diff --git a/apps/values/openwebui.yaml b/apps/values/openwebui.yaml index b228c98..281cddf 100644 --- a/apps/values/openwebui.yaml +++ b/apps/values/openwebui.yaml @@ -4,21 +4,14 @@ image: pullPolicy: IfNotPresent service: - type: ClusterIP # use Ingress for external access + type: NodePort persistence: enabled: true size: 5Gi ingress: - enabled: true # expose via nginx ingress - className: nginx - hosts: - - host: openwebui.local - paths: - - path: / - pathType: Prefix - tls: [] # no https for local/minikube + enabled: false # NO SECRETS!!! extraEnvVars: diff --git a/manifests/argo-schedules-api/deployment.yaml b/manifests/argo-schedules-api/deployment.yaml index 9ab920e..62ee0bf 100644 --- a/manifests/argo-schedules-api/deployment.yaml +++ b/manifests/argo-schedules-api/deployment.yaml @@ -56,4 +56,4 @@ spec: - name: http port: 12253 targetPort: 12253 - type: ClusterIP + type: NodePort diff --git a/manifests/browser/deployment.yaml b/manifests/browser/deployment.yaml index 98aea45..8d17e6f 100644 --- a/manifests/browser/deployment.yaml +++ b/manifests/browser/deployment.yaml @@ -37,4 +37,4 @@ metadata: { name: browser, namespace: ai } spec: selector: { app: browser } ports: [{ name: http, port: 7788, targetPort: 7788 }] - type: ClusterIP + type: NodePort diff --git a/manifests/coderunner/deployment.yaml b/manifests/coderunner/deployment.yaml index dfe5bb3..51ed9b6 100644 --- a/manifests/coderunner/deployment.yaml +++ b/manifests/coderunner/deployment.yaml @@ -41,4 +41,4 @@ metadata: { name: coderunner, namespace: ai } spec: selector: { app: coderunner } ports: [{ name: http, port: 8787, targetPort: 8787 }] - type: ClusterIP + type: NodePort diff --git a/manifests/policy/allow-coderunner-ingress.yaml b/manifests/policy/allow-coderunner-ingress.yaml new file mode 100644 index 0000000..37f446b --- /dev/null +++ b/manifests/policy/allow-coderunner-ingress.yaml @@ -0,0 +1,16 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-coderunner-ingress + namespace: ai +spec: + podSelector: + matchLabels: + app: coderunner + policyTypes: ["Ingress"] + ingress: + - from: + - ipBlock: { cidr: 0.0.0.0/0 } + ports: + - { protocol: TCP, port: 8787 } + diff --git a/manifests/policy/allow-rag-server-ingress.yaml b/manifests/policy/allow-rag-server-ingress.yaml new file mode 100644 index 0000000..53097db --- /dev/null +++ b/manifests/policy/allow-rag-server-ingress.yaml @@ -0,0 +1,16 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-rag-server-ingress + namespace: ai +spec: + podSelector: + matchLabels: + app: rag-server + policyTypes: ["Ingress"] + ingress: + - from: + - ipBlock: { cidr: 0.0.0.0/0 } + ports: + - { protocol: TCP, port: 8788 } + diff --git a/manifests/policy/allow-tools-ingress.yaml b/manifests/policy/allow-tools-ingress.yaml new file mode 100644 index 0000000..478c2ce --- /dev/null +++ b/manifests/policy/allow-tools-ingress.yaml @@ -0,0 +1,16 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-tools-ingress + namespace: ai +spec: + podSelector: + matchLabels: + app: tools + policyTypes: ["Ingress"] + ingress: + - from: + - ipBlock: { cidr: 0.0.0.0/0 } + ports: + - { protocol: TCP, port: 1331 } + diff --git a/manifests/policy/kustomization.yaml b/manifests/policy/kustomization.yaml index 8488249..a080a00 100644 --- a/manifests/policy/kustomization.yaml +++ b/manifests/policy/kustomization.yaml @@ -7,3 +7,6 @@ resources: - allow-browser-ingress.yaml - allow-common-egress.yaml - allow-https-egress.yaml + - allow-tools-ingress.yaml + - allow-coderunner-ingress.yaml + - allow-rag-server-ingress.yaml diff --git a/manifests/rag-server/deployment.yaml b/manifests/rag-server/deployment.yaml index 11bc233..d95cb13 100644 --- a/manifests/rag-server/deployment.yaml +++ b/manifests/rag-server/deployment.yaml @@ -36,4 +36,4 @@ metadata: { name: rag-server, namespace: ai } spec: selector: { app: rag-server } ports: [{ name: http, port: 8788, targetPort: 8788 }] - type: ClusterIP + type: NodePort diff --git a/manifests/tools/deployment.yaml b/manifests/tools/deployment.yaml index a3a84f9..578790f 100644 --- a/manifests/tools/deployment.yaml +++ b/manifests/tools/deployment.yaml @@ -32,4 +32,4 @@ metadata: { name: tools, namespace: ai } spec: selector: { app: tools } ports: [{ name: http, port: 1331, targetPort: 1331 }] - type: ClusterIP + type: NodePort