1
0
Fork 0

Compare commits

..

No commits in common. "7060126ca7fec0ae48a4506d211b974e78a9d103" and "f7f3daac801c923d1cc2ef4a6b689f0d84ef7dcf" have entirely different histories.

35 changed files with 967 additions and 5 deletions

View File

@ -26,8 +26,8 @@ spec:
hostPort: 58846 hostPort: 58846
containerPort: 58846 containerPort: 58846
- name: torrent - name: torrent
hostPort: 6881
containerPort: 6881 containerPort: 6881
hostPort: 6881
resources: resources:
requests: requests:
cpu: 1500m cpu: 1500m
@ -97,5 +97,5 @@ spec:
app.kubernetes.io/name: deluge app.kubernetes.io/name: deluge
ports: ports:
- port: 6881 - port: 6881
targetPort: torrent targetPort: deluge-daemon
nodePort: 31001 nodePort: 31001

View File

@ -0,0 +1,99 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone-runner
labels:
app.kubernetes.io/name: drone
app.kubernetes.io/component: runner
spec:
selector:
matchLabels:
app.kubernetes.io/name: drone
app.kubernetes.io/component: runner
template:
metadata:
labels:
app.kubernetes.io/name: drone
app.kubernetes.io/component: runner
spec:
containers:
- name: drone
image: drone/drone-runner-kube
env:
- name: DRONE_NAMESPACE_DEFAULT
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: DRONE_RPC_HOST
value: drone-server.gitea.svc.cluster.local # TODO: not hardcode
- name: DRONE_RPC_PROTO
value: http
- name: DRONE_RPC_SECRET
valueFrom:
secretKeyRef:
name: drone-secret
key: rpc_secret
ports:
- name: http
containerPort: 3000
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: drone-runner-role
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- apiGroups:
- ""
resources:
- pods
- pods/log
verbs:
- get
- create
- delete
- list
- watch
- update
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: drone-runner-rolebinding
subjects:
- kind: ServiceAccount
name: default
roleRef:
kind: Role
name: drone-runner-role
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: Service
metadata:
name: drone-runner
labels:
app.kubernetes.io/name: drone
app.kubernetes.io/component: runner
# monitor: prometheus
spec:
selector:
app.kubernetes.io/name: drone
app.kubernetes.io/component: runner
ports:
- name: http
port: 3000
targetPort: http

View File

@ -0,0 +1,6 @@
resources:
- drone-runner-deployment.yaml
commonLabels:
app.kubernetes.io/name: drone
app.kubernetes.io/component: runner

View File

@ -0,0 +1,98 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone-server
labels:
app.kubernetes.io/name: drone
app.kubernetes.io/component: server
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: drone
app.kubernetes.io/component: server
template:
metadata:
labels:
app.kubernetes.io/name: drone
app.kubernetes.io/component: server
spec:
containers:
- name: drone
image: drone/drone
env:
- name: DRONE_GITEA_SERVER
value: https://${GITEA_EXTERNAL_HOST}
- name: DRONE_SERVER_HOST
value: ${DRONE_EXTERNAL_HOST}
- name: DRONE_SERVER_PORT
value: ":80"
- name: DRONE_SERVER_PROTO
value: https
- name: DRONE_GITEA_CLIENT_ID
valueFrom:
secretKeyRef:
name: drone-gitea-oauth-secret
key: client_id
- name: DRONE_GITEA_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: drone-gitea-oauth-secret
key: client_secret
- name: DRONE_RPC_SECRET
valueFrom:
secretKeyRef:
name: drone-secret
key: rpc_secret
- name: DRONE_DATABASE_SECRET
valueFrom:
secretKeyRef:
name: drone-secret
key: database_secret
ports:
- name: http
containerPort: 80
resources:
requests:
cpu: 250m
memory: 100Mi
limits:
cpu: 250m
memory: 100Mi
volumeMounts:
- mountPath: /data
name: drone-server-pv
volumes:
- name: drone-server-pv
persistentVolumeClaim:
claimName: drone-server-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: drone-server-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: Service
metadata:
name: drone-server
labels:
app.kubernetes.io/name: drone
app.kubernetes.io/component: server
# monitor: prometheus
spec:
selector:
app.kubernetes.io/name: drone
app.kubernetes.io/component: server
ports:
- name: http
port: 80
targetPort: http

