From 1b89833697bdd4b7b4f698c806846ec054eb26c8 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Mon, 3 Mar 2025 11:26:01 -0600 Subject: [PATCH] add ollama --- clusters/cl01tl/platform/ollama/Chart.yaml | 30 ++ .../ollama/templates/external-secret.yaml | 206 ++++++++++++++ .../platform/ollama/templates/http-route.yaml | 30 ++ .../ollama/templates/replication-source.yaml | 59 ++++ .../platform/ollama/templates/service.yaml | 34 +++ clusters/cl01tl/platform/ollama/values.yaml | 263 ++++++++++++++++++ 6 files changed, 622 insertions(+) create mode 100644 clusters/cl01tl/platform/ollama/Chart.yaml create mode 100644 clusters/cl01tl/platform/ollama/templates/external-secret.yaml create mode 100644 clusters/cl01tl/platform/ollama/templates/http-route.yaml create mode 100644 clusters/cl01tl/platform/ollama/templates/replication-source.yaml create mode 100644 clusters/cl01tl/platform/ollama/templates/service.yaml create mode 100644 clusters/cl01tl/platform/ollama/values.yaml diff --git a/clusters/cl01tl/platform/ollama/Chart.yaml b/clusters/cl01tl/platform/ollama/Chart.yaml new file mode 100644 index 000000000..04d05305a --- /dev/null +++ b/clusters/cl01tl/platform/ollama/Chart.yaml @@ -0,0 +1,30 @@ +apiVersion: v2 +name: ollama +version: 1.0.0 +description: Ollama +keywords: + - ollama + - ai +home: https://wiki.alexlebens.dev/doc/ollama-Xmqe6T1P8v +sources: + - https://github.com/ollama/ollama + - https://github.com/open-webui/open-webui + - https://github.com/ai-dock/stable-diffusion-webui + - https://github.com/cloudnative-pg/cloudnative-pg + - https://hub.docker.com/r/ollama/ollama + - https://github.com/open-webui/open-webui/pkgs/container/open-webui + - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template + - https://github.com/alexlebens/helm-charts/tree/main/charts/postgres-cluster +maintainers: + - name: alexlebens +dependencies: + - name: app-template + alias: ollama + repository: https://bjw-s.github.io/helm-charts/ + version: 3.7.1 + - name: postgres-cluster + alias: postgres-17-cluster + version: 4.2.0 + repository: http://alexlebens.github.io/helm-charts +icon: https://avatars.githubusercontent.com/u/151674099?s=48&v=4 +appVersion: 0.5.1 diff --git a/clusters/cl01tl/platform/ollama/templates/external-secret.yaml b/clusters/cl01tl/platform/ollama/templates/external-secret.yaml new file mode 100644 index 000000000..59df6090b --- /dev/null +++ b/clusters/cl01tl/platform/ollama/templates/external-secret.yaml @@ -0,0 +1,206 @@ + +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ollama-key-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ollama-key-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: key + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/ollama/key + metadataPolicy: None + property: key + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ollama-oidc-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ollama-oidc-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: auth + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: client + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /authentik/oidc/ollama + metadataPolicy: None + property: client + - secretKey: secret + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /authentik/oidc/ollama + metadataPolicy: None + property: secret + +# --- +# apiVersion: external-secrets.io/v1beta1 +# kind: ExternalSecret +# metadata: +# name: ollama-root-backup-secret +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: ollama-root-backup-secret +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: backup +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# secretStoreRef: +# kind: ClusterSecretStore +# name: vault +# target: +# template: +# mergePolicy: Merge +# engineVersion: v2 +# data: +# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/ollama/ollama-root" +# data: +# - secretKey: BUCKET_ENDPOINT +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/volsync/restic/config +# metadataPolicy: None +# property: S3_BUCKET_ENDPOINT +# - secretKey: RESTIC_PASSWORD +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/volsync/restic/config +# metadataPolicy: None +# property: RESTIC_PASSWORD +# - secretKey: AWS_DEFAULT_REGION +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/volsync/restic/config +# metadataPolicy: None +# property: AWS_DEFAULT_REGION +# - secretKey: AWS_ACCESS_KEY_ID +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /digital-ocean/home-infra/volsync-backups +# metadataPolicy: None +# property: access_key +# - secretKey: AWS_SECRET_ACCESS_KEY +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /digital-ocean/home-infra/volsync-backups +# metadataPolicy: None +# property: secret_key + +# --- +# apiVersion: external-secrets.io/v1beta1 +# kind: ExternalSecret +# metadata: +# name: ollama-web-data-backup-secret +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: ollama-web-data-backup-secret +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: backup +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# secretStoreRef: +# kind: ClusterSecretStore +# name: vault +# target: +# template: +# mergePolicy: Merge +# engineVersion: v2 +# data: +# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/ollama/ollama-web" +# data: +# - secretKey: BUCKET_ENDPOINT +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/volsync/restic/config +# metadataPolicy: None +# property: S3_BUCKET_ENDPOINT +# - secretKey: RESTIC_PASSWORD +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/volsync/restic/config +# metadataPolicy: None +# property: RESTIC_PASSWORD +# - secretKey: AWS_DEFAULT_REGION +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/volsync/restic/config +# metadataPolicy: None +# property: AWS_DEFAULT_REGION +# - secretKey: AWS_ACCESS_KEY_ID +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /digital-ocean/home-infra/volsync-backups +# metadataPolicy: None +# property: access_key +# - secretKey: AWS_SECRET_ACCESS_KEY +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /digital-ocean/home-infra/volsync-backups +# metadataPolicy: None +# property: secret_key + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ollama-web-postgresql-17-cluster-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ollama-web-postgresql-17-cluster-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: database + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/postgres-backups + metadataPolicy: None + property: access + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/postgres-backups + metadataPolicy: None + property: secret diff --git a/clusters/cl01tl/platform/ollama/templates/http-route.yaml b/clusters/cl01tl/platform/ollama/templates/http-route.yaml new file mode 100644 index 000000000..3a37e553f --- /dev/null +++ b/clusters/cl01tl/platform/ollama/templates/http-route.yaml @@ -0,0 +1,30 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: http-route-ollama + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: http-route-ollama + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - ollama.alexlebens.net + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - group: '' + kind: Service + name: ollama-web + port: 80 + weight: 100 diff --git a/clusters/cl01tl/platform/ollama/templates/replication-source.yaml b/clusters/cl01tl/platform/ollama/templates/replication-source.yaml new file mode 100644 index 000000000..a531ac9a4 --- /dev/null +++ b/clusters/cl01tl/platform/ollama/templates/replication-source.yaml @@ -0,0 +1,59 @@ +# apiVersion: volsync.backube/v1alpha1 +# kind: ReplicationSource +# metadata: +# name: ollama-root-backup-source +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: ollama-root-backup-source +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: backup +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# sourcePVC: ollama-root +# trigger: +# schedule: 0 0 */3 * * +# restic: +# pruneIntervalDays: 14 +# repository: ollama-root-backup-secret +# retain: +# hourly: 1 +# daily: 1 +# weekly: 1 +# monthly: 2 +# yearly: 4 +# copyMethod: Snapshot +# storageClassName: ceph-block +# volumeSnapshotClassName: ceph-blockpool-snapshot + +# --- +# apiVersion: volsync.backube/v1alpha1 +# kind: ReplicationSource +# metadata: +# name: ollama-web-data-backup-source +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: ollama-web-data-backup-source +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: backup +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# sourcePVC: ollama-web-data +# trigger: +# schedule: 0 0 */3 * * +# restic: +# pruneIntervalDays: 14 +# repository: ollama-web-data-backup-secret +# retain: +# hourly: 1 +# daily: 1 +# weekly: 1 +# monthly: 2 +# yearly: 4 +# moverSecurityContext: +# runAsUser: 1337 +# runAsGroup: 1337 +# copyMethod: Snapshot +# storageClassName: ceph-block +# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/platform/ollama/templates/service.yaml b/clusters/cl01tl/platform/ollama/templates/service.yaml new file mode 100644 index 000000000..9ae241b10 --- /dev/null +++ b/clusters/cl01tl/platform/ollama/templates/service.yaml @@ -0,0 +1,34 @@ +apiVersion: v1 +kind: Service +metadata: + name: ollama-pd05wd + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ollama-pd05wd + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: network + app.kubernetes.io/part-of: {{ .Release.Name }} + annotations: + tailscale.com/tailnet-fqdn: ollama-pd05wd.boreal-beaufort.ts.net +spec: + externalName: placeholder + type: ExternalName + +--- +apiVersion: v1 +kind: Service +metadata: + name: stable-diffusion-pd05wd + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: stable-diffusion-pd05wd + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: network + app.kubernetes.io/part-of: {{ .Release.Name }} + annotations: + tailscale.com/tailnet-fqdn: stable-diffusion-pd05wd.boreal-beaufort.ts.net +spec: + externalName: placeholder + type: ExternalName diff --git a/clusters/cl01tl/platform/ollama/values.yaml b/clusters/cl01tl/platform/ollama/values.yaml new file mode 100644 index 000000000..bd5e302cc --- /dev/null +++ b/clusters/cl01tl/platform/ollama/values.yaml @@ -0,0 +1,263 @@ +ollama: + controllers: + server-1: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + pod: + labels: + ollama-type: server + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: ollama-type + operator: In + values: + - server + topologyKey: kubernetes.io/hostname + containers: + main: + image: + repository: ollama/ollama + tag: 0.5.12 + pullPolicy: IfNotPresent + env: + - name: OLLAMA_KEEP_ALIVE + value: 24h + - name: OLLAMA_HOST + value: 0.0.0.0 + resources: + requests: + cpu: 100m + memory: 1Gi + # gpu.intel.com/i915: 1 + limits: + cpu: 4 + # gpu.intel.com/i915: 1 + server-2: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + pod: + labels: + ollama-type: server + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: ollama-type + operator: In + values: + - server + topologyKey: kubernetes.io/hostname + containers: + main: + image: + repository: ollama/ollama + tag: 0.5.12 + pullPolicy: IfNotPresent + env: + - name: OLLAMA_KEEP_ALIVE + value: 24h + - name: OLLAMA_HOST + value: 0.0.0.0 + resources: + requests: + cpu: 100m + memory: 1Gi + # gpu.intel.com/i915: 1 + limits: + cpu: 4 + # gpu.intel.com/i915: 1 + server-3: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + pod: + labels: + ollama-type: server + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: ollama-type + operator: In + values: + - server + topologyKey: kubernetes.io/hostname + containers: + main: + image: + repository: ollama/ollama + tag: 0.5.12 + pullPolicy: IfNotPresent + env: + - name: OLLAMA_KEEP_ALIVE + value: 24h + - name: OLLAMA_HOST + value: 0.0.0.0 + resources: + requests: + cpu: 100m + memory: 1Gi + # gpu.intel.com/i915: 1 + limits: + cpu: 4 + # gpu.intel.com/i915: 1 + web: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: ghcr.io/open-webui/open-webui + tag: 0.5.16 + pullPolicy: IfNotPresent + env: + - name: ENV + value: prod + - name: WEBUI_AUTH + value: true + - name: WEBUI_NAME + value: Ollama + - name: WEBUI_URL + value: http://ollama.alexlebens.net + - name: ENABLE_LOGIN_FORM + value: false + - name: DEFAULT_USER_ROLE + value: admin + - name: WEBUI_SECRET_KEY + valueFrom: + secretKeyRef: + name: ollama-key-secret + key: key + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: ollama-web-postgresql-17-cluster-app + key: uri + - name: OLLAMA_BASE_URL + value: http://ollama-server-1.ollama:11434 + - name: ENABLE_OAUTH_SIGNUP + value: true + - name: OAUTH_USERNAME_CLAIM + value: preferred_username + - name: OAUTH_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: ollama-oidc-secret + key: secret + - name: OAUTH_CLIENT_ID + valueFrom: + secretKeyRef: + name: ollama-oidc-secret + key: client + - name: OAUTH_PROVIDER_NAME + value: Authentik + - name: OPENID_PROVIDER_URL + value: https://auth.alexlebens.dev/application/o/ollama/.well-known/openid-configuration + resources: + requests: + cpu: 10m + memory: 1Gi + serviceAccount: + create: true + service: + server-1: + controller: server-1 + ports: + http: + port: 11434 + targetPort: 11434 + protocol: HTTP + server-2: + controller: server-2 + ports: + http: + port: 11434 + targetPort: 11434 + protocol: HTTP + server-3: + controller: server-3 + ports: + http: + port: 11434 + targetPort: 11434 + protocol: HTTP + web: + controller: web + ports: + http: + port: 80 + targetPort: 8080 + protocol: HTTP + persistence: + server-1: + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 40Gi + retain: true + advancedMounts: + server-1: + main: + - path: /root/.ollama + readOnly: false + server-2: + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 40Gi + retain: true + advancedMounts: + server-2: + main: + - path: /root/.ollama + readOnly: false + server-3: + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 40Gi + retain: true + advancedMounts: + server-3: + main: + - path: /root/.ollama + readOnly: false + web-data: + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 5Gi + retain: true + advancedMounts: + web: + main: + - path: /app/backend/data + readOnly: false +postgres-17-cluster: + nameOverride: ollama-web-postgresql-17 + mode: recovery + cluster: + walStorage: + storageClass: local-path + storage: + storageClass: local-path + monitoring: + enabled: true + recovery: + endpointURL: https://nyc3.digitaloceanspaces.com + destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/ollama/ollama-web-postgresql-17-cluster + endpointCredentials: ollama-web-postgresql-17-cluster-backup-secret + backup: + enabled: false + endpointURL: https://nyc3.digitaloceanspaces.com + destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/ollama/ollama-web-postgresql-17-cluster + endpointCredentials: ollama-web-postgresql-17-cluster-backup-secret + backupIndex: 2