||
kind: ConfigMap
|
||||
name: kustomize-generated-config
|
||||
fieldPath: data.LIBRECHAT_EXTERNAL_HOST
|
||||
targets:
|
||||
- select:
|
||||
kind: Ingress
|
||||
name: server
|
||||
fieldPaths:
|
||||
- spec.rules.0.host
|
|
@ -0,0 +1,162 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: server
|
||||
labels:
|
||||
app.kubernetes.io/name: librechat
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: librechat
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: librechat
|
||||
spec:
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
# Image only supports amd64
|
||||
- key: kubernetes.io/arch
|
||||
operator: In
|
||||
values:
|
||||
- amd64
|
||||
containers:
|
||||
- name: librechat
|
||||
image: ghcr.io/danny-avila/librechat
|
||||
env:
|
||||
- name: NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: DOMAIN_CLIENT
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: kustomize-generated-config
|
||||
key: LIBRECHAT_EXTERNAL_URL
|
||||
- name: DOMAIN_SERVER
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: kustomize-generated-config
|
||||
key: LIBRECHAT_EXTERNAL_URL
|
||||
- name: MONGO_URI
|
||||
value: mongodb://librechat-mongodb.$(NAMESPACE).svc:27017/LibreChat
|
||||
- name: SEARCH
|
||||
value: 'false' # TODO
|
||||
- name: DEBUG_LOGGING
|
||||
value: 'true'
|
||||
|
||||
# Models
|
||||
- name: OPENAI_API_KEY
|
||||
value: user_provided
|
||||
|
||||
# Secrets
|
||||
- name: CREDS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: server-tokens
|
||||
key: creds_key
|
||||
- name: CREDS_IV
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: server-tokens
|
||||
key: creds_iv
|
||||
- name: JWT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: server-tokens
|
||||
key: jwt_secret
|
||||
- name: JWT_REFRESH_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: server-tokens
|
||||
key: jwt_refresh_secret
|
||||
|
||||
# Login configuration
|
||||
- name: ALLOW_EMAIL_LOGIN
|
||||
value: 'false'
|
||||
- name: ALLOW_REGISTRATION
|
||||
value: 'false'
|
||||
- name: ALLOW_SOCIAL_LOGIN
|
||||
value: 'true'
|
||||
- name: ALLOW_SOCIAL_REGISTRATION
|
||||
value: 'true'
|
||||
- name: OPENID_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: server-openid-config
|
||||
key: openid_client_id
|
||||
- name: OPENID_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: server-openid-config
|
||||
key: openid_client_secret
|
||||
- name: OPENID_ISSUER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: server-openid-config
|
||||
key: openid_issuer
|
||||
- name: OPENID_SESSION_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: server-openid-config
|
||||
key: openid_session_secret
|
||||
- name: OPENID_SCOPE
|
||||
value: openid profile email
|
||||
- name: OPENID_CALLBACK_URL
|
||||
value: /oauth/openid/callback
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 3080
|
||||
resources:
|
||||
requests:
|
||||
cpu: 250m
|
||||
memory: 500Mi
|
||||
limits:
|
||||
cpu: 1000m
|
||||
memory: 500Mi
|
||||
volumeMounts:
|
||||
- name: server-images-pv
|
||||
mountPath: /app/client/public/images
|
||||
- name: server-config
|
||||
mountPath: /app/librechat.yaml
|
||||
subPath: librechat.yaml
|
||||
volumes:
|
||||
- name: server-images-pv
|
||||
persistentVolumeClaim:
|
||||
claimName: server-images-pvc
|
||||
- name: server-config
|
||||
configMap:
|
||||
name: server-config
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: server-images-pvc
|
||||
labels:
|
||||
app.kubernetes.io/name: librechat
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: server
|
||||
labels:
|
||||
app.kubernetes.io/name: librechat
|
||||
spec:
|
||||
selector:
|
||||
app.kubernetes.io/name: librechat
|
||||
ports:
|
||||
- name: http
|
||||
port: 3080
|
||||
targetPort: http
|
|
@ -0,0 +1,57 @@
|
|||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: server-tokens
|
||||
spec:
|
||||
secretStoreRef:
|
||||
name: aws-parameters-store
|
||||
kind: ClusterSecretStore
|
||||
target:
|
||||
name: server-tokens
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/managed-by: external-secret
|
||||
annotations: {}
|
||||
data:
|
||||
- secretKey: creds_key
|
||||
remoteRef:
|
||||
key: /k3s/prod/llm/librechat/creds_key