View File

@ -0,0 +1,45 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: drone-secret
spec:
secretStoreRef:
name: aws-parameters-store
kind: ClusterSecretStore
target:
name: drone-secret
template:
metadata:
labels:
app.kubernetes.io/managed-by: external-secret
annotations: {}
data:
- secretKey: rpc_secret
remoteRef:
key: /k3s/prod/drone/gitea/rpc_secret
- secretKey: database_secret
remoteRef:
key: /k3s/prod/drone/gitea/database_secret
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: drone-gitea-oauth-secret
spec:
secretStoreRef:
name: aws-parameters-store
kind: ClusterSecretStore
target:
name: drone-gitea-oauth-secret
template:
metadata:
labels:
app.kubernetes.io/managed-by: external-secret
annotations: {}
data:
- secretKey: client_id
remoteRef:
key: /k3s/prod/drone/gitea/client_id
- secretKey: client_secret
remoteRef:
key: /k3s/prod/drone/gitea/client_secret

View File

@ -0,0 +1,19 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: drone
labels:
app.kubernetes.io/name: drone
probe: blackbox-http
spec:
rules:
- host: ${DRONE_EXTERNAL_HOST}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: drone-server
port:
name: http

View File

@ -0,0 +1,8 @@
resources:
- drone-server-deployment.yaml
- drone-server-ingress.yaml
- drone-server-externalsecret.yaml
commonLabels:
app.kubernetes.io/name: drone
app.kubernetes.io/component: server

View File

@ -30,6 +30,8 @@ spec:
configMapKeyRef: configMapKeyRef:
name: kustomize-generated-config name: kustomize-generated-config
key: GITEA_EXTERNAL_URL key: GITEA_EXTERNAL_URL
# - name: GITEA__WEBHOOK_ALLOWED_HOST_LIST
# value: ${DRONE_EXTERNAL_HOST}
- name: GITEA__DEFAULT__APP_NAME - name: GITEA__DEFAULT__APP_NAME
value: Badjware's code stash value: Badjware's code stash
- name: GITEA__SERVICE__DISABLE_REGISTRATION - name: GITEA__SERVICE__DISABLE_REGISTRATION
@ -62,6 +64,22 @@ spec:
- name: gitea-pv - name: gitea-pv
persistentVolumeClaim: persistentVolumeClaim:
claimName: server-pvc claimName: server-pvc
# ---
# apiVersion: v1
# kind: PersistentVolume
# metadata:
# name: gitea-data-nfs
# labels:
# app.kubernetes.io/name: gitea
# spec:
# accessModes:
# - ReadWriteMany
# capacity:
# storage: 100Mi
# nfs:
# server: nfs-localhost
# path: /gitea
# mountOptions: ["vers=4"]
--- ---
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
@ -70,11 +88,15 @@ metadata:
labels: labels:
app.kubernetes.io/name: gitea app.kubernetes.io/name: gitea
spec: spec:
# storageClassName: ""
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
resources: resources:
requests: requests:
storage: 20Gi storage: 20Gi
# selector:
# matchLabels:
# app.kubernetes.io/name: gitea
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service

View File

@ -0,0 +1,11 @@
default_config:
frontend:
themes: !include_dir_merge_named themes
automation: !include automations.yaml
http:
use_x_forwarded_for: true
trusted_proxies:
- 10.0.0.0/8

