diff --git a/charts/gpu-runtime.yaml b/charts/gpu-runtime.yaml index 066a112..8695d9f 100644 --- a/charts/gpu-runtime.yaml +++ b/charts/gpu-runtime.yaml @@ -2,9 +2,15 @@ apiVersion: helm.cattle.io/v1 kind: HelmChart metadata: name: nvidia-device-plugin - namespace: kube-system + namespace: charts spec: chart: nvidia-device-plugin repo: https://nvidia.github.io/k8s-device-plugin valuesContent: |- runtimeClassName: nvidia + namespaceOverride: kube-system + tolerations: + - key: "gpu" + value: "true" + operator: "Equal" + effect: "NoSchedule" diff --git a/kustomize/statefulset/httproute-http.yaml b/kustomize/statefulset/httproute-http.yaml new file mode 100644 index 0000000..9f70c85 --- /dev/null +++ b/kustomize/statefulset/httproute-http.yaml @@ -0,0 +1,26 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: http +spec: + parentRefs: + - name: homelab-gateway + sectionName: web + kind: Gateway + namespace: homelab + hostnames: + - web.leechpepin.com + rules: + - filters: + - type: RequestHeaderModifier + requestHeaderModifier: + set: + - name: "X-Forwarded-Proto" + value: "https" + backendRefs: + - name: web + port: 80 + matches: + - path: + type: PathPrefix + value: / diff --git a/kustomize/statefulset/httproute-https.yaml b/kustomize/statefulset/httproute-https.yaml new file mode 100644 index 0000000..b38ea13 --- /dev/null +++ b/kustomize/statefulset/httproute-https.yaml @@ -0,0 +1,20 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: https +spec: + parentRefs: + - name: homelab-gateway + sectionName: websecure + kind: Gateway + namespace: homelab + hostnames: + - web.leechpepin.com + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: web + port: 80 diff --git a/kustomize/statefulset/kustomization.yaml b/kustomize/statefulset/kustomization.yaml new file mode 100644 index 0000000..f349ec1 --- /dev/null +++ b/kustomize/statefulset/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - statefulset.yaml + - service.yaml + - httproute-http.yaml + - httproute-https.yaml + - secret.yaml + +labels: + - includeSelectors: true + pairs: + app.kubernetes.io/managed-by: kustomize diff --git a/kustomize/statefulset/secret.yaml b/kustomize/statefulset/secret.yaml new file mode 100644 index 0000000..e7ab759 --- /dev/null +++ b/kustomize/statefulset/secret.yaml @@ -0,0 +1,27 @@ +apiVersion: secrets.infisical.com/v1alpha1 +kind: InfisicalSecret +metadata: + name: secrets + namespace: infisical + labels: + label-to-be-passed-to-managed-secret: homelab + annotations: + example.com/annotation-to-be-passed-to-managed-secret: "homelab" +spec: + hostAPI: https://app.infisical.com/api + resyncInterval: 10 + authentication: + # Universal Auth + universalAuth: + secretsScope: + projectSlug: homelab-n-f-yj + envSlug: prod + secretsPath: "/apps/appname" # Root is "/" + recursive: false # Whether or not to use recursive mode (Fetches all secrets in an environment from a given secret path, and all folders inside the path) / defaults to false + credentialsRef: + secretName: universal-auth-credentials + secretNamespace: infisical + managedSecretReference: + secretName: app-secrets + secretNamespace: ns + creationPolicy: "Orphan" ## Owner | Orphan diff --git a/kustomize/statefulset/service.yaml b/kustomize/statefulset/service.yaml new file mode 100644 index 0000000..2d0c61a --- /dev/null +++ b/kustomize/statefulset/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: svc +spec: + type: ClusterIP + ports: + - port: 80 + name: test + targetPort: test + protocol: TCP diff --git a/kustomize/statefulset/statefulset.yaml b/kustomize/statefulset/statefulset.yaml new file mode 100644 index 0000000..149dafd --- /dev/null +++ b/kustomize/statefulset/statefulset.yaml @@ -0,0 +1,23 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: ss + namespace: core +spec: + serviceName: ss-svc + replicas: 1 + template: + spec: + restartPolicy: Always + volumeClaimTemplates: + - metadata: + name: ss-data + annotations: + name: ss-data + spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn-private + resources: + requests: + storage: 5Gi diff --git a/namespaces/ai/tabby/config.toml b/namespaces/ai/tabby/config.toml index cb8950c..109a494 100644 --- a/namespaces/ai/tabby/config.toml +++ b/namespaces/ai/tabby/config.toml @@ -13,5 +13,5 @@ api_endpoint = "http://ollama-svc:11434/v1" # Embedding model [model.embedding.http] kind = "ollama/embedding" -model_name = "ordis/jina-embeddings-v2-base-code" +model_name = "ordis/jina-embeddings-v2-base-code:latest" api_endpoint = "http://ollama-svc:11434" diff --git a/namespaces/core/postgres.yaml b/namespaces/core/postgres.yaml deleted file mode 100644 index 83376d5..0000000 --- a/namespaces/core/postgres.yaml +++ /dev/null @@ -1,108 +0,0 @@ ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: postgres - namespace: core -spec: - serviceName: postgres - replicas: 1 - selector: - matchLabels: - name: postgres - template: - metadata: - labels: - name: postgres - spec: - restartPolicy: Always - containers: - - name: postgres - image: postgres:17.4 - ports: - - name: http - containerPort: 5432 - protocol: TCP - volumeMounts: - - mountPath: /var/lib/postgresql/data - name: postgres-data - subPath: "data" - env: - - name: POSTGRES_USER - value: postgres - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - key: ROOT_PASSWORD - name: postgres-secrets - startupProbe: - exec: - command: - - /bin/sh - - -c - - exec pg_isready -U ${POSTGRES_USER} - livenessProbe: - exec: - command: - - /bin/sh - - -c - - exec pg_isready -U ${POSTGRES_USER} - readinessProbe: - exec: - command: - - /bin/sh - - -c - - exec pg_isready -U ${POSTGRES_USER} - volumeClaimTemplates: - - metadata: - name: postgres-data - annotations: - name: postgres-data - spec: - accessModes: - - ReadWriteOnce - storageClassName: longhorn-private - resources: - requests: - storage: 2Gi ---- -apiVersion: v1 -kind: Service -metadata: - name: postgres - namespace: core -spec: - type: ClusterIP - selector: - name: postgres - ports: - - port: 5432 - name: http - targetPort: http - protocol: TCP ---- -apiVersion: gateway.networking.k8s.io/v1alpha2 -kind: TCPRoute -metadata: - name: postgres - namespace: core -spec: - parentRefs: - - name: homelab-gateway - sectionName: postgres - kind: Gateway - namespace: homelab - - # hostnames: - # - postgres.leechpepin.local - - rules: - # - matches: - # - path: - # type: PathPrefix - # value: / - - - backendRefs: - - name: postgres - namespace: core - port: 5432 diff --git a/namespaces/core/postgres/extras/tcproute.yaml b/namespaces/core/postgres/extras/tcproute.yaml new file mode 100644 index 0000000..70d2818 --- /dev/null +++ b/namespaces/core/postgres/extras/tcproute.yaml @@ -0,0 +1,16 @@ +apiVersion: gateway.networking.k8s.io/v1alpha2 +kind: TCPRoute +metadata: + name: tcproute + namespace: core +spec: + parentRefs: + - name: homelab-gateway + sectionName: postgres + kind: Gateway + namespace: homelab + rules: + - backendRefs: + - name: postgres-svc + namespace: core + port: 5432 diff --git a/namespaces/core/postgres/kustomization.yaml b/namespaces/core/postgres/kustomization.yaml new file mode 100644 index 0000000..12fa835 --- /dev/null +++ b/namespaces/core/postgres/kustomization.yaml @@ -0,0 +1,97 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +transformers: + - |- + apiVersion: builtin + kind: NamespaceTransformer + metadata: + name: notImportantHere + namespace: core + unsetOnly: true + +namePrefix: postgres- +resources: + - ../../../kustomize/statefulset/ + - extras/tcproute.yaml + +labels: + - includeSelectors: true + pairs: + app.kubernetes.io/appName: postgres + - pairs: + app.kubernetes.io/appNamespace: core + +patches: + - path: patches/statefulset.yaml + target: + kind: StatefulSet + name: ss + - path: patches/httproutes-delete.yaml + target: + kind: HTTPRoute + +replacements: + - source: + kind: StatefulSet + name: ss + fieldPath: metadata.labels.[app.kubernetes.io/appNamespace] + targets: + - select: + kind: InfisicalSecret + fieldPaths: + - spec.managedSecretReference.secretNamespace + - select: + kind: InfisicalSecret + options: + delimiter: "/" + index: 1 + fieldPaths: + - spec.authentication.universalAuth.secretsScope.secretsPath + - source: + kind: StatefulSet + name: ss + fieldPath: metadata.labels.[app.kubernetes.io/appName] + targets: + - select: + kind: StatefulSet + options: + delimiter: "-" + index: 0 + fieldPaths: + - spec.volumeClaimTemplates.0.metadata.annotations.name + - spec.volumeClaimTemplates.0.metadata.name + - spec.serviceName + - select: + kind: InfisicalSecret + options: + delimiter: "-" + index: 0 + fieldPaths: + - spec.managedSecretReference.secretName + - select: + kind: InfisicalSecret + options: + delimiter: "/" + index: 2 + fieldPaths: + - spec.authentication.universalAuth.secretsScope.secretsPath + - source: + kind: StatefulSet + name: ss + fieldPath: spec.template.spec.containers.0.ports.0.name + targets: + - select: + kind: Service + fieldPaths: + - spec.ports.0.name + - spec.ports.0.targetPort + - source: + kind: StatefulSet + name: ss + fieldPath: spec.template.spec.containers.0.ports.0.containerPort + targets: + - select: + kind: Service + fieldPaths: + - spec.ports.0.port diff --git a/namespaces/core/postgres/patches/httproutes-delete.yaml b/namespaces/core/postgres/patches/httproutes-delete.yaml new file mode 100644 index 0000000..63a1ad5 --- /dev/null +++ b/namespaces/core/postgres/patches/httproutes-delete.yaml @@ -0,0 +1,5 @@ +$patch: delete +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: https diff --git a/namespaces/core/postgres/patches/statefulset.yaml b/namespaces/core/postgres/patches/statefulset.yaml new file mode 100644 index 0000000..00f22da --- /dev/null +++ b/namespaces/core/postgres/patches/statefulset.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: app +spec: + template: + spec: + securityContext: + fsGroup: 999 + containers: + - name: postgres + image: postgres:17.4 + ports: + - name: postgres + containerPort: 5432 + protocol: TCP + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: postgres-data + subPath: "data" + env: + - name: POSTGRES_USER + value: postgres + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: ROOT_PASSWORD + name: postgres-secrets + startupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U ${POSTGRES_USER} + livenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U ${POSTGRES_USER} + readinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U ${POSTGRES_USER} diff --git a/namespaces/core/redis.yaml b/namespaces/core/redis.yaml deleted file mode 100644 index c9398f0..0000000 --- a/namespaces/core/redis.yaml +++ /dev/null @@ -1,82 +0,0 @@ ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: redis - namespace: core -spec: - serviceName: redis - replicas: 1 - selector: - matchLabels: - name: redis - template: - metadata: - labels: - name: redis - spec: - restartPolicy: Always - containers: - - name: redis - image: redis:7.4.2-alpine3.21 - ports: - - name: http - containerPort: 6379 - protocol: TCP - volumeMounts: - - mountPath: /data - name: redis-data - subPath: "data" - volumeClaimTemplates: - - metadata: - name: redis-data - annotations: - name: redis-data - spec: - accessModes: - - ReadWriteOnce - storageClassName: longhorn-private - resources: - requests: - storage: 0.5Gi ---- -apiVersion: v1 -kind: Service -metadata: - name: redis - namespace: core -spec: - type: ClusterIP - selector: - name: redis - ports: - - port: 6379 - name: http - targetPort: http - protocol: TCP ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: redis - namespace: core -spec: - parentRefs: - - name: homelab-gateway - sectionName: redis - kind: Gateway - namespace: homelab - - hostnames: - - redis.leechpepin.local - - rules: - - matches: - - path: - type: PathPrefix - value: / - - backendRefs: - - name: redis - namespace: core - port: 6379 diff --git a/namespaces/core/redis/kustomization.yaml b/namespaces/core/redis/kustomization.yaml new file mode 100644 index 0000000..e84f22d --- /dev/null +++ b/namespaces/core/redis/kustomization.yaml @@ -0,0 +1,112 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +transformers: + - |- + apiVersion: builtin + kind: NamespaceTransformer + metadata: + name: notImportantHere + namespace: core + unsetOnly: true + +namePrefix: redis- +resources: + - ../../../kustomize/statefulset/ + +labels: + - includeSelectors: true + pairs: + app.kubernetes.io/appName: redis + - pairs: + app.kubernetes.io/appNamespace: core + +patches: + - path: patches/statefulset.yaml + target: + kind: StatefulSet + name: ss + +replacements: + - source: + kind: StatefulSet + name: ss + fieldPath: metadata.labels.[app.kubernetes.io/appNamespace] + targets: + - select: + kind: InfisicalSecret + fieldPaths: + - spec.managedSecretReference.secretNamespace + - select: + kind: InfisicalSecret + options: + delimiter: "/" + index: 1 + fieldPaths: + - spec.authentication.universalAuth.secretsScope.secretsPath + - source: + kind: StatefulSet + name: ss + fieldPath: metadata.labels.[app.kubernetes.io/appName] + targets: + - select: + kind: StatefulSet + options: + delimiter: "-" + index: 0 + fieldPaths: + - spec.volumeClaimTemplates.0.metadata.annotations.name + - spec.volumeClaimTemplates.0.metadata.name + - spec.serviceName + - select: + kind: InfisicalSecret + options: + delimiter: "-" + index: 0 + fieldPaths: + - spec.managedSecretReference.secretName + - select: + kind: InfisicalSecret + options: + delimiter: "/" + index: 2 + fieldPaths: + - spec.authentication.universalAuth.secretsScope.secretsPath + - select: + kind: HTTPRoute + options: + create: true + delimiter: "." + index: 0 + fieldPaths: + - spec.hostnames.0 + - source: + kind: StatefulSet + name: ss + fieldPath: spec.template.spec.containers.0.ports.0.name + targets: + - select: + kind: Service + fieldPaths: + - spec.ports.0.name + - spec.ports.0.targetPort + - source: + kind: Service + targets: + - select: + kind: HTTPRoute + fieldPaths: + - spec.rules.0.backendRefs.0.name + - source: + kind: StatefulSet + name: ss + fieldPath: spec.template.spec.containers.0.ports.0.containerPort + targets: + - select: + kind: Service + fieldPaths: + - spec.ports.0.port + - select: + kind: HTTPRoute + fieldPaths: + - spec.rules.0.backendRefs.0.port diff --git a/namespaces/core/redis/patches/statefulset.yaml b/namespaces/core/redis/patches/statefulset.yaml new file mode 100644 index 0000000..8fcc131 --- /dev/null +++ b/namespaces/core/redis/patches/statefulset.yaml @@ -0,0 +1,19 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: app +spec: + template: + spec: + restartPolicy: Always + containers: + - name: redis + image: redis:7.4.2-alpine3.21 + ports: + - name: redis + containerPort: 6379 + protocol: TCP + volumeMounts: + - mountPath: /data + name: redis-data + subPath: "data"