From 2cb1dd0364c48baf526188596a04fa90d11c3446 Mon Sep 17 00:00:00 2001 From: alexlebens Date: Thu, 3 Oct 2024 21:55:13 -0500 Subject: [PATCH] add ollama --- clusters/cl01tl/platform/ollama/Chart.yaml | 29 +++ .../ollama/templates/external-secret.yaml | 206 ++++++++++++++++++ .../ollama/templates/replication-source.yaml | 59 +++++ clusters/cl01tl/platform/ollama/values.yaml | 162 ++++++++++++++ 4 files changed, 456 insertions(+) create mode 100644 clusters/cl01tl/platform/ollama/Chart.yaml create mode 100644 clusters/cl01tl/platform/ollama/templates/external-secret.yaml create mode 100644 clusters/cl01tl/platform/ollama/templates/replication-source.yaml create mode 100644 clusters/cl01tl/platform/ollama/values.yaml diff --git a/clusters/cl01tl/platform/ollama/Chart.yaml b/clusters/cl01tl/platform/ollama/Chart.yaml new file mode 100644 index 000000000..2091b9e74 --- /dev/null +++ b/clusters/cl01tl/platform/ollama/Chart.yaml @@ -0,0 +1,29 @@ +apiVersion: v2 +name: ollama +version: 1.0.0 +description: Ollama +keywords: + - ollama + - ai +home: https://wiki.alexlebens.dev/doc/ollama- +sources: + - https://github.com/ollama/ollama + - https://github.com/open-webui/open-webui + - https://github.com/cloudnative-pg/cloudnative-pg + - https://hub.docker.com/r/ollama/ollama + - https://github.com/open-webui/open-webui/pkgs/container/open-webui + - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template + - https://github.com/alexlebens/helm-charts/tree/main/charts/postgres-cluster +maintainers: + - name: alexlebens +dependencies: + - name: app-template + alias: ollama + repository: https://bjw-s.github.io/helm-charts/ + version: 3.4.0 + - name: postgres-cluster + alias: postgres-16-cluster + version: 3.12.0 + repository: http://alexlebens.github.io/helm-charts +icon: https://avatars.githubusercontent.com/u/151674099?s=48&v=4 +appVersion: 0.3.12 diff --git a/clusters/cl01tl/platform/ollama/templates/external-secret.yaml b/clusters/cl01tl/platform/ollama/templates/external-secret.yaml new file mode 100644 index 000000000..8febfb8bc --- /dev/null +++ b/clusters/cl01tl/platform/ollama/templates/external-secret.yaml @@ -0,0 +1,206 @@ + +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ollama-key-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ollama-key-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: key + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/ollama/key + metadataPolicy: None + property: key + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ollama-oidc-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ollama-oidc-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: auth + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: client + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /authentik/oidc/ollama + metadataPolicy: None + property: client + - secretKey: secret + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /authentik/oidc/ollama + metadataPolicy: None + property: secret + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ollama-root-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ollama-root-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/ollama/ollama-root" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-volsync-backups + metadataPolicy: None + property: secret_key + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ollama-web-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ollama-web-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/ollama/ollama-web" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-volsync-backups + metadataPolicy: None + property: secret_key + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ollama-web-postgresql-16-cluster-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ollama-web-postgresql-16-cluster-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: database + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-ollama-web-postgresql + metadataPolicy: None + property: access_key + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-ollama-web-postgresql + metadataPolicy: None + property: secret_key diff --git a/clusters/cl01tl/platform/ollama/templates/replication-source.yaml b/clusters/cl01tl/platform/ollama/templates/replication-source.yaml new file mode 100644 index 000000000..4166fede9 --- /dev/null +++ b/clusters/cl01tl/platform/ollama/templates/replication-source.yaml @@ -0,0 +1,59 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: ollama-root-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ollama-root-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: ollama-root + trigger: + schedule: 0 0 * * * + restic: + pruneIntervalDays: 7 + repository: ollama-root-backup-secret + retain: + hourly: 1 + daily: 1 + weekly: 3 + monthly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block-delete + volumeSnapshotClassName: ceph-blockpool-snapshot + +--- +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: ollama-web-data-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ollama-web-data-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: ollama-web-data + trigger: + schedule: 0 0 * * * + restic: + pruneIntervalDays: 7 + repository: ollama-web-data-backup-secret + retain: + hourly: 1 + daily: 1 + weekly: 3 + monthly: 2 + yearly: 4 + moverSecurityContext: + runAsUser: 1337 + runAsGroup: 1337 + copyMethod: Snapshot + storageClassName: ceph-block-delete + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/platform/ollama/values.yaml b/clusters/cl01tl/platform/ollama/values.yaml new file mode 100644 index 000000000..1020ce492 --- /dev/null +++ b/clusters/cl01tl/platform/ollama/values.yaml @@ -0,0 +1,162 @@ +ollama: + controllers: + main: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: ollama/ollama + tag: 0.3.12 + pullPolicy: IfNotPresent + env: + - name: OLLAMA_KEEP_ALIVE + value: 24h + - name: OLLAMA_HOST + value: 0.0.0.0 + resources: + limits: + cpu: 5000m + memory: 8Gi + gpu.intel.com/i915: 1 + requests: + cpu: 100m + memory: 8Gi + gpu.intel.com/i915: 1 + web: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: ghcr.io/open-webui/open-webui + tag: 0.3.12 + pullPolicy: IfNotPresent + env: + - name: ENV + value: prod + - name: WEBUI_AUTH + value: true + - name: WEBUI_NAME + value: Ollama + - name: WEBUI_URL + value: http://ollama-cl01tl.boreal-beaufort.ts.net + - name: ENABLE_LOGIN_FORM + value: false + - name: DEFAULT_USER_ROLE + value: admin + - name: WEBUI_SECRET_KEY + valueFrom: + secretKeyRef: + name: ollama-secret-key + key: key + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: ollama-web-postgresql-16-cluster-app + key: uri + - name: OLLAMA_BASE_URL + value: http://ollama-main.ollama:11434 + - name: ENABLE_OAUTH_SIGNUP + value: true + - name: OAUTH_USERNAME_CLAIM + value: preferred_username + - name: OAUTH_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: ollama-oidc-secret + key: secret + - name: OAUTH_CLIENT_ID + valueFrom: + secretKeyRef: + name: ollama-oidc-secret + key: client + - name: OAUTH_PROVIDER_NAME + value: Authentik + - name: OPENID_PROVIDER_URL + value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/ollama-web/.well-known/openid-configuration + resources: + requests: + cpu: 100m + memory: 128Mi + serviceAccount: + create: true + service: + main: + controller: main + ports: + http: + port: 11434 + targetPort: 11434 + protocol: HTTP + web: + controller: web + ports: + http: + port: 80 + targetPort: 8080 + protocol: HTTP + ingress: + main: + className: tailscale + hosts: + - host: ollama-cl01tl + paths: + - path: / + pathType: Prefix + service: + name: ollama-web + port: 80 + tls: + - secretName: ollama-cl01tl + hosts: + - ollama-cl01tl + persistence: + root: + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 10Gi + retain: true + advancedMounts: + main: + main: + - path: /root/.ollama + readOnly: false + web-data: + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 1Gi + retain: true + advancedMounts: + web: + main: + - path: /app/backend/data + readOnly: false +postgres-16-cluster: + nameOverride: ollama-web-postgresql-16 + mode: standalone + cluster: + walStorage: + storageClass: local-path + storage: + storageClass: local-path + monitoring: + enabled: true + prometheusRule: + enabled: false + backup: + enabled: true + endpointURL: https://s3.us-east-2.amazonaws.com + destinationPath: s3://cl01tl-postgresql-backups/ollama-web + endpointCredentials: ollama-postgresql-16-cluster-backup-secret + backupIndex: 1 + tags: + backupRetentionPolicy: "expire" + user: "cl01tl-ollama-web-postgresql" + historyTags: + backupRetentionPolicy: "keep" + user: "cl01tl-ollama-web-postgresql"