View File

@ -0,0 +1,97 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: server
labels:
app.kubernetes.io/name: home-assistant
app.kubernetes.io/component: server
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: home-assistant
app.kubernetes.io/component: server
template:
metadata:
labels:
app.kubernetes.io/name: home-assistant
app.kubernetes.io/component: server
spec:
affinity:
nodeAffinity:
# TODO: eviction policy
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
# need a zigbee receiver
- key: badjware.dev/zigbee-receiver
operator: Exists
initContainers:
- image: busybox:1.36.1
name: cp-config
command: ["cp", "/server-config/configuration.yaml", "/config"]
volumeMounts:
- name: home-assistant-pv
mountPath: /config
- name: server-config
mountPath: /server-config
readOnly: true
containers:
- image: homeassistant/home-assistant
name: home-assistant
securityContext:
privileged: true
ports:
- name: http
containerPort: 8123
resources:
requests:
cpu: 250m
memory: 500Mi
limits:
cpu: 250m
memory: 500Mi
volumeMounts:
- name: home-assistant-pv
mountPath: /config
- name: zigbee-receiver
mountPath: /dev/ttyUSB0
volumes:
- name: zigbee-receiver
hostPath:
path: /dev/ttyUSB0
- name: home-assistant-pv
persistentVolumeClaim:
claimName: server-pvc
- name: server-config
configMap:
name: server-config
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: server-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: Service
metadata:
name: server
labels:
app.kubernetes.io/name: home-assistant
app.kubernetes.io/component: server
spec:
selector:
app.kubernetes.io/name: home-assistant
app.kubernetes.io/component: server
ports:
- name: http
port: 80
targetPort: http

View File

@ -0,0 +1,19 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: server
labels:
app.kubernetes.io/name: home-assistant
probe: blackbox-http
spec:
rules:
- host: ${HOMEASSISTANT_EXTERNAL_HOST}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: server
port:
name: http

View File

@ -0,0 +1,28 @@
resources:
- home-assistant-deployment.yaml
- home-assistant-ingress.yaml
namePrefix: home-assistant-
commonLabels:
app.kubernetes.io/name: home-assistant
configMapGenerator:
- name: server-config
files:
- configuration.yaml=configurations/configuration.yaml
- name: kustomize-generated-config
literals:
- HOMEASSISTANT_EXTERNAL_HOST=hass.badjware.dev
replacements:
- source:
kind: ConfigMap
name: kustomize-generated-config
fieldPath: data.HOMEASSISTANT_EXTERNAL_HOST
targets:
- select:
kind: Ingress
name: server
fieldPaths:
- spec.rules.0.host

View File

@ -0,0 +1,16 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user

View File

@ -0,0 +1,19 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kubernetes-dashboard
labels:
app.kubernetes.io/name: kubernetes-dashboard
probe: blackbox-http
spec:
rules:
- host: ${KUBERNETES_DASHBOARD_EXTERNAL_HOST}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kubernetes-dashboard
port:
number: 443

View File

@ -0,0 +1,9 @@
resources:
- https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
- dashboard-admin-user.yaml
- dashboard-ingress.yaml
commonLabels:
app.kubernetes.io/name: kubernetes-dashboard
namespace: kubernetes-dashboard

View File

@ -0,0 +1,29 @@
resources:
- ../mongodb
- ../litellm
- librechat-deployment.yaml
- librechat-externalsecret.yaml
- librechat-ingress.yaml
namePrefix: librechat-
configMapGenerator:
- name: kustomize-generated-config
literals:
- LIBRECHAT_EXTERNAL_HOST=chat.badjware.dev
- LIBRECHAT_EXTERNAL_URL=https://chat.badjware.dev
- name: server-config
literals:
- librechat.yaml=
replacements:
- source:
kind: ConfigMap
name: kustomize-generated-config
fieldPath: data.LIBRECHAT_EXTERNAL_HOST
targets:
- select:
kind: Ingress
name: server
fieldPaths:
- spec.rules.0.host

