Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-06-17 14:29:38

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

k8s/apps/amnezia/configmap-scripts.yaml

@@ -9,7 +9,7 @@ data:
     set -euo pipefail
 
     PORT="${1:-5847}"
-    VPN_CIDR="${2:-10.8.1.0/24}"
+    VPN_CIDR="${2:-10.8.0.0/16}"
 
     external_interface() {
       ip route get 1.1.1.1 | awk '{for (i=1;i<=NF;i++) if ($i=="dev") {print $(i+1); exit}}'
@@ -68,7 +68,7 @@ data:
     set -euo pipefail
 
     PORT="${1:-5847}"
-    VPN_CIDR="${2:-10.8.1.0/24}"
+    VPN_CIDR="${2:-10.8.0.0/16}"
 
     external_interface() {
       ip route get 1.1.1.1 | awk '{for (i=1;i<=NF;i++) if ($i=="dev") {print $(i+1); exit}}'

k8s/apps/amnezia/external-secrets.yaml

@@ -15,7 +15,7 @@ spec:
         awg0.conf: |-
           [Interface]
           PrivateKey = {{ .server_private_key }}
-          Address = 10.8.1.1/24
+          Address = 10.8.0.1/16
           ListenPort = 5847
           MTU = 1376
           Jc = 4
@@ -29,8 +29,8 @@ spec:
           H2 = 3288052141
           H3 = 1766607858
           H4 = 2528465083
-          PostUp = /scripts/firewall-up.sh 5847 10.8.1.0/24
-          PostDown = /scripts/firewall-down.sh 5847 10.8.1.0/24
+          PostUp = /scripts/firewall-up.sh 5847 10.8.0.0/16
+          PostDown = /scripts/firewall-down.sh 5847 10.8.0.0/16
   data:
     - secretKey: server_private_key
       sourceRef:

k8s/apps/llamacpp/configmap-cuda.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: llamacpp-cuda-config
+data:
+  LLAMA_CACHE: /models
+  LLAMA_ARG_HOST: 0.0.0.0
+  LLAMA_ARG_PORT: "8080"
+  LLAMA_ARG_HF_REPO: "unsloth/gemma-4-12b-it-GGUF:Q6_K"
+  LLAMA_ARG_CTX_SIZE: "128000"
+  LLAMA_ARG_FLASH_ATTN: auto
+  LLAMA_ARG_FIT: "on"

k8s/apps/llamacpp/deployment-cuda.yaml

@@ -0,0 +1,72 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: llamacpp-cuda
+  annotations:
+    reloader.stakater.com/auto: "true"
+  labels:
+    app: llamacpp-cuda
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: llamacpp-cuda
+  template:
+    metadata:
+      labels:
+        app: llamacpp-cuda
+    spec:
+      dnsPolicy: Default
+      runtimeClassName: nvidia
+      nodeSelector:
+        kubernetes.io/hostname: uk-desktop.tail2fe2d.ts.net
+      tolerations:
+        - key: workload
+          operator: Equal
+          value: desktop
+          effect: NoSchedule
+      containers:
+        - name: llamacpp
+          image: ghcr.io/ggml-org/llama.cpp:server-cuda-b9501
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: llamacpp-cuda-config
+          env:
+            - name: HF_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: llamacpp-hf-token
+                  key: token
+                  optional: true
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          resources:
+            limits:
+              nvidia.com/gpu: 1
+          startupProbe:
+            httpGet:
+              path: /health
+              port: http
+            failureThreshold: 180
+            periodSeconds: 10
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: http
+            failureThreshold: 3
+            periodSeconds: 10
+            timeoutSeconds: 5
+          volumeMounts:
+            - name: models
+              mountPath: /models
+      volumes:
+        - name: models
+          hostPath:
+            path: /data/llama.cpp/models
+            type: DirectoryOrCreate

k8s/apps/llamacpp/kustomization.yaml

@@ -3,6 +3,9 @@ kind: Kustomization
 
 resources:
   - app.yaml
+  - configmap-cuda.yaml
   - configmap.yaml
+  - deployment-cuda.yaml
   - deployment.yaml
+  - service-cuda.yaml
   - service.yaml

k8s/apps/llamacpp/service-cuda.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: llamacpp-cuda
+  labels:
+    app: llamacpp-cuda
+spec:
+  type: ClusterIP
+  selector:
+    app: llamacpp-cuda
+  ports:
+    - name: http
+      port: 8080
+      targetPort: http
+      protocol: TCP

k8s/apps/n8n/kustomization.yaml

@@ -15,14 +15,14 @@ resources:
   - service.yaml
   - ingress.yaml
 
-helmCharts:
-  - name: yacy
-    repo: https://gt.hexor.cy/api/packages/ab/helm
-    version: 0.1.2
-    releaseName: yacy
-    namespace: n8n
-    valuesFile: values-yacy.yaml
-    includeCRDs: true
+# helmCharts:
+#   - name: yacy
+#     repo: https://gt.hexor.cy/api/packages/ab/helm
+#     version: 0.1.2
+#     releaseName: yacy
+#     namespace: n8n
+#     valuesFile: values-yacy.yaml
+#     includeCRDs: true
 
 commonLabels:
   app.kubernetes.io/name: n8n

k8s/apps/pasarguard/deployment.yaml

@@ -11,7 +11,7 @@ spec:
   selector:
     matchLabels:
       app: pasarguard
-  replicas: 1
+  replicas: 2
   strategy:
     type: RollingUpdate
   template:
@@ -34,7 +34,7 @@ spec:
               mountPath: /templates/subscription
       containers:
         - name: pasarguard-web
-          image: pasarguard/panel:v5.0.1
+          image: pasarguard/panel:v5.0.3
           imagePullPolicy: Always
           envFrom:
             - secretRef:
@@ -50,6 +50,10 @@ spec:
               value: "/app/tls/tls.crt"
             - name: UVICORN_SSL_KEYFILE
               value: "/app/tls/tls.key"
+            - name: UVICORN_PROXY_HEADERS
+              value: "true"
+            - name: FORWARDED_ALLOW_IPS
+              value: "*"
             - name: CUSTOM_TEMPLATES_DIRECTORY
               value: "/code/app/templates/"
             - name: SUBSCRIPTION_PAGE_TEMPLATE

k8s/core/keycloak/values.yaml

@@ -66,11 +66,11 @@ ingress:
 
 resources:
   requests:
-    cpu: 200m
-    memory: 512Mi
-  limits:
-    cpu: "1"
+    cpu: 500m
     memory: 1Gi
+  limits:
+    cpu: "3"
+    memory: 2Gi
 
 nodeSelector:
   kubernetes.io/hostname: master.tail2fe2d.ts.net

k8s/core/longhorn/kustomization.yaml

@@ -7,7 +7,7 @@ kind: Kustomization
 helmCharts:
   - name: longhorn
     repo: https://charts.longhorn.io
-    version: 1.11.2
+    version: 1.12.0
     releaseName: longhorn
     namespace: longhorn
     valuesFile: values.yaml

k8s/core/longhorn/values.yaml

@@ -1,7 +1,54 @@
+global:
+  tolerations:
+    - key: "workload"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoExecute"
+
+longhornManager:
+  tolerations:
+    - key: "workload"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoExecute"
+
+longhornDriver:
+  tolerations:
+    - key: "workload"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoExecute"
+
 longhornUI:
   replicas: 1
+  tolerations:
+    - key: "workload"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoExecute"
 
 defaultSettings:
+  taintToleration: "workload=ai:NoSchedule; workload=desktop:NoSchedule; node.kubernetes.io/unreachable:NoSchedule; node.kubernetes.io/unreachable:NoExecute"
   # Keep new instance-manager pods schedulable on nodes with high CPU requests.
   guaranteedInstanceManagerCPU: '{"v1":"6","v2":"6"}'