|
||||
- secretKey: creds_iv
|
||||
remoteRef:
|
||||
key: /k3s/prod/llm/librechat/creds_iv
|
||||
- secretKey: jwt_secret
|
||||
remoteRef:
|
||||
key: /k3s/prod/llm/librechat/jwt_secret
|
||||
- secretKey: jwt_refresh_secret
|
||||
remoteRef:
|
||||
key: /k3s/prod/llm/librechat/jwt_refresh_secret
|
||||
---
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: server-openid-config
|
||||
spec:
|
||||
secretStoreRef:
|
||||
name: aws-parameters-store
|
||||
kind: ClusterSecretStore
|
||||
target:
|
||||
name: server-openid-config
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/managed-by: external-secret
|
||||
annotations: {}
|
||||
data:
|
||||
- secretKey: openid_client_id
|
||||
remoteRef:
|
||||
key: /k3s/prod/llm/librechat/openid_client_id
|
||||
- secretKey: openid_client_secret
|
||||
remoteRef:
|
||||
key: /k3s/prod/llm/librechat/openid_client_secret
|
||||
- secretKey: openid_issuer
|
||||
remoteRef:
|
||||
key: /k3s/prod/llm/librechat/openid_issuer
|
||||
- secretKey: openid_session_secret
|
||||
remoteRef:
|
||||
key: /k3s/prod/llm/librechat/openid_session_secret
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: server
|
||||
labels:
|
||||
app.kubernetes.io/name: librechat
|
||||
probe: blackbox-http
|
||||
spec:
|
||||
rules:
|
||||
- host: ${LIBRECHAT_EXTERNAL_HOST}
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: server
|
||||
port:
|
||||
name: http
|
|
@ -0,0 +1,6 @@
|
|||
resources:
|
||||
- node-exporter-daemonset.yaml
|
||||
|
||||
commonLabels:
|
||||
app.kubernetes.io/name: node-exporter
|
||||
app.kubernetes.io/part-of: monitoring
|
|
@ -0,0 +1,66 @@
|
|||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: node-exporter
|
||||
namespace: kube-monitoring
|
||||
labels:
|
||||
app.kubernetes.io/name: node-exporter
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: node-exporter
|
||||
template:
|
||||
metadata:
|
||||
name: node-exporter
|
||||
labels:
|
||||
app.kubernetes.io/name: node-exporter
|
||||
spec:
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
containers:
|
||||
- name: node-exporter
|
||||
image: prom/node-exporter
|
||||
args:
|
||||
- "--path.procfs=/host/proc"
|
||||
- "--path.sysfs=/host/sys"
|
||||
ports:
|
||||
- containerPort: 9100
|
||||
name: http-metrics
|
||||
resources:
|
||||
requests:
|
||||
memory: 20Mi
|
||||
cpu: 100m
|
||||
limits:
|
||||
memory: 20Mi
|
||||
cpu: 100m
|
||||
volumeMounts:
|
||||
- name: proc
|
||||
readOnly: true
|
||||
mountPath: /host/proc
|
||||
- name: sys
|
||||
readOnly: true
|
||||
mountPath: /host/sys
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
operator: Exists
|
||||
volumes:
|
||||
- name: proc
|
||||
hostPath:
|
||||
path: /proc
|
||||
- name: sys
|
||||
hostPath:
|
||||
path: /sys
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: nodes-exporter
|
||||
labels:
|
||||
app.kubernetes.io/name: node-exporter
|
||||
spec:
|
||||
selector:
|
||||
app.kubernetes.io/name: node-exporter
|
||||
ports:
|
||||
- name: http-metrics
|
||||
port: 9100
|
||||
targetPort: http-metrics
|
|
@ -0,0 +1,16 @@
|
|||
default_config:
|
||||
|
||||
frontend:
|
||||
themes: !include_dir_merge_named themes
|
||||
|
||||
automation: !include automations.yaml
|
||||
|
||||
http:
|
||||
use_x_forwarded_for: true
|
||||
trusted_proxies:
|
||||
- 10.0.0.0/8
|
||||
|
||||
sonos:
|
||||
media_player:
|
||||
hosts:
|
||||
- 192.168.30.50
|
|
@ -0,0 +1,5 @@
|
|||
model_list:
|
||||
- model_name: "*"
|
||||
litellm_params:
|
||||
model: "ollama_chat/*"
|
||||
api_base: http://ollama-server:11434
|
|
@ -1,13 +1,21 @@
|
|||
resources:
|
||||
- ../../overlays/system
|
||||
|
||||
# - ../../namespaces/kubernetes-dashboard
|
||||
- ../../overlays/gitea
|
||||
# - ../../overlays/woodpecker
|
||||
# - ../../overlays/gitlab
|
||||
- ../../overlays/monitoring
|
||||
- ../../overlays/nextcloud
|
||||
# - ../../overlays/home-assistant
|
||||
- ../../overlays/jellyfin
|
||||
- ../../overlays/deluge
|
||||
- ../../overlays/actual
|
||||
- ../../overlays/llm
|
||||
- probes/snmp-exporter.yaml
|
||||
|
||||
# resources:
|
||||
# - probes/external-services-bobcat-miner.yaml
|
||||
|
||||
buildMetadata:
|
||||
- originAnnotations
|
||||
|
@ -17,14 +25,23 @@ images:
|
|||
newTag: 1.21.11
|
||||
- name: grafana/grafana
|
||||
newTag: 11.1.0
|
||||
# - name: prom/node-exporter
|
||||
# newTag: v0.18.1
|
||||
- name: prom/blackbox-exporter
|
||||
# newName: badjware/blackbox-exporter-tweak
|
||||
newTag: v0.24.0
|
||||
# - name: drone/drone
|
||||
# newTag: 2.14.0
|
||||
# - name: drone/drone-runner-kube
|
||||
# newTag: 1.0.0-rc.3
|
||||
- name: nextcloud
|
||||
newTag: 29.0.3
|
||||
- name: collabora/code
|
||||
newTag: 23.05.5.4.1
|
||||
- name: nextcloud/aio-imaginary
|
||||
newTag: 20230613_120442-latest-arm64
|
||||
# - name: homeassistant/home-assistant
|
||||
# newTag: 2023.10.2
|
||||
- name: jellyfin/jellyfin
|
||||
newTag: 10.9.7
|
||||
- name: lscr.io/linuxserver/deluge
|
||||
|
@ -41,8 +58,24 @@ images:
|
|||
newTag: main-v1.43.1
|
||||
- name: ghcr.io/open-webui/open-webui
|
||||
newTag: v0.3.10 # https://github.com/open-webui/open-webui/discussions/4331
|
||||
- name: ghcr.io/sillytavern/sillytavern
|
||||
newTag: 1.12.4
|
||||
|
||||
|
||||
configMapGenerator:
|
||||
# - name: litellm-proxy-config
|
||||
# namespace: llm
|
||||
# behavior: replace
|
||||
# files:
|
||||
# - config.yaml=./configurations/litellm/config.yaml
|
||||
# - name: home-assistant-server-config
|
||||
# namespace: home-assistant
|
||||
# behavior: replace
|
||||
# files:
|
||||
# - configuration.yaml=configurations/home-assistant/configuration.yaml
|
||||
# - name: ecommerce-exporter-config
|
||||
# namespace: monitoring
|
||||
# behavior: replace
|
||||
# files:
|
||||
# - ecommerce-exporter.yml=configurations/ecommerce-exporter/ecommerce-exporter.yml
|
||||
|
||||
secretGenerator:
|
||||
- name: prometheus-additional-scrape-configs
|
||||
|
@ -72,6 +105,11 @@ patches:
|
|||
kind: Deployment
|
||||
name: deluge-server
|
||||
path: patches/deluge-deployment-patch.yaml
|
||||
# - target:
|
||||
# version: v1
|
||||
# kind: Prometheus
|
||||
# name: prometheus
|
||||
# path: patches/prometheus-patch.yaml
|
||||
|
||||
# patchesStrategicMerge:
|
||||
# - patches/blackbox-exporter-probe-patch.yaml
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
- op: add
|
||||
path: /spec/template/spec/containers/0/env/-
|
||||
value:
|
||||
name: LITELLM_MASTER_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: litellm-config
|
||||
key: master_key
|
|
@ -0,0 +1,13 @@
|
|||
- op: add
|
||||
path: /metadata/annotations/traefik.ingress.kubernetes.io~1router.middlewares
|
||||
value: llm-litellm-stripprefix@kubernetescrd
|
||||
- op: add
|
||||
path: /spec/rules/0/http/paths/-
|
||||
value:
|
||||
path: /api2
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: librechat-litellm
|
||||
port:
|
||||
name: http
|
|
@ -0,0 +1,8 @@
|
|||
- op: add
|
||||
path: /spec/template/spec/containers/0/env/-
|
||||
value:
|
||||
name: MASTER_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: litellm-config
|
||||
key: master_key
|
|
@ -0,0 +1,3 @@
|
|||
- op: replace
|
||||
path: /spec/remoteWrite/0/url
|
||||
value: https://prometheus-prod-10-prod-us-central-0.grafana.net/api/prom/push
|
|
@ -0,0 +1,4 @@
|
|||
- job_name: additional/bastion-haproxy
|
||||
static_configs:
|
||||
- targets: ["192.168.20.10:8080"]
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: litellm-config
|
||||
namespace: llm
|
||||
spec:
|
||||
secretStoreRef:
|
||||
name: aws-parameters-store
|
||||
kind: ClusterSecretStore
|
||||
target:
|
||||
name: litellm-config
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/managed-by: external-secret
|
||||
annotations: {}
|
||||
data:
|
||||
- secretKey: master_key
|
||||
remoteRef:
|
||||
key: /k3s/prod/llm/litellm/master_key
|
|
@ -0,0 +1,5 @@
|
|||
resources:
|
||||
- namespace.yaml
|
||||
- ../../bases/home-assistant
|
||||
|
||||
namespace: home-assistant
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: home-assistant
|
|
@ -0,0 +1,4 @@
|
|||
resources:
|
||||
- ../../bases/kubernetes-dashboard
|
||||
|
||||
namespace: kubernetes-dashboard
|
|
@ -17,6 +17,5 @@ resources:
|
|||
# - servicemonitors/node-exporter.yaml
|
||||
- podmonitors/traefik.yaml
|
||||
- probes/blackbox-exporter.yaml
|
||||
- probes/snmp-exporter.yaml
|
||||
|
||||
namespace: monitoring
|
||||
|
|
Loading…
Reference in New Issue