View File

@ -0,0 +1,162 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: server
labels:
app.kubernetes.io/name: librechat
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: librechat
template:
metadata:
labels:
app.kubernetes.io/name: librechat
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
# Image only supports amd64
- key: kubernetes.io/arch
operator: In
values:
- amd64
containers:
- name: librechat
image: ghcr.io/danny-avila/librechat
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: DOMAIN_CLIENT
valueFrom:
configMapKeyRef:
name: kustomize-generated-config
key: LIBRECHAT_EXTERNAL_URL
- name: DOMAIN_SERVER
valueFrom:
configMapKeyRef:
name: kustomize-generated-config
key: LIBRECHAT_EXTERNAL_URL
- name: MONGO_URI
value: mongodb://librechat-mongodb.$(NAMESPACE).svc:27017/LibreChat
- name: SEARCH
value: 'false' # TODO
- name: DEBUG_LOGGING
value: 'true'
# Models
- name: OPENAI_API_KEY
value: user_provided
# Secrets
- name: CREDS_KEY
valueFrom:
secretKeyRef:
name: server-tokens
key: creds_key
- name: CREDS_IV
valueFrom:
secretKeyRef:
name: server-tokens
key: creds_iv
- name: JWT_SECRET
valueFrom:
secretKeyRef:
name: server-tokens
key: jwt_secret
- name: JWT_REFRESH_SECRET
valueFrom:
secretKeyRef:
name: server-tokens
key: jwt_refresh_secret
# Login configuration
- name: ALLOW_EMAIL_LOGIN
value: 'false'
- name: ALLOW_REGISTRATION
value: 'false'
- name: ALLOW_SOCIAL_LOGIN
value: 'true'
- name: ALLOW_SOCIAL_REGISTRATION
value: 'true'
- name: OPENID_CLIENT_ID
valueFrom:
secretKeyRef:
name: server-openid-config
key: openid_client_id
- name: OPENID_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: server-openid-config
key: openid_client_secret
- name: OPENID_ISSUER
valueFrom:
secretKeyRef:
name: server-openid-config
key: openid_issuer
- name: OPENID_SESSION_SECRET
valueFrom:
secretKeyRef:
name: server-openid-config
key: openid_session_secret
- name: OPENID_SCOPE
value: openid profile email
- name: OPENID_CALLBACK_URL
value: /oauth/openid/callback
ports:
- name: http
containerPort: 3080
resources:
requests:
cpu: 250m
memory: 500Mi
limits:
cpu: 1000m
memory: 500Mi
volumeMounts:
- name: server-images-pv
mountPath: /app/client/public/images
- name: server-config
mountPath: /app/librechat.yaml
subPath: librechat.yaml
volumes:
- name: server-images-pv
persistentVolumeClaim:
claimName: server-images-pvc
- name: server-config
configMap:
name: server-config
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: server-images-pvc
labels:
app.kubernetes.io/name: librechat
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: Service
metadata:
name: server
labels:
app.kubernetes.io/name: librechat
spec:
selector:
app.kubernetes.io/name: librechat
ports:
- name: http
port: 3080
targetPort: http

View File

@ -0,0 +1,57 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: server-tokens
spec:
secretStoreRef:
name: aws-parameters-store
kind: ClusterSecretStore
target:
name: server-tokens
template:
metadata:
labels:
app.kubernetes.io/managed-by: external-secret
annotations: {}
data:
- secretKey: creds_key
remoteRef:
key: /k3s/prod/llm/librechat/creds_key
- secretKey: creds_iv
remoteRef:
key: /k3s/prod/llm/librechat/creds_iv
- secretKey: jwt_secret
remoteRef:
key: /k3s/prod/llm/librechat/jwt_secret
- secretKey: jwt_refresh_secret
remoteRef:
key: /k3s/prod/llm/librechat/jwt_refresh_secret
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: server-openid-config
spec:
secretStoreRef:
name: aws-parameters-store
kind: ClusterSecretStore
target:
name: server-openid-config
template:
metadata:
labels:
app.kubernetes.io/managed-by: external-secret
annotations: {}
data:
- secretKey: openid_client_id
remoteRef:
key: /k3s/prod/llm/librechat/openid_client_id
- secretKey: openid_client_secret
remoteRef:
key: /k3s/prod/llm/librechat/openid_client_secret
- secretKey: openid_issuer
remoteRef:
key: /k3s/prod/llm/librechat/openid_issuer
- secretKey: openid_session_secret
remoteRef:
key: /k3s/prod/llm/librechat/openid_session_secret

