ollama: controllers: server-1: type: deployment replicas: 1 strategy: Recreate pod: labels: ollama-type: server affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: ollama-type operator: In values: - server topologyKey: kubernetes.io/hostname containers: main: image: repository: ollama/ollama tag: 0.20.0@sha256:6eb118589b440c05b62e7e5e73a0bdf7240f6c79d968e60e6fd49f919eee5733 env: - name: OLLAMA_KEEP_ALIVE value: 24h - name: OLLAMA_HOST value: 0.0.0.0 resources: limits: gpu.intel.com/i915: 1 requests: cpu: 10m memory: 20Mi gpu.intel.com/i915: 1 server-2: type: deployment replicas: 1 strategy: Recreate pod: labels: ollama-type: server affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: ollama-type operator: In values: - server topologyKey: kubernetes.io/hostname containers: main: image: repository: ollama/ollama tag: 0.20.0@sha256:6eb118589b440c05b62e7e5e73a0bdf7240f6c79d968e60e6fd49f919eee5733 env: - name: OLLAMA_KEEP_ALIVE value: 24h - name: OLLAMA_HOST value: 0.0.0.0 resources: limits: gpu.intel.com/i915: 1 requests: cpu: 10m memory: 20Mi gpu.intel.com/i915: 1 server-3: type: deployment replicas: 1 strategy: Recreate pod: labels: ollama-type: server affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: ollama-type operator: In values: - server topologyKey: kubernetes.io/hostname containers: main: image: repository: ollama/ollama tag: 0.20.0@sha256:6eb118589b440c05b62e7e5e73a0bdf7240f6c79d968e60e6fd49f919eee5733 env: - name: OLLAMA_KEEP_ALIVE value: 24h - name: OLLAMA_HOST value: 0.0.0.0 resources: limits: gpu.intel.com/i915: 1 requests: cpu: 10m memory: 20Mi gpu.intel.com/i915: 1 web: type: deployment replicas: 1 strategy: Recreate containers: main: image: repository: ghcr.io/open-webui/open-webui tag: v0.8.12@sha256:8113fa5510020ef05a44afc0c42d33eabeeb2524a996e3e3fb8c437c00f0d792 env: - name: ENV value: prod - name: WEBUI_AUTH value: true - name: WEBUI_NAME value: Ollama - name: WEBUI_URL value: http://ollama.alexlebens.net - name: ENABLE_LOGIN_FORM value: false - name: DEFAULT_USER_ROLE value: admin - name: WEBUI_SECRET_KEY valueFrom: secretKeyRef: name: ollama-key-secret key: key - name: DATABASE_URL valueFrom: secretKeyRef: name: ollama-web-postgresql-18-cluster-app key: uri - name: OLLAMA_BASE_URL value: http://ollama-server-1.ollama:11434 - name: ENABLE_OAUTH_SIGNUP value: true - name: OAUTH_USERNAME_CLAIM value: preferred_username - name: OAUTH_CLIENT_SECRET valueFrom: secretKeyRef: name: ollama-oidc-secret key: secret - name: OAUTH_CLIENT_ID valueFrom: secretKeyRef: name: ollama-oidc-secret key: client - name: OAUTH_PROVIDER_NAME value: Authentik - name: OPENID_PROVIDER_URL value: https://authentik.alexlebens.net/application/o/ollama/.well-known/openid-configuration resources: requests: cpu: 10m memory: 650Mi service: server-1: controller: server-1 ports: http: port: 11434 targetPort: 11434 server-2: controller: server-2 ports: http: port: 11434 targetPort: 11434 server-3: controller: server-3 ports: http: port: 11434 targetPort: 11434 web: controller: web ports: http: port: 80 targetPort: 8080 route: main: kind: HTTPRoute parentRefs: - group: gateway.networking.k8s.io kind: Gateway name: traefik-gateway namespace: traefik hostnames: - ollama.alexlebens.net rules: - backendRefs: - name: ollama-web port: 80 matches: - path: type: PathPrefix value: / persistence: server-1: storageClass: ceph-block accessMode: ReadWriteOnce size: 40Gi advancedMounts: server-1: main: - path: /root/.ollama readOnly: false server-2: storageClass: ceph-block accessMode: ReadWriteOnce size: 40Gi advancedMounts: server-2: main: - path: /root/.ollama readOnly: false server-3: storageClass: ceph-block accessMode: ReadWriteOnce size: 40Gi advancedMounts: server-3: main: - path: /root/.ollama readOnly: false web-data: forceRename: ollama-web-data storageClass: ceph-block accessMode: ReadWriteOnce size: 5Gi advancedMounts: web: main: - path: /app/backend/data readOnly: false postgres-18-cluster: nameOverride: ollama-web-postgresql-18 mode: recovery recovery: method: objectStore objectStore: index: 1 backup: objectStore: - name: garage-local index: 1 destinationBucket: postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 5 15 * * *" backupName: garage-local volsync-target-data: pvcTarget: ollama-web-data moverSecurityContext: runAsUser: 1337 runAsGroup: 1337 local: enabled: true schedule: 48 8 * * * remote: enabled: true schedule: 48 9 * * * external: enabled: true schedule: 48 10 * * *