From 2649ac61173e1f780a9a40efffb97cf60cdf030f Mon Sep 17 00:00:00 2001 From: ION606 Date: Sat, 13 Sep 2025 19:00:56 -0400 Subject: [PATCH] ingress dump --- apps/children/kustomization.yaml | 2 ++ apps/children/openwebui.yaml | 37 ++---------------------- apps/children/policy-argo.yaml | 21 ++++++++++++++ apps/children/policy.yaml | 21 ++++++++++++++ manifests/policy-argo/kustomization.yaml | 6 ++++ manifests/policy/kustomization.yaml | 8 +++++ 6 files changed, 60 insertions(+), 35 deletions(-) create mode 100644 apps/children/policy-argo.yaml create mode 100644 apps/children/policy.yaml create mode 100644 manifests/policy-argo/kustomization.yaml create mode 100644 manifests/policy/kustomization.yaml diff --git a/apps/children/kustomization.yaml b/apps/children/kustomization.yaml index a41c8d5..05d4ea6 100644 --- a/apps/children/kustomization.yaml +++ b/apps/children/kustomization.yaml @@ -10,6 +10,8 @@ resources: - postgresql.yaml - searxng.yaml - browser.yaml + - policy.yaml + - policy-argo.yaml generatorOptions: disableNameSuffixHash: true diff --git a/apps/children/openwebui.yaml b/apps/children/openwebui.yaml index 24cb13f..5259821 100644 --- a/apps/children/openwebui.yaml +++ b/apps/children/openwebui.yaml @@ -15,41 +15,8 @@ spec: chart: open-webui targetRevision: "*" helm: - values: | - image: - repository: ghcr.io/open-webui/open-webui - tag: "main" - pullPolicy: IfNotPresent - - service: - type: ClusterIP - - persistence: - enabled: true - size: 5Gi - - ingress: - enabled: true - className: nginx - hosts: - - host: openwebui.local - paths: - - path: / - pathType: Prefix - tls: [] - - # NO SECRETS!!! - extraEnvVars: - - name: OLLAMA_BASE_URL - value: "https://mlep.ion606.com" - - name: DATABASE_URL - value: "postgresql://postgres:mypassword@postgresql-primary.ai.svc.cluster.local:5432/openwebui" - - name: VECTOR_DB - value: "pgvector" - - name: PGVECTOR_DB_URL - value: "postgresql://postgres:mypassword@postgresql-primary.ai.svc.cluster.local:5432/openwebui" - - name: PGVECTOR_CREATE_EXTENSION - value: "true" + valueFiles: + - apps/values/openwebui.yaml syncPolicy: automated: prune: true diff --git a/apps/children/policy-argo.yaml b/apps/children/policy-argo.yaml new file mode 100644 index 0000000..234fda2 --- /dev/null +++ b/apps/children/policy-argo.yaml @@ -0,0 +1,21 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: policy-argo + namespace: ai + labels: + repo.ion606.com/ollama-plus: "true" +spec: + project: ai-stack + destination: + server: https://kubernetes.default.svc + namespace: argo + source: + repoURL: https://git.ion606.com/ion606/ollama-plus + targetRevision: main + path: manifests/policy-argo + syncPolicy: + automated: + prune: true + selfHeal: true + diff --git a/apps/children/policy.yaml b/apps/children/policy.yaml new file mode 100644 index 0000000..82ba538 --- /dev/null +++ b/apps/children/policy.yaml @@ -0,0 +1,21 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: policy + namespace: ai + labels: + repo.ion606.com/ollama-plus: "true" +spec: + project: ai-stack + destination: + server: https://kubernetes.default.svc + namespace: ai + source: + repoURL: https://git.ion606.com/ion606/ollama-plus + targetRevision: main + path: manifests/policy + syncPolicy: + automated: + prune: true + selfHeal: true + diff --git a/manifests/policy-argo/kustomization.yaml b/manifests/policy-argo/kustomization.yaml new file mode 100644 index 0000000..8577919 --- /dev/null +++ b/manifests/policy-argo/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../policy/allow-ollama-scheduler-ingress.yaml + diff --git a/manifests/policy/kustomization.yaml b/manifests/policy/kustomization.yaml new file mode 100644 index 0000000..fda5983 --- /dev/null +++ b/manifests/policy/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - default-deny.yaml + - allow-openwebui-ingress.yaml + - allow-browser-ingress.yaml +