alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions 1 Activity

add ollama

Browse Source
This commit is contained in:
Alex Lebens
2025-03-03 11:26:01 -06:00
parent 82474d8302
commit 1b89833697
6 changed files with 622 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
clusters/cl01tl/platform/ollama/Chart.yaml Normal file
View File

@@ -0,0 +1,30 @@
apiVersion: v2
name: ollama
version: 1.0.0
description: Ollama
keywords:
- ollama
- ai
home: https://wiki.alexlebens.dev/doc/ollama-Xmqe6T1P8v
sources:
- https://github.com/ollama/ollama
- https://github.com/open-webui/open-webui
- https://github.com/ai-dock/stable-diffusion-webui
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/ollama/ollama
- https://github.com/open-webui/open-webui/pkgs/container/open-webui
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/alexlebens/helm-charts/tree/main/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: ollama
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
- name: postgres-cluster
alias: postgres-17-cluster
version: 4.2.0
repository: http://alexlebens.github.io/helm-charts
icon: https://avatars.githubusercontent.com/u/151674099?s=48&v=4
appVersion: 0.5.1

206
clusters/cl01tl/platform/ollama/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,206 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ollama-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: ollama-key-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/ollama/key
metadataPolicy: None
property: key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ollama-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: ollama-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: auth
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: client
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/ollama
metadataPolicy: None
property: client
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/ollama
metadataPolicy: None
property: secret
# ---
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: ollama-root-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: ollama-root-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/ollama/ollama-root"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key
# ---
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: ollama-web-data-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: ollama-web-data-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/ollama/ollama-web"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ollama-web-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: ollama-web-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret

30
clusters/cl01tl/platform/ollama/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,30 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-ollama
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-ollama
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- ollama.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: ollama-web
port: 80
weight: 100

59
clusters/cl01tl/platform/ollama/templates/replication-source.yaml Normal file
View File

@@ -0,0 +1,59 @@
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: ollama-root-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: ollama-root-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: ollama-root
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: ollama-root-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot
# ---
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: ollama-web-data-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: ollama-web-data-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: ollama-web-data
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: ollama-web-data-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# moverSecurityContext:
# runAsUser: 1337
# runAsGroup: 1337
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot

34
clusters/cl01tl/platform/ollama/templates/service.yaml Normal file
View File

@@ -0,0 +1,34 @@
apiVersion: v1
kind: Service
metadata:
name: ollama-pd05wd
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: ollama-pd05wd
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: network
app.kubernetes.io/part-of: {{ .Release.Name }}
annotations:
tailscale.com/tailnet-fqdn: ollama-pd05wd.boreal-beaufort.ts.net
spec:
externalName: placeholder
type: ExternalName
---
apiVersion: v1
kind: Service
metadata:
name: stable-diffusion-pd05wd
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: stable-diffusion-pd05wd
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: network
app.kubernetes.io/part-of: {{ .Release.Name }}
annotations:
tailscale.com/tailnet-fqdn: stable-diffusion-pd05wd.boreal-beaufort.ts.net
spec:
externalName: placeholder
type: ExternalName

263
clusters/cl01tl/platform/ollama/values.yaml Normal file
View File

@@ -0,0 +1,263 @@
ollama:
controllers:
server-1:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
labels:
ollama-type: server
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: ollama-type
operator: In
values:
- server
topologyKey: kubernetes.io/hostname
containers:
main:
image:
repository: ollama/ollama
tag: 0.5.12
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE
value: 24h
- name: OLLAMA_HOST
value: 0.0.0.0
resources:
requests:
cpu: 100m
memory: 1Gi
# gpu.intel.com/i915: 1
limits:
cpu: 4
# gpu.intel.com/i915: 1
server-2:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
labels:
ollama-type: server
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: ollama-type
operator: In
values:
- server
topologyKey: kubernetes.io/hostname
containers:
main:
image:
repository: ollama/ollama
tag: 0.5.12
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE
value: 24h
- name: OLLAMA_HOST
value: 0.0.0.0
resources:
requests:
cpu: 100m
memory: 1Gi
# gpu.intel.com/i915: 1
limits:
cpu: 4
# gpu.intel.com/i915: 1
server-3:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
labels:
ollama-type: server
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: ollama-type
operator: In
values:
- server
topologyKey: kubernetes.io/hostname
containers:
main:
image:
repository: ollama/ollama
tag: 0.5.12
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE
value: 24h
- name: OLLAMA_HOST
value: 0.0.0.0
resources:
requests:
cpu: 100m
memory: 1Gi
# gpu.intel.com/i915: 1
limits:
cpu: 4
# gpu.intel.com/i915: 1
web:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/open-webui/open-webui
tag: 0.5.16
pullPolicy: IfNotPresent
env:
- name: ENV
value: prod
- name: WEBUI_AUTH
value: true
- name: WEBUI_NAME
value: Ollama
- name: WEBUI_URL
value: http://ollama.alexlebens.net
- name: ENABLE_LOGIN_FORM
value: false
- name: DEFAULT_USER_ROLE
value: admin
- name: WEBUI_SECRET_KEY
valueFrom:
secretKeyRef:
name: ollama-key-secret
key: key
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: ollama-web-postgresql-17-cluster-app
key: uri
- name: OLLAMA_BASE_URL
value: http://ollama-server-1.ollama:11434
- name: ENABLE_OAUTH_SIGNUP
value: true
- name: OAUTH_USERNAME_CLAIM
value: preferred_username
- name: OAUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: ollama-oidc-secret
key: secret
- name: OAUTH_CLIENT_ID
valueFrom:
secretKeyRef:
name: ollama-oidc-secret
key: client
- name: OAUTH_PROVIDER_NAME
value: Authentik
- name: OPENID_PROVIDER_URL
value: https://auth.alexlebens.dev/application/o/ollama/.well-known/openid-configuration
resources:
requests:
cpu: 10m
memory: 1Gi
serviceAccount:
create: true
service:
server-1:
controller: server-1
ports:
http:
port: 11434
targetPort: 11434
protocol: HTTP
server-2:
controller: server-2
ports:
http:
port: 11434
targetPort: 11434
protocol: HTTP
server-3:
controller: server-3
ports:
http:
port: 11434
targetPort: 11434
protocol: HTTP
web:
controller: web
ports:
http:
port: 80
targetPort: 8080
protocol: HTTP
persistence:
server-1:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 40Gi
retain: true
advancedMounts:
server-1:
main:
- path: /root/.ollama
readOnly: false
server-2:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 40Gi
retain: true
advancedMounts:
server-2:
main:
- path: /root/.ollama
readOnly: false
server-3:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 40Gi
retain: true
advancedMounts:
server-3:
main:
- path: /root/.ollama
readOnly: false
web-data:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
web:
main:
- path: /app/backend/data
readOnly: false
postgres-17-cluster:
nameOverride: ollama-web-postgresql-17
mode: recovery
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
monitoring:
enabled: true
recovery:
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/ollama/ollama-web-postgresql-17-cluster
endpointCredentials: ollama-web-postgresql-17-cluster-backup-secret
backup:
enabled: false
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/ollama/ollama-web-postgresql-17-cluster
endpointCredentials: ollama-web-postgresql-17-cluster-backup-secret
backupIndex: 2