View File

@ -0,0 +1,19 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: server
labels:
app.kubernetes.io/name: librechat
probe: blackbox-http
spec:
rules:
- host: ${LIBRECHAT_EXTERNAL_HOST}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: server
port:
name: http

View File

@ -0,0 +1,6 @@
resources:
- node-exporter-daemonset.yaml
commonLabels:
app.kubernetes.io/name: node-exporter
app.kubernetes.io/part-of: monitoring

View File

@ -0,0 +1,66 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: node-exporter
namespace: kube-monitoring
labels:
app.kubernetes.io/name: node-exporter
spec:
selector:
matchLabels:
app.kubernetes.io/name: node-exporter
template:
metadata:
name: node-exporter
labels:
app.kubernetes.io/name: node-exporter
spec:
hostNetwork: true
hostPID: true
containers:
- name: node-exporter
image: prom/node-exporter
args:
- "--path.procfs=/host/proc"
- "--path.sysfs=/host/sys"
ports:
- containerPort: 9100
name: http-metrics
resources:
requests:
memory: 20Mi
cpu: 100m
limits:
memory: 20Mi
cpu: 100m
volumeMounts:
- name: proc
readOnly: true
mountPath: /host/proc
- name: sys
readOnly: true
mountPath: /host/sys
tolerations:
- effect: NoSchedule
operator: Exists
volumes:
- name: proc
hostPath:
path: /proc
- name: sys
hostPath:
path: /sys
---
apiVersion: v1
kind: Service
metadata:
name: nodes-exporter
labels:
app.kubernetes.io/name: node-exporter
spec:
selector:
app.kubernetes.io/name: node-exporter
ports:
- name: http-metrics
port: 9100
targetPort: http-metrics

View File

@ -0,0 +1,16 @@
default_config:
frontend:
themes: !include_dir_merge_named themes
automation: !include automations.yaml
http:
use_x_forwarded_for: true
trusted_proxies:
- 10.0.0.0/8
sonos:
media_player:
hosts:
- 192.168.30.50

View File

@ -0,0 +1,5 @@
model_list:
- model_name: "*"
litellm_params:
model: "ollama_chat/*"
api_base: http://ollama-server:11434

View File

@ -1,13 +1,21 @@
resources: resources:
- ../../overlays/system - ../../overlays/system
# - ../../namespaces/kubernetes-dashboard
- ../../overlays/gitea - ../../overlays/gitea
# - ../../overlays/woodpecker
# - ../../overlays/gitlab
- ../../overlays/monitoring - ../../overlays/monitoring
- ../../overlays/nextcloud - ../../overlays/nextcloud
# - ../../overlays/home-assistant
- ../../overlays/jellyfin - ../../overlays/jellyfin
- ../../overlays/deluge - ../../overlays/deluge
- ../../overlays/actual - ../../overlays/actual
- ../../overlays/llm - ../../overlays/llm
- probes/snmp-exporter.yaml
# resources:
# - probes/external-services-bobcat-miner.yaml
buildMetadata: buildMetadata:
- originAnnotations - originAnnotations
@ -17,14 +25,23 @@ images:
newTag: 1.21.11 newTag: 1.21.11
- name: grafana/grafana - name: grafana/grafana
newTag: 11.1.0 newTag: 11.1.0
# - name: prom/node-exporter
# newTag: v0.18.1
- name: prom/blackbox-exporter - name: prom/blackbox-exporter
# newName: badjware/blackbox-exporter-tweak
newTag: v0.24.0 newTag: v0.24.0
# - name: drone/drone
# newTag: 2.14.0
# - name: drone/drone-runner-kube
# newTag: 1.0.0-rc.3
- name: nextcloud - name: nextcloud
newTag: 29.0.3 newTag: 29.0.3
- name: collabora/code - name: collabora/code
newTag: 23.05.5.4.1 newTag: 23.05.5.4.1
- name: nextcloud/aio-imaginary - name: nextcloud/aio-imaginary
newTag: 20230613_120442-latest-arm64 newTag: 20230613_120442-latest-arm64
# - name: homeassistant/home-assistant
# newTag: 2023.10.2
- name: jellyfin/jellyfin - name: jellyfin/jellyfin
newTag: 10.9.7 newTag: 10.9.7
- name: lscr.io/linuxserver/deluge - name: lscr.io/linuxserver/deluge
@ -41,8 +58,24 @@ images:
newTag: main-v1.43.1 newTag: main-v1.43.1
- name: ghcr.io/open-webui/open-webui - name: ghcr.io/open-webui/open-webui
newTag: v0.3.10 # https://github.com/open-webui/open-webui/discussions/4331 newTag: v0.3.10 # https://github.com/open-webui/open-webui/discussions/4331
- name: ghcr.io/sillytavern/sillytavern
newTag: 1.12.4
configMapGenerator:
# - name: litellm-proxy-config
# namespace: llm
# behavior: replace
# files:
# - config.yaml=./configurations/litellm/config.yaml
# - name: home-assistant-server-config
# namespace: home-assistant
# behavior: replace
# files:
# - configuration.yaml=configurations/home-assistant/configuration.yaml
# - name: ecommerce-exporter-config
# namespace: monitoring
# behavior: replace
# files:
# - ecommerce-exporter.yml=configurations/ecommerce-exporter/ecommerce-exporter.yml
secretGenerator: secretGenerator:
- name: prometheus-additional-scrape-configs - name: prometheus-additional-scrape-configs
@ -72,6 +105,11 @@ patches:
kind: Deployment kind: Deployment
name: deluge-server name: deluge-server
path: patches/deluge-deployment-patch.yaml path: patches/deluge-deployment-patch.yaml
# - target:
# version: v1
# kind: Prometheus
# name: prometheus
# path: patches/prometheus-patch.yaml
# patchesStrategicMerge: # patchesStrategicMerge:
# - patches/blackbox-exporter-probe-patch.yaml # - patches/blackbox-exporter-probe-patch.yaml

View File

@ -0,0 +1,8 @@
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: LITELLM_MASTER_KEY
valueFrom:
secretKeyRef:
name: litellm-config
key: master_key

View File

@ -0,0 +1,13 @@
- op: add
path: /metadata/annotations/traefik.ingress.kubernetes.io~1router.middlewares
value: llm-litellm-stripprefix@kubernetescrd
- op: add
path: /spec/rules/0/http/paths/-
value:
path: /api2
pathType: Prefix
backend:
service:
name: librechat-litellm
port:
name: http

View File

@ -0,0 +1,8 @@
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: MASTER_KEY
valueFrom:
secretKeyRef:
name: litellm-config
key: master_key

View File

@ -0,0 +1,3 @@
- op: replace
path: /spec/remoteWrite/0/url
value: https://prometheus-prod-10-prod-us-central-0.grafana.net/api/prom/push

View File

@ -0,0 +1,4 @@
- job_name: additional/bastion-haproxy
static_configs:
- targets: ["192.168.20.10:8080"]

View File

@ -0,0 +1,20 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: litellm-config
namespace: llm
spec:
secretStoreRef:
name: aws-parameters-store
kind: ClusterSecretStore
target:
name: litellm-config
template:
metadata:
labels:
app.kubernetes.io/managed-by: external-secret
annotations: {}
data:
- secretKey: master_key
remoteRef:
key: /k3s/prod/llm/litellm/master_key

View File

@ -0,0 +1,5 @@
resources:
- namespace.yaml
- ../../bases/home-assistant
namespace: home-assistant

View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: home-assistant

View File

@ -0,0 +1,4 @@
resources:
- ../../bases/kubernetes-dashboard
namespace: kubernetes-dashboard

View File

@ -17,6 +17,5 @@ resources:
# - servicemonitors/node-exporter.yaml # - servicemonitors/node-exporter.yaml
- podmonitors/traefik.yaml - podmonitors/traefik.yaml
- probes/blackbox-exporter.yaml - probes/blackbox-exporter.yaml
- probes/snmp-exporter.yaml
namespace: monitoring namespace: monitoring