ION606/ollama-plus
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

opened ports

Browse Source
This commit is contained in:
ION606
2025-09-13 13:40:32 -04:00
parent 4e127f663b
commit 45ad5f5901
7 changed files with 66 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitignore
+1
View File
@@ -136,3 +136,4 @@ __pycache__/
*.xml *.xml
temp.* temp.*
bun.lock bun.lock
tmp/
apps/children/browser.yaml
+1 -1
View File
@@ -9,7 +9,7 @@ spec:
server: https://kubernetes.default.svc server: https://kubernetes.default.svc
namespace: ai namespace: ai
source: source:
repoURL: https://your.git/repo.git repoURL: https://git.ion606.com/ion606/ollama-plus.git
targetRevision: main targetRevision: main
path: manifests/browser path: manifests/browser
syncPolicy: syncPolicy:
manifests/policy/allow-browser-ingress.yaml
+17
View File
@@ -0,0 +1,17 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-browser-ingress
namespace: ai
spec:
podSelector:
matchLabels:
app: browser
policyTypes: ["Ingress"]
ingress:
- from:
- ipBlock:
cidr: 0.0.0.0/0
ports:
- { protocol: TCP, port: 7788 }
manifests/policy/allow-ollama-scheduler-ingress.yaml
+17
View File
@@ -0,0 +1,17 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-ollama-scheduler-ingress
namespace: argo
spec:
podSelector:
matchLabels:
app: ollama-scheduler
policyTypes: ["Ingress"]
ingress:
- from:
- ipBlock:
cidr: 0.0.0.0/0
ports:
- { protocol: TCP, port: 12253 }
manifests/policy/allow-openwebui-ingress.yaml
+20
View File
@@ -0,0 +1,20 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-openwebui-ingress
namespace: ai
spec:
# Select the Open WebUI pods deployed by the Helm release "openwebui"
podSelector:
matchLabels:
app.kubernetes.io/instance: openwebui
policyTypes: ["Ingress"]
ingress:
- from:
- ipBlock:
cidr: 0.0.0.0/0
ports:
# Open WebUI typically listens on 8080 (chart default), sometimes 80
- { protocol: TCP, port: 8080 }
- { protocol: TCP, port: 80 }
manifests/policy/default-deny.yaml
+4 -2
View File
@@ -1,6 +1,8 @@
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: NetworkPolicy kind: NetworkPolicy
metadata: { name: default-deny-all, namespace: ai } metadata:
name: default-deny-all
namespace: ai
spec: spec:
podSelector: {} podSelector: {} # die
policyTypes: ["Ingress", "Egress"] policyTypes: ["Ingress", "Egress"]
scripts/setup.sh
+6 -3
View File
@@ -28,13 +28,16 @@ kubectl rollout status deploy/argocd-application-controller -n argocd --timeout=
# NOTE: creates the child Applications in apps/children/* # NOTE: creates the child Applications in apps/children/*
kubectl apply -n argocd -f apps/0-project-and-root.yaml; kubectl apply -n argocd -f apps/0-project-and-root.yaml;
echo "DEBUG: writing pods to 'tmp/pods.txt'"
mkdir -p tmp || ""
kubectl get pod -o wide --all-namespaces > tmp/pods.txt
# port-forward argocd ui # port-forward argocd ui
echo ""; echo "";
echo "argocd initial admin password (username 'admin'):"; echo "argocd initial admin password (username 'admin'):";
kubectl -n argocd get secret argocd-initial-admin-secret \ kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 -d; echo "";
-o jsonpath='{.data.password}' | base64 -d; echo "";
echo ""; echo "";
echo "port-forwarding argocd ui to https://localhost:8443 (ctrl+c to stop) ..."; echo "port-forwarding argocd ui to https://localhost:8443 (ctrl+c to stop) ...";
kubectl -n ai port-forward svc/scheduler-ui 12253:12253 # kubectl -n argocd port-forward svc/scheduler-ui 12253:12253
kubectl -n argocd port-forward svc/argocd-server 8443:443 kubectl -n argocd port-forward svc/argocd-server 